PRIVACY POLICY (For SmartThings Services)

This Privacy Policy merely applies to SmartThings services of SAMSUNG Electronics.
The Privacy Policy was updated on 2024/3/12.
If you have any questions, opinions or advice, please contact us through following methods:

• Web page : the Contact Us section of https://www.samsung.com/

The Privacy Policy will help you understand the following information:

• Rules for the collection and use of Personal information for business function;


• How we protect your personal information


• Your rights


• How we process personal information of children


• How your personal information will be transferred globally


• How the Privacy Policy will be updated


• How to contact us

SAMSUNG Electronics is fully aware of the fact that personal information is important to you, and will do its utmost to ensure the security and reliability of your personal information. We are committed to maintaining your trust in us and observing the following principles when protecting your personal information: consistency between rights and liabilities, clear purposes, solicitation of consent, minimum necessary amount, guarantee of security, involvement of personal information subjects, and openness and transparency. Meanwhile, SAMSUNG Electronics warrants that we will put in place necessary safeguards according to well-developed security standards for the industry to protect your personal information.
Please read carefully and understand the Privacy Policy before using our products (or services).


Rules for the collection and use of Personal information for business function

1. Collection and use of personal information for basic business functions
The basic business function of the services (or products) we provide would not require any personal information to run.

2. Collection and use of personal information for extended business function
If you choose to use extended business functions, we will ask the following information.

Extended business function - Connect and control device

• Collection and use of general personal information

Subject data	Purpose	Processing method	Retention period
Account information: Samsung Account ID, GUID, User name	to identify and authenticate you to respond to your requests and questions, and to communicate with you about SmartThings	Transmission over the network at the time of service use. Using industry standard strong encryption. Data processing strictly follows this Privacy Policy to make sure your personal information safe	Disposal data immediately after user choose to 'SmartThings Settings > Leave SmartThings' or request to delete
App usage information: App logs, Group, Rule, Location name, Configuration information	to provide services or features you request in the SmartThings app to provide you with SmartThings and other integrated products and services
Home IoT Device Information: Usage information related to Home IoT device, Sensor event, configuration data, IP address, Device identifier (including Mac address, Serial number), malfunction logs, Mobile country code, Mobile network operator OS version, Network information (including Model name, SSID, Password)	to provide services or features you request in the SmartThings app to enable you to control your Home IoT Devices in the SmartThings app to provide a remote management service for errors or malfunctions associated with the Samsung home appliances connected to SmartThings Operate, evaluate and improve our business ( including the development of new products and services; enhance and improve products, services and SmartThings ; manage communications; analyze our products and services, customer base and SmartThings ; aggregate and hide data And perform data analysis; perform accounting, auditing and other internal functions )
Life service information: SmartThings Clothing Care Information: If you use SmartThings Clothing Care, we will collect information about your use of SmartThings Clothing Care, including the type of clothing you are interested in and your recipe for clothing management such as display memo, course and option information. The specific information collected includes: Device type/Connected device name that users set./Whether to support the Clothing Care function/Cycle name and Id/Cycle options and time/Device Status and usage information/Installation time/Custom cycles – Lifestyle/Custom cycles - cycle information/My greeting message/Laundry supplies - usage information
Images video clips to share with SmartThings users or devices	To provide feature with your Samsung Account to connected third-party devices, apps, features or services

• Collection and use of sensitive personal information

Subject data	Purpose	Processing method	Retention period
Home Room Information（including image, address, floor plan, placements of doors, windows and devices, and the layout for rooms)	Provide SmartThings map view functionality and services to users based on information related to the created map provided by the user	Transmission over the network at the time of service use. Using industry standard strong encryption. Data processing strictly follows this Privacy Policy to make sure your personal information safe	Disposal data immediately after user choose to 'SmartThings Settings > Leave SmartThings' or request to delete

This information is not required for the operation of this service, but it is very important for the operation of extended business function. If you refuse to accept, such extended functions will be inaccessible, but your use of the basic business functions of this product (or service) will not be affected.
If you wish to withdraw your consent to the collection and use of personal information in the course of using the product (or) service, please visit the settings menu by SmartThings Settings > Personal Data > Leave SmartThings.

3. App permissions associated with your personal information:

Optional permission
You can choose whether to grant the following additional App permissions associated with your personal information:

• Optional permissions:

[Permission #01] Location
[Purpose] Used to scan for nearby devices using Wi-Fi
[Permission #02] Nearby devices
[Purpose] Used to scan for nearby devices using Bluetooth Low Energy (BLE)
[Permission #03] Notifications
[Purpose] Used to provide notifications about SmartThings devices and features
[Permission #04] Camera
[Purpose] Used to scan QR codes so you can easily add members and devices to SmartThings, and to set the image of Location and Room wallpaper, and to attach the media content to report the malfunction
[Permission #05] Microphone
[Purpose] Used to add certain devices to SmartThings using high-frequency sounds
[Permission #06] Photos and videos
[Purpose] Used to play photos and videos on SmartThings devices
[Permission #07] Music and audio
[Purpose] Used to play sound and video on SmartThings device

If you refuse to grant, some of the extended functions will be inaccessible, but your use of the basic business functions of this service will not be affected.

4. How we entrust the handling, sharing, transfer or making available your personal information

（1）Entrusted processing
Some specific modules or functions in this service are provided by external vendors. For example, we carefully select service providers that provide services for or on behalf of us, such as companies that help us with repairs, customer contact centers, customer care activities, advertising (including customized advertising on our websites, third-party websites, or online platforms), conducting customer satisfaction surveys, or billing, or that send emails on our behalf. These providers are also committed to protecting your information.
For companies, organizations and individuals whom we entrust to handle personal information, we will sign strict confidentiality agreements with them, requesting them to process personal information by taking relevant confidentiality and security measures in accordance with our instructions and the Policy.

（2）Sharing and transferring
We will share and transfer the following personal information to some recipients. Please give careful consideration to the recipients’ data security capabilities and its Privacy Policy.



Subject data	Recipient’s identity	Recipient’s Contact info.	Recipient’s processing method	Purpose	Recipient’s Privacy Policy (Link)
Device identifier, Token (used for account linking), SmartApp ID, device status, device info, installAppId.	Beijing Jingdong Century Trade Co., Ltd	Room A402, 4th floor, building 2, yard 18, Kechuang 11th Street, Beijing Economic and Technological Development Zone, Beijing email: privacy@jd.com	1. Follow oauth2 0 protocol for account reverse authorization, and the server obtains the openid and token issued by Samsung side to associate with JD account. Do not acquire or store other user information of Samsung. 2. In the data process, in order to ensure the integrity of the message and prevent the message from being modified by a third party on the way. Add the signature parameter to the interaction parameter as the information summary value. Both parties use the same rules to generate the signature value. After receiving the request, the server compares whether the signature value is correct. If it is correct, the request will be processed, otherwise it will be regarded as an illegal request.	Service provision to JD Home	Link


The entities listed above are subject to change. If the entities are changed, or the personal information not described in this Privacy Policy is provided or shared, such information can be disclosed only once separate consent is obtained for this purpose.
We may also share or transfer your personal information for the following purpose:
a) Disclosure is required under law, or law enforcement agencies demand disclosure in accordance with the procedures and methods prescribed by law for investigation purposes;
b) Disclosure is necessary for the settlement of fees in order to provide a paid service;
c) For the purpose of conducting statistics, academic, or market research, certain information is provided after being de-identified so that the individual to whom the data relates cannot be identified; or
d) Transferring in a merger, acquisition or bankruptcy liquidation required the new company or organization that will hold your personal information to continue to observe the Privacy Policy; and users grant their prior consent.

(3）Public Disclosure
We will publicly disclose your personal information only under the following circumstances:
a) After obtaining your explicit consent;
b) Disclosure under the law: we may publicly disclose your personal information as required by laws, under legal procedures, in lawsuits or upon compulsory requirements of competent authorities under the government.

5. How Long Do We Keep Your Information

We won’t keep your personal information for longer than is necessary for the purpose for which it was collected. This means that information will be destroyed or erased from our systems when it’s no longer required.
We take appropriate steps to ensure that we process and retain information about you based on the following logic:
（1）At least the duration for which the information is used to provide you with a service
（2）As required under law, a contract, or with regard to our statutory obligations
（3）Only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.
Please see “Collection and use of personal information for extended business function” for the specific retention period of each personal information.

How We Protect Your Personal Information

1. We have put in place safeguards that meet the industry standards to protect your personal information, to prevent data from being accessed without authority, publicly disclosed, used, modified, damaged or lost. We will take all reasonable and feasible measures to protect your personal information.


2. We will take all reasonable and feasible measures to ensure that we have not collected irrelevant personal information. We will only retain your personal information for a limited period necessary for realizing the purposes specified in the Privacy Policy, unless it needs to extend the retention period or it is protected under the law.


3. We will regularly update and publish security risks and relevant contents of reports on safety impact assessment for personal information.


4. As the internet environment is not one hundred percent safe, we will do our utmost to ensure or guarantee the security of any information you send to us. If damage to our physical, technical or management safeguards results in your information being accessed, publicly disclosed, falsified or damaged without authority, which causes damage to your legal rights and interests, we will bear the legal liability.


5. In the case of any unfortunate incident in respect of personal information security, we will, in accordance with requirements set out in laws and regulations, inform you promptly of the particulars, including basic information about the security incident and the likely impact, what measures we have taken or will take to respond to this incident, suggestions on what measures you may take yourself to guard against and lower risks, remedial actions we offer to you, etc. We will brief you on the progress of the incident by email, correspondence, or phone or by sending notifications, and we will release announcements for this purpose in a reasonable and effective manner even when it is difficult to notify personal information subjects one by one.
   Meanwhile, we will voluntarily report how the personal information security incident is handled, as required by the regulator.

Your Rights
You can choose not to provide us with certain types of information, such as information requested as part of registering a Samsung account. In some cases, this may limit your ability to use some Services. We’ll do our best to explain these limitations when we’re asking for your information so you can make an informed decision. We guarantee that you can exercise the following rights over your own personal information, according to applicable Chinese laws, regulations and standards, and common practices in other countries and regions.

1. Accessing Your Own Personal Information

You have the right to access your own personal information, unless there are exceptions in laws and regulations. When you would like to exercise your right to access data, you may access the information by the following ways: See the How to Contact Us section. We will respond to your access request within 15 working days.
We are glad to provide you with other personal information generated when you are using our products or services, as long as the provision of such personal information does not require too much additional effort. If you want to exercise your right to access data, please contact us by the following ways: See the How to Contact Us section.

2. Updating Your Personal Information

If you find that your personal information we process is wrong, you have the right to request us to update the information. You may file an application for this purpose by any means listed in "1. Accessing Your Personal Information". We will respond to your update request within 15 working days.

3. Deleting Your Personal Information

Under any of the following circumstances, you may raise a request for deletion of your personal information:

a) When our processing of personal information violates laws or regulations;
b) When we collect or use your personal information without your consent;
c) When our processing of personal information violates our agreement with you;
d) When you no longer use our products or services, or cancel your user account; or
e) When we no longer provide you with any products or services.

If we agree with your request to delete information, we will also notify entities that obtain your personal information from us to require them to delete the information concerned in a timely manner, unless otherwise stipulated by laws and regulations or such entity has obtained your separate authority.
Once your information has been removed from our services, we may not immediately delete the corresponding information from the backup system, but will delete the information when the backup is updated.

4. Changing the Scope of Your Authority

Each service cannot be realized without some basic personal information. In terms of the collection and use of additionally collected personal information, you may grant or withdraw your authority and consent at any time.
You may perform the following operations for this purpose: SmartThings Settings > Personal Data > Leave SmartThings After you have withdrawn your consent, we will not process the corresponding personal information any more. But your decision to withdraw your consent does not affect the previous processing of personal information based on your authority. If you do not want to receive the commercials we send to you, you may unsubscribe by the following means: SmartThings Settings > Notifications > Off.

5. Canceling User Accounts by Personal Information Subjects

You may cancel at any time the account you registered for by performing the following operations: Mobile General Settings > Accounts and backup > Accounts > Choose Samsung Account > Personal Info > More menu > Delete account.
After your account has been canceled, we will cease providing you with products or services, and delete your personal information upon your request, unless otherwise stipulated by laws and regulations.

6. Obtaining Copies of Personal Information by Personal Information Subjects

You have the right to obtain copies of your personal information by performing the following operations: See the How to Contact Us section.
We may also directly transmit copies of your personal information to your designated third party upon your request, as long as the technologies permit, such as the compatibility between data interfaces.

7. Limits on the Automatic Decision-making of the Information System

For some services, our decisions may only rely on automatic decision-making mechanisms, such as information systems and algorithms. If these decisions have a significant impact on your legal rights and interests, you have the right to request us to provide explanations, and we will also offer proper remedial measures.

8. Responding to Your Requests

For the sake of security, you may be required to file written requests or prove your identification in other ways.
We will reply within 15 working days. If you are dissatisfied with our reply, you may make a complaint by the following means: See the How to Contact Us section.
We will not charge any fees for your reasonable requests. However, if your requests are lodged repeatedly or beyond a reasonable extent, we will charge fees of a proper amount depending on the cost. We may refuse your requests if they are repeated without reason, need to be replied through too many technical methods (for example, a new system needs to be developed or the existing common practices need to be fundamentally reformed), pose risks to others' legal rights or interests, or are fairly unrealistic (for example, they involve information stored on backup tapes).
Under any of the following circumstances, we will not respond to your requests:

a) Where requests are in relation to the performance by the personal information controller of obligations specified in laws and regulations;
b) Where requests are in direct relation to the State security or national defense security;
c) Where requests are in direct relation to the public security, public sanitation, or major public benefits;
d) Where requests are in direct relation to criminal investigations, prosecutions, court trials, execution of rulings, etc.;
e) Where the personal information controller has sufficient evidence that the personal information subject is subjectively malicious or abusing your rights;
f) where requests are for the sake of safeguarding significant legal rights and interests, such as the life and property, of personal information subjects or other individuals, but it is difficult to obtain their consent;
g) Where responses to the requests of the personal information subject will give rise to serious damage to the legal rights and interests of the personal information subject or any other individual or organization; or
h) Where requests involve trade secrets.

How We Deal with Children's Personal Information
Our products, website and services are designed mainly for adults. No child is allowed to create a personal information subject account by himself or herself, without the consent of his or her parent or guardian.
Where the personal information of a child is collected with the consent of his or her parent, we will use or publicly disclose such information only when it is permitted under the law, the child's parent or guardian grants explicit consent or it is necessary to do so to protect the child.
We regard any minor who is under the age of 18 a child, no matter whether the child is defined differently under local laws and by local customs.
If we find that we have collected the personal information of a child without prior and provable consent from the child's parent, we will do our best to delete the relevant information as soon as possible.


How Your Personal Information Will Be Transferred Globally
In principle, the information we collect and generate within the territory of the People's Republic of China will be stored within the territory of the People's Republic of China.
The fact that we provide our products or services through our worldwide resources and servers means that your personal information for extended business function - Connect and control device will be transferred to other overseas jurisdictions outside the territory of the country where you use our products or services or region, or be accessed by these overseas jurisdictions, when we have obtained your authority and consent.
We transfer personal information, sensitive personal information, or biometric personal information to third countries or international organizations, as indicated in the table below. Please give careful consideration to the recipient’s data security capabilities and its Privacy Policy.

• For extended business functions

Subject data	Recipient’s identity / Country / Contact info.	Recipient’s processing method	Purpose	Recipient’s Privacy Policy (Link)
Account information: Samsung Account ID, GUID, User name	Samsung Electronics Co., Ltd /Korea https://www.samsung.com/sec/smartthings/do-the-smartthings/	Secure connection to the servers where the data is stored. Using industry standard strong encryption.	Service provision and to maintain the quality of the platform.	Strictly following this privacy policy. Samsung Account: https://account.samsung.cn/membership/policy/privacy?paramLocale=ko_KR SmartThings: https://eula.samsungiotcloud.com/legal/kr/ko/pps.html
Home IoT Device Information: Device identifier(UUID)

There may exist different data protection laws in these overseas jurisdictions, or even there may not be applicable laws there. In such case, we will ensure that your personal information is fully protected in the same way as it is within the territory of the People's Republic of China. For example, we will seek your consent to the transfer of your personal information across borders, put in place safeguards, such as data de-identification, prior to the cross-border transfer of data, or make a data transfer contract with recipients.
We will take appropriate measures, in compliance with applicable law, to ensure that your personal information remains protected. To request more information or to obtain a copy of the contractual agreements in place, contact us: See the How to Contact Us section.


How the Privacy Policy will be updated
Our Privacy Policy may be changed.
We will not reduce your rights due under the Privacy Policy, without your explicit consent. We will publish any change to the Privacy Policy on this webpage.
In the case of major changes, we will release more prominent notices (including the mail messages we send to you to inform you of what specific changes are introduced to the Privacy Policy, under some services).
For the purpose of the Privacy Policy, major changes include but are not limited to:

1. Significant changes to our service mode, such as the purposes of processing personal information, categories of personal information to be processed, the ways to use personal information, etc.;


2. Drastic changes to the ownership structure, organizational structure, etc., such as changes to the owners as a result of business adjustments, bankruptcy, mergers and acquisitions;


3. Changes to the subjects we share with, transfer to or publicly disclose personal information;


4. Significant changes to your rights in respect of your participation in personal information processing and to the ways in which you can exercise such rights;


5. Changes to our department responsible for the security of personal information, contact information of such department, or complaint channels; and


6. Changes made due to high risks revealed in the security impact assessment report for personal information.

We will make the former versions of the Privacy Policy available to you for your reference.


How to Contact Us
If you have any concerns, opinions or advices on the Privacy Policy, you may have contact us through the Contact Us section of https://www.samsung.com/ as the easiest way.
Data Controller
Samsung Electronics Co., Ltd.
129, Samsung-ro, Yeongtong-gu,Suwon-si, Gyeonggi-do 16677, Republic of Korea
Generally, we will reply within 15 working days.

If you are dissatisfied with our reply, in particular when our processing of personal information has damaged your legal rights and interests, you may seek remedies by filing a lawsuit in a competent court where the defendant is located.

Version: 1.8.0
Last Version