This Privacy Policy explains:

• who is the data controller
• what information we collect
• how we use your information
• on what basis we use your information
• to whom we disclose your information
• how we keep your information secure
• where we send your information
• your rights regarding your information
• how long we keep your information
• how we use cookies
• how to contact us

For example:

• We will collect personal information that you provide to us, such as your name, ID, e-mail address and contact details, job title and position, company information such as its name and address, language, country, product and registration details, and any communications you send or deliver to us.
• We will collect data about your use of the Business Services, including the time and duration of your use, information stored in cookies that we have set on your device, and information about your device settings.
• We will collect information about the products and services you or your employer have bought or received and payment data and other information provided in connection with a transaction.
• We may receive personal information about you from your employer or service provider, or from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from or about you (as permitted by law, or otherwise with your separate consent).

Through the Business Services, we collect personal information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services. We may use third-party analytics services on the Business Services, such as those of Google Analytics. The service providers that administer these analytics services help us to analyze your use of the Business Services and improve the Business Services. The information we obtain may be disclosed to or collected directly by these providers and other relevant third parties who use the information, for example, to evaluate use of the Business Services, help administer the Business Services and diagnose technical issues. To learn more about Google Analytics, please visithttp://www.google.com/analytics/learn/privacy.html and https://www.google.com/policies/privacy/partners/.

We may use your personal information for the following purposes:

• to provide products and services that you (or your employer) requested and to register or authenticate you or your device
• to respond to your questions or requests for information
• subject to your separate consent where required by applicable law, to inform you about new products and services
• for assessment and analysis of our market, customers, products, and services (including asking you for your opinions on our products and services and carrying out customer surveys)
• to understand the way you use the Business Services so that we can improve them and develop new products and services
• to provide maintenance services and to maintain a sufficient level of security on the Business Services
• to protect the rights, property, or safety of Samsung, or any of our respective affiliates, business partners, employees or customers, for example, in legal proceedings, internal investigations and investigations by competent authorities
• otherwise with your separate consent where required by applicable law or as described to at the time your information is collected.

We use your personal information for the following reasons:

• To perform a contract with you: So that we can keep our promises to you, such as providing you with the Business Services.
• For legitimate business purposes: We may use your personal information to promote our business interests (for example, to manage our relationship with you), to make our communications with you more relevant, and to make your experience of the Business Services more enjoyable, effective and efficient.
• To comply with our legal obligations and other demands for information: Samsung’s legal obligations affect the way in which we run our business and help to make the Business Services as safe as we can. We may use your personal information to comply with applicable laws, regulations and guidance.
• You have given your consent: Sometimes we may need to obtain your consent to enable us to use your personal information for one or more of the purposes set out above. See What are your rights section below for information about your rights when we process your information on the basis of your consent.

We may also disclose your information to the following entities:

• Service Providers: Carefully selected companies that provide services for or on behalf of us. These providers are also committed to protecting your information.
• Other parties when required by law or as necessary to protect our business: For example, it may be necessary by law, legal process, or court order from regulators, governments and law enforcement authorities to disclose your information.
• Other parties in connection with corporate transactions: We may disclose your information to a third party as part of a reorganization, merger or transfer, acquisition or sale, or in the event of a bankruptcy.
• Other parties with your consent or at your direction: We may share your information where you request or authorize us to do so.

You have a number of rights regarding your personal information under applicable data protection laws. These rights may include:

• Right to access: You have the right to request access to the personal information we hold about you.
• Right to rectification: You have the right to request that we correct any personal information that is inaccurate or incomplete.
• Right to erasure: You may request that we delete your personal information in certain circumstances.
• Right to restriction: You may request that we restrict the processing of your personal information in certain situations.
• Right to object: You may object to the processing of your personal information for certain purposes, including for direct marketing.
• Right to data portability: You may request a copy of your personal information in a structured, commonly used and machine-readable format so that you can transfer it to another controller.