Privacy Policy

Samsung SDS Vietnam Co., Ltd (“We” or the “Company”) are committed to protecting and respecting the user’s privacy.

This privacy policy (the “Policy”) (together with, and without prejudice to, our Terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to the Company, will be processed by the Company. Please read the following carefully to understand our views and practices regarding personal data of users and how we will treat it.

By visiting www.samsungsds.com/vn (the “Site”), you accept and consent to terms and practices described in the Terms of use, this Policy and any other documents referred to on our Site. Should you not accept or agree with any terms and practices under the Terms of use, this Policy or any other documents referred to on our Site or withdraw your consent, you must not use our Site.

For the purpose of the Law on Cybersecurity 2018 (the Law), the data controller is Samsung SDS Vietnam Co., Ltd, having registered address at Lot CN5, Yen Phong 6 Road, Yen Phong Industrial Zone, Bac Ninh, Vietnam.

1. PROCESSING PERSONAL INFORMATION

a. Information Processed
To serve users better and understand users' needs and interests, the Company collects and processes personal contents and information (collectively, the “Information”) that users may provide during visiting sessions, including when users sign up for new or additional information, or register an enquiry. The Information can include, among others, information in or about the content users provide, such as the date that user enquiry has been registered. The Company also processes the Information about how users use the Company's Site, such as the types of content users view or engage with or the frequency and duration of user's activities.
(I) Information users provide
- Email address, name, company name, contact number, user's department/store, user's position at user's company, country name, user’s sale area
(II) Information collected during visiting sessions
- User's Activity log
- Information based on User's IP address
* Cookies are collected only for those who have left personal information at least once. For more information, please see [5. Cookies]
(III) Refusal to consent: Users have the right to refuse to collection of the Information. However, if the user refuses to consent, the Company will may refuse responding to the enquiry registered or cease the user’s use of the Site.

b. Method of Collection
(I) When users sign up for new or additional information, request for access to Gated Contents, register for seminar events.
(II) During visiting sessions, when users use the Company's Site.

2. PURPOSE OF PROCESSING PERSONAL INFORMATION

The Information the Company collects to understand user's needs and interests helps the Company deliver a consistent and personalized experience. The Company shall use such Information only as described in this Policy and/or in the way the Company specifies at the time of collection. The Company will not subsequently change the way a user's Information is used without the user's consent, as required by applicable law. Unless otherwise stated at the time of collection, the Company will use the Information only for the following purposes:

- To respond to and manage customer inquiries concerning services/products on the Site; and
- To provide feedback on and manage company-related inquiries concerning investment, career opportunities, website management, and reports on wrongful practices, and security reports

3. SHARING PERSONAL INFORMATION WITH THIRD PARTIES

In principle, the Company does not disclose any of the Information collected to third parties; however, the following are exceptions:

- The Information is disclosed to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.
- The Company may also use or disclose the Information as we believe to be necessary or appropriate: (a) under applicable law, including laws outside the user’s country of residence; (b) to comply with legal process under the applicable law; (c) to respond to requests from public and government authorities, including public and government authorities outside the user’s country of residence, for national security and/or law enforcement purposes; (d) to enforce our terms and conditions under the Terms of use and/or this Policy to the extent permitted by the law; (e) to protect our operations or those of any of our affiliates to the extent permitted by the law; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, users or others to the extent permitted by the law; and (g) to allow the Company to pursue available remedies or limit the damages that we may sustain to the extent permitted by the law.

Additionally, in the event of a reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings), the Company may transfer the Information to the relevant third party. By using our Site, users accept and agree to the Company’s disclosure of the Information to the third parties as provided herein.

4. OUTSOURCING

Without prejudice to other terms herein, the Company may delegate, subject to the Company’s decision from time to time, some of the tasks required for providing services on the Site to an outside service provider as named below or any other company, as decided by the Company:

- Outsourcing company: Oracle Corporation Data Center (Australia)
- Outsourced work: Marketing Activity
- Information provided: Information described in Section 1.(a)

By using the Site, users accept and agree to the delegation of tasks as well as the sharing of the Information to the outsourcing company as designated by the Company.

5. COOKIES

The Company may install and manage automated tools such as "cookies" that automatically gather, store, and find the Information strictly necessary for services on the Site. Cookies are very small text files that the server uses to operate the Company's Site, and are sent to the browser of the user, and then stored in the user's computer hard disk.

There are a number of different types of cookies, however, the Company's Site uses:



- Strictly necessary cookies: the Company uses these cookies to maintain users’ session.
- Functional cookies: help us to optimize the Site, for example, to collect statistics, to save user’s preferences for example, "Do not show pop-ups"
- Marketing cookies: the Company uses these cookies for marketing purpose, for example "web-push"

Users can also set users’ browser not to accept cookies, and the Site will tell how to remove cookies from users’ browser, except the strictly necessary cookies. However, in a few cases, part of the Site features may not function as a result. We will not be responsible for malfunction of the Site due to removal of our cookies.

6. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION

The Information that we collect from users will be transferred to, and stored at, a destination outside the Vietnam territory. It will also be processed by staff operating outside the Vietnam territory who work for us or for one of our suppliers. We undertake that the staff who engages in collecting, storing and processing the Information will be subject to the obligations of privacy protection hereunder. By submitting Information and by using our Site, users accept and agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that the Information is treated securely and in accordance with this Policy and the applicable laws.

Unfortunately, the transmission of Information via the internet is not completely secure. Although we will do our best to protect the Information, we cannot guarantee and will not be responsible for the security of the Information transmitted to our Site (unless due to our misconduct or negligence). Any transmission is at the use’s own risk. Once we have received the Information, we will use strict procedures and security features to try to prevent unauthorized access.

a. Information transferred
- Required information: Name, email address, contact number
- Optional information: Company name, user's department name, user's position at user's company, country name, company address, user's sales area
* The Company uses cookies to better serve users.
* The required and optional information above includes not only the original information collected from users but also any changes made to it.


b. Entities to which the Information is transferred, when and how to transfer the Information
- Entities to which the Information is transferred: Samsung SDS Co., Ltd (Korean entity) and/or any member of the Company’s group, which means the Company’s subsidiaries, and the Company’s ultimate holding company and its subsidiaries, whether in Korea, Vietnam or other countries.
- When and how to transfer the Information: The Information is transferred over the network when the user uses internet-based services provided on the Company's Site.


c. Name of the outside service provider receiving the Information
- Company: Oracle Corporation Data Center (USA)
- Contact
https://www.oracle.com/legal/privacy/services-privacy-policy.html
Chief Privacy Officer, Oracle Corporation
10 Van de Graaff Drive
Burlington, MA 01803
USA


d. The outside service provider's purpose of using the Information
The Company transfers the Information to the outside service provider so that it can conduct the tasks required to provide the following services on the Site, and oversees them to ensure that the outside service provider complies with the relevant privacy laws:

- To respond to and manage inquiries concerning the company, services/products, investment, career opportunities, website management.
- To provide events and other services, and to carry out email marketing activities
- To provide feedback on and manage inquiries concerning partner programs
- To respond to event-related inquiries, confirm users' identity for their participation in events, and prepare, conduct, review, and manage events based on customer requirements.


e. The outside service provider's retention period of personal information
The Company shall retain the user's personal information for a year after the user agrees to its collection and use. The Company shall immediately destroy the information when the retention period expires. However, if the retention of any personal information is required under applicable laws and regulations, the Company shall retain the information for a period in accordance with these laws and regulations.


7. RETENTION PERIOD OF PERSONAL INFORMATION

The Company and any third party collecting, receiving the Information, including the parties as prescribed in Section 3 and the outsourcing company/the outside service provider as prescribed in Section 4 and 6 hereof, shall retain the user's Information for a year after the user agrees to its collection and use. The Company and the third party collecting, receiving the Information shall immediately destroy the information when the retention period expires. However, if the retention of any personal information is required under applicable laws and regulations, the Company and the third party collecting, receiving the Information shall retain the information for a period in accordance with these laws and regulations.

8. RIGHTS OF USERS

Right to access to Information
Users has the right to access the Information held about the users. Users may request a copy of Information held about the user by submitting this inquiry form.
Right to object to processing
Users has the right to ask the Company not to process the Information for marketing or other commercial purposes. We will inform the user (before collecting or sharing the Information) if we intend to use the user’s Information for such purposes or if we intend to disclose the Information to any third party for such purposes. Users may opt-out of the Company’s marketing emails, or the collecting or sharing of the Information, by submitting this inquiry form or by using our general unsubscribe automated link that is included in the Company’s marketing emails.
Right to rectification
Users have the right to ask the Company to amend or correct the users’ Information submitted. Users may request for changes by submitting this inquiry form.
Right to erasure ('right to be forgotten')
Users have the right to ask the Company to delete users’ Information by submitting this inquiry form. Our processing (i.e. deletion) of the user’s Information is based on the Company’s rules of operating the Site.
Right to data portability
Users have the right to ask the Company for data portability of the users’ Information by submitting an inquiry form. Our processing (i.e,. data portability) of the user’s Information is based on the Company’s rules of operating the Site.
Users can also exercise the right at any time by contacting us at contact.sds@samsung.com.

Our Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If user follows a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. User should check these policies before submitting any personal data to these websites.

9. OPENNESS AND USER’S REFUSAL OR WITHDRAWAL OF CONSENT

In order to refuse or withdraw consent to Privacy Policy and Terms of Use, user may Clicking here and submit this form, and we will record and respect user’s choices.

In most cases, user is free to refuse or withdraw user’s consent at any time. User may do so by contacting the Company by e-mail at contact.sds@samsung.com.

10. SECURITY MEASURES

The Company shall take the following technical, administrative, and physical measures needed to ensure security of the Information:

Establishment and Execution of Internal Management Plan
The Company establishes an internal management plan and executes it to protect the Information.
Reducing and Training Personnel for the Handling of Information
The Company appoints and reduces a number of employees who will handle Information, and implements measures to manage the Information more efficiently.
Restrictions on Access to Information
The Company takes the necessary steps to monitor access to the Information. This is done by granting, changing, and removing the access to database system where the Information is handled. The Company also deploys and uses an intrusion prevention system to control unauthorized access.
Keeping Access Records and Preventing Tampering
The Company retains records of access to the personal information handling system (e.g., web log and summary data) for at least 6 months and uses security features to prevent tampering, theft and any loss of access records. However, if the applicable laws and regulations require for retention of such records for a longer period, the Company shall comply with the laws and regulations.
Technical Measures against Hackers and Unauthorized Access
To prevent the loss, destruction of, or damage to the Information caused by hackers or computer viruses, the Company has installed security software that has regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information. However, we do not guarantee that our security software may completely prevent all cyberattacks or the losses and damages to the Information arising therefrom.
Unauthorized Access Monitoring
To prevent the loss, destruction of or damage to personal data caused by hacking or computer viruses, the Company has installed security software and implements regular updates and monitoring. In addition, the Company has also installed a system in off-limits areas for technical/physical monitoring and blocking. Furthermore, the Company also provides network traffic monitoring and the detection of any attempts to, for example, make illegal changes to information.

11. CHANGES TO OUR PRIVACY POLICY

Any changes we make to this Policy in the future will be posted on the Site. Users are recommended to check back frequently to see any updates or changes to the Policy.

12. DATA PROTECTION OFFICER

The Company appoints the following department and officers to protect personal information and handles complaints relating to personal information.

Users can file complaints related to privacy and security issues that may arise from their use of the Company's services on the Site to Data Protection Officer. The Company will promptly provide satisfactory answers to users' complaints. If you need to report any privacy infringement or need additional counseling, please contact the following:

- Privacy Infringement Report Center (www.kisa.or.kr/118 /118)
- Privacy Mark Certification Committee (www.eprivacy.or.kr/02-580-0533~4)
- Vietnam Data Protection Officer (+84 243 279 7103/ master-sdsv@samsung.com) Contact details for all Vietnam Supervisory Authorities can be found here.

13. CONTACT

Questions, comments and requests regarding this Policy are welcomed and should be addressed to the Company: Samsung SDS Vietnam Co., Ltd – Address: Lot CN5, Yen Phong 6 Road, Yen Phong Industrial Zone, Bac Ninh, Vietnam OR the Company’s email: contact.sds@samsung.com.