Privacy Policy

Personal Information Protection Policy

Samsung Engineering SaudiArabia Co. Ltd (hereinafter the "Company") recognizes the importance of protecting users' personal information and makres the utmost efforts to ensure information security by complying with the "Act on Information and Communications Network Use Promotion and Information Protection," "Personal Information Protection Act" and "EU General Data Protection Regulation" and developing this Personal Information Protection policy.

Here in this policy, the Company notifies its personal information protection policy including the following: the type of personal information to be acquired, purpose of personal information collection, handling of personal information and its duration, and rights of users and how to exercise them.

If any change, deletion or addition is made to this policy in accordance with revisions in relevant laws and regulations or the Company's internal policy, the Company will notify its users via Project Portal website (s100-4s.cpm/s100-4s.net).

The contents of this policy are as follows:

1.Purpose of acquisition and use of personal information

2.Types of personal information to be acquired and how to collect it

3.Retention and use period of personal information

4.Provision of personal information to third parties

5.Outsourcing of personal information management

6.Procedure and methods of personal information disposal

7.Rights of users and their legal representatives and how to exercise the rights

8.Installation and operation of automatic collection system of personal information and how to reject its use

9.Location (Country) of handling personal information

10.Measures to protect personal information

11.Personnel in charge of personal information management and response to user complaints

12.How to seek help for security breach
 13.Revisions to the Personal Information Protection Policy

1.Purpose of acquisition and use of personal information

The Company acquires and uses personal information for the following purposes. The acquired personal information is not used for any other purposes than the following, and the Company will take legally-required actions such as acquiring prior consents from users when there is any change to the purposes.

- Provide contents and other membership-based services - Provide information on Projects and signing contract

2.The type of personal information to be collected and how to collect 1)Collected items
 Collected items
 Retain the information by

Information of a person in charge

❏ Essential
 ID(Mobile phone number), Password, Name(Eng), Company, Designation, Birth date

❏ Optional e-mail address

One(1) year after last log on
 - The following information can be created and collected while users access and

use our services.
 . Access logs, cookies, IP addresses, service use records

2)How to collect

- The online membership registration webpage, paper-based registration form, phone, e-mail, online bulletin boards, registration for promotion events and other activities
 - Live data collection tool (for access logs or cookies)

3.How long personal information is retained and used
 1)The Company retains and uses personal information for the following period:

- Personal information inevitably collected and used to comply with separate legal requirements or legal obligations
 : During the period the Company needs to retain the information based on the relevant laws and regulations

- Personal information inevitably collected and used in order to sign and execute contracts
 : Until the Company fulfills the purposes of collecting and using the information

- Personal information collected and used by acquiring consents from individual users
 : During the period the users consented for

2)The Company deletes personal information in its database immediately after the retainment and usage period is over or the purpose of information collection is achieved. However, if the Company needs to retain the information longer in accordance with the relevant laws and regulations or was granted the users' prior consents, it can retain the information exceeding the retainment and usage period.

3)For the users who have not accessed for a long period of time (over a year), the Company deletes or separately stores and manages their personal information immediately after 1 year has passed with no access. The period of no access is counted with access records, and users will be notified with e-mails one month before the point of 1 year with no access.

4)If users withdraw their membership, the Company will delete their personal information immediately. However, the Company will still keep the postings uploaded by the users even after their membership cancellation. If users want to delete their postings, they may delete them on their own before canceling their membership or may contact the Eco-generation team via e-mail or phone after cancellation and request the team to delete the postings on their behalf.

4.Provision of personal information to third parties

1)The Company does not disclose users' personal information to outside, except for the following cases where:
 - The user granted prior consent
 - The law states to disclose certain information or it is inevitable for the Company to release the information in order to fulfill its legal obligation because it is required to disclose the information in order to meet the urgent need of protecting life, physical security or assets of the user or a third party while it is impossible to gain the user's prior consent because the user in question or his/her legal representative is in a state unable to express one's will or cannot be reached because of unknown address (with a scope limited to the purpose of personal information collection.)

2)Users have a right not to allow their personal information to be shared with a third party, while, if they exercise the right, the users may face limits in services available to them.

5.Outsourcing of personal information management

1)The Company outsources personal information management to specialized vendors as follows in order to provide better services and promote user convenience. The Company ensures safe management of personal information by mandating necessary requirements in accordance with the relevant laws and regulation when signing outsourcing contracts with outside vendors.

Outsourcing vendors Outsourced tasks

Contact
 GSiL Co.Ltd. Infrastructure services +82-2-6200-7205

2)The Company includes, in its contract with the outsourcing vendors, the requirement to ban handling of personal information except for the purpose of performing the commissioned tasks, ensure technical and managerial protection measures, limit re-commissioning to other vendors and hold the vendors accountable for damages, in accordance with the Article 26 of Personal Information Protection Act and Act on Promotion of Information and Communications Network Utilization and Information Protection, and supervises the outsourcing vendors to ensure they handle personal information safely.

3)If the outsourcing vendors or their outsourced tasks are added or changed, the Company releases the information in this policy.

6.Procedure and methods of personal information disposal

After achieving the purpose of the collecting and retaining personal information or reaching the end of retainment period, the Company disposes of the personal information in the following procedures:

1)Disposal process
 - Dispose of the information immediately after achieving the purpose or reaching the end of retainment period
 - Select the information to be disposed of, execute the disposal, report the disposal and gain approval from personal information manager (before or after the disposal)

2)How to dispose:
 - Information in electronic format: Delete permanently in a irreparable manner
 - Printed materials, papers and other information in non-electronic format: Destroy by shredding, burning or dissolving

7.Rights of users and their legal representatives and how to exercise the rights

1)Users and their representatives can always withdraw their consent on collection, use and provision of personal information. They can also demand the Company disclose, provide, revise, delete or limit, oppose or stop handling of the following information in accordance with the relevant laws and regulations. When requested by users or their legal representatives, the Company will take necessary measures immediately (unless there are reasonable grounds not to do so)

- User's personal information
 - The log of using or providing a third party with the user's personal information - The status of the user's consent to collection, use and provision of their personal information

2)Users and their representatives can request the Company to transfer their personal information so that it can be re-used for other services. Upon request, the Company can provide the personal information in a format that can be mechanically deciphered in a systematic and universal manner or, if technologically possible, send the personal information directly to another entity that handles personal information.

3)The Company may limit or reject requests to view, provide, revise, delete or limit, oppose or stop handling or transfer of personal information in the following cases after informing users or their legal representatives of the reasons:
 - When the Company needs to do so in order to comply with particular legal requirements or fulfill legal obligations

- When there is a risk of harming others physically and/or financially or infringe upon other's interests in an unfair manner

4)When the Company rejects requests of users or their legal representatives to view, provide, revise, delete or limit, oppose or stop handling or transfer of personal information, it will notify the users or their legal representatives of its decision to reject, the reasons why and how to raise objections.

8.Installation and operation of automatic collection system of personal information and how to reject its use

The Company manages "cookies" to store and find users' information. "Cookies" are

small text files the Company's server sends to its users' browsers, and they are stored in the users' hard disk.

1)Purpose of using cookies
 The Company uses cookies in order to provide optimized information for users by understanding the way users visit and use the website as well as the number of visits.

2)Setting for cookies: How to set, check and decline
 Users can choose different options for cookies. They can set their web browser to allow all cookies, confirm every time cookies are stored, or decline all cookies from being stored. However, if users disable the use of cookies, services provided by the website can be limited.

- How to set up (for Internet Explorer 8.0)
 Go to Tools and click Internet Options. Click Personal Information tab and Setting to set the allowance level of cookies.
 - How to check the cookies stored on your computer (for Internet Explorer 8.0): Go to Tools and click Internet Options. Click General tab to go to Search Results— Setting—View Files.
 - How to disable cookies (for Internet Explorer 8.0):
 Go to Tools and click Internet Options. Click Personal Information tab and Setting to set the allowance level of cookies to "Disable all cookies".

9.Location (Country) of handling personal information

The Company conducts the overall personal information handling in the Republic of Korea. Please be advised that any personal information provided from any other country will be transferred to Republic of Korea via its dedicated network.

10.Measures to protect personal information

The Company is taking technical and managerial measure as follows in order to protect personal information to prevent loss, theft, leakage, distortion or damage of information.

1)Development and implementation of internal management plan

- The Company has developed and implemented an internal management plan to ensure safe handling of personal information.
 - With its dedicated team for protection of personal information, the Company makes sure proper protection measures are implemented, its personnel comply with protection policies and, when problems are identified, corrective measures are taken.

2)Control and limits on access to personal information
 - Installation and operation of access control tools
 • The Company uses a breach blocking system to block any unauthorized access and is doing its best to secure all possible technical equipment to ensure security on its system.
 - Minimized designation and training of personal information managers
 • The Company minimizes designation of personnel in charge of handling personal information and provides regular training with in-house and outside trainers.
 • Handover of personal information management tasks is carried out in full security and the Company clearly identifies accountability for security breach after its employees join the Company or resign.
 - Control access to personal information
 • The Company controls the access to personal information by granting, changing or terminating access authority to database handling personal information. The Company also records the details of granting, changing or terminating access authority and retains the records for 3 years at minimum.

3)Encoding personal information
 - Users' personal information is protected by passwords, and files and transmitted data is encoded or locked when stored and managed. Important data is protected with additional security functions.
 - The Company is using a security system that utilizes encoded algorithms to transmit personal information on the network (SSL).

4)Storage of access records and measures to prevent record falsification
 - The Company retains and manages the record of access to personal information management system for at 6 months at minimum and uses security functions to ensure access records are not falsified.

5)Installation and renewal of security programs
 - In order to prevent leakage or damage of personal information data caused by hackers or computer virus, the Company runs security programs and regularly updates them and monitors their operation.
 - The Company also runs a hacker blocking system and weakness analysis system

in each server to prevent any hacker intrusion and ensure online security.

6)Physical actions including securing storage facilities with locks
 - The Company secured a separate physical storage of database that retains personal information and controls the access to the storage.

11.Personnel in charge of personal information management and response to user complaints

The Company designated a responsible personnel and a dedicated staff for personal information management as follows in order to protect the users' personal information and respond to users' complaints regarding personal information. If you have any questions about personal information protection and management, please contact the following personnel.

1)Person in charge of personal information management (protection) • Name: Vice President Ki Young Yang
 • Department: Human Resource Management Department
 • Position: Head of HR Department

2)Dedicated personnel for personal information management (protection) • Name: Pro Sangbeom LeE
 • Department: Overseas Business Department
 • Contact: +82-2-6200-7205

• E-mail: 4s@gsil.kr

12.How to seek help for security breach

Users can request mediation or advice to Personal Information Dispute Mediation Committee or Personal Information Breach Report Center run by or Korean Internet & Security Agency to seek help for security breach. For further information, please contact the following institutions:

-Personal Information Dispute Mediation Committee (+82-118)
 - Personal Information Breach Report Center of Korean Internet & Security Agency

(www.kopico.or.kr/1336)
 - Personal Information Protection Label Certification Committee (http://eprivacy.or.kr/+82-2-580-0533~4)
 - Supreme Prosecutors' Office Cyber Crime Investigation Center (http://icic.sppo.go.kr/+82-2-3480-3600)
 - Korean National Police Agency (www.police.go.kr/+82-1566-0112)
 - Personal Information Protection Commission (http://privacy.kisa.or.kr/kor/main.jsp) /+82-2-2180-3000)

13. Revisions to the Personal Information Protection Policy

When revisions are made to this Personal Information Protection Policy, the Company will notify the details on the notice board and a pop-up window of this website.

❏ Personal Information Protection Policy (Ver. 1.0) Enforcement: Oct. 07, 2023