Samsung Healthcare Overview | Samsung Healthcare Global

Privacy Policy

Last updated: 2020.10.19

Samsung Electronics and Samsung Medison (together, “Samsung”, “we”, “us” and “our”) know how important privacy is to our customers and our employees and partners, and we strive to be clear about how we collect, use, disclose, transfer and store your information.

Background

This Privacy Policy provides an overview of how we use your personal information collected through www.samsunghealthcare.com (the “Website”) with commercial customers (the "Business Services"). If you have any questions, please contact us using one of the methods set out in the Contact Us section below.

The Website is designed to provide you with features relating to Samsung’s healthcare business, including general product and feature information, event information, purchase and service requests, and membership programs.

We may change this Privacy Policy from time to time and will indicate above when it was most recently updated. If we make material changes to the Privacy Policy, we will let you know in advance, such as by placing a notice on the Website or by emailing you, where appropriate. We encourage you to review the content of this Privacy Policy periodically.

This Privacy Policy explains:

who is the data controller
what information we collect
how we use your information
on what basis we use your information
to whom we disclose your information
how we keep your information secure
where we send your information
your rights regarding your information
how long we keep your information
how we use cookies
how to contact us

Who is the data controller?: Samsung Electronics Co., Ltd and Samsung Medison act as joint controllers of your personal information. This means that both Samsung Electronics Co., Ltd and Samsung Medison determine how and why your personal information is processed. For contact details, please refer to Contact Us below.

What information do we collect?

We collect various types of personal information in connection with the Business Services.

For example:

We will collect personal information that you provide to us, such as your name, ID, e-mail address and contact details, job title and position, company information such as its name and address, language, country, product and registration details, and any communications you send or deliver to us.
We will collect data about your use of the Business Services, including the time and duration of your use, information stored in cookies that we have set on your device, and information about your device settings.
We will collect information about the products and services you or your employer have bought or received and payment data and other information provided in connection with a transaction.
We may receive personal information about you from your employer or service provider, or from publicly and commercially available sources (as permitted by law), which we may combine with other information we receive from or about you (as permitted by law, or otherwise with your separate consent).

Through the Business Services, we collect personal information about your online activities on websites and connected devices over time and across third-party websites, devices, apps and other online features and services. We may use third-party analytics services on the Business Services, such as those of Google Analytics. The service providers that administer these analytics services help us to analyze your use of the Business Services and improve the Business Services. The information we obtain may be disclosed to or collected directly by these providers and other relevant third parties who use the information, for example, to evaluate use of the Business Services, help administer the Business Services and diagnose technical issues. To learn more about Google Analytics, please visit http://www.google.com/analytics/learn/privacy.html and https://www.google.com/policies/privacy/partners/.

How do we use your information?

We may use your personal information for the following purposes:

to provide products and services that you (or your employer) requested and to register or authenticate you or your device
to respond to your questions or requests for information
subject to your separate consent where required by applicable law, to inform you about new products and services
for assessment and analysis of our market, customers, products, and services (including asking you for your opinions on our products and services and carrying out customer surveys)
to understand the way you use the Business Services so that we can improve them and develop new products and services
to provide maintenance services and to maintain a sufficient level of security on the Business Services
to protect the rights, property, or safety of Samsung, or any of our respective affiliates, business partners, employees or customers, for example, in legal proceedings, internal investigations and investigations by competent authorities
otherwise with your separate consent where required by applicable law or as described to at the time your information is collected.

On what basis do we use your personal information?

We use your personal information for the following reasons:

To perform a contract with you: So that we can keep our promises to you, such as providing you with the Business Services.
For legitimate business purposes: We may use your personal information to promote our business interests (for example, to manage our relationship with you), to make our communications with you more relevant, and to make your experience of the Business Services more enjoyable, effective and efficient.
To comply with our legal obligations and other demands for information: Samsung’s legal obligations affect the way in which we run our business and help to make the Business Services as safe as we can. We may use your personal information to comply with applicable laws, regulations and guidance.
You have given your consent: Sometimes we may need to obtain your consent to enable us to use your personal information for one or more of the purposes set out above. See What are your rights section below for information about your rights when we process your information on the basis of your consent.

To whom do we disclose your information?

We will disclose your information internally within Samsung’s business, but only to those who need it to further provide the Business Services or to help with your requests.

We may also disclose your information to the following entities:

Service Providers: Carefully selected companies that provide services for or on behalf of us. These providers are also committed to protecting your information.
Other parties when required by law or as necessary to protect our business: For example, it may be necessary by law, legal process, or court order from regulators, governments and law enforcement authorities to disclose your information.
Other parties in connection with corporate transactions: We may disclose your information to a third party as part of a reorganization, merger or transfer, acquisition or sale, or in the event of a bankruptcy.
Other parties with your consent or at your direction: In addition to the disclosures described in this Privacy Policy, we may share information about you with third parties when you separately consent to or request to such disclosures.

How do we keep your information secure?: We take data protection seriously. We have put in place physical and technical safeguards to keep the information we collect secure. Though we take reasonable steps to protect your information, the transmission of information to us may not be completely secure and any transmission is at your own risk.

Where do we send your information?: Your use or participation in the Business Services may involve transfer, storage and processing of your information outside of your country of residence, consistent with this Privacy Policy. Such country includes, without limitation, the Republic of Korea. Please note that the data protection and other laws of countries to which your information may be transferred might not be as comprehensive as those in your country. We will take appropriate measures, in compliance with applicable law, to ensure that your personal information remains protected. Such measures include the use of EU Standard Contractual Clauses to safeguard the transfer of data outside of the European Economic Area (“EEA”). For more information on the safeguards we take to ensure the lawful transfer of your data to countries outside of the EEA, or to obtain a copy of the contractual agreements in place, please contact us by the methods outlined in the Contact Us section of this Privacy Policy.

What are your rights?: Your personal information belongs to you. You can ask us to provide details about what we’ve collected, and you can ask us to delete it or correct any inaccuracies. You can also ask us to restrict or limit processing, sharing, or transfer of your personal information, as well as to provide to you your personal information that we’ve collected so you can use it for your own purposes. To exercise your rights, please contact us by the methods outlined in the Contact Us section of this Privacy Policy.; However, requesting the deletion of your personal information may also result in a loss of access to the Business Services.; If you request deletion of personal information, you acknowledge that you may not be able to access or use the Business Services and that residual personal information may continue to reside in Samsung's records and archives for some time in compliance with applicable law, but Samsung will not use that information for commercial purposes. You understand that, despite your request for deletion, Samsung reserves the right to keep your personal information, or a relevant part of it, in line with our data retention policy and applicable laws, if Samsung has suspended, limited, or terminated your access to the website for violating the Samsung Terms of Use or any other applicable Samsung policy or applicable law, when necessary to protect the rights, property, or safety of Samsung, or any of our respective affiliates, business partners, employees or customers.

How long do we keep your information?

We will keep your personal information for as long as we need to for the purposes for which it was collected (in accordance with this Privacy Policy), and in order to comply with our legal and regulatory requirements. This may mean that some information is held for longer than other information.

We take appropriate steps to ensure that we process and retain information about you based on the following logic:

1. At least the duration for which the information is used to provide you with a service
2. As required under law, a contract, or with regard to our statutory obligations
3. Only for as long as is necessary for the purpose for which it was collected, is processed, or longer if required under any contract, by applicable law, or for statistical purposes, subject to appropriate safeguards.

What third-party services do we use?: Our Business Services may link to third-party websites and services that are outside our control. We are not responsible for the security or privacy of any information collected by websites or other services. You should exercise caution, and review the privacy statements applicable to the third-party websites and services you use.

Cookies

Our Website uses cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and allows us to improve our Website and Services.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.

We use the following cookies:

Essential cookies. These cookies are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests.
Social cookies. These cookies help connect with your social channels to share Samsung Healthcare news with whom you may know for example on LinkedIn, Facebook and Twitter.


Cookie Title	Purpose	Location	More Information
cm_perferences (_cm_preferen_FR/IT/DE)	Essential cookies	All	Cookie settings
key	Essential cookies	IT	user verification cookie
user_id	Essential cookies	All	user verification cookie
JSESSIONID	Essential cookies	All	login server cookie
LOCAL_JSESSIONID	Essential cookies	FR/IT/DE	login server cookie
AWSALBCORS	Essential cookies	All	AWS-related cookie
AWSALB	Essential cookies	All	AWS-related cookie
Ecookie (ncookie)	Functionality cookies	All	destination banner cookie
_ga	Analytical or performance cookie	All	Google Analytics-related cookie
_gid	Analytical or performance cookie	All	Google Analytics-related cookie
showCookiesEn (FR/IT/DE)	Functionality cookies	All	sign-up membership banner cookie
countCookieEn (FR/IT/DE)	Targeting cookies	All	sign-up membership banner cookie
_fbp	Targeting cookies/Social cookies	All	Facebook-related cookie
idprivacy	Functionality cookies	FR	N/A
idsession	Functionality cookies	FR/IT/DE	N/A
seenRecently	Targeting cookies/Social cookies	DE	Ensight-related cookie

We do not share the information collected by the cookies with any third parties.

You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website.

All cookies will expire after 30 days.

Please note that the following third parties may also use cookies, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third party cookies are likely to be analytical cookies or performance cookies or targeting cookies:

Google : https://policies.google.com/technologies/cookies?hl=en-US
LinkedIn : https://www.linkedin.com/legal/cookie-policy
Facebook : https://www.facebook.com/policy/cookies/
AWS : https://aws.amazon.com/privacy/

To deactivate the use of third party advertising cookies, you may visit the consumer page to manage the use of these types of cookies.

Your Choices

We offer you certain choices in connection with the personal information we obtain about you.

We may offer you certain choices related to the collection, deletion and sharing of certain information related to the Business Services. If you decline to allow us to collect, store or share certain information, you may not be able to use all of the features available through the Business Services.

To exercise your choices, please contact us as indicated in the Contact Us section of this Privacy Policy.

Contact Us

You can contact us to update your preferences, correct your information, submit a request, or ask us questions.

You can contact us either at:

Data Controller
Samsung Electronics Co., Ltd.
129, Samsung-ro, Yeongtong-gu,
Suwon-si, Gyeonggi-do 16677, Republic of Korea

Samsung Medison
East Central Tower, 1077, Cheonho-daero,
Gangdong-gu, Seoul, Republic of Korea

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region.

The easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

You can lodge a complaint with the relevant supervisory authority if you consider that our processing of your personal information infringes applicable law. Contact details for all EU supervisory authorities can be found at https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

Samsung Cookie Policy

This Cookie Policy provides an overview of how we use your cookies collected through www.samsunghealthcare.com (the “Website”) with commercial customers (the "Business Services"). It also describes the different types of cookies that may be used in connection with the website owned or controlled by Samsung Electronics and Samsung Medison and how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

You may exercise your privacy rights as set out in the Privacy Policy. For more information on privacy, please refer to our privacy policy.

Cookies

We use the following cookies:

Essential cookies. These cookies are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.

Analytical or performance cookies. These allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website and the advertising displayed on it more relevant to your interests.
Social cookies. These cookies help connect with your social channels to share Samsung Healthcare news with whom you may know for example on LinkedIn, Facebook and Twitter.

Cookie type table
Cookie Title	Purpose	Location	More Information
key	Strictly necessary cookies	IT	user verification cookie
ser_id	Strictly necessary cookies	All	user verification cookie
JSESSIONID	Strictly necessary cookies	All	login server cookie
LOCAL_JSESSIONID	Strictly necessary cookies	FR/IT/DE	login server cookie
AWSALBCORS	Strictly necessary cookies	All	AWS-related cookie
AWSALB	Strictly necessary cookies	All	AWS-related cookie
Ecookie	Functionality cookies	All	destination banner cookie
_ga	Analytical or performance cookie	All	Google Analytics-related cookie
_ga_gid	Analytical or performance cookie	All	Google Analytics-related cookie
showCookiesEn	Functionality cookies	All	sign-up membership banner cookie
countCookieEn	Targeting cookies	All	sign-up membership banner cookie
_fbp	Targeting cookies/Social cookies	All	Facebook-related cookies
idprivacy	Functionality cookies	FR	N/A
idsession	Functionality cookies	FR/IT/DE	N/A
seenRecently	Functionality cookies	DE	N/A

We do not share the information collected by the cookies with any third parties.

All cookies will expire after 30 days.

To deactivate the use of third party advertising cookies, you may visit the consumer page to manage the use of these types of cookies [consent management solution]

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org .

Please be aware that rejecting cookies may affect your ability to perform certain transactions on the website, and our ability to recognize your browser from one visit to the next.

Company	Domain
Samsung	Samsunghealthcare.com

Company	Domain
Google	Google.com, Google.co.kr select

Company	Domain
Samsung	Samsunghealthcare.com select

Company	Domain
Samsung	Samsunghealthcare.com select

Company	Domain
Facebook	Facebook.com select
Linkedin	Linkedin.com select

본문 바로가기

Notice

Learn about our company - from our global networks to our latest news in the healthcare industry.

Notice

NOTICE
2025.09.01

EUDA Data Sharing Terms

1. Parties, Requesting User and subject matter

1.1 Parties to the Contract This contract on the access to and use of data (‘the Contract) is made between

Samsung Electronics Co., Ltd., a corporation existing under the laws of the Republic of Korea, with its principal place of business located at 129, Samsung-ro, Yeongtong-gu, Suwon-si, Gyeonggi-do, 16677, Korea (‘Data Holder’)

and (insert name, contact details and further references) (‘Data Recipient’) referred to below collectively as ‘the Parties’ and individually as ‘the Party’. referred to in this document collectively as ‘the Parties’ and individually as ‘the Party’.

1.2 Requesting User, Product and Related Service(s) 1.2.1 This Contract is based on the joint assumption of the Parties that the Data Holder is obliged under Article 5 of the Data Act to make data available to the Data Recipient when requested to do so by or on behalf of (such individual end users of Data Holder connected products and related services as authorize Data Holder to share data with Recipient) (each a ‘Requesting User’) and that the Requesting User is a user (within the meaning of Article 2 (12) the Data Act) of at least one of the Products and Related Services specified in Appendix 1.

2. Fundamental declarations

2.1 Quality of the user and existence of a valid request 2.1.1 Each Party declares that, to the best of their knowledge, the Requesting User is a user (within the meaning of Article 2 (12) of the Data Act) of the Product and Related Service specified in in clause 1.2.1. 2.1.2 Each Party declares that Data Recipient will only request Product and Related Service Data in respect of Requesting Users, and that Data Holder will only share Data once it has ascertained that the Requesting User has validly requested that their Data is shared with Data Recipient. 2.1.3 Data Holder may share Data with Data Recipient following a request initiated by the Requesting User, or after verifying a request imitated by Data Recipient with the Requesting User. 2.1.4 Data Holder will only share the specific Data with the Data Recipient that it is authorized ot share, which may be limited to a portion of the Data which Data Holder holds in respect of that Requesting User. 2.1.5 (If applicable) Each party declares that, to the best of their knowledge, the party acting on behalf of the Requesting User has provided evidence that they have received the necessary authority from the Requesting User to submit this request in accordance with applicable law. Evidence of the authorisation is attached to this Contract in Appendix 1. 2.1.6 Each Party further declares that that will bring to the attention of the other Party any instance in which a Requesting User requests that the sharing of their Data cease for any reason. 2.1.7 Data Recipient declares that it has not made the exercise of choices or rights under the Data Act by the Requesting User unduly difficult, including by offering choices to the Requesting User in a non-neutral manner, or by coercing, deceiving or manipulating the Requesting User, or by impairing the autonomy, decision-making or choices of the Requesting User, including by means of a user digital interface or a part thereof.

2.2 Eligibility of Data Recipient 2.2.1 The Data Recipient declares that they will only make requests in respect of Requesting User with whom it has entered a contract regarding the use of the Data. According to this contract, the Data will be used exclusively for (insert purpose(s) according to contract between Data Recipient and Requesting User): (if the Data may disclose trade secrets) The Data Recipient declares that the Data is strictly necessary for fulfilling this purpose. 2.2.2 The Data Recipient declares that is does not qualify as a undertaking designated as a ‘gatekeeper’ under Article 3 of Regulation (EU) 2022/1925 (Digital Markets Act).

2.3 Compliance with data protection law 2.3.1 As far as the Data qualifies as personal data, each Party declares that they comply with the Regulation (EU) 2016/679 and, where relevant, Directive 2002/58/EC. 2.3.2 In particular, when the Requesting User is not the data subject, the Data Holder may only make the Data which are personal data available to the Data Recipient, to the extent permitted under Regulation (EU) 2016/679 and, where relevant, Directive 2002/58/EC.

2.4 Incorrectness of fundamental declarations 2.4.1 Any Party that becomes aware that any declaration referred to in clauses 2.1 to 2.3 is not, or is no longer, correct, or will no longer remain correct in the foreseeable future, must, without undue delay, notify the other Party (unless the other Party is or ought to be already aware of the fact). 2.4.2 On becoming aware of this situation, each of the Parties must take appropriate action and cure the false or incorrect fundamental declaration, to the extent possible. Depending on the circumstances, this may include notifying the Requesting User or any protected third party who is affected or the temporary suspension of the making available of the Data by the Data Holder or the use of the Data by the Data Recipient, if making the Data available or the use of the Data is or has become unlawful. 2.4.3 If the situation is not and cannot be cured, this Contract must terminate by means of a written termination notice mentioning the reasons of termination given by either party to the other. The termination has immediate effect. Where the incorrectness affects only part of the data covered by this Contract, termination must take effect only for the relevant part. Effects of termination are governed by clause 6.3.

3. Making the Data available

3.1 Data covered by the Contract 3.1.1 The data covered by this Contract consists of the readily available Product Data or Related Service(s) Data within the meaning of the Data Act identified in the requests made by Requesting Users on the basis of Article 5 of the Data Act, as well as the relevant metadata necessary to interpret and use that data (‘the Data’). 3.1.2 The Data which Data Recipient may receive is set out in detail in Appendix 2, which forms an integral part of this Contract. For the avoidance fo doubt, the Requesting User remains free to specify the Data which they wish Data Holder to share with Data Recipient. A Requesting User may ask Data Holder to share all of the Data specified in Appendix 2 for all of the Products and Related Services specified in Appendix 1 which they use, or only a part thereof.

3.2 Data quality and access arrangements 3.2.1 The Data Holder must make the Data available to the Data Recipient, with at least the same quality as it becomes available to the Data Holder, and in any case in a comprehensive, structured, commonly used and machine-readable format as well as the relevant metadata necessary to interpret and use those data. 3.2.2 Data Holder will share Data with Data Recipient using the Samsung EUDA Portal API, with the technical arrangements for access being further specified between the parties. The Data Recipient must receive access to the Data. Data will be shared continuously and in real time. 3.2.3 The Data Holder must provide to the Data Recipient the means and information strictly necessary for accessing or receiving the Data in accordance with article 5 of the Data Act. This includes, in particular, the provision of information readily available to the Data Holder regarding the origin of the Data and any rights which third parties might have with regard to the data, such as rights of data subjects arising under Regulation (EU) 2016/679 (GDPR), or facts that may give rise to such rights. 3.2.4 In order to meet the requirements of clauses 3.2.1, 3.2.2 and 3.2.3, the Parties agree on the specifications set out in Appendix 2, which forms an integral part of this Contract. 3.2.5 If any of the specifications concerning data quality, access arrangements or means and information provided to the Data Recipient are insufficient to meet the requirements referred to in clauses 3.2.1, 3.2.2 and 3.2.3, the Parties undertake to enter into negotiations in good faith and adapt the specifications so that they meet the agreed requirements. 3.2.6 The Data Holder undertakes not to keep any information on the Data Recipient’s access to the data requested beyond what is necessary for: (a) the sound execution of (i) the Requesting User’s access request and (ii) this Contract; (b) the security and maintenance of the data infrastructure; and (c) compliance with legal obligations on the Data Holder to keep such information.

3.3 Feedback loops 3.3.1 If any of the specifications agreed in accordance with clause 3.2 are impossible or unreasonable to achieve because of a change of circumstances, the Data Holder must notify the Data Recipient with a detailed description of this and the Parties will enter into negotiations in good faith and adapt the specifications so that they meet the requirements defined in these clauses. In particular, each Party must provide to the other with sufficient information to assess, discuss and resolve the particular situation. This clause does not affect the right of the Data Recipient to invoke remedies in accordance with clauses 8.

3.4 Unilateral changes by the Data Holder 3.4.1 The Data Holder may, in good faith, unilaterally change details regarding the specifications for the Data and access arrangements, if this is objectively justified by the general conduct of business of the Data Holder – for example by a technical modification due to an immediate security vulnerability in the line of products or related services offered by the Data Holder or a change in the Data Holder’s infrastructure. 3.4.2 The Data Holder must in this case give notice of the change to the Data Recipient without undue delay after deciding on the change. Where the change may negatively affect data access and use by the Data Recipient, the Data Holder must give notice to the Data Recipient at least two weeks’ notice. A shorter notice period may only suffice where such notice would be impossible or unreasonable in the circumstances, such as where immediate changes are required because of a security vulnerability that has just been detected. Where the change has detrimental impact on the Data Recipient, the Data Recipient is entitled to terminate the (relevant part of the) Contract without any compensation being due to the Data Holder, this notwithstanding any other rights or remedies the Data Recipient may have.

4. Use of the Data and sharing with third parties

4.1 Permissible use by Data Recipient The Data Recipient undertakes to process the data made available to them under the Contract only for the purposes and under the conditions agreed with the Requesting User. The Data Recipient must erase the Data when they are no longer necessary for the agreed purpose, unless otherwise agreed with the Requesting User in relation to Data that are non- personal data.

4.2 Sharing of Data with third parties 4.2.1 The Data Recipient must not make the Data available to another third party, unless it is contractually agreed with the Requesting User, compatible with any protection measures agreed with the Data Holder and compatible with applicable EU or national law. The Data Recipient must in any case not make the data they receive available to an undertaking designated as a gatekeeper under Article 3 of Regulation (EU) 2022/1925 (Digital Markets Act). 4.2.2 Where the Data Recipient is permitted to make data available to a third party, the Data Recipient must take appropriate contractual, technical and organisational measures to make sure that : (a) the third party uses the data exclusively in a way compatible with this Clause 4. (b) the Data Holder has at least the same remedies against the third party as against the Data Recipient for use or disclosure of data prohibited under this Clause 4 and that the third party is liable towards the Data Holder for any harm caused by such unauthorised use or disclosure of the data.

4.3 Unauthorised use or sharing of data 4.3.1 The Data Recipient must not: (a) (for the purposes of obtaining data) provide false information to the Data Holder, deploy deceptive or coercive means or abuse gaps in the Data Holder’s technical infrastructure designed to protect the data; or (b) use the data they received for unauthorised purposes, in violation of clause 4; or (c) use the Data to develop a product that competes with the Product; (d) use the Data to derive insights about the economic situation, assets and production methods of the Data Holder, or their use of the Data; (e) use the Data in a manner that adversely impacts the security of the Product or any Related Service; (f) notwithstanding Article 22 (2) points (a) and (c) of the GDPR, use Data for the profiling of natural persons, unless this is necessary to provide the service requested by the Requesting User. (g) disclose the data to another third party unlawfully or in violation of Clause 4. If the Data Recipient does any of these things, this constitutes fundamental non-performance as described in clause 7 and has the additional consequences described in clause 4.3.2. 4.3.2 The Data Recipient must comply, without undue delay, with requests by the Data Holder, the holder of the relevant trade secret (if this is not the same as the Data Holder) or the Requesting User to: (a) inform the Requesting User of the unauthorised use or disclosure of the data and measures taken to put an end to this; (b) erase the data made available by the Data Holder under this Contract, or obtained in an unauthorised or abusive manner, and any copies of it; (c) compensate the Data Holder, the Requesting User or protected other third party for any harm suffered from the unauthorised use or disclosure; and (d) end the production, offering, placing on the market or use of goods, derivative data or services produced on the basis of knowledge obtained through this data, or the importation, export or storage of infringing goods for those purposes; (e) destroy any infringing goods, if there is a serious risk that the unlawful use of the Data will cause significant harm to the Data Holder, trade secret holder or User – or where this measure would not be disproportionate, given the interests of the Data Holder, trade secret holder or User.

5. Compensation for providing data access

5.1 (Applicable if the Data Recipient qualifies as an SME/non-profit research organisation) 5.1.1 The Data Recipient declares that they are an SME, as defined in Recommendation 2003/361/EC or a non-profit research organisation. They further declares that they do not have partner or linked companies (‘enterprises’) as defined in Article 3 of the Annex to Recommendation 2003/361/EC which do not qualify as an SME. Evidence of the foregoing is provided in Appendix 3. 5.1.2 The Parties agree that the Data Recipient will compensate the Data Holder as specified in Appendix 3. 5.1.3 Data Holder will provide Data recipient with a monthly breakdown of compensation payments as further specified in Appendix 3. 5.1.4 The Data Holder declares that the agreed compensation does not exceed the costs directly related to making the data available to the Data Recipient and which are attributable to the request. These costs include the costs necessary for data reproduction and dissemination via electronic means and storage, but not of data collection or production. 5.1.5 The Data Recipient will inform the Data Holder immediately of any changes that call into question their categorisation as an SME. Where the Data Recipient ceases to qualify as an SME, the Parties undertake to enter into negotiations about the amount of reasonable compensation. If there is no agreement after a reasonable period of time, the Data Holder may suspend the sharing of the Data by giving notice to the Data Recipient. The Data Recipient must compensate the Data Holder for any economic harm suffered because the Data Recipient failed to inform the Data Holder that they longer qualified as an SME.

5.2 (Applicable if the Data Recipient does not qualify as an SME/non-profit research organisation) 5.2.1 The Data Recipient declares that they do not qualify as a micro, small or medium enterprise (SME) under Recommendation 2003/361/EC. The Data Recipient is aware that, if they meet the qualifications to be classed as an SME at some point in the future, this may influence the compensation due under this Contract. In this case, it is the responsibility of the Data Recipient to inform the Data Holder and to provide evidence that they meet the criteria relevant for being an SME. 5.2.2 The Parties agree that the Data Recipient will compensate the Data Holder as specified in Appendix 3. 5.2.3 The Parties confirm that they consider the agreed compensation to be non-discriminatory and reasonable. The Data Holder further confirms that the amount does not go beyond: (a) the costs incurred for making the data available, including, in particular, the costs necessary for formatting the data, disseminating it via electronic means and storing it; (b) the investment in the collection and production of data, where applicable, taking into account whether other parties contributed to the obtaining, generating or collecting of the data in question; and (c) a margin. 5.2.4 In case of delay with payment of compensation, the Data Recipient should pay Data Holder interest on overdue compensation from the time when payment is due to the time of payment as required by the applicable law.

6. Date of application, duration of the Contract and termination

6.1 Date of application and duration 6.1.1 This Contract comes into effect on (specify date) and is concluded for an indeterminate period, subject to any grounds for expiry or termination under this Contract. 6.1.2 The Data Holder must start making the Data available to the Data Recipient [without undue delay after the Contract has come into effect and each requesting User authorizes the sharing of Data with Data Recipient.

6.2 Termination 6.2.1 Irrespective of the contract period agreed under clause 6.1, and without prejudice to clause 2.4.3, this Contract terminates: (a) upon the destruction of the Product or permanent discontinuation of the Related Service, or when the Product or Related Service is otherwise put out of service or loses its capacity to generate the Data in an irreversible manner; or (b) when both Parties so agree, with or without replacing this Contract by a new Contract. 6.2.2 The Data Recipient may terminate the Contract at any time the contract period by giving the Data Holder a notice of one month. The Data Recipient must notify the Requesting User that the Contract has been terminated. Data Holder reserves the right to contact the Requesting User separately to inform them that the data sharing has come to an end. Where the Data Recipient terminates the Contract under this clause before one year/the expiry of the contract term), they must compensate the Data Holder for the costs incurred by the Data Holder for making the data available, as follows: (specify)

6.3 Effects of expiry and termination 6.3.1 Expiry of the contract period or termination of this Contract releases both Parties from their obligation to effect and to receive future performance but does not affect the rights and liabilities that have accrued up to the time of expiry or termination. Expiry or termination does not affect any provision which is to operate even after the contract has come to an end, in particular any limitations on the permissible use and sharing of the Data by the Data Recipient under clause 4, clause 9.1 on confidentiality, clause 9.3 on applicable law and clause 9.7 on dispute resolution. 6.3.2 On termination of this Contract a Party may recover money paid for a performance which they did not receive or which they properly rejected. A Party that has rendered performance which can be returned and for which they have not received payment or other counter-performance may recover the performance. A Party that has rendered a performance which cannot be returned and for which they have not received payment or other counter-performance may recover a reasonable amount for the value of the performance to the other Party. 6.3.3 The Parties must take appropriate and reasonable steps to prepare for expiry of the contract period or termination of this Contract. This may, depending on the circumstances, include such exit support measures as the Data Recipient may reasonably expect.

7. Remedies for breach of contract

7.1 Cases of non-performance 7.1.1 A non-performance of an obligation by a Party is fundamental to this Contract if: (a) strict compliance with the obligation is of the essence of this Contract, in particular because non-compliance would cause significant harm to the other Party, a Requesting User or other protected third parties; or (b) the non-performance substantially deprives the aggrieved Party of what it was entitled to expect under this Contract, unless the other Party did not foresee and could not reasonably have foreseen that result; or (c) the non-performance is intentional. 7.1.2 A Party’s non-performance is excused if the non-performing Party proves that it is due to an impediment beyond its control and that it could not reasonably have been expected to take the impediment into account at the time of the conclusion of this Contract, or to have avoided or overcome the impediment or its consequences. Where the impediment is only temporary the excuse has effect for the period during which the impediment exists. However, if the delay amounts to a fundamental non-performance, the other Party may treat it as such. The non-performing Party must ensure that notice of the impediment and of its effect on its ability to perform is received by the other Party within a reasonable time after the non- performing Party knew or ought to have known of these circumstances. The other Party is entitled to damages for any loss resulting from the non-receipt of such notice.

7.2 Remedies for breach of contract 7.2.1 In the case of a non-performance by a Party the aggrieved Party shall have the remedies listed in the following clauses, without prejudice to any other remedies available under applicable law. 7.2.2 Remedies which are not incompatible may be cumulated. 7.2.3 A Party may not resort to any of the remedies to the extent that its own act or state of affairs caused the other Party’s non-performance, such as where a shortcoming in its own data infrastructure did not allow the other Party to duly perform its obligations. A Party may also not rely on a claim for damages for loss suffered to the extent that it could have reduced the loss by taking reasonable steps. 7.2.4 The aggrieved party can: (a) request that the non-performing Party comply, without undue delay, with its obligations under this Contract, unless it would be unlawful or impossible or specific performance would cause the non-performing Party unreasonable effort or expense; (b) withhold their own performance under this Contract, unless this would foreseeably cause a detriment to the non-performing Party that is obviously disproportionate in the light of the gravity of the non-performance (c) terminate the contract with immediate effect if: (i) the non-performance is fundamental; or (ii) in the case of non-performance which is not fundamental, the aggrieved Party has given a notice fixing a reasonable period of time and the period has lapsed without the other Party remedying the breach. If the period stated is too short, the aggrieved Party may nevertheless terminate the Contract, but only after a reasonable period from the time of the notice; (d) claim damages for pecuniary loss caused to the aggrieved Party by the non-performance which is not excused under clause 7.1.2. The non-performing Party is liable only for loss which it foresaw or could reasonably have foreseen at the time of conclusion of this Contract as a likely result of its non-performance, unless the non-performance was intentional or grossly negligent.

8. Limitations of liability

8.1 The liability of each Party to the other under or in connection with this Contract, whether arising from contract, tort (including negligence), breach of statutory duty or otherwise, shall be limited for any single event or series of connected events as follows:

8.2 there shall be no limit for liability arising from death or injury to persons caused by a Party’s negligence, or that of its employees, agents or sub-contractors;

8.3 for liability arising from fraud, including without limitation fraudulent misrepresentation, there shall be no limit;

8.4 for liability under Clause 4.3 there shall be no limit.

8.5 for any other Liability; (a) neither Party shall be liable for any special, indirect or consequential damages; (b) neither Party shall be liable for any loss of profit, loss of business, loss of revenue, loss of opportunity, whether direct or indirect; and (c) the aggregate liability for all claims arising from or connected with this Contract or any other contracts between the Parties in respect of the Data Act shall be limited to € 1000.

9. General provisions

9.1 Confidentiality 9.1.1 The following information must be considered confidential: (d) information referring to the trade secrets, financial situation or any other aspect regarding the operations of the other Party unless the other Party has made this information public; (e) information setting out the basis for the calculation of the reasonable compensation; (f) information referring to a Requesting User and any other protected third party, unless the protected third party has made this information public; (g) information referring to the performance of this Contract and any disputes or other irregularities arising in the course of its performance; (h) the existence of this Contract and the identity of the Parties; (i) the terms and conditions of this Contract. 9.1.2 Both Parties agree to take all reasonable measures to store securely and keep in full confidence the information referred to in clause 9.1.1 and not to disclose or make available such information to any third party, unless one of the Parties: (j) has a legal right or is under a legal obligation to disclose or make available the relevant information, e.g. in order to comply with the obligation to provide information showing that there has been no discrimination in accordance with Article 8 (3) of the Data Act; or (k) has to disclose or make available the relevant information to meet its obligations under this Contract, and the other Party (or the party providing the confidential information or affected by its disclosure) can reasonably be considered to have accepted this; or (l) has obtained the prior written consent from the other Party or the party providing the confidential information or affected by its disclosure. 9.1.3 In any case, the Data Holder may disclose or make available [such information to the Requesting User as is necessary for the Data Holder to demonstrate compliance with its obligations (i) in respect of the Data Recipient under Article 5 of the Data Act or (ii) resulting from a contract made with the Requesting User under Article 4 (6) of the Data Act. 9.1.4 These confidentiality obligations remain applicable after the termination of the Contract for a period of five years. 9.1.5 These confidentiality obligations do not remove any more stringent obligations under (i) the GDPR, (ii) the provisions implementing Directive 2002/58/EC or Directive (EU) 2016/943 or (iii) any other EU or Member State law.

9.2 Non-discrimination The Data Holder declares that – with the terms of this Contract and any practices related to its fulfilment – when making data available, they do not discriminate between comparable categories of data recipients, including any of their partner or linked (‘enterprises’), as defined in Article 3 of the Annex to Recommendation 2003/361/EC. If the Data Recipient considers the conditions under which data has been made available to them to be discriminatory, the Data Holder must, on request by the Data Recipient, demonstrate that there has been no discrimination.

9.3 Applicable law This Contract must be governed by the law of (specify State).

9.4 Means of communication Any notification or other communication required by this Contract must be transmitted by electronic means using the contact details specified by each Party on the Samsung EUDA Portal. Any such notice or communication will be deemed to have been received on the date of transmission, provided that no error message indicating failure to deliver has been received by the sender.

9.5 Entire Contract, modifications and severability 9.5.1 This Contract (together with its appendices and any other documents referred to in the Contract) constitutes the entire Contract between the Parties with respect to the subject of this Contract and supersedes all prior Contracts and understandings between the Parties, oral or written, as regards the subject of this Contract. 9.5.2 Any modification of this Contract will be valid only if agreed to by the Parties in writing, including in any electronic form that is considered to meet the requirements of a written document (in line with good commercial practices). 9.5.3 If any provision of this Contract is found to be void, invalid, voidable or unenforceable for whatever reason, and if this provision is severable from the remaining terms of the contract, these remaining provisions will be unaffected by this and will continue to be valid and enforceable. Any resulting gaps or ambiguities in this Contract must be dealt with according to clause 8.6.

9.6 Interpretation 9.6.1 This Contract is concluded by the Parties against the background of the Parties’ rights and obligations under the Data Act. Any provision in this Contract must be interpreted so as to comply with the Data Act and other EU law or national legislation adopted in accordance with EU law, as well as any applicable national law that is compatible with EU law and cannot be derogated from by agreement. 9.6.2 If any gap or ambiguity in this Contract cannot be resolved in the way referred to in clause 8.6.1 this Contract must be interpreted in the light of the rules of interpretation provided for by the applicable law (see clause 8.3) and, in any case, according to the principle of good faith and fair dealing.

9.7 Dispute settlement 9.7.1 The Parties agree to use their best efforts to dissolve disputes amicably and, before bringing a case before a court or tribunal, for disputes within its competence, refer to any dispute settlement body in a Member State that meets the conditions of Article 10 of the Data Act). 9.7.2 Submission of a dispute to a dispute settlement body according to clause 8.7.1 does not, however, affect the right of the Data Recipient to lodge a complaint with the national competent authority designated in accordance with the Data Act; nor the right of any Party to seek an effective remedy before a court or tribunal in a Member State. 9.7.3 [For any dispute that cannot be settled according to clause 8.7.1, the courts of (specify state) will, to the extent legally possible, have exclusive jurisdiction to hear the case.]

Appendix 1 (evidence on the request and, if applicable, any mandate)

Appendix 2 (details of the Data covered by the Contract and of access arrangements)

A. Specification of data points

The Appendix should sort and list the Product Data and Related Service Data covered by the Contract, with the indication of the content of the Data and of the collection frequency.

B. Duration of retention

The appendix should indicate the duration of retention, so that the User is informed about the duration of the availability of the Data. They may do so in a granular manner for each data points or group of data points.

C. Classification / Data Type

The appendix could specify here whether all or part of the Data is particular data regulated by a specific regime. The appendix could e.g. indicate whether and what Data qualifies as personal data.

D. Data structure and format

The appendix should specify here in what structured, commonly-used and machine-readable format the Data is made available.

E. Transfer/Access Medium

The appendix should specify here via which secure-convenient electronic medium will the Data be made available by Data Holder to Data Recipient, either by transfer, access or otherwise, while catering for the rights and related due interests of Data Recipient under the Contract.

F. Timing to Access of Data

The appendix should specify what is the rate, frequency, and other time-related parameter of access to the Data, such as for instance real-time, near-real-time, continuously, without undue delay, in a certain frequency.

G. Starting Date

The appendix should specify the starting date on which the Data Holder will make the Data available to the Data Recipient.

H. Means and information necessary for the exercise of the Data Recipient’s access rights

The appendix can specify here the means and information that are necessary for the exercise of the User’s access rights. It may include a contact person to solve technical issues, in the Data Holder’s side as well as in the Data Recipient’s side.

Appendix 3 (evidence on the size of the Data Recipient and details of the calculation of compensation)

< Prev: EUDA Notice

List