Privacy Policy in respect of My Sony

Dear User,

We at Sony Middle East and Africa FZE (referred herein as "Sony", "we", "us", "our") value every person's right to privacy and strive to protect your Personal Information. This Privacy Policy will inform you as to what Personal Information is collected from you, why such Personal Information is collected, how we use Personal Information, when you provide information to us through https://mysony.sony-mea.com. and other communication such as messages, emails, calls, etc. This Privacy Policy will, also, inform you how we dispose of the Personal Information and the way you can control your Personal Information.

By registering for and using My Sony, you are engaging with us or our Affiliates and you consent to the data privacy practices described in this Privacy Policy as well as any other applicable terms and conditions as may be communicated to you from time to time. If you do not agree to any part of this Privacy Policy, then you should stop accessing My Sony.

In order to serve you better, we may review and update this Privacy Policy from time to time. Therefore, we reserve the right to amend, alter, change or modify this Privacy Policy, without prior notice. It is important that you read this Privacy Policy together with any other terms and conditions or privacy policy or fair processing policy which we may provide on specific occasions when we are Processing Personal Information, so that you are fully aware of how and why we are using such Personal Information. This Privacy Policy supplements other notices and privacy policies and is not intended to override them.

Please refer to the Glossary to understand the meaning of some of the terms used in this Privacy Policy.

Contents

1. Purpose of this Privacy Policy
2. Controller(s)
3. Personal Information we collect
   • 3.1 How is your Personal Information collected?
   • 3.2 Use of your Personal Informatio
   • 3.3 Purposes for which we will use your Personal Information
   • 3.4 Promotional offers from us
   • 3.5 Third-party marketing
   • 3.6 Change of purpose
4. Cookies
5. Retention and disclosure of Personal Information
6. Retention period
7. Cross-border transfers of Personal Information
8. Security
9. Right to control your Personal Information
10. Contact Us
11. Glossary

1. Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how we and/or our Affiliates Process your Personal Information when you access, register and use My Sony, including any information you may provide by completing online registration forms or granting us permission to transfer your Personal Information from other Sony services.

2. Controller(s)

Sony is Controller and responsible for your Personal Information which you have shared with us through My Sony. Our information is available in Contact Us section of this Privacy policy below.

We may, depending on your activity, Process your Personal Information either as separate Controller or joint Controller, for example if you just register a product on My Sony, Sony will act as Controller. We may, if necessary, notify or redirect you to the other Controller, in relation to exercising your individual rights under this Privacy Policy.

3. Personal Information we collect

We may collect, use, store and transfer different kinds of Personal Information which we have grouped together as follows:

• Identity Information includes first name, last name, age, gender, username, nationality or similar identifier.
• Contact Information includes address, email address, telephone number, country.
• Technical Information includes internet protocol (IP) address, your login data, time zone setting, operating system and platform, and other technology on the devices you use to access My Sony and/or loyalty program application.
• Profile Information includes your username and password.
• Usage Information includes information about how you use our websites and loyalty program application.
• Marketing and Communications Information includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We may also collect, use, store and share Aggregated Information such as statistical, analytical or demographic data for any purpose. Aggregated Information could be derived from the Personal Information which you have provided but is not considered Personal Information in law as this information will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Information to calculate the percentage of users accessing your My Sony feature. However, if we combine or connect Aggregated Information with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this Privacy Policy.

• 3.1 How is your Personal Information collected?

We use different methods to collect Personal Information from and about you including through:

1. Direct interactions

You will give us your Identity Information, Contact Information and Technical Information by chatting with us in chatbots, or by creating an account on My Sony or filling in online forms.

You have an option to link your My Sony account with other Sony services including but not limited to Sony Ecommerce or Alpha Universe or Sony Rewards App. By consenting to link of all Sony accounts allows you to use the same account sign-in details (email address and password) across multiple services (referred to as “Linked Accounts”).

2. Keep your Personal Information updated

You should ensure that all Personal Information submitted by you to us is complete, accurate, true and correct to support you to the fullest. Failure on your part to provide complete, accurate, true and correct Personal Information, we may not be able to perform the contract we have or are trying to enter into with you (for example, to retrieve your My Sony account). Hence, you are requested to keep us informed whenever your Personal Information changes during your relationship with us.

3. Personal Information of a Third Party individual

Where you submit the Personal Information of third party (for example, your spouse, children, parents, friends, and/or employees) to us, you ensure that you have obtained their consent to provide us with their Personal Information for the Purposes as listed herein.

4. Personal Information from other sources

We may collect your Personal Information from third party sources, including but not limited to

• Information from services of our Affiliates, when you use Linked Account option to synchronize your account details;
• Information from after sales service centers about the call, including your name, the product(s) you bought, the reason why you contacted service center and the advice service center gave you, when you contact service centers for assistance;
5. Your financial information

We do not collect or store any information on your credit/debit card or net banking information.

6. Children under the age of 18

We do not knowingly seek or collect Personal Information from children under 18. If you are under 18, you may use My Sony with your parent or guardian’s consent or supervision. If you become aware that a child has provided us with Personal Information, please contact us at the address as specified in this Privacy Policy.

• 3.2 Use of your Personal Information

Products and Service provision

By using the My Sony, or providing us with any information, you fully understand and unambiguously consent to transfer, processing and storage of your information in jurisdictions other than where you are residing, which includes to the jurisdictions where privacy laws may not be as comprehensive as those where you reside and/or are a citizen.

Sony and our Affiliates collect and use the information, including Personal Information, to provide the products and services to you, such as:

1. to create your My Sony account to register a product or sign-in to other Sony services, including through a Linked Account;
2. to provide and deliver our products and services that you have requested;
3. to provide you with marketing, advertising and requested content, including newsletters from us;
4. to provide you with information about your account, and the products and services you use;
5. to provide customer service and support;
6. to operate, evaluate and improve our business by managing our communications and customer relationships; and performing accounting, auditing, billing, reconciliation and collection activities;
7. providing media announcements and responses;
8. analysing, investigating, handling, resolving any security matters or any vulnerability etc.
9. to contact you with regard to your use of your account, and, in our discretion, changes to any of our policies.


• 3.3 Purposes for which we will use your Personal Information

We have set out below, in a table format, a description of all the ways we plan to use your Personal Information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may Process your Personal Information for more than one lawful basis depending on the specific purpose for which we are using your information. Please contact us as specified in this Privacy Policy, if you need details about the specific legal basis, we are relying on to Process your Personal Information where more than one basis has been set out in the table below.

Purpose/Activity	Type of Personal Information	Lawful basis for Processing including basis of legitimate interest
To enable you to register on My Sony and/or loyalty application Verify your identification Deliver products and services to you	Identity Information Contact Information Technical Information Profile Information Usage Information	Performance of a contract with you; or Consent
Tracking transactions and making payments To administer and protect our business and this My Sony (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	Identity Information Contact Information Technical Information	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise); Necessary to comply with a legal obligation
To deliver relevant message, content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you.	Identity Information Contact Information Usage Information Marketing and Communications Technical Information	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy) Consent
To make suggestions and recommendations to you about products or services that may be of interest to you	Identity Information Contact Information Technical Information Usage Information Profile Information Marketing and Communications	Necessary for our legitimate interests (to develop our products/services and grow our business) Consent
To use data analytics to improve our My Sony, products/services, marketing, customer relationships and experiences.	Technical Information Usage Information	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our My Sony account updated and relevant, to develop our business and to inform our marketing strategy)
To use and share the data as required under the applicable law and government authority	Identity Information Contact Information Technical Information Profile Information Usage Information	Necessary to comply with a legal obligation or instructions of government authority



• 3.4 Promotional offers from us

We may use your Personal Information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.

We may use information relating to your Linked Account to serve you marketing communications from us, our Affiliates, if you have requested information from us and you have opted in for receiving marketing communications

• 3.5 Third-party marketing

My Sony may contain links to and from other websites. This includes websites owned or controlled by independent parties and not controlled by us or our Affiliates. If you follow a link to any of these third party websites, please note that these websites have their own terms and conditions and privacy policy, data collection practices and security measures and we do not accept any responsibility or liability for these policies. Please read their privacy policy, for further information, before submitting any Personal Information.

• 3.6 Change of purpose

We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at the address specified in this Privacy Policy. If we need to use your Personal Information for an unrelated purpose, we will notify you on the contact details available with us and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

4. Cookies

In order to serve you better, we sometimes use automated tracking devices such as a “Cookie”. A Cookie is a small amount of data that our web server sends to your web browser when you visit our website and the use of which is intended to assist our understanding of your interest in our website. We may use the Cookies to personalise the content, recommendations, advertisements and communications delivered to you so that they are more relevant to you and your interests. For example, you may see an advertisement for a product that you have recently viewed on our website. Please note that the Cookies do not personally identify users although they do identify a user’s browser. You can always choose to disable Cookies from being stored on your computer, mobile, tablets or other devices by changing settings. Disabling cookies, however, may result in a limited experience of our functionality and services and in some cases may mean that we are unable to provide you with the services, or parts of the services, that you have requested. Some of our business partners whose content is incorporated into or linked to from the website may also use Cookies. However, we have no access to or control over these third-party cookies or websites.

5. Retention and disclosure of Personal Information


1. General

We will only retain Personal Information for as long as is reasonably necessary for the various purposes set out in this Privacy Policy or to otherwise comply with any applicable laws and regulations concerning the mandatory retention of certain types of information.

We may use third party service providers (either data processors or data controllers) to process your Personal Information for the purposes outlined above. For example, sending text messages (SMS), emails, providing marketing assistance, providing fraud checking services and providing customer services. We require all third parties to respect the security of your Personal Information and to treat it in accordance with the law. We do not allow our third-party service providers to use your Personal Information for their own purposes and only permit them to Process your Personal Information for specified purposes and in accordance with our instructions.

6. Retention period


1. We will only retain your Personal Information for as long as reasonably necessary to fulfil the purposes we collected it for or subsequently Processed, unless: the retention of the information is required or authorised by any legal or regulatory requirements; we reasonably require the information for lawful purposes relating to one of our functions or activities (for example in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you); the retention of the information is required by a contract entered into between us; or you consent to such retention of information.
2. We may also retain your Personal Information for a longer period for historical, statistical or research purposes only where we have implemented appropriate safeguards against your information being used for any other purpose (for example, by anonymising the information so that it can no longer be associated with you). To determine the appropriate retention period for Personal Information, we consider: the amount, nature and sensitivity of the Personal Information; the potential risk of harm from unauthorised use or disclosure of your Personal Information; the purposes for which we Process your Personal Information; and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements.
3. When we no longer use your Personal Information, we will take steps to remove it from our active systems and records. If we delete your Personal Information from active databases, the Personal Information may remain on backup or storage media to the extent allowed by applicable law.


7. Cross-border transfers of Personal Information


1. Sony Group

We Process and share Personal Information within and among entities affiliated with or related to us that are in the Sony group of companies (“Affiliates”). Subject to the provisions of any applicable law, your Personal Information may be transferred outside your particular country for the purposes the Personal Information was collected. We ensure that the Personal Information is protected by requiring our Affiliates to follow similar rules in accordance with their own privacy policies and applicable law when Processing the Personal Information.

2. Third parties outside the country

Many of our external third parties may be based outside your country so their Processing of Personal Information will involve a transfer of information outside your country. Subject to the provisions of any applicable law, we will take appropriate measures to protect the information.

3. Use of My Sony

By accessing My Sony and/or completing registration, you agree to not being notified of details regarding the level of protection afforded to your Personal Information in the relevant country/countries.

8. Security


1. Measures

We have put in place appropriate security measures to prevent your Personal Information from being lost, damaged, destroyed in an unauthorised way or accessed in an unauthorised way. Where possible, we have ensured that all Personal Information provided by you in an online form is encrypted and processed in a closed environment and is not downloaded. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Personal Information for the purpose and on our instructions and they are subject to a duty of confidentiality.

2. Cyber incident response

We have put in place procedures to deal with any suspected Personal Information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

3. Keep the username and password confidential

We recommend you set up a strong password and keep your username and password confidential at all times. In the event your username and/or password are compromised, we will not be responsible for any unauthorised use of your Personal Information; or any activity on your profile due to such unauthorised use and access; or loss of Personal Information. Notwithstanding the above, you must immediately inform us on the unauthorized use of your account or any other breach of security.

9. Right to control your Personal Information


1. Rights

Subject to the provisions of any applicable law, you have the following rights under applicable Data Protection Laws in relation to your Personal Information:

• Notification that your Personal Information is being collected. When your Personal Information is collected, you have the right to be informed that your information is collected and where the information is not collected from you, you have the right to be informed of the source from whom/which it is collected.
• Notification of security compromises. Where reasonable grounds exist for us to believe that your Personal Information has been accessed or acquired by an unauthorised person, you have the right to be notified.
• Request access to your Personal Information. You have the right to confirm and/ or access, free of charge, whether or not we hold any of your Personal Information, and to the extent that we do hold your information, to request a copy or description of that record free of charge. You will be required to provide adequate proof of your identity so that we can confirm your identity and ensure your right to access your Personal Information. We may need to request other specific information from you to help us process your request. This is a security measure to ensure that Personal Information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
• Request Personal Information transfer. You have the right to request the transfer of your Personal Information to another Controller and we will fulfil your right whenever this is technically feasible.
• Request correction of your Personal Information. You have the right to add or change or correct your Personal Information which we have in our possession, where it is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
• Request destruction or deletion of your Personal Information. You have the right to ask us to delete or remove your Personal Information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to processing (see below), where we may have Processed your information unlawfully or where we are required to erase your Personal Information to comply with the law. Note, however, that we may not always be able to comply with your request of destruction or deletion for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Object to Processing of your Personal Information. You have the right to object to our Processing of your Personal Information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to Processing on this ground. You also have the right to object or limit, where we are Processing your Personal Information for direct marketing purposes at any time by adjusting your communication preferences or through the unsubscribe link provided in the email you received from us. In some cases, we may demonstrate that we have compelling legitimate grounds to Process your information which override your right to object to Processing.
• Request restriction of Processing your Personal Information. This enables you to ask us to suspend the Processing of your Personal Information in the following scenarios:


• - if you want us to establish the information’s accuracy;
• - where we no longer need the information for the purpose for which the information was initially collected but we need it for purposes of proof;
• - where our use of the information is unlawful but you do not want us to erase it;
• - if you want us to transmit your Personal Information into another automated processing system.
• Withdraw consent. You have the right to withdraw your consent at any time where we are relying on consent to Process your Personal Information. However, this will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• Complaint to the relevant Data Protection Authority or institute civil proceedings. You have the right to submit a complaint to the Data Protection Authority and institute civil proceedings regarding an alleged interference with regards to the protection of your Personal Information. We would, however, appreciate the chance to deal with your questions, complains, or concerns before you approach the relevant Data Protection Authority, so please contact us in the first instance.

If you wish to exercise any of the rights set out above, please contact us as specified in this Privacy Policy

2. Time limit to respond

We try to respond to all legitimate requests within thirty (30) days from the date of receipt of your request. Occasionally it could take us longer than thirty (30) days if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Contact Us

We have appointed a Privacy Officer who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact us:

• Full name of legal entity: Sony Middle East And Africa FZE
• Email address: SonyCustomerCare.MEA@ap.sony.com
• Postal address: P.O. Box 16871, Jebel Ali Free Zone, Dubai, United Arab Emirates – for the attention of “Personal Information Management Office”.
• Telephone number: 800 7669 (or if calling from outside the United Arab Emirates: +971 800 7669).


11. Glossary


1. Affiliates means Sony Group Corporation, Tokyo, Japan and any entity which directly or indirectly owns or controls or is directly or indirectly owned or controlled by or in common ownership or control with Sony Group Corporation to the extent of holding more than 50% of the shares or stock having the power to vote at a general meeting or equivalent;
2. Controller means the entity that decides how, why and what Personal Information is Processed;
3. Cookie means a small file that is placed on your device when you visit a website (including our Sites). In this Privacy Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs;
4. Data Protection Authority means the regulatory authority in the relevant Processing Region responsible for monitoring and enforcing compliance with applicable Data Protection Laws;
5. Data Protection Laws means all laws and regulations of the relevant Processing Region which are applicable to our Processing of your Personal Information, and where applicable includes Federal Decree Law No. 45/2021 - On the Protection of Personal Data and its regulations;
6. Personal Information means information about an individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location information, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual; and where applicable, information relating to an identifiable, existing juristic person; and also has the meaning given to an equivalent term under other applicable Data Protection Laws;
7. Privacy Officer means the person responsible for ensuring Sony’s compliance with applicable Data Protection Laws;
8. Process means any operation or activity or any set of operations, whether or not by automatic means, concerning Personal Information, including:


1. the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, adaptation, alteration, consultation or use;
2. dissemination by means of transmission, distribution or making available in any other form; or
3. aligning, merging, linking, as well as restriction, degradation, erasure or destruction of information,and Processed and Processing have corresponding meanings, and also has the meaning given to an equivalent term under other applicable Data Protection Laws;


9. Processing Region means the country whose Data Protection Laws are applicable to our Processing of your Personal Information.

Thank you for reading our Privacy Policy!