Privacy Policy

About Us and this Policy

Sony Interactive Entertainment Europe Limited ("SIEE", "we," "our," and "us") controls the information collected when you interact with the SFO Cloud and its applications (together this "Website").

SIEE respects your privacy and is committed to protecting your personal information. This Privacy Policy explains what information we collect, why we collect it, how we use it, who we share it with, where it is processed, and your data protection rights.

For further information about our Privacy Policy or our processing of your personal information, please contact us by either of the following methods:

Post:
Data Protection Office
Sony Interactive Entertainment Europe Limited
10 Great Marlborough Street
London
United Kingdom
W1F 7LP

Email:
siee.dpo@sony.com

Sony Interactive Entertainment Europe Limited is registered in England under company number 03277793.

Version 1.0 (October 2021)

Information That We Collect

What information do we collect about you?

We collect and receive personal information from and about you by different means as described below. Personal information means any information about a person that can directly or indirectly identify that person. It does not include anonymous information where the identity has been removed.

Information You Provide to Us

We collect the information that you provide directly to us, such as when you enter it on this Website, or include it in an email that you send to us. This type of information includes:

• Your full name.
• Your contact details (for example, your corporate telephone number and / or email address).
• Details of the company that you work for.
• Your job title.

Please make sure that any personal information you provide to us are accurate and up to date.

Information Provided to Us by Third Parties

We may also collect personal information directly from third parties. For example, your employer may provide us with your name and corporate email address so we can set up your account on this Website.

Cookies

When you visit this Website, we may collect data through the use of cookies or similar technologies. Cookies are small text files that are stored on your computer via your web browser and allow servers hosting website content to recognise visitors and remember activity.

We only use cookies that are necessary to provide the core functionality of this Website, including cookies that enable us to display the Website correctly and manage your session. We do not use cookies for tracking or marketing purposes.

Information Use

How we use the information we collect

This section explains how we may use the personal information we collect about you. We will only use your personal information in accordance with applicable data protection laws and this Privacy Policy.

We will only use your information for certain specified reasons and only where we have a lawful basis to do so.

We will use your personal information for the following purposes:

• To provide and operate our Website, for example:
  1. We will process data relating to the Samba application to manage the use of spare parts in the repair process.
  2. We will process data relating to the Mercury application to facilitate PlayStation hardware orders from distribution partners.
  3. We will process data relating to the Software Reorders application to facilitate PlayStation software orders from distribution partners.
  4. We will process data relating to the ESD (Electronic Sales Distribution) application to facilitate orders of voucher codes from retail partners.
• To do what you ask us to do (for example, if you ask us to update your details).
• To fulfil our legitimate interests, or those of a third party in conducting and managing our business and our relationship with you as described in this Privacy Policy.
• Where you have provided consent for us to process your personal information for a specific purpose.
• For auditing, compliance, and legal purposes (for example, making or defending claims, or activities that are required by law).

We will use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Information Sharing and Transfers

Who do we share your information with?

This section explains how we may share the information we collect with third parties where required by law, where it is necessary to administer our Website, or where we have another legitimate means.

We may share your personal information with the following recipients and for the following purposes.

Service Providers

We share your personal information with service providers to SIEE, who are persons or companies that provide services which may include handling personal information for any of the purposes described in this Privacy Policy. Service providers are required to adhere to confidentiality and security requirements.

For example, activities that are carried out by service providers and may involve the processing of your personal information include:

• Website development and IT support.
• Website hosting.

Partners

We and our service providers may share your information with partners of SIEE, including:

• Other companies within the Sony Group.
• Your employer (as we may need to work with your employer so we can set up your account).
• Business transfer partners, in connection with the negotiation and sale of the applicable business, a portion of the business, or certain stock and/or assets, or a corporate merger, consolidation, restructuring, or other corporate change.

Government Authorities

We may share your information with police and other government authorities if we believe that it is reasonably necessary to comply with a law, regulation, or legal process, to detect, protect and enforce the safety of any person, their property or their rights, to address fraud and security and report criminal activity.

Information Handling

How we store your information and your rights

International Transfers

Personal information may be held at our offices, at the offices of other entities in the Sony Group, third party agencies, service providers, representatives and agents.

We may transfer the personal information we collect about you outside the United Kingdom ("UK") and/or the European Economic Area ("EEA") in order to perform our contract with you and for the purposes set out in this Privacy Policy.

Your personal information may be processed, stored and transferred outside the UK and/or the EEA for the purposes set out in this Privacy Policy, including to the United States of America and Japan. Data protection laws in these countries may not offer the same level of protection as in the UK and/or the EEA.

Accordingly, we have put in place measures to ensure that your personal information is treated by those third parties in a way that is consistent with and that respects the UK and European laws on data protection. This includes relying upon the European Commission approved Standard Contractual Clauses or other lawful mechanisms including that the transfer only occurs where permitted by applicable law.

Security and Retention

We seek to maintain appropriate technical and organisational security measures that conform to industry standards to help protect your information against unauthorised or accidental disclosure, access, misuse, loss, or alteration.

Please keep any passwords and passcodes for your account safe and do not disclose them to anyone else. You should contact us immediately if you become aware of any unauthorised use of your account.

All our third-party service providers and other entities in the Sony Group are required to take appropriate security measures to protect your personal information in line with our policies. We will only permit them to process your personal information in accordance with a written contract and the applicable data protection legislation.

We may retain information about you as long as it is necessary for us to fulfil the purposes outlined in this Privacy Policy. In addition, we may retain your information for an additional period as is permitted or required to, among other things, comply with our legal obligations, resolve disputes, and enforce agreements. Where required by applicable law, we shall delete your information when the information is no longer necessary or requested to do so. Even if we delete your information from active databases, the information may remain on backup or archival media as well as other information systems.

Your Rights

You have certain rights over your personal information, including:

• Right of access: You have the right to request access to the personal information we have collected about you.
• Right of erasure: You have the right to request that we delete the personal information we have collected or retained about you in some circumstances as defined by law.
• Right of rectification: You have the right to request that your personal information is corrected or completed (if it is incomplete) in some circumstances as defined by law.
• Right to object: You have the right to object to the processing of your personal information in some circumstances as defined by law.
• Right to restrict: You have the right to request that we restrict the processing of your personal information in some circumstances as defined by law.
• Right to data portability: You have the right to obtain and reuse your personal information across different services in some circumstances as defined by law.

Complaints

If you have a concern about our handling of your personal information, please get in contact with us first so we can try to resolve your query using the details in the Contact Us section of this Privacy Policy.

If, however you feel we have not dealt with your concern and that we are failing to meet our legal obligations, you can report this to your local data protection regulator or, if you are located in the United Kingdom, the Information Commissioner's Office ("ICO"). More information on reporting a concern to the ICO can be found at https://ico.org.uk/.

Changes to this Policy

We may revise this Privacy Policy at any time, and we will update this Privacy Policy with any revisions. By continuing to access or use after those changes become effective, you acknowledge and accept that personal information will be handled in accordance with the revised Privacy Policy.