Samsung SDS Marimba Privacy Policy

Updated : 2020. 06. 01

Samsung SDS Co., Ltd. doing business as marimba.team (also referred to as “Marimba”, “our”, “us”, “we” and "the Company") is committed to protecting users' personal information and also to complying with the Promotion of Information and Communication Network Utilization Act, and the Information Protection and the Personal Information Protection Act.

This Privacy Policy describes exactly how and why the Company collects and uses personal information from its users. It also outlines additional measures that are taken to protect their personal information. Through notices on individual changes, the Company will inform clients if there are any changes to its Privacy Policy. The Company's Privacy Policy contains the following sections:

1. What and how personal information is collected

2. Purpose(s) we collect and use personal information

3. Sharing and provision of collected personal information

4. Transfer to other countries of personal information collected

5. Retention period of personal information

6. Measures to ensure the security of personal information

7. User's or legal representative's rights and how to exercise them

8. Cookie

9. Manager in Charge of Personal Information Management

10. Duty to notify

CALIFORNIA CONSUMER PRIVACY STATEMENT – SUPPLEMENT


1. What and How Personal Information is collected

The Company collects and processes the following personal information related to service in a variety of ways

Information you provide directly.

l Personal identification information

l Feedback information

Information received indirectly from your use

l Log information

Information shared by other parties:

With consent from users, the Company receives information from other parties, including but not limited to Google Analytics, in order to provide better user experience for users. The information we receive includes but not limited to device category (i.e. mobile or desktop), browser information, operation system, location and language preferences, etc.

Publicly or Commercially Available or Shared Information

The Company sometimes gathers publicly or commercially available information, including information from social networks you use, and combines this with other information about you so that the Company can better understand your needs, interests, and preferences. The Company also sometimes gathers information about you when other people provide it using services, such as your name and contact information when others send a message to you or share files with you.

Third Party Analytics

Through certain services, the Company can collect personal information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services. The Company can use third-party analytics services on the services, such as those of Google Analytics. The service providers that administer these analytics services help the Company analyze your use of the services and improve the services. The information the Company obtains can be disclosed to or collected directly by these providers and other relevant third parties who use the information, for example, to evaluate use of the services, help administer the services and diagnose technical issues.

Your Options

You have the right to refuse to provide the Company with certain types of information. In particular cases, this can limit your ability to use services. The company will explain these limitations so you can make an informed decision.

* The Company will not collect “sensitive information”, such as racial or ethnic origin opinions, political opinions, religious or philosophical beliefs, trade-union membership, genetic and biometric data processed solely to identify a human being, a person’s sex life or sexual orientation.

* The Company will not collect personal information of under 16 years of age child.


2. Purpose(s) we collect and use personal information

The Company collects only minimum range of personal information according to the consent of customer and processes the personal information for the purpose of the collection.

The Company uses the collected personal information for the following purposes:

• To provide services or feature you request.

• To help you or your device register for services

• To provide customized content and personalized services based on your past activities

• To provide advertising, promotions, and offers that can interest you on the Company’s websites, third-party websites, and online platforms such as social media sites

• To provide promotions and offers by way of marketing communications, only where you have given us your separate consent

• For assessment and analysis of the Company’s market, customers, products, and services to help us better understand the Company’s customers

• To ask you for your opinions on products and services and to carry out customer surveys, with your separate consent if required

• To provide software updates, maintenance services, and support for your devices

• To conduct free prize draws, prize competitions, or promotions, as permitted by law

• To comply with the law and legal processes

If you are a staff, contractor, or administrator to the service, the Company uses the collected personal information for the following purposes;

• To register or authenticate the staff to the Company’s internal systems

• To operate Company’s internal systems

• To process customer’s order

• for the HR-related purpose

The Company uses and combines the information the Company collects about you from services, devices, or other sources to provide you with a better experience.

[For European Economic Area (EEA) Residents only]

The Company is the data controller of your personal information as described above.

If you give consent, you can always revoke by contacting us as specified in contact information below of this Privacy Policy.


3. Sharing and provision of collected personal information

In principle, the Company does not disclose any of the personal information collected, but we run our service on our own and 3rd party cloud infrastructure, which means your information will, together with other information, be stored on cloud solutions such as Amazon Web Services (AWS).

We may have shared your personal information with certain categories of vendors, including but not limited to, our affiliates and subsidiaries, with service providers who perform services for us as well as certain internet service providers and social networks.

We do not authorize our service providers to use or disclose the information except as necessary to perform services on our behalf or to comply with legal requirements. In addition, we may share your personal information with our business partners, such as wireless carriers, as well as third parties who operate apps and services that connect with our services.

We may share personal information we collect if you ask us to do so or otherwise with your consent. We also may disclose information about you in other circumstances, including (1) if we are required to do so by law or legal process, (2) to law enforcement authorities or other government officials, (3) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity, and (4) in the event we may or do sell or transfer all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution or liquidation).


4. Transfer to other countries of personal information collected

The Company is headquartered in Republic of South Korea (‘South Korea’), but runs servers in California, the United States of America (‘USA’). You hereby consent to us transferring your personal data to South Korea and the USA, regardless of which region you access our services from. Accordingly, we may transfer the personal information we collect about you to recipients in locations other than the location in which the information originally was collected. Those locations may not have the same data protection laws as the location in which you initially provided the information. When we transfer your personal information to recipients in other locations (such as the U.S.), we will protect that information as described in this Privacy Policy and will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in locations other than the one in which you provided the information.

[For European Economic Area (EEA) Residents Only]

In addition, your use of the services can also involve the transfer, storage, and processing of your personal information to other countries; such countries include, without limitation, countries in the European Economic Area, the United States of America, the Republic of Korea, China, Singapore, Vietnam, India, Canada, the Philippines, and Japan. The Company will take appropriate measures, in compliance with applicable law, to ensure that your personal information remains protected. Such measures include the use of Standard Contractual Clauses to safeguard the transfer of data outside of the EEA. To request more information or to obtain a copy of the contractual agreements in place, contact us. See the contact information section below.


5. Retention Period of Personal Information

The Company disposes of personal information as soon as it is no longer required to fulfill the original purposes of collecting and using the information, but will keep anonymized information for business analysis purpose.


6. Measures to Ensure the Security of Personal Information

The Company takes the following technical, administrative, and physical measures needed to ensure security:

(1) Establishment and Execution of Internal Management Plan

(2) Reducing and Training Personal for the Handling of Information

(3) Restrictions on Access to Personal Information

(4) Keeping Access Records and Preventing Tampering

(5) Technical Measures against Hackers

The Company takes physical and technical safeguards to keep the information we collect secure. However, please note that although the Company takes reasonable steps to protect your information, no website, Internet transmission, computer system, or wireless connection is completely secure


7. User's or Legal Representative's Rights and How to Exercise Them

The Company would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access - You have the right to request the Company for copies of your personal data.

The right to rectification - You have the right to request that the Company corrects any information you believe is inaccurate. You also have the right to request the Company to complete information you believe is incomplete.

The right to erasure - You have the right to request that the Company erase your personal data, under certain conditions

The right to restrict processing - - You have the right to request that the Company restricts the processing of your personal data, under certain conditions.

The right to object to processing - You have the right to object to the Company’s processing of your personal data, under certain conditions.

The right to data portability - You have the right to request that the Company transfers the data that we have collected to another organization, or directly to you, under certain conditions

All rights described above can be exercised by contacting us as specified in contact information below. Personal information that is cancelled, restricted or deleted, from the request of the user or their legal representative, will be handled and described as Retention Period of Personal Information.

Notice to California Residents

If you are a California consumer, for more information about your privacy rights, please see the section of this Privacy Policy called California Consumer Privacy Statement section below.


8. Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit the Company’s websites and Services, the Company can collect information from you automatically through cookies or similar technology.

There are a number of different types of cookies, however, the Company’s website uses

• Strictly necessary Cookie - the Company uses these cookies to maintain your session.

• Preferences Cookie - the Company uses these cookies to recognize you on the Company’s website / Services, and remember your previously selected preferences. These could include what language you prefer and location you are in.

• Statistics Cookie - the Company uses these cookies for statistic purpose.

• Marketing Cookie - the Company uses these cookies for marketing purpose.

You can set your browser not to accept cookies. However, in a few cases, part of the Company’s website and Services features cannot function as a result.


9. Manager in Charge of Personal Information Management

The Company appoints the following department or representative to protect personal information and handles complaints relating to personal information.

Users can file complaints related to privacy and security issues that can arise from their use of the Company's Services to the Chief Privacy Officer or the responsible department. The Company will promptly provide satisfactory answers to users' complaints. If you need to report any privacy infringement or need additional counseling, please contact the following:

Contact details for all EU Supervisory Authorities can be found here.


10. Duty to Notify

If the Company makes any additions, deletions, or changes to the present Privacy Policy, it will notify users on its website at least seven (7) days prior to such changes.


CALIFORNIA CONSUMER PRIVACY STATEMENT – SUPPLEMENT

Updated: 2020.06.01

This California Consumer Privacy Statement supplements the Privacy Policy for the U.S. It applies solely to California consumers and addresses personal information we collect online and offline. This Statement does not apply to Company personnel or job applicants.

This California Consumer Privacy Statement uses certain terms that have the meaning given to them in the California Consumer Privacy Act of 2018 and its implementing regulations (the “CCPA”).

Notice to California Residents

Notice of Collection and Use of Personal Information

We may collect the following categories of personal information about you:

Identifiers: identifiers such as a real name, alias, postal address, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number, unique pseudonym, or user alias; telephone number and other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, and other similar identifiers

Additional Data Subject to Cal. Civ. Code § 1798.80: signature, bank account number, credit card number, debit card number, and other financial information

Protected Classifications: characteristics of protected classifications under California or federal law, such as age and gender

Commercial Information: commercial information, including records of personal property, products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies

Online Activity: Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements

Geolocation Data: only collected through 3rd party and it will remain anonymous.

Sensory Information: audio, electronic, visual, and similar information

Inferences: inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

We may use the categories of personal information listed above for the following purposes:

• performing services, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing advertising or marketing services, providing analytics services, or providing similar services;

• auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;

• short-term, transient use, including, but not limited to, the contextual customization of ads shown as part of the same interaction;

• detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity;

• debugging to identify and repair errors that impair existing intended functionality;

• undertaking internal research for technological development and demonstration; and

• undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by us.

Sources of Personal Information

We may obtain personal information about you from various sources, including:

• from you or your devices, for example, through your use of the Services;

• our affiliates and subsidiaries;

• vendors who provide services on our behalf;

• social media networks; and

• online advertising companies.

Sharing of Personal Information

We may have shared your personal information with certain categories of vendors, including:

• our affiliates and subsidiaries;

• vendors who provide services on our behalf;

• professional services organizations, such as auditors and law firms;

• our joint marketing partners;

• our business partners;

• advertising networks;

• internet service providers;

• data analytics providers;

• government entities;

• operating systems and platforms;

• social networks; and

• consumer data resellers.

No sale of personal information.

In the twelve months prior to the effective date of this Disclosure, the Company has not sold any personal information of consumers, as those terms are defined under the California Consumer Privacy Act.)

Disclosure of Personal Information for a Business Purpose

We may have disclosed to third parties the following categories of personal information for a business purpose:

• Identifiers such as a real name, postal address, telephone number, unique personal identifier (such as a device identifier; cookies, beacons, pixel tags, mobile ad identifiers and similar technology; customer number; other forms of persistent or probabilistic identifiers), online identifier, internet protocol address, email address, account name, and other similar identifiers

• Signature, bank account number, credit card number, debit card number and other financial information

• Characteristics of protected classifications under California or federal law, such as age and sex

• Commercial information, including records of products or services purchased, obtained, or considered, and other purchasing or consuming histories or tendencies

• Internet and other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding your interaction with websites, applications or advertisements

• Geolocation Data

• Audio, electronic, visual and similar information

• Inferences drawn from any of the information identified above to create a profile about you reflecting your preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities and aptitudes.

California Consumer Privacy Rights

You have certain choices regarding our use and disclosure of your personal information, as described below.

Access: You may have the right to request, twice in a 12-month period, that we disclose to you the personal information we have collected, used, disclosed and sold about you during the past 12 months.

Deletion: You have the right to request that we delete certain personal information we have collected from you.

Opt-Out of Sale: You have the right to opt-out of the sale of your personal information.

Shine the Light Request: You also may have the right to request that we provide you with (1) a list of certain categories of personal information we have disclosed to third parties for their direct marketing purposes during the immediately preceding calendar year and (2) the identity of those third parties.

How to Submit a Request: To submit an access or deletion request, please send an email to legal@marimba.team. To submit a Shine the Light request, email us at legal@marimba.team. To opt-out of the sale of your personal information you can also send an email to legal@marimba.team. A consumer with a disability may be able to use a screen reader or other text-to-speech or text-to-Braille tool to review the contents.

Verifying Requests: To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us through means as specified above.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.

• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We endeavor to respond to a verifiable consumer request within 45 days of its receipt (15 days for no sale request). If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to the registered email associated with the account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Additional Information: If you choose to exercise any of your rights under the CCPA, you have the right to not receive discriminatory treatment by us. To the extent permitted by applicable law, we may charge a reasonable fee to comply with your request. This Statement is available in alternative formats upon request.

개인정보처리방침