Samsung Healthcare Overview | Samsung Healthcare Global

Privacy Policy

Last updated: 2020.10.19

Samsung Electronics and Samsung Medison (together, “Samsung”, “we”, “us” and “our”) know how important privacy is to our customers and our employees and partners, and we strive to be clear about how we collect, use, disclose, transfer and store your information.

Background

This Privacy Policy provides an overview of how we use your personal information collected through www.samsunghealthcare.com (the “Website”) with commercial customers (the "Business Services"). If you have any questions, please contact us using one of the methods set out in the Contact Us section below.

The Website is designed to provide you with features relating to Samsung’s healthcare business, including general product and feature information, event information, purchase and service requests, and membership programs.

We may change this Privacy Policy from time to time and will indicate above when it was most recently updated. If we make material changes to the Privacy Policy, we will let you know in advance, such as by placing a notice on the Website or by emailing you, where appropriate. We encourage you to review the content of this Privacy Policy periodically.

This Privacy Policy explains:

who is the data controller
what information we collect
how we use your information
on what basis we use your information
to whom we disclose your information
how we keep your information secure
where we send your information
your rights regarding your information
how long we keep your information
how we use cookies
how to contact us

Who is the data controller?: Samsung Electronics Co., Ltd and Samsung Medison act as joint controllers of your personal information. This means that both Samsung Electronics Co., Ltd and Samsung Medison determine how and why your personal information is processed. For contact details, please refer to Contact Us below.

What information do we collect?

We collect various types of personal information in connection with the Business Services.

For example:

We will collect personal information that you provide to us, such as your name, ID, e-mail address and contact details, job title and position, company information such as its name and address, language, country, product and registration details, and any communications you send or deliver to us.
We will collect data about your use of the Business Services, including the time and duration of your use, information stored in cookies that we have set on your device, and information about your device settings.
We will collect information about the products and services you or your employer have bought or received and payment data and other information provided in connection with a transaction.
We may receive personal information about you from your employer or service provider, or from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from or about you (as permitted by law, or otherwise with your separate consent).

Through the Business Services, we collect personal information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services. We may use third-party analytics services on the Business Services, such as those of Google Analytics. The service providers that administer these analytics services help us to analyze your use of the Business Services and improve the Business Services. The information we obtain may be disclosed to or collected directly by these providers and other relevant third parties who use the information, for example, to evaluate use of the Business Services, help administer the Business Services and diagnose technical issues. To learn more about Google Analytics, please visit http://www.google.com/analytics/learn/privacy.html and https://www.google.com/policies/privacy/partners/.

How do we use your information?

We may use your personal information for the following purposes:

to provide products and services that you (or your employer) requested and to register or authenticate you or your device
to respond to your questions or requests for information
subject to your separate consent where required by applicable law, to inform you about new products and services
for assessment and analysis of our market, customers, products, and services (including asking you for your opinions on our products and services and carrying out customer surveys)
to understand the way you use the Business Services so that we can improve them and develop new products and services
to provide maintenance services and to maintain a sufficient level of security on the Business Services
to protect the rights, property, or safety of Samsung, or any of our respective affiliates, business partners, employees or customers, for example, in legal proceedings, internal investigations and investigations by competent authorities
otherwise with your separate consent where required by applicable law or as described to at the time your information is collected.

On what basis do we use your personal information?

We use your personal information for the following reasons:

To perform a contract with you: So that we can keep our promises to you, such as providing you with the Business Services.
For legitimate business purposes: We may use your personal information to promote our business interests (for example, to manage our relationship with you), to make our communications with you more relevant, and to make your experience of the Business Services more enjoyable, effective and efficient.
To comply with our legal obligations and other demands for information: Samsung’s legal obligations affect the way in which we run our business and help to make the Business Services as safe as we can. We may use your personal information to comply with applicable laws, regulations and guidance.
You have given your consent: Sometimes we may need to obtain your consent to enable us to use your personal information for one or more of the purposes set out above. See What are your rights section below for information about your rights when we process your information on the basis of your consent.

To whom do we disclose your information?

We will disclose your information internally within Samsung’s business, but only to those who need it to further provide the Business Services or to help with your requests.

We may also disclose your information to the following entities:

Service Providers: Carefully selected companies that provide services for or on behalf of us. These providers are also committed to protecting your information.
Other parties when required by law or as necessary to protect our business: For example, it may be necessary by law, legal process, or court order from regulators, governments and law enforcement authorities to disclose your information.
Other parties in connection with corporate transactions: We may disclose your information to a third party as part of a reorganization, merger or transfer, acquisition or sale, or in the event of a bankruptcy.
Other parties with your consent or at your direction: In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties when you separately consent to or request to such disclosures.

How do we keep your information secure?: We take data protection seriously. We have put in place physical and technical safeguards to keep the information we collect secure. Though we take reasonable steps to protect your information, the transmission of information to us may not be completely secure and any transmission is at your own risk.

Where do we send your information?: Your use or participation in the Business Services may involve transfer, storage and processing of your information outside of your country of residence, consistent with this Privacy Policy. Such country includes, without limitation, the Republic of Korea. Please note that the data protection and other laws of countries to which your information may be transferred might not be as comprehensive as those in your country. We will take appropriate measures, in compliance with applicable law, to ensure that your personal information remains protected. Such measures include the use of EU Standard Contractual Clauses to safeguard the transfer of data outside of the European Economic Area (“EEA”). For more information on the safeguards we take to ensure the lawful transfer of your data to countries outside of the EEA, or to obtain a copy of the contractual agreements in place, please contact us by the methods outlined in the Contact Us section of this Privacy Policy.

What are your rights?: Your personal information belongs to you. You can ask us to provide details about what we’ve collected, and you can ask us to delete it or correct any inaccuracies. You can also ask us to restrict or limit processing, sharing, or transfer of your personal information, as well as to provide to you your personal information that we’ve collected so you can use it for your own purposes. To exercise your rights, please contact us by the methods outlined in the Contact Us section of this Privacy Policy.; However, requesting the deletion of your personal information may also result in a loss of access to the Business Services.; If you request deletion of personal information, you acknowledge that you may not be able to access or use the Business Services and that residual personal information may continue to reside in Samsung's records and archives for some time in compliance with applicable law, but Samsung will not use that information for commercial purposes. You understand that, despite your request for deletion, Samsung reserves the right to keep your personal information, or a relevant part of it, in line with our data retention policy and applicable laws, if Samsung has suspended, limited, or terminated your access to the website for violating the Samsung Terms of Use or any other applicable Samsung policy or applicable law, when necessary to protect the rights, property, or safety of Samsung, or any of our respective affiliates, business partners, employees or customers.

How long do we keep your information?

We will keep your personal information for as long as we need to for the purposes for which it was collected (in accordance with this Privacy Policy), and in order to comply with our legal and regulatory requirements. This may mean that some information is held for longer than other information.

We take appropriate steps to ensure that we process and retain information about you based on the following logic:

1. At least the duration for which the information is used to provide you with a service
2. As required under law, a contract, or with regard to our statutory obligations
3. Only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.

What third-party services do we use?: Our Business Services may link to third-party websites and services that are outside our control. We are not responsible for the security or privacy of any information collected by websites or other services. You should exercise caution, and review the privacy statements applicable to the third-party websites and services you use.

Cookies

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and allows us to improve our Website and Services.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Essential cookies. These cookies are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests.
Social cookies. These cookies help connect with your social channels to share Samsung Healthcare news with whom you may know for example on LinkedIn, Facebook and Twitter.


Cookie Title	Purpose	Location	More Information
cm_perferences (_cm_preferen_FR/IT/DE)	Essential cookies	All	Cookie settings
key	Essential cookies	IT	user verification cookie
user_id	Essential cookies	All	user verification cookie
JSESSIONID	Essential cookies	All	login server cookie
LOCAL_JSESSIONID	Essential cookies	FR/IT/DE	login server cookie
AWSALBCORS	Essential cookies	All	AWS-related cookie
AWSALB	Essential cookies	All	AWS-related cookie
Ecookie (ncookie)	Functionality cookies	All	destination banner cookie
_ga	Analytical or performance cookie	All	Google Analytics-related cookie
_gid	Analytical or performance cookie	All	Google Analytics-related cookie
showCookiesEn (FR/IT/DE)	Functionality cookies	All	sign-up membership banner cookie
countCookieEn (FR/IT/DE)	Targeting cookies	All	sign-up membership banner cookie
_fbp	Targeting cookies/Social cookies	All	Facebook-related cookie
idprivacy	Functionality cookies	FR	N/A
idsession	Functionality cookies	FR/IT/DE	N/A
seenRecently	Targeting cookies/Social cookies	DE	Ensight-related cookie

We do not share the information collected by the cookies with any third parties.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

All cookies will expire after 30 days.

Please note that the following third parties may also use cookies, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third party cookies are likely to be analytical cookies or performance cookies or targeting cookies:

Google : https://policies.google.com/technologies/cookies?hl=en-US
LinkedIn : https://www.linkedin.com/legal/cookie-policy
Facebook : https://www.facebook.com/policy/cookies/
AWS : https://aws.amazon.com/privacy/

To deactivate the use of third party advertising cookies, you may visit the consumer page to manage the use of these types of cookies.

Your Choices

We offer you certain choices in connection with the personal information we obtain about you.

We may offer you certain choices related to the collection, deletion and sharing of certain information related to the Business Services. If you decline to allow us to collect, store or share certain information, you may not be able to use all of the features available through the Business Services.

To exercise your choices, please contact us as indicated in the Contact Us section of this Privacy Policy.

Contact Us

You can contact us to update your preferences, correct your information, submit a request, or ask us questions.

You can contact us either at:

Data Controller
Samsung Electronics Co., Ltd.
129, Samsung-ro, Yeongtong-gu,
Suwon-si, Gyeonggi-do 16677, Republic of Korea

Samsung Medison
East Central Tower, 1077, Cheonho-daero,
Gangdong-gu, Seoul, Republic of Korea

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region.

The easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

You can lodge a complaint with the relevant supervisory authority if you consider that our processing of your personal information infringes applicable law. Contact details for all EU supervisory authorities can be found at https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Samsung Cookie Policy

This Cookie Policy provides an overview of how we use your cookies collected through www.samsunghealthcare.com (the “Website”) with commercial customers (the "Business Services"). It also describes the different types of cookies that may be used in connection with the website owned or controlled by Samsung Electronics and Samsung Medison and how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

You may exercise your privacy rights as set out in the Privacy Policy. For more information on privacy, please refer to our privacy policy.

Cookies

We use the following cookies:

Essential cookies. These cookies are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests.
Social cookies. These cookies help connect with your social channels to share Samsung Healthcare news with whom you may know for example on LinkedIn, Facebook and Twitter.

Cookie type table
Cookie Title	Purpose	Location	More Information
key	Strictly necessary cookies	IT	user verification cookie
ser_id	Strictly necessary cookies	All	user verification cookie
JSESSIONID	Strictly necessary cookies	All	login server cookie
LOCAL_JSESSIONID	Strictly necessary cookies	FR/IT/DE	login server cookie
AWSALBCORS	Strictly necessary cookies	All	AWS-related cookie
AWSALB	Strictly necessary cookies	All	AWS-related cookie
Ecookie	Functionality cookies	All	destination banner cookie
_ga	Analytical or performance cookie	All	Google Analytics-related cookie
_ga_gid	Analytical or performance cookie	All	Google Analytics-related cookie
showCookiesEn	Functionality cookies	All	sign-up membership banner cookie
countCookieEn	Targeting cookies	All	sign-up membership banner cookie
_fbp	Targeting cookies/Social cookies	All	Facebook-related cookies
idprivacy	Functionality cookies	FR	N/A
idsession	Functionality cookies	FR/IT/DE	N/A
seenRecently	Functionality cookies	DE	N/A

We do not share the information collected by the cookies with any third parties.

All cookies will expire after 30 days.

To deactivate the use of third party advertising cookies, you may visit the consumer page to manage the use of these types of cookies [consent management solution]

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org .

Please be aware that rejecting cookies may affect your ability to perform certain transactions on the website, and our ability to recognize your browser from one visit to the next.

Company	Domain
Samsung	Samsunghealthcare.com

Company	Domain
Google	Google.com, Google.co.kr select

Company	Domain
Samsung	Samsunghealthcare.com select

Company	Domain
Samsung	Samsunghealthcare.com select

Company	Domain
Facebook	Facebook.com select
Linkedin	Linkedin.com select

본문 바로가기

HOME

Notice

Learn about our company - from our global networks to our latest news in the healthcare industry.

Notice

NOTICE
2025.08.27

EUDA Data Access Terms

1. Parties and Product/Related Service

1.1 Parties to the contract This contract on the access to and use of data is made between Samsung Electronics Co., Ltd., a corporation existing under the laws of the Republic of Korea, with its principal place of business located at 129, Samsung-ro, Yeongtong-gu, Suwon-si, Gyeonggi-do, 16677, Korea (‘Data Holder’) and (insert name, contact details and further references) (‘User’)] referred to below collectively as ‘the Parties’ and individually as ‘the Party’.

1.2 Product/Related Service This contract is made with regard to the connected products (each a ‘Product’), related services (each a “Related Service”) and datasets (each a “Dataset”) set out in Appendix I to these Terms. The User declares that they are either the owner of the Product, are contractually entitled to use the Product under a rent, lease or similar contract, or are otherwise entitled to use the Product e.g. by virtue of being a member of a household in which the Product is used, and/or to receive the Related Service(s) under a service contract. The User commits to provide upon duly substantiated request to the Data Holder any relevant documentation to support these declarations, where necessary. To access data about a Product the User must have registered the Product to their Samsung Account (which could be a Samsung B2B Account). Related Services are similarly tied to Samsung Accounts. [

2. Data covered by the Contract

The data covered by this contract (the ‘Data’) consist of any readily available Product Data or Related Service(s) Data within the meaning of the Data Act. The Data consist of the Data listed in Appendix 1, with a description of the type or nature, estimated volume, collection frequency, storage location and duration of retention of the Data. If the User wishes to obtain additional Data from Data Holder, then they may raise a new Request, which will result in the creation of a new Contract. The User may also elect to terminate or withdraw from a previous Contract and replace it with a new Contract for access to a new combination of Data.

3. Data use and sharing by the Data Holder

3.1 Agreed use of non-personal Data by the Data Holder 3.1.1 The Data Holder undertakes to use the Data that are non-personal Data only for the purposes agreed with the User as follows: (a) performing any agreement with the User or activities related to such agreement (b) providing support, warranty, guarantee or similar services or to assess User’s, Data Holder’s or third party’s claims (e.g. regarding malfunctions of the Product) related to the Product or Related Service; (c) monitoring and maintaining the functioning, safety and security of the Product or Related Service and ensuring quality control; (d) improving the functioning of any product or related service offered by the Data Holder; (e) developing new products or services, including artificial intelligence (AI) solutions, by the Data Holder, by third parties acting on behalf of the Data Holder (i.e. where the Data Holder decides which tasks will be entrusted to such parties and benefits therefrom), in collaboration with other parties or through special purpose companies (such as joint ventures); (f) aggregating these Data with other data or creating derived data, for any lawful purpose, including with the aim of selling or otherwise making available such aggregated or derived data to third parties, provided such data do not allow specific data transmitted to the Data Holder from the connected product to be identified or allow a third party to derive those data from the dataset. 3.1.2 The use of the Data for the above purposes is necessary for the full enjoyment of the Product and Related Service by the User, for instance in respect of maintenance, diagnostics and repair, and the provision of automation, smart home monitoring services and in-product features. Certain Product features require Data Holder to hold Data in order for the feature to be available. 3.1.3 The Data Holder undertakes not to use the Data: (a) to derive insights about the economic situation, assets and production methods of the User, or about the use of the Product or Related Service by the User in any other manner that could undermine the commercial position of the User on the markets in which the User is active; None of the Data uses agreed to under clause 3.1.1 may be interpreted as including such Data use, and the Data Holder undertakes to ensure, by appropriate organisational and technical means, that no third party, within or outside the Data Holder’s organisation, engages in such Data use.

3.2 Sharing of non-personal data with third parties and use of processing services 3.2.1 The Data Holder may share with third parties the Data which is non-personal data, if: (a) the Data is used by the third party exclusively for the following purposes: i) assisting the Data Holder in achieving the purposes permitted under clause 3.1.1; and ii) achieving, in collaboration with the Data Holder or through special purpose companies, the purposes permitted under clause 3.1.1. (b) the Data Holder contractually binds the third party: i) not to use the Data for any purposes or in any way going beyond the use that is permissible in accordance with previous clause 3.2.1 (a); ii) to comply with clause 3.1.2; iii) to apply the protective measures required under clause 3.4.1; and iv) not to share these Data further unless the User grants general or specific agreement for such further transfer, or unless such Data sharing is required, in the interest of the User, to fulfil this Contract or any contract between the third party and the User. 3.2.2 The Data Holder may always use processing services, e.g. cloud computing services (including infrastructure as a service, platform as a service and software as a service), hosting services, or similar services to achieve the agreed purposes under clause 3.1. The third parties may also use such services to achieve the agreed purposes under clause 3.2.1 (a).

3.3 Use and Sharing of Personal Data by the Data Holder The Data Holder may use, share with third parties or otherwise process any Data that is personal data, under a legal basis provided for and under the conditions permitted under Regulation (EU) 2016/679 (GDPR) and, where relevant, Directive 2002/58/EC (Directive on privacy and electronic communications).

3.4 Protection measures taken by the Data Holder 3.4.1 The Data Holder undertakes to apply the protective measures for the Data that are reasonable in the circumstances, considering the state of science and technology, potential harm suffered by the User as a result of Data loss or disclosure of Data to unauthorised third parties and the costs associated with the protective measures. 3.4.2 The Data Holder may also apply other appropriate technical protection measures to prevent unauthorised access to Data and to ensure compliance with this contract. 3.4.3 The User agrees not to alter or remove such technical protection measures unless agreed by the Data Holder in advance and in writing.

4. Data access by the User upon request

4.1 Obligation to make data available 4.1.1 The Data, together with the relevant metadata necessary to interpret and use those Data must be made accessible to the User by the Data Holder, at the request of the User or a party acting on their behalf. The request can be made using the access request form contained in the Samsung EUDA Portal. 4.1.2 The Data Holder shall make the Data which is personal data available to the User, when the User is not the data subject, only when there is a valid legal basis for making personal data available under Article 6 of Regulation (EU) 2016/679 (GDPR) and only, where relevant, the conditions set out in Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC (Directive on privacy and electronic communications) are met. 4.1.3 In that respect, when the User is not the data subject, the User must indicate to the Data Holder, in each request presented under the previous clause, the legal basis for processing under Article 6 of Regulation (EU) 2016/679 (and, where relevant, the applicable derogation under Article 9 of that Regulation and Article 5(3) of Directive (EU)2002/58) upon which the making available of personal data is requested. 4.1.4 If the User is a consumer, and the data sharing request is made in respect of a household or shared device, then it is sufficient for the User to declare that they have been authorised by other household members to share shared usage data, and they therefore have consent as a lawful basis for processing any personal data contained in the Data. 4.1.5 If the User is a corporation with a Samsung B2B Account, and the Data may include Data relating to employees who are also Users of the Products, then the Samsung B2B Account holder shall provide Data Holder with a legal declaration in which they declare to be the personal data controller of all the personal data stored in the system and thus to have a proper legal basis to access such data under the GDPR.

4.2 Data characteristics and access arrangements 4.2.1 The Data Holder makes the Data available to the User, free of charge for the User, with at least the same quality as it becomes available to the Data Holder, and in any case in a comprehensive, structured, commonly used and machine-readable format as well as the relevant metadata necessary to interpret and use those Data. The Data is available through the Samsung EUDA Portal. The specifications and characteristics ofthe Data are set out in Appendix 1. 4.2.2 The User may receive access to the Data: (a) easily and securely by the Data being transmitted from the Samsung EUDA Portal (b) continuously and in real-time using the API provided by Data Holder; or (c) through a single time download of a snapshot of the Data issued to the User over email using the contact details provided on the Samsung EUDA Portal. The access arrangements applying to each access request are as set out in Appendix 2, and follow the election of the User when raising the access request on the Samsung EUDA Portal.

4.3 Incident Management If the User identifies an incident related to clause 2 on the Data covered by the Contract, to the requirements of clauses 4.2.1 or 4.2.3 or of Appendix 1 on the Data quality and access arrangements and if the User notifies the Data Holder with a detailed description of the incident, the Data Holder and the User must cooperate in good faith to identify the reason of the incident. If the incident was caused by a failure of the Data Holder to comply with their obligations, Data Holder shall remedy the me period within a reasonable period of time, and not more than two weeks. If the Data Holder does not do so, it is considered as a fundamental breach and the User may invoke clause 12 of this contract (remedies for non-performance). If the User considers their access right under Article 4 (1) of the Data Act to be infringed, the User is also entitled to lodge a complaint with the competent authority, designated in accordance with Article 37(5), point (b) of the Data Act.

4.4 Unilateral changes by the Data Holder The Data Holder may, in good faith, unilaterally change the specifications of the Data or the access arrangements stated in Appendix 1 and 2, if this is objectively justified by the general conduct of business of the Data Holder- for example by a technical modification due to an immediate security vulnerability in the line of the products or related services or a change in the Data Holder’s infrastructure. The Data Holder shall in this case give notice of the change to the User without undue delay. Where the change may negatively affect Data access and use by the User more than just to a small extent, the Data Holder must give notice to the User at least two weeks before the change takes effect, unless such notice would be impossible or unreasonable in the circumstances, such as where immediate changes are required because of a security vulnerability that has just been detected.

4.5 Information on the User’s access The Data Holder undertakes not to keep any information on the User’s access to the requested data beyond what is necessary for: (a) the sound execution of (i) the User’s access request and (ii) this contract; (b) the security and maintenance of the data infrastructure; and (c) compliance with legal obligations on the Data Holder to keep such information.

5. Data use by the User

5.1 Permissible use and sharing of data The User may use the Data made available by the Data Holder upon their request for any lawful purpose and/or share the Data freely subject to the limitations below.

5.2 Unauthorised use and sharing of data

6.1.1 The User undertakes not to engage in the following:

(a) use the Data to develop a connected product that competes with the Product, nor share the Data with a third party with that intent; (b) use such Data to derive insights about the economic situation, assets and production methods of the manufacturer or, where applicable the Data Holder; (c) use coercive means to obtain access to Data or, for that purpose, abuse gaps in the Data Holder’s technical infrastructure which is designed to protect the Data; (d) share the Data with a third-party considered as a gatekeeper under article 3 of Regulation (EU) 2022/1925; (e) use the Data they receive for any purposes that infringe EU law or applicable national law.

7 Data sharing upon the User’s request with a Data Recipient

7.1 Making Data available to a Data Recipient 7.1.1 The Data, together with the relevant metadata necessary to interpret and use those Data, must be made available to a Data Recipient by the Data Holder, free of charge for the User, upon request presented by the User or a party acting on its behalf. The request can be made using the Samsung EUDA Portal, in the same way as the User requests access to the Data themselves. 7.1.2 The Data Holder shall make the Data which is personal data available to a third party following a request of the User, when the User is not the data subject, only when there is a valid legal basis for making personal data available under Article 6 of Regulation (EU) 2016/679 (GDPR) and only, where relevant, the conditions set out in Article 9 of that Regulation and of Article 5(3) of Directive 2002/58/EC (Directive on privacy and electronic communications) are met. 5.2.1 In that respect, when the User is not the data subject, the User must indicate to the Data Holder, in each request presented under the previous clause, the legal basis for processing under Article 6 of Regulation (EU) 2016/679 (and, where relevant, the applicable derogation under Article 9 of that Regulation and Article 5(3) of Directive (EU)2002/58) upon which the making available of personal data is requested. 5.2.2 If the User is a consumer, and the data sharing request is made in respect of a household or shared device, then it is sufficient for the User to declare that they have been authorised by other household members to share shared usage data, and they therefore have consent as a lawful basis for processing any personal data contained in the Data. 5.2.3 If the User is a corporation with a Samsung B2B Account, and the Data may include Data relating to employees who are also Users of the Products, then the Samsung B2B Account holder shall provide Data Holder with a legal declaration in which they declare to be the personal data controller of all the personal data stored in the system and thus to have a proper legal basis to access such data under the GDPR. 7.1.3 The Data Holder must make the Data available to a Data Recipient with at least the same quality as they become available to the Data Holder, and in any case in a comprehensive, structured, commonly used and machine-readable format, easily and securely. 7.1.4 Where the User submits such a request, the Data Holder will agree with the Data Recipient the arrangements for making the Data available under fair, reasonable and non-discriminatory terms and in a transparent manner in accordance with Chapter III and Chapter IV of the Data Act. 7.1.5 The User acknowledges that a request under clause 7.1 cannot benefit a third party considered as a gatekeeper under Article 3 of Regulation (EU) 2022/1925 [OPTION] [and cannot be made in the context of the testing of new connected products, substances or processes that are not yet placed on the market].

8. Transfer of use and multiple users

The Initial User may transfer permanently ownership of the Product or their right to use the Product to a Subsequent User (for example, when the user sells the product) (transfer of use). The Initial User may also grant rights to use the product and receive related services to Additional Users, while still retaining its role as a user (multiple users), for example when: - a business sublets its van to another business for certain periods of the year; - a car rental company rents its car to customers. In such cases, the Data Holder must conclude a contract with the Subsequent or Additional Users to be entitled to use non-personal data generated by the use of the Product or Related Services by such Users. Straightforward situation: each user needs an account Using the Product or Related Services may require the user to possess an account with the Data Holder (for example with an identity, login and password created via the product or on an app/software). Each user will be required to enter a contract with the Data Holder on creating the account. In such cases, no action from the initial user is required in case of a transfer, apart from a notification that they lost their quality as a user and that the contract with the Data Holder terminates and making sure that other users (defined below) will not be able to use the initial user’s account. This may involve removing credentials before handing over the product or granting rights to the Related Services. Complex situation: an account is not needed by each user Users may be able to use the Product or Related Services without having an account with the Data Holder, meaning the Data Holder is unable to identify who is using the Product or Related Service. This is a difficult situation as the subsequent user would not know of and could not agree to the use or making available of the Data by the Data Holder, in the absence of a contract with the Data Holder (for example, in the case of a connected vehicle which can be used without authentication on the system of such vehicle and which is sold to a new owner). Conversely, the Data Holder would not know that the Data doesn’t relate to the Initial User and would continue using / sharing the Data as contractually agreed with that user. Additionally, the Data Holder would not be able to ensure that the Data from the initial user was not accessible to other users. In such a case, other users and the Data Holder would have to rely on the initial User to ensure that they are properly informed and involved. Access rights of the parties in relation to a transfer of use and multiple users In case of transfer of use or multiple users, the contract should give certainty as to who can access the Data. For example, in a case where a company rents out connected agricultural machinery to individual farmers on a daily or weekly basis, the data generated by the agricultural machinery may disclose very sensitive business information of the individual farmers. The Data Holder cannot simply make accessible any data under clause 4 of this Contract to the company that owns the machinery without making sure that, by doing so, no confidential information or rights of individual farmers are infringed. Access rights of the subsequent user may in particular depend on a contractual categorization of the Data, for instance: (a) User’s Removable Data - the products or related services often allow the user to delete the Data generated in the course of their use. In the case of transfer, the user should delete such Data. Otherwise, such Data may be accessible to the subsequent user; (b) Always Removable Data - Data which the Data Holder should not make accessible to the subsequent user; (c) Residual Data - other Data than User’s Removable or Always Removable Data; such Data will not be removable and will not be subject to a confidentiality agreement (i.e. the Data will also be available to new Subsequent Users). Such Data may include the Data which needs to be accessible to the Subsequent User by operation of law or in practice (for example, related to the updates made in the connected vehicle). The Data Holder should sort the Data into these categories, particularly in the information referred to by Article 3 (2) and 3 (3) of the Data Act, in this Contract (for instance, in Appendix 1) or in the documentation relating to the Product or Related Service. This clause 10 focuses on the Data Act but does not affect any additional legislation, including sectoral legislation, that could regulate the transfer of a connected product or related service (e.g. reprocessing of medical devices).

8.1 Transfer of use 8.1.1 Where the User contractually transfers (i) ownership of the Product, or (ii) their temporary rights to use the Product, and/or (ii) their rights to receive Related Services to a subsequent natural or legal person (‘Subsequent User’) and loses the status of a user after the transfer to a Subsequent User, the Parties undertake to comply with the requirements set out in this clause. 8.1.2 The User must (a) terminate all live data access requests on the Samsung EUDA Portal; (b) ensure that the Subsequent User cannot use the initial User’s account; and (c) deregister the Product from their Samsung Account 8.1.3 The rights of the Data Holder to use Product Data or Related Services Data generated prior to the transfer will not be affected by a transfer i.e. the rights and obligations relating to the Data transferred under the Contract before the transfer will continue after the transfer.

8.2 Multiple users 8.2.1 Where the Initial User grants a right to use of the Product and/or Related Service(s) to another party (‘Additional User’) while retaining their quality as a user, for instance as part of a shared household, or in an Employer/Employee or Landlord/Tenant relationship, the Parties undertake to comply with the requirements set out in this clause. 8.2.2 The User must ensure that the Additional User cannot use the Initial User’s account, so that data access requests made by each User take place separately, notwithstanding the fact that some Product Data is not specific to a given User and will be accessible to each User. 8.2.3 If a User wishes to share Data with members of their Household etc. under clause 5.1 then they may do so without needing to create separate User accounts. Users remain free to arrange for the creation of Additional User accounts if they wish to do so.

8.3 Liability of the Initial User If the User’s failure to comply with their obligations under clauses 10.1 or 10.2 leads to the use and sharing of Product or Related Services Data by the Data Holder in the absence of a contract with the Subsequent or Additional User, the User will indemnify the Data Holder and hold them harmless in respect of any claims by the Subsequent or Additional User towards the Data Holder for the use of the Data after the transfer.

9 Date of application and duration of the Contract and Termination

9.1 Date of application and duration 9.1.1 This Contract takes immediate effect. 9.1.2 The Contract is concluded for an unspecified period of time.

9.2 Termination Irrespective of the contract period agreed under clause 9.1, this contract terminates: (a) upon the destruction of the Product or permanent discontinuation of the Related Service, or when the Product or Related Service is otherwise put out of service or loses its capacity to generate the Data in an irreversible manner; or (b) upon the User losing ownership of the Product or when the User’s rights with regard to the Product under a rental, lease or similar agreement or the user’s rights with regard to the related service come to an end; or (c) when both Parties so agree, with or without replacing this contract by a new contract. Points (b) and (c) shall be without prejudice to the contract remaining in force between the Data Holder and any Subsequent or Additional User.

9.3 Effects of expiry and termination 9.3.1 Expiry of the contract period or termination of this Contract releases both Parties from their obligation to effect and to receive future performance but does not affect the rights and liabilities that have accrued up to the time of termination. Expiry or termination does not affect any provision in this contract which is to operate even after the contract has come to an end, in particular clause 4.3 on restricted use of the Data, clause 11.1 on confidentiality, clause 11.3 on applicable law and clause 11.6 on dispute resolution, which remain in full force and effect. 9.3.2 The termination or expiry of the Contract will have the following effects: (a) the User shall immediately cease to retrieve the Data generated or recorded as of the date of termination or expiry; (b) the Data Holder remains entitled to use and share the Data unless the User separately contacts Data Holder to request the deletion of Product Data and Related Service Data.

10 Remedies for breach of contract

10.1 Cases of non-performance 10.1.1 A non-performance of an obligation by a Party is fundamental to this Contract if: (a) strict compliance with the obligation is of the essence of this Contract, in particular because non-compliance would cause significant harm to the other Party, the User or other protected third parties; or (b) the non-performance substantially deprives the aggrieved Party of what it was entitled to expect under this Contract, unless the other Party did not foresee and could not reasonably have foreseen that result; or (c) the non-performance is intentional. 10.1.2 A Party’s non-performance is excused if it proves that it is due to an impediment beyond its control and that it could not reasonably have been expected to take the impediment into account at the time of the conclusion of this Contract, or to have avoided or overcome the impediment or its consequences. Where the impediment is only temporary the excuse has effect for the period during which the impediment exists. However, if the delay amounts to a fundamental non-performance, the other Party may treat it as such. The non-performing Party must ensure that notice of the impediment and of its effect on its ability to perform is received by the other Party within a reasonable time after the non- performing Party knew or ought to have known of these circumstances. The other Party is entitled to damages for any loss resulting from the non-receipt of such notice.

10.2 Remedies 10.2.1 In the case of a non-performance by a Party, the aggrieved Party shall have the remedies listed in the following clauses, without prejudice to any other remedies available under applicable law. 10.2.2 Remedies which are not incompatible may be cumulated. 10.2.3 A Party may not resort to any of the remedies to the extent that its own act or state of affairs caused the other Party’s non-performance, such as where a shortcoming in its own data infrastructure did not allow the other Party to duly perform its obligations. A Party may also not rely on a claim for damages for loss suffered to the extent that it could have reduced the loss by taking reasonable steps. 10.2.4 Each party can: (a) request that the non-performing Party comply, without undue delay, with its obligations under this Contract, unless it would be unlawful or impossible or specific performance would cause the non-performing Party unreasonable effort or expense; (b) request that the non-performing Party erases Data accessed or used in violation of this Contract and any copies thereof; (c) claim damages for pecuniary damages caused to the aggrieved Party by the non- performance which is not excused under clause 10.1.2. The non-performing Party is liable only for damages which it foresaw or could reasonably have foreseen at the time of conclusion of this Contract as a likely result of its non-performance, unless the non- performance was intentional or grossly negligent. (d) The Data Holder can also suspend the sharing of Data with the User until the User complies with their obligations, by giving a duly substantiated notice to the User without undue delay if the non-performance of User’s obligations is fundamental; (e) The Data Holder may seek full damages from the User in the event that the User or a third party, uses the Data accessed under this Contract to develop a competing product in contravention of clause 6.1.1(a).

11 Limitations of liability

11.1 The liability of each Party to the other under or in connection with this Contract, whether arising from contract, tort (including negligence), breach of statutory duty or otherwise, shall be limited for any single event or series of connected events as follows:

11.2 there shall be no limit for liability arising from death or injury to persons caused by a Party’s negligence, or that of its employees, agents or sub-contractors;

11.3 for liability arising from fraud, including without limitation fraudulent misrepresentation, there shall be no limit;

11.4 for liability under Clause 6 there shall be no limit.

11.5 for any other Liability; (a) neither Party shall be liable for any special, indirect or consequential damages; (b) neither Party shall be liable for any loss of profit, loss of business, loss of revenue, loss of opportunity, whether direct or indirect; and (c) the aggregate liability for all claims arising from or connected with this Contract or any other contracts between the Parties in respect of the Data Act shall be limited to € 1000.

12 General Provision

12.1 Confidentiality 12.1.1 The following information will be considered confidential information: (a) information referring to the trade secrets, financial situation or any other aspect of the operations of the other party, unless the other Party has made this information public; (b) information referring to the User and any other protected third party, unless they have already made this information public; (c) information referring to the performance of this Contract and any disputes or other irregularities arising in the course of its performance; (d) the existence of this Contract and the identity of the Parties; 12.1.2 Both Parties agree to take all reasonable measures to store securely and keep in full confidence the information referred to in clause 11.1.1. and not to disclose or make such information available to any third party unless one of the Parties (a) is under a legal obligation to disclose or make available the relevant information; or (b) has to disclose or make the relevant information available in order to fulfil its obligations under this Contract, and the other Party or the third party providing the confidential information or affected by its disclosure can reasonably be considered to have accepted this; or (c) has obtained the prior written consent of the other Party or the party providing the confidential information or affected by its disclosure. 12.1.3 These confidentiality obligations remain applicable after the termination of the Contract for a period of two years. 12.1.4 These confidentiality obligations do not remove any more stringent obligations under (i) the Regulation (EU) 2016/679 (GDPR), (ii) the provisions implementing Directive 2002/58/EC or Directive (EU) 2016/943, or (iii) any other Union or Member State law (iv) (if applicable) clause 6 of this Contract.

12.2 Means of communication Any notification or other communication required by this Contract must follow the process set out on the EUDA Portal from time to time. Data Holder shall contact the User using the contact details provided for the User’s Samsung Account. User may contact Samsung using the [insert details of monitored mailbox]

12.3 Applicable law This Contract is governed by the law of the United Kingdom. If the User is a consumer, then the essential requirements of consumer law in their country of residence shall apply to the Contract.

12.4 Entire Contract, variation and severability 12.4.1 This Contract (together with its appendices, the access request ticket lodged on the Samsung EUDA and any other documents referred to in this Contract) constitutes the entire Contract between the Parties with respect to the subject matter of this Contract. 12.4.2 Data Holder may amend the terms applying to Data access requests and use of the Samsung EUDA Portal at is discretion, for instance in order to reflect changes in the law or to the technical processes used by Samsung to provide access to Data, or resolve gaps or loopholes in these terms. Data Holder will provide the User with reasonable notice of any changes to the terms, which shall be no less than four weeks, unless the change is required to comply with the law. Continued access to the Data after the end of the notice period constitutes acceptance of the Terms. User remains free to terminate the Contraxt. 12.4.3 If any provision of this Contract is found to be void, invalid, voidable or unenforceable for whatever reason, and if this provision is severable from the remaining terms of the contract, these remaining provisions shall be unaffected by this and will continue to be valid and enforceable. Any resulting gaps or ambiguities in this Contract shall be dealt with according to clause 11.5.

12.5 Interpretation 12.5.1 This Contract is concluded by the Parties against the background of the Parties’ rights and obligations under the Data Act. Any provision in this Contract must be interpreted so as to comply with the Data Act and other EU law or national legislation adopted in accordance with EU law as well as any applicable national law that is compatible with EU law and cannot be derogated from by agreement. 12.5.2 If any gap or ambiguity in this Contract cannot be resolved in the way referred to by clause 11.5.1, this Contract shall be interpreted in the light of the rules of interpretation provided for by the applicable law (see clause 11.3) and, in any case, according to the principle of good faith and fair dealing.

12.6 Dispute settlement 12.6.1 The Parties agree to use their best efforts to resolve disputes amicably and, before bringing a case before a court or tribunal, to submit their dispute to (insert name and contact details of a particular dispute settlement body; for disputes within their competences as defined in Article 10 (1) of the Data Act, it may be any dispute settlement body in a Member State that fulfils the conditions of Article 10 of the Data Act). 12.6.2 Submission of a dispute to a dispute settlement body in accordance with clause 13.6.1. does, however, not affect the user’s right to lodge a complaint with the national competent authority designated in accordance with Article 37 of the Data Act, or the right of any Party to seek an effective remedy before a court or tribunal in a Member State. 12.6.3 For any dispute that cannot be settled in accordance with clause 11.6.1, the courts of (specify state) will, to the extent legally possible, have exclusive jurisdiction to hear the case. 12.6.4 If the User is a consumer, then the courts of the country where they reside shall also have jurisdiction to hear the case.

Appendix 1: Details of the data covered by this Contract and of access arrangements

A. Specification of data points The Appendix should first sort and list the Product Data and Related Service Data covered by the Contract, with the indication of the content of the Data and of the collection frequency, so that the User is informed in a precise manner about the information contained in the Data (structured list of data points).

B. Duration of retention The appendix should then indicate the duration of retention, so that the User is informed about the duration of the availability of the Data. They may do so in a granular manner for each data points or group of data points.

C. Data classification The appendix could specify here whether all or part of the Data is particular data regulated by a specific regime. The appendix could e.g. indicate whether and what Data qualifies as personal data.

D. Data structure and format The appendix could specify here in what structured, commonly used and machine-readable format the Data is made available.

E. Access policy It may happen that the User transfers their rights to use the Product or to receive the Related Services to a Subsequent User or that multiple users share these rights. In such cases, the parties could specify here the access rights to the Data in case of transfer of use of the product or in case of multiple users. The appendix could in particular list - User’s Removable Data - the products or related services often allow the user to delete the Data generated in the course of their use. In the case of transfer, the user should delete such Data. Otherwise, such Data may be accessible to the subsequent user; - Always Removable Data - Data which the Data Holder should not make accessible to the subsequent user; - Residual Data - other Data than User’s Removable or Always Removable Data; such Data will not be removable and will not be subject to a confidentiality agreement (i.e. the Data will also be available to new Subsequent Users). Such Data may include the Data which needs to be accessible to the Subsequent User by operation of law or in practice (for example, related to the updates made in the connected vehicle

Appendix 2: Access Arrangements.

1.2 Transfer/Access Medium The appendix could indicate here via which secure-convenient electronic medium the Data can be made available by Data Holder to the User, either by transfer or access.

1.3 Means and information necessary for the exercise of the User’s access rights The appendix can specify here the means and information that are necessary for the exercise of the User’s access rights. It may include a contact person to solve technical issues, in the Data Holder’s side as well as in the User’s side.

< Prev: EUDA Service Terms of Use

< Next: EUDA Notice

List