SmartThings Developer Center Terms and Conditions
Effective: September 24, 2025
These SmartThings Developer Center Terms and Conditions (“Agreement”) are entered into between Samsung Electronics Co., Ltd. (“Samsung”) and each individual or entity (“Licensee”) that accesses or uses Samsung’s developer center for SmartThings (“SmartThings Developer Center”). Each of Samsung and Licensee is referred to herein as a “Party”, and collectively, Samsung and Licensee are referred to herein as the “Parties”.
IT IS IMPORTANT THAT YOU READ CAREFULLY AND UNDERSTAND THIS AGREEMENT. BY CLICKING THE “ACCEPT” BUTTON OR BY ACCESSING OR USING THE SMARTTHINGS DEVELOPER CENTER, YOU (A) IF ACTING AS AN INDIVIDUAL, REPRESENT THAT YOU ARE AT LEAST THE LEGAL AGE OF MAJORITY AND ABLE TO FORM A LEGALLY BINDING CONTRACT, AND CONSENT TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AS LICENSEE OR (B) IF REPRESENTING AN ENTITY, REPRESENT THAT YOU ARE LEGALLY AUTHORIZED TO BIND THE ENTITY AND THAT THE ENTITY CONSENTS TO BE BOUND BY AND BECOME A PARTY TO THIS AGREEMENT AS LICENSEE.
IF LICENSEE DOES NOT CONSENT TO BE BOUND BY ALL OF THE TERMS OF THIS AGREEMENT, DO NOT CLICK ON THE “ACCEPT” BUTTON OR ACCESS OR USE THE SMARTTHINGS DEVELOPER CENTER.
LICENSEE AGREES THAT SAMSUNG AND ITS AFFILIATES MAY MAKE IMPROVEMENTS AND/OR CHANGES TO THE SMARTTHINGS DEVELOPER CENTER, AT ANY TIME AND WITHOUT PRIOR NOTICE, AND FURTHER AGREES THAT SAMSUNG MAY REVISE THIS AGREEMENT, INCLUDING, WITHOUT LIMITATION, ANY OPERATING RULES, POLICIES AND PROCEDURES, AT ANY TIME AND WITHOUT ANY PRIOR NOTICE, BY UPDATING THIS POSTING. LICENSEE’S CONTINUED USE OF THE SMARTTHINGS DEVELOPER CENTER AFTER SUCH MODIFICATIONS HAVE BEEN MADE CONSTITUTES LICENSEE’S ACCEPTANCE OF SUCH REVISED AGREEMENT.
- Definitions. Capitalized words used in this Agreement shall have the following meanings:
- “Accessed Developer Tools” means those portions of the SmartThings Developer Tools consisting of software that Samsung permits Licensee to access on a software-as-a-service basis, but not to download, including, but not limited to, web based tools, application programming interface (API) endpoints, and/or other accessed tools, except that (i) “Accessed Developer Tools” do not include Open Source Software, which are subject to the applicable open source licenses, and (ii) “Accessed Developer Tools” do not include Separately Licensed Software, which are subject to the applicable separately-specified license terms.
- “Authorized Purpose” means (i) developing and testing Licensee Products for use with the SmartThings Platform, (ii) integrating such Licensee Products with the SmartThings Platform, and (iii) operating such Licensee Products for use by Users in connection with the SmartThings Platform.
- “Affiliate” means, with respect to a Party, a Person that Controls or is Controlled by, or is under common Control with, such Party.
- “Applicable Law” means all applicable laws, statutes and regulations, and all applicable orders, judgments, decisions, recommendations, rules, policies or guidelines passed or issued by any regulatory authority or any competent court, to the extent applicable to either of the Parties, as the same may be amended and in effect at all times.
- “Control” means the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through the ownership of voting securities, by contract or otherwise.
- “Data Compromise” means any compromise in the security, confidentiality or integrity of any Personal Information in Licensee’s control or possession, including unlawful or unauthorized access, use, acquisition, transmission, alteration, disclosure, deletion or destruction thereof.
- “Data Protection Laws” means any applicable data protection or privacy laws in the European Union, European Economic Area and their Member States, the United Kingdom, and the United States, as well as other similar applicable worldwide data protection laws that relate to the privacy, confidentiality, security or protection of Personal Information.
- “Documentation” means any technical specifications, development guidelines, hardware schematics, hardware diagrams, technical layouts and other specifications or documentation that Samsung may make available or provide to Licensee for use in connection with the SmartThings Developer Tools.
- “Downloaded Developer Tools” means those portions of the SmartThings Developer Tools consisting of software that Samsung permits Licensee to download, except that (i) “Downloaded Developer Tools” do not include Open Source Software, which are subject to the applicable open source licenses, and (ii) “Downloaded Developer Tools” do not include Separately Licensed Software, which are subject to the applicable separately-specified license terms.
- “Intellectual Property Rights” means all past, present and future rights of the following types, which may exist or be created under the laws of any jurisdiction in the world: (i) rights associated with works of authorship, including, without limitation, exclusive exploitation rights, copyrights, moral rights and mask work rights; (ii) trademark and trade name rights and similar rights; (iii) trade secret rights; (iv) patents and industrial property rights; (v) other proprietary rights of every kind and nature; and (vi) rights over or relating to registrations, renewals, extensions, combinations, divisions and reissues of any of the rights referred to in clauses “(i)” through “(v)” above.
- “Licensee Products” means (a) Licensee’s products, services, and technology and (b) products, services, and destinations to which Licensee direct Users through Licensee’s integrations with the SmartThings Platform.
- “Licensee Branding Materials” means (i) trade names, trademarks, service marks, designs, logos, domain names and other distinctive brand features owned and/or controlled, in whole or in part, by Licensee and (ii) any images, designs, content and materials made available by Licensee to Samsung or its Affiliates to advertise, market and promote the integration and interoperability of Licensee Products with the SmartThings Platform.
- “Open Source Software” means any open source, public source or freeware software made available under or otherwise subject to any license that is considered an open source software license by the Open Source Initiative or a free software license by the Free Software Foundation, or any license substantially similar to any of the foregoing, including but not limited to any version of any software licensed pursuant to any version of the GNU General Public License, GNU Lesser/Library General Public License, Apache Software License, Mozilla Public License, BSD License, MIT License, Common Public License.
- “Person” means a natural person, partnership, limited liability partnership, corporation, limited liability company, trust, unincorporated association, joint venture or other entity or any federal, state, local or foreign government, agency, commission, department or instrumentality.
- “Personal Information” is any information relating to an identified or identifiable natural person and includes any definition of “personal data,” “personal information,” “personally identifiable information,” and other similar definitions under applicable Data Protection Law.
- “Processing” means any operation or set of operations that is performed upon Personal Information or on sets of Personal Information, whether or not by automated or automatic means. “Process” and “Processed” shall be construed accordingly.
- “Separately Licensed Software” means any software made available by Samsung or its Affiliate under or subject to specific license terms other than this Agreement.
- “SmartThings Developer Tools” means any and all software, services, tools, technology, software development kits, application programming interfaces, integrated development environments, simulators, drivers, mobile applications, features, functionality, Documentation, specifications, data, information, certifications, contents, and materials made available by Samsung and/or its Affiliates through the SmartThings Developer Center.
- “SmartThings Platform” means the smart home platform operated by Samsung and its Affiliates under the “SmartThings” brand.
- “Territory” means any territory where Samsung makes the SmartThings Developer Tools publicly available.
- “Updates” means, in regards to SmartThings Developer Tools, as applicable, any bug fixes, enhancements, modifications, new releases, new versions, supplements, updates or upgrades.
- “User” means a user who has an account on the SmartThings Platform and uses the SmartThings Platform in connection with a Licensee Product.
- Use of SmartThings Developer Tools.
- Accessed Developer Tools. Subject to the terms of this Agreement, Samsung hereby grants to Licensee a personal, limited, non-exclusive, revocable, non-sublicensable and non-transferrable license, during the term of this Agreement, within the Territory, to use the Accessed Developer Tools solely for the Authorized Purpose.
- Downloaded Developer Tools. Subject to the terms of this Agreement, Samsung hereby grants to Licensee a personal, limited, non-exclusive, revocable, non-sublicensable and non-transferrable license, during the term of this Agreement, within the Territory, to download and install a reasonable number of copies of such Downloaded Developer Tools (each with all copyright notices intact and in compliance with all requirements related thereto, including, without limitation, attribution requirements) on computers (which computers are and will be maintained in facilities owned, occupied or leased by Licensee), and use such Downloaded Developer Tools solely for the Authorized Purpose.
- Restrictions. Licensee shall not, and shall not authorize any third party to, directly or indirectly, do any of the following:
- reverse engineer, decompile, disassemble or otherwise attempt to discover the source code or underlying ideas and algorithms of any SmartThings Developer Tools that are not made available by Samsung in source code form, except to the extent that this restriction is expressly prohibited by Applicable Law;
- copy, reproduce, modify, translate, or create derivative works based on any element of the SmartThings Developer Tools, except as otherwise expressly permitted in Section 2.2 Agreement, and except, with respect to Separately Licensed Software, to the extent otherwise expressly permitted in the applicable separately-specified license terms;
- rent, lease, distribute, sell, resell, assign, license, sublicense or otherwise transfer the SmartThings Developer Tools or its rights to use the SmartThings Developer Tools, except, with respect to Separately Licensed Software, to the extent otherwise expressly permitted in the applicable separately-specified license terms;
- use the SmartThings Developer Tools for time-sharing purposes, or to operate a service bureau or similar service, or otherwise for the benefit of any Person other than Licensee;
- perform any action with the intent of introducing, via the SmartThings Developer Tools, any viruses, worms, defects, Trojan horses, malware, malicious code, or any items of a destructive nature;
- interfere with or disrupt the SmartThings Developer Tools or the SmartThings Platform or the servers or networks connecting to the SmartThings Developer Tools or the SmartThings Platform;
- misrepresent or mask its identity when using the SmartThings Developer Tools or the SmartThings Platform;
- circumvent, or attempt to circumvent, any technical limitations or usage limitations set by Samsung or its Affiliates on use of the SmartThings Developer Tools or the SmartThings Platform;
- interrupt the functionality of or tamper with the SmartThings Developer Tools or the SmartThings Platform or any servers used in providing the SmartThings Developer Tools or the SmartThings Platform, or unreasonably affect others’ enjoyment of the SmartThings Developer Tools or the SmartThings Platform in any way;
- publish or disclose to third parties any evaluation of the SmartThings Developer Tools without Samsung’s prior written consent; or
- use the SmartThings Developer Tools for any purpose other than the Authorized Purpose or in any manner other than in accordance with the Documentation, including, without limitation, any computer, server or compatibility requirements.
- Feedback; Notification of Issue.
- Feedback. Licensee may provide feedback, ideas, improvements or suggestions regarding the SmartThings Developer Tools or the SmartThings Platform (collectively, “Feedback”). If Licensee provides Samsung or its Affiliates any Feedback, Samsung and its Affiliates may use the Feedback without obligation to Licensee, and Licensee hereby assigns to Samsung all right, title and interest to the Feedback, including, without limitation, all related Intellectual Property Rights. Samsung and its Affiliates are under no obligation to use any Feedback.
- Notification of Issue. Licensee shall promptly notify Samsung of: (i) any vulnerability or security issues within a Licensee Product; (ii) any discontinuation or suspension of service or support with respect to a Licensee Product; (iii) other events requiring Samsung to suspend the access of a Licensee Product to the SmartThings Developer Tools; (iv) any present and probable malfunctions, defects or security problems with the SmartThings Developer Tools. Licensee shall provide reasonable cooperation, at Samsung’s request, to further diagnose and resolve all such problems.
- Updates. Samsung may, at any time without notice, extend, enhance, depreciate or otherwise modify the SmartThings Developer Center and/or the SmartThings Developer Tools. If Samsung makes available any Updates, such Updates will be governed by this Agreement (unless a separate license is provided with the Update, in which case the terms of that license will govern the Update). Licensee acknowledges that Samsung has no obligation, whether express or implied, to announce or make available any Updates, or to provide any maintenance, technical or other support, in regards to the SmartThings Developer Tools. Where an Update is made available, such Update may have features, services and/or functionalities that are different from those previously found in the SmartThings Developer Tools. Licensee acknowledges that Updates may require Licensee to make changes to Licensee Products to maintain compatibility with updated SmartThings Developer Tools.
- Intellectual Property Rights.
- Ownership. Licensee acknowledges and agrees that, as between the Parties, Samsung or its Affiliates own all right, title, and interest, including, without limitation, all Intellectual Property Rights, in and to the SmartThings Developer Tools, the SmartThings Platform and the Certification Mark. All rights not expressly granted by Samsung to Licensee herein are reserved.
- No Restrictions on Samsung. Nothing in this Agreement restricts, or should be deemed to restrict, Samsung’s right to exercise any rights or licenses received from any third parties or to grant other similar rights or licenses to any third parties.
- Proprietary Rights Notices. Licensee shall not delete or alter in any manner the copyright, trademark, and other proprietary rights notices appearing on SmartThings Developer Tools.
- Licensee Branding Materials. Licensee hereby grants to Samsung and its Affiliates a non-exclusive, worldwide, paid-up, royalty-free right and license to use and display Licensee Branding Materials to advertise, market and promote (i) Licensee’s use of SmartThings Developer Tools and the SmartThings Platform, and (ii) the integration and interoperability of Licensee Products with the SmartThings Platform, in each case, in any and all media (whether known now or developed later). Without limiting the foregoing, Samsung and its Affiliates may use and display Licensee Branding Materials within SmartThings and Samsung mobile applications. If Samsung terminates Licensee’s access to or use of SmartThings Developer Tools, Samsung will stop using Licensee Branding Materials for such marketing purposes after such date of termination, but will not be required to recall previously-published marketing materials that included those Licensee Branding Materials in fixed media or other media that would not be reasonably practical to recall. Any and all goodwill associated with Licensee Branding Materials that arise in connection with their use hereunder will inure to Licensee’s sole benefit. Licensee represents and warrants that the Licensee Branding Materials and the use and display of Licensee Branding Materials as authorized hereunder does not infringe, misappropriate or otherwise violate the Intellectual Property Rights or other rights of any third parties.
- Licensee Requirements.
- Accurate Information. Licensee must provide complete, correct, and accurate information in connection with Licensee’s use of the SmartThings Developer Tools.
- Cooperation. Licensee will cooperate if Samsung or its Affiliates seek to gather information about Licensee or Licensee Products to verify identity, confirm compliance with requirements, for quality assurance purposes, or as required to operate any portion of the SmartThings Developer Tools or the SmartThings Platform.
- Samsung Developer Policies. Licensee Products and Licensee’s use of SmartThings Developer Tools and the SmartThings Platform must comply with the policies for the SmartThings Developer Tools available at https://developer.smartthings.com/docs/ (or such other URL as Samsung may provide) (the “SmartThings Developer Policies”). The SmartThings Developer Policies may be updated from time to time as the SmartThings Developer Tools are modified or new features or functionality are added or made available. In addition, SmartThings Developer Policies may be updated at any time and without any prior notice, in Samsung’s sole discretion, by updating their postings. Licensee’s continued use of SmartThings Developer Tools and the SmartThings Platform after such updates have been made constitutes Licensee’s acceptance of such updated SmartThings Developer Policies.
- Development and Delivery of Licensee Products. Licensee shall ensure that the design, development, delivery, implementation and operation of the Licensee Products occur in accordance with this Agreement and any and all Documentation.
- Program Documentation. Upon Samsung’s request, Licensee shall prepare and deliver, or otherwise provide Samsung access to, the technical and functional documentation detailing in all material respects the operations, procedures, specifications and technology for Licensee Products (the “Program Documentation”). Licensee shall ensure that the Program Documentation conforms to and is in all respects consistent with Applicable Laws and is reasonably satisfactory to Samsung.
- Customer Service. Between Samsung and Licensee, Licensee will be responsible for (i) addressing and resolving issues relating to accessing and/or using the Licensee Products and providing support for end users of Licensee Products, (ii) timely investigating and responding to complaints from users arising from such issues, and (iii) promptly notifying Samsung of such issue.
- Representations and Warranties. Licensee represents, warrants and covenants that:
- Licensee has the authority to enter into this Agreement, and the performance of its obligations under this Agreement does not conflict with its obligations under any other agreement;
- Licensee shall comply with all Applicable Laws and third-party rights in connection with its use of the SmartThings Developer Tools and the SmartThings Platform and its performance of this Agreement;
- Licensee shall obtain and maintain, for the term of this Agreement, all required permits and licenses for its performance of this Agreement;
- Licensee shall not make unsolicited offers or advertisements, impersonate or falsely claim affiliation with any Person;
- Licensee shall not misrepresent, harass, defraud, defame, deceive or mislead others;
- Licensee shall not post obscene or unreasonably offensive material;
- Licensee shall not negatively present the SmartThings Developer Tools or the SmartThings Platform;
- Licensee has all necessary rights, titles and interests to grant the licenses and other rights under this Agreement;
- Licensee Products and the use of Licensee Products do not infringe, misappropriate or otherwise violate the Intellectual Property Rights or other rights of any third parties;
- The Licensee Products shall not contain any viruses or other computer programming routines that may damage or detrimentally interfere with any computer or telecommunications network, equipment or mobile phones and shall be safe and free of defects in design and operation;
- the Licensee Products are (i) free from material errors and defects, (ii) complies with Samsung style, standards and technical requirements and guidelines, as communicated to Licensee at all times, and (iii) complies with all Applicable Laws and third-party rights;
- the Licensee Products do not, as determined by Samsung in its sole discretion, include any material which is harmful, inaccurate, pornographic, abusive, obscene, threatening, defamatory, seditious, contrary to public policy, contrary to Samsung policy or encourages illegal activities or violates third-party rights or promotes software or services which deliver unsolicited emails;
- Licensee will not engage in deceptive, misleading, or unethical practices in connection with Licensee Products or their promotion and will make no false or misleading representations with regard to Samsung or its products or services; and
- Licensee Products will not (i) be used in connection with autonomous or semi-autonomous vehicles, nuclear energy equipment, air traffic control, the operation of critical communication system, public transportation control, life support devices or other ultra-hazardous uses where failure of the Licensee Product to perform would be reasonably expected to cause deaths, injuries or severe physical property or environmental losses, or (ii) disable, hack or otherwise interfere with any authentication, content protection, digital signing, digital rights management, security or verification mechanisms implemented in SmartThings Developer Tools.
- Certification.
- Procedures and Policies. Licensee may elect to submit Licensee Products to Samsung or its Affiliates for review and certification. If Licensee so elects, Licensee shall follow, complete, and comply with certification procedures and policies as required by Samsung or the applicable Samsung Affiliate, and at the sole discretion of Samsung or the applicable Samsung Affiliate. These procedures may include but are not limited to Licensee signing up for Samsung web portals and accounts (subject to the terms and conditions applicable thereof), Licensee’s submission of information regarding itself and the Licensee Product, Licensee’s agreement to be bound by the terms of any related agreements Samsung may require, and the issuance of an identification number with respect to Licensee and the Licensee Product. Licensee agrees to provide all information and materials requested by Samsung or its Affiliates in connection with their assessment of Licensee Products (which may include, without limitation, the delivery and transfer of title to Samsung, or the applicable Samsung Affiliate, of a reasonable number of units of the Licensee Products for which Licensee is seeking certification).
- Certification. After receiving the requested information and materials from Licensee, Samsung, or the applicable Samsung Affiliate, may notify Licensee as to whether or not the Licensee Products work properly with the SmartThings Platform. Samsung, or the applicable Samsung Affiliate, may elect in its sole discretion whether to certify the applicable Licensee Product. If Samsung, or the applicable Samsung Affiliate, elects to certify the applicable Licensee Product, Samsung, or the applicable Samsung Affiliate, will send notice of such certification to Licensee.
- Testing. Prior to release of a Licensee Product, Licensee will: (i) successfully implement and integrate a live production environment of the Licensee Product into SmartThings Developer Tools; and (ii) successfully conduct end-to-end testing in accordance with Samsung’s test procedures, if applicable. Licensee agrees to provide reasonable cooperation to Samsung’s closed testing of the Licensee Product and the integration thereof to the SmartThings Platform. The closed testing will be conducted by Licensee and Samsung, or as otherwise mutually agreed upon by the Parties. Licensee must comply with SmartThings Testing Guidelines (as may be updated by Samsung from time to time) available at https://developer.smartthings.com/docs/certification/apply-for-certification#testing-guidelines (or such other URL as Samsung may provide).
- Notice of Changes. During the term of this Agreement, Licensee shall give Samsung at least thirty (30) days’ prior written notice of any changes to any Licensee Products that will have a material effect on the integration of Licensee Products with the SmartThings Platform. The foregoing sentence shall not apply in the case of emergency or security-related changes, for which Licensee shall give Samsung as much notice as is reasonably practicable under the circumstances.
- Change Management. Further, Licensee will provide written notice to Samsung of any anticipated or potential modifications to the Licensee Product, including but not limited to new or changed features and technical specifications (collectively, the “Material Modifications”) as early as possible and, in any event, at least forty-five (45) days prior to the implementation thereof (or longer, in accordance with the magnitude of the anticipated or potential Material Modifications). For the purposes hereof, by way of example, the following events shall constitute Material Modifications: (i) the addition of Licensee Products; (ii) the addition of features or functions (including but not limited to any paid features or functions); (iii) any changes to any consumer disclosures applicable to the Licensee Product or customer experience in a manner that may affect Users’ perception of (a) how Users may access and use Licensee Product through the SmartThings Developer Tools or (b) how Licensee or Samsung Processes their data; and/or (iv) any other modification to the Licensee Product that would likely have operational, technical or security repercussions for Samsung. If Samsung has concerns with continuing to operate under this Agreement due to the impact of any such anticipated or potential Material Modification(s), the Parties agree to use good faith efforts to resolve such issue as soon as possible, provided that the implementation of such Material Modification will be possible after the Parties agree on such implementation.
- Updates by Samsung. If Samsung makes available any Updates, Licensee shall implement corresponding changes, as needed, to its Licensee Products within thirty (30) days of the date such Update is made available and, if required by Samsung, shall pass Samsung’s internal test and follow other Samsung procedures.
- License to Certification Mark. After Samsung or its Affiliate certifies a Licensee Product, during the remainder of the term of this Agreement, and subject to the terms and conditions of this Agreement and any written usage guidelines provided by Samsung or its Affiliate from time to time, Samsung hereby grants to Licensee a limited, revocable, non-exclusive, paid-up, royalty-free, non-sublicensable, non-transferable license to use the “Works with SmartThings” certification mark or any successor mark thereto that is identified by Samsung (“Certification Mark”) solely for the advertising, marketing and promotion of the certified Licensee Product, including in any and all advertising, marketing and promotional materials in any and all media (whether now known or hereafter developed), on the condition that such Licensee Product is certified by, and remains certified by, Samsung or its Affiliate at the time of each such use. Licensee agrees to abide by and use the Certification Mark as set forth by in Samsung’s brand usage guidelines (as may be updated by Samsung from time to time) available at https://partners.smartthings.com/brand-guidelines (or such other URL as Samsung may provide). Any and all goodwill associated with the Certification Mark that arise in connection with its use hereunder will inure to the sole benefit of Samsung and its Affiliates. Licensee shall not: (i) take any action inconsistent with Samsung and its Affiliates’ ownership of the Certification Mark,(ii) use the Certification Mark in a manner that would tarnish, blur or dilute the quality associated with the Certification Mark or the associated goodwill, as determined by Samsung and at its sole discretion, or (iii) use the Certification Mark except as permitted under this section.
- Revocation of Certification. Licensee’s failure to comply with this Agreement may result in the revocation of a Licensee Product’s status as a product certified by Samsung or its Affiliate. In addition, Samsung and its Affiliate may, at its sole discretion, revoke a Licensee Product’s status as a certified product, at any time for any reason or no reason, without any liability to Licensee arising from such revocation. Upon revocation of a Licensee Product’s status as a certified product, Licensee shall immediately cease using or display the Certification Mark in connection with such a Licensee Product and shall immediately cease representing to the public that the Licensee Product is a certified product. If Samsung or its Affiliate revokes the certification, Samsung reserves the right to remove the Licensee Product from the SmartThings mobile application.
- Public Announcements.
- Public Announcements by Licensee. Except for an announcement intended solely for internal distribution or any disclosure required by legal, accounting or regulatory requirements beyond the reasonable control of Licensee, subject to the license in Section 5.7 to use the Certification Mark, all media releases, public announcements or public disclosures by Licensee or its employees or agents relating to this Agreement or its subject matter, or including the name, trade name, trademark, or symbol of Samsung, are prohibited without the prior written consent of Samsung.
- Public Announcements by Samsung. Samsung may include the name, trade name, trademark, symbol of Licensee, and reference the Licensee Product in all media releases, public announcements or public disclosures by Samsung or its employees or agents relating to this Agreement or its subject matter, without the prior written consent of Licensee.
- Confidential Information.
- Definition. Licensee acknowledges that it may receive Samsung’s Confidential Information. “Confidential Information” includes: (a) information that is provided by or on behalf of Samsung or its Affiliates to Licensee or its agents in connection with SmartThings Developer Tools or in connection with the transactions contemplated by this Agreement; (b) information about Samsung or its Affiliates, or their respective businesses, customers and employees, that is otherwise obtained by Licensee in connection with SmartThings Developer Tools or otherwise related to the activities under this Agreement, as per the case, including, without limitation: (i) information concerning marketing plans, objectives and financial results; (ii) information regarding business systems, methods, processes, financing data, programs and products and the terms and features and tests thereof; (iii) branding guidelines for the Certification Mark; (iv) Personal Information; and (v) proprietary technical information, including, without limitation, source codes; and (c) any marketing plans. “Confidential Information” in all such cases is information not available to the general public or trade information that is marked or identified as ‘confidential,’ ‘proprietary’ or with other similar marking at the time of disclosure or that a reasonable person would consider, from the nature of the information and circumstances of disclosure, to be confidential or proprietary to the discloser.
- Confidentiality Obligations. Licensee: (a) shall safeguard Samsung’s Confidential Information by reasonable means, using at least the same degree of care as Licensee accords to its own confidential information of like importance, but in no case less than reasonable care; (b) shall not use Confidential Information for any purpose except its performance or enforcement of this Agreement; (c) may disclose Confidential Information to its employees, but only (i) as necessary to facilitate Licensee’s performance or enforcement of this Agreement; and (ii) under enforceable obligations to protect such Confidential Information, pursuant to terms and conditions no less protective of Samsung’s Confidential Information than those contained in this Agreement; and (d) shall not reproduce or copy Confidential Information except to the extent necessary to further the purposes of this Agreement. Licensee shall not disclose any Confidential Information provided or disclosed by Samsung, to any third party, without the prior written consent of Samsung, except as otherwise provided for or authorized in this Agreement.
- Permitted Disclosures. Licensee may disclose Confidential Information as required by Applicable Law or legal process. Such disclosure shall not be considered to be a breach of this Agreement, as long as Licensee gives Samsung advance written notice of the disclosures to the extent permitted by Applicable Law, and as soon as practicable. Licensee, at Samsung’s preference, must either (a) permit Samsung to seek measures to maintain the confidentiality of its Confidential Information; or (b) limit disclosure to information required to be disclosed and take reasonable measures to protect the confidentiality of the Confidential Information to be disclosed. If requested by Samsung, Licensee shall require if reasonable, and request if not, that the recipient cooperate with the Samsung’s efforts to limit disclosure and protect the confidentiality of such Confidential Information.
- Return or Destruction. Upon request by Samsung, whether before or after the termination of this Agreement, Licensee shall (i) return or destroy, as Samsung may direct, and in the manner reasonably directed by Samsung, all material in any medium that contains, refers to or relates to Samsung’s Confidential Information; and (ii) retain no copies except, to the extent necessary, one (1) copy solely for compliance with record retention requirements under Applicable Law.
- Certain Exclusions. The obligations in this Agreement regarding Confidential Information shall not apply to, and Confidential Information shall not include, information which Licensee can demonstrate by documentary evidence (a) was rightfully in its possession prior to receipt from Samsung without restriction on use or disclosure; (b) was independently developed by Licensee without reference to Samsung’s Confidential Information; (c) is or becomes publicly available, or is within the public domain, in each case through no action or default of Licensee or any person to whom it was disclosed by Licensee; or (d) was disclosed to Licensee by a third party without restriction on use or disclosure and without violation of restrictions on disclosure or use.
- Privacy and Data Compromise.
- Compliance with Applicable Laws. Licensee will Process Personal Information in accordance with all Applicable Laws, including without limitation Data Protection Laws, and will obtain appropriate consents and provide appropriate notices. Without limiting the foregoing, Licensee agrees to take measures to protect Personal Information that are at least as rigorous as those required by Applicable Laws and as appropriate to the nature and sensitivity of the Personal Information it is Processing.
- Sharing of Personal Information. Each Party may share certain Personal Information with the other Party during the performance of their obligations hereunder (“Shared Personal Information”). The Shared Personal Information that Samsung shares with Licensee is provided to Licensee only for the limited and specified purposes set forth in Exhibit A. If applicable, Licensee may only use the Shared Personal Information that Samsung Sells to or Shares (as defined under U.S. Data Protection Laws) with Licensee for these limited and specified purposes (“Permitted Business Purposes”). Licensee (a) shall not Sell or Share Samsung Personal Data; (b) retain, use, disclose, or otherwise process Shared Personal Information: (1) beyond the Permitted Business Purpose; (2) beyond the direct business relationship with Samsung; or (3) to create any derivative works or products, or to create or use with any identity graph or device graph; and (d) shall not combine, commingle, map, match or merge Shared Personal Information received pursuant to this Agreement with Personal Information received from or on behalf of another person(s), or collected from Licensee’s own interactions with Users, unless permitted by applicable Data Protection Laws. During the time Shared Personal Information is disclosed to Licensee, Samsung does not have knowledge or reason to believe that Licensee is unable to comply with, or that Company intends to use the Shared Personal Information in violation of, this Agreement or applicable Data Protection Laws. Further, for the avoidance of doubt, Licensee will not, and will ensure that all of its personnel do not:
- Process any Personal Information for analytics, modeling or generation of revenue for Licensee (e.g., by reselling such data or using such data for services or product offerings containing aggregated information that are separately priced or sold). For the avoidance of doubt, Licensee may not engage in analytics, modeling or similar tasks even for wholly internal (not for resale) purposes unless the Parties expressly agree in writing to such Processing in an amendment subsequent to the execution of this Agreement;
- Process any Personal Information to engage in or facilitate targeting (for marketing, advertising or otherwise) of any individual, including targeting due to or based on such individual’s status as a User;
- Except as expressly approved by Samsung, combine any Personal Information with any other data, including Personal Information;
- Attempt to re-identify or otherwise ascertain the identity of any User or another individual;
- Process any Personal Information in a manner that identifies or reveals quantitative or qualitative characteristics attributable to Samsung or the existence of a relationship between a User and Samsung;
- Assign, sell, transfer or otherwise dispose of any Personal Information to any other Persons or permit the use of or access to any Personal Information for the benefit of any other Persons; or
- Attempt to or assist others in an attempt to copy, duplicate or otherwise reproduce, modify or create derivative works based on any Personal Information.
- Data Protection Program. Licensee will protect the confidentiality, integrity and availability of Personal Information through various measures, which will include, at a minimum compliance with Section 7 and the following:
- Licensee will ensure at all times that its respective consumer privacy policy applicable to the Licensee Product permits the disclosure to and use by Samsung of Personal Information in connection with the SmartThings Developer Tools and the SmartThings Platform.
- Licensee will establish, implement and maintain a comprehensive written information security program containing administrative, physical and technical safeguards designed to: (i) comply with Applicable Laws; and (ii) protect against any anticipated threats or hazards and prevent unauthorized physical or electronic access to, Processing of, or loss of Personal Information or the services, systems or devices containing Personal Information. Such safeguards will include, at minimum, the requirements outlined in Exhibit B;
- Licensee will provide an appropriate level of supervision, guidance and training on its safeguards to anyone acting on its behalf who Processes Personal Information;
- Licensee will maintain controls appropriate to limit access or Processing activities regarding Personal Information to its employees, subcontractors and agents that Process Personal Information on its behalf; and that (i) have a legitimate need to Process that information to provide services pursuant to this Agreement; and (ii) have agreed in writing to be bound by an appropriate confidentiality agreement. Licensee will also maintain controls to prevent and detect unauthorized access, use or disclosure by unauthorized persons or for unauthorized purposes (including by conducting a periodic manual or automated review for proper access). Such controls will include monitoring of networks, systems and devices and an industry-standard logging system that details all access and is capable of reconstructing the details of access to Personal Information. Such logs will be maintained in accordance with industry-standard retention policies. Licensee will terminate promptly an individual’s access to Personal Information when such access is no longer required for performance under the Agreement and will retain an auditable history of all access changes. Licensee will be responsible for containing and remediating any unauthorized access to Personal Information under Licensee’s custody or control; and
- Upon Samsung or an applicable User’s request to delete any Personal Information, Licensee will immediately delete and render permanently irretrievable such Personal Information from any and all of the services, systems or devices containing such Personal Information.
- Data Compromise. Licensee will maintain an incident response program designed to respond to any Data Compromise. If a Data Compromise has occurred, or if Licensee has reason to believe that any security measure included in the software or hardware relevant to the Licensee Product has been breached, Licensee will, subject to Applicable Laws, promptly notify Samsung in writing of the Data Compromise (and in any event no later than 24 hours upon becoming aware). In the event of such a Data Compromise, Licensee will: (i) promptly provide Samsung with a detailed description of the incident, the data accessed, a report of any investigation of the Data Compromise and such other information as Samsung reasonably may request; (ii) take all necessary and appropriate corrective actions, at the expense of Licensee, to prevent a recurrence of such Data Compromise; and (iii) take all remediation efforts required by Applicable Law, or assist Samsung in doing so, at Samsung’s request, as a consequence of any Data Compromise or that have been required by any governmental authority in similar circumstances, regardless of whether Applicable Law explicitly imposes such remediation obligations on Licensee, or Samsung or on both. Such remediation efforts may include but are not limited to: (a) investigation of such Data Compromise; (b) development and delivery of notices to Users whose Personal Information may have been affected; (c) establishment of a toll-free telephone number (s) (or where not available, a dedicated telephone number or numbers) where affected Users may receive individualized assistance and information relating to the Data Compromise; (d) investigation and resolution of the causes and impacts of the Data Compromise; and (g) such other measures that Samsung determines are reasonable and proportionate to the nature and level of severity of the Data Compromise (with such other measures being referred to as “Additional Reasonable Remediation Measures”). Licensee shall be solely responsible for the costs and expenses of all remediation measures, whether undertaken by Licensee or by Samsung. Licensee agrees that it will not inform or permit any Affiliate, agent or subcontractor to inform, any third party of a Data Compromise without Samsung’s prior written consent. Provided, however, that such disclosure is mandatory under Applicable Law, Licensee will use commercially reasonable efforts to obtain Samsung’s approval regarding the content of such disclosure to minimize any adverse impact to Samsung.
- Compliance. Licensee shall provide Samsung with all necessary materials, documents, assessments and other information (including any questionnaires or request for information prior to engaging in any Processing of Personal Information) to enable Samsung to confirm that Licensee has complied with its obligations under this Agreement. Samsung shall, at any time during the term of this Agreement, including any renewal thereof, have the right to request that Licensee engage a third party (with such third party to be mutually agreed upon by the Parties) or allow Samsung or a third party appointed by Samsung at Licensee’s sole cost and expense to conduct an independent audit of Licensee’s privacy and security practices, and Licensee shall comply with such request. Following completion of any audit conducted pursuant to this Agreement, Samsung shall have the right to notify Licensee in writing of any alleged risks or threats identified during such audit and/or nonconformance to generally accepted trade practice in the industry (each a “Security Issue”). To the extent that such Security Issues exist and are Licensee’s responsibility, Licensee shall, within ten (10) days of receipt of such written notification, either correct such Security Issues or provide Samsung with a plan acceptable to Samsung for remediating the Security Issues. If (i) the Security Issues are not corrected, or (ii) if an acceptable plan for correcting them is not agreed to during such period, or (iii) if an acceptable plan is not executed according to its schedule, Samsung may, by giving Licensee written notice thereof, immediately terminate this Agreement (or any other agreement in relation to this Agreement) in whole or in part and demand from Licensee a pro rata refund of the fees paid or payable under this Agreement (or any other agreement in relation to this Agreement), which Licensee shall deliver to Samsung within thirty (30) days.
- Cooperation. Without limiting any other obligation or limitation under the Agreement or suggesting that any of the following are permissible under the terms of the Agreement, Licensee shall notify Samsung immediately (and in any event no later than one (1) day) of becoming aware of (i) Licensee’s inability to comply with this Agreement with respect to the Processing of Personal Information, or (ii) the receipt of any communication, complaint, request or notice from any regulatory or governmental authority relating to the Processing of Personal Information by Licensee or any supervisory, enforcement or other measure and/or proceedings undertaken by a User, legal or regulatory authority, court or tribunal relating to the Processing of Personal Information by Licensee. Licensee shall provide all reasonable assistance to Samsung to allow Samsung to comply with its obligations under Data Protection Laws, including obligations related to (a) responding to requests from Users or a regulatory or governmental entity in relation to the Personal Information or Processing activities under this Agreement; or (ii) conducting any data protection impact assessment or prior consultations with data protection regulatory authorities in relation to Personal Information Processed under this Agreement.
- Survival. Licensee’s obligations under this Section 8 will survive expiration or termination of the Agreement and completion of the activities thereunder, as long as Licensee continues to Process the Personal Information of Users.
- International Transfers.
For the purposes of this Section, the following capitalized words used in this Agreement shall have the following meanings:
“Adequate EEA Jurisdiction” means (i) country in the EEA, as well as any country that the European Commission has formally determined provides adequate protection for personal data as reflected in a published adequacy finding, (ii) any third country, territory, or one or more specific sectors within that third country listed in the FDPIC’s list of adequate countries (found athttps://www.edoeb.admin.ch/edoeb/en/home/data-protection/handel-und-wirtschaft/transborder-data-flows.html), or otherwise acknowledged as a country deemed adequate for the purpose of Swiss Data Protection Laws by the Federal Data Protection and Information Commissioner or (under the Revised Data Protections Laws) the Swiss Federal Council, and/or (iii) any (a) third country; (b) territory or one or more sectors within a third country; (c) international organization; or (d) description of such a country, territory, sector or organization, in each case that, pursuant to sections 17A and 17B of the UK Data Protection Act 2018, the Secretary of State has determined provides an adequate level of protection for Personal Information.
“Data Exporter” means the Party sharing or providing Personal Information to the other Party.
“Data Importer” means the Party receiving Personal Information from the other Party.
“EEA” means the European Economic Area, which includes all member states of the European Union, and (as at the date of this DPA), Norway, Iceland, and Liechtenstein.
“EU Controller Model Clauses” means Module One of the model clauses for transfers from controllers in the EU to controllers established outside the EU or EEA approved by European Commission Implementing Decision 2021/914 of 4 June 2021 (as amended, superseded or replaced from time to time), as amended and incorporated herein.
“FDPIC” means the Federal Data Protection and Information Commissioner.
“GDPR” means the General Data Protection Regulation (EU) 2016/679.
“Supervisory Authority” means the relevant competent authority responsible for data privacy and protection where Licensee or Samsung are established.
“Swiss Data Protections Laws” means any law, enactment, regulation or order in Switzerland concerning the Processing of data relating to living persons, including the Federal Act on Data Protection of 19 June 1992 (SR 235.1) (“FADP”) and the revised version of the FADP dated 25 September 2020 (the “Revised FADP”).
“UK Controller Model Clauses” means the template IDTA B.1.0 issued by the Information Commissioner’s Office and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised from time to time under Section 5.4 of those Mandatory Clauses, as amended in accordance herein.
“UK GDPR” means the United Kingdom’s General Data Protection Regulation and other applicable Data Protection Laws of the United Kingdom.
Transfers from EEA
- If Data Exporter, in the context of an establishment located within the EEA, UK, and/or Switzerland or to the extent it is otherwise subject to the GDPR, UK, and/or Swiss Data Protection Laws transfers any Shared Personal Information outside of the Data Exporter’s country or territory to the Data Importer, such transfer shall be governed by, and the Parties hereby agree to comply with, as applicable, EU Controller Model Clauses and/or UK Controller Model Clauses, unless(i) the Data Importer is located in an Adequate EEA Jurisdiction, (ii) the transfer is subject to a derogation in accordance with Data Protection Laws, or (iii) the transfer is permitted under Data Protection Law.
- If, in accordance with the clause immediately above, the transfer of Shared Personal Information is governed by EU Controller Model Clauses and/or UK Controller Model Clauses, such clauses are incorporated by reference into this Agreement.
- To the extent there is any conflict between the terms of the EU Controller Model Clauses and/or the UK Controller Model Clauses and this Agreement, the terms of the applicable EU Controller Model Clauses and/or UK Controller Model Clauses shall prevail.
Transfers from Other Jurisdictions
- If Data Exporter, in the context of an establishment located within a country outside the EEA, UK, or Switzerland, or to the extent it is otherwise subject to the Data Protection Laws of such country, transfers any Shared Personal Information outside of Data Exporter’s country or territory to Data Importer, such transfer shall be governed by, and the Parties hereby agree to comply with, if required and applicable, the standard contractual clauses or their equivalent (“Other Jurisdiction Controller Model Clauses”) issued by the applicable supervisory authority or governmental or regulatory (“Other Jurisdiction Supervisory Authority”), unless (i) the Data Importer is located in an adequate jurisdiction approved by the Other Jurisdiction Supervisory Authority, (ii) the transfer is subject to a derogation in accordance with applicable Data Protection Law, or (iii) the transfer is permitted under Data Protection Law by some other method.
- If, in accordance with the clause immediately above, the transfer of Shared Personal Information is governed by Other Jurisdiction Controller Model Clauses, such Other Jurisdiction Controller Model Clauses is incorporated by reference into this Agreement.
- To the extent there is any conflict between the terms of such Other Jurisdiction Controller Model Clauses and this Agreement, the terms of the Other Jurisdiction Controller Model Clauses shall prevail.
- Indemnification. By Licensee. Licensee agrees to indemnify, defend and hold harmless Samsung and its Affiliates, and their directors, officers, employees and agents (each a “Samsung Indemnified Party”) from and against any and all claims, demands, legal proceedings, regulatory or governmental investigations, government tribunal (including, without limitation, any appellate proceedings and government sanctions) (collectively, “Claims”), losses, liabilities, penalties, fines, damages, expenses and costs (including, without limitation, reasonable attorney fees) (collectively “Losses”) incurred by a Samsung Indemnified Party in connection with the Claims arising from or relating to: (a) any Licensee Product or any other product or service offered by Licensee or Licensee’s Affiliates, their service providers, or their direct or indirect customers, including, without limitation, any product liability claim, any allegation of bodily injury, death of any person or damage to real or tangible, personal property resulting from use or deployment of such product or service, any claim alleging that any such product or service is defective, any allegation that any such product or service violates any Applicable Law, and any allegation that any such product or service violates or infringes any Intellectual Property Rights or other rights of any third party; (c) a breach by Licensee of any of its warranties, representations, covenants or obligations hereunder; (d) Licensee’s or its subcontractors’, agents’, or processors’ Processing of Personal Information; or (e) Licensee’s gross negligence, intentional misconduct or fraud.
- Defense of Claims. Where Samsung tenders sole control of the indemnified portion of the claims to Licensee, Licensee may, at Licensee’s expense, assume and direct the defense of such third-party claim and any litigation resulting therefrom, provided that (i) the counsel for Licensee conducting the defense of such third-party claim shall be reasonably satisfactory to Samsung; and (ii) Samsung may participate in such defense at Samsung’s expense. Licensee shall not, in the defense of any such third-party claim, consent to entry of any judgment or enter into any settlement that imputes liability or obligation on Samsung, without Samsung’s prior written consent, whose consent shall not be unreasonably withheld. Licensee and Samsung shall cooperate in the defense of any such third-party claim, solely to the extent Samsung decides to participate in such defense. The records of each Party related to such defense may be made reasonably available to the other Party.
- Legal Proceedings. The indemnity obligations hereunder shall apply whether or not legal proceedings are instituted. If such proceedings are instituted, they shall be conducted irrespective of the means, manner or nature of any settlement, compromise or determination.
- Limitation of Liability. SUBJECT TO TERMS AND CONDITIONS OF THIS AGREEMENT AND TO THE FULLEST EXTENT ALLOWED AND PERMITTED BY APPLICABLE LAW, SAMSUNG SHALL NOT, UNDER ANY CIRCUMSTANCES, BE LIABLE TO LICENSEE OR ANY THIRD PARTY THROUGH LICENSEE FOR PERSONAL INJURY OR ANY CONSEQUENTIAL, EXEMPLARY, INCIDENTAL, INDIRECT, PUNITIVE OR SPECIAL DAMAGES WHATSOEVER, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, LOSS OF DATA, BUSINESS INTERRUPTION OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES ARISING FROM OF OR IN RELATION TO THIS AGREEMENT OR LICENSEE’S USE OF THE SMARTTHINGS DEVELOPER TOOLS OR LICENSEE’S DEVELOPMENT OR DISTRIBUTION THEREOF, AND IN NO EVENT SHALL SAMSUNG’S TOTAL LIABILITY UNDER THIS AGREEMENT EXCEED [$100], IN EACH CASE, WHETHER A CLAIM IS BASED ON BREACH OF CONTRACT, BREACH OF WARRANTY, TORT (INCLUDING NEGLIGENCE), PRODUCT LIABILITY OR OTHERWISE, EVEN IF SAMSUNG HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES AND NOTWITHSTANDING THE FAILURE OF ESSENTIAL PURPOSE OF ANY REMEDY. LICENSEE’S UNDERSTANDING, ACKNOWLEDGEMENT AND ACCEPTANCE OF THIS SECTION IS THE LEGAL BASIS AND CONSIDERATION FOR THE LICENSES GRANTED UNDER THIS AGREEMENT.
- Disclaimer of Warranty. SAMSUNG EXPRESSLY DISCLAIMS ANY AND ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. FURTHER, SAMSUNG DOES NOT REPRESENT OR WARRANT THAT ANY PORTION OF THE SMARTTHINGS DEVELOPER TOOLS IS FREE OF INACCURACIES, ERRORS, BUGS OR INTERRUPTIONS, OR IS RELIABLE, ACCURATE, COMPLETE OR OTHERWISE VALID. THE SMARTTHINGS DEVELOPER TOOLS AND DOCUMENTATION ARE PROVIDED ‘AS IS’, ‘WITH ALL FAULT’, AND ‘AS AVAILABLE’, WITHOUT ANY WARRANTY OF ANY KIND FROM SAMSUNG OR ITS AFFILIATES.
- Suspension or Termination.
- Termination by Licensee. Licensee may, at its sole discretion, stop using SmartThings Developer Tools at any time with or without notice. If Licensee want to terminate this Agreement, Licensee must provide Samsung with 30 days’ prior written notice, and upon termination, cease all use of the SmartThings Developer Tools and the Certification Mark.
- Termination or Suspension by Samsung. Samsung may, at its sole discretion, suspend or terminate Licensee’s access to or use of SmartThings Developer Tools and/or terminate this Agreement, at any time, for any reason or no reason, with or without notice, and without any liability to Licensee arising from such suspension or termination.
- Effect of Termination. Effective upon the termination of this Agreement or the termination by Samsung of Licensee’s access to or use of SmartThings Developer Tools, (i) each Party will immediately cease representing to the public any affiliation between it and the other Party in connection with the subject matter of this Agreement;(ii) Licensee shall immediately cease all use of the SmartThings Developer Tools and the Certification Mark, and (iii) Licensee will return to the Samsung or destroy (at Samsung’s request) all Confidential Information and technology of Samsung in Licensee’s possession or control.
- Survival. The termination or expiration of this Agreement for any reason shall not affect a Party’s rights or obligations that expressly or by their nature continue and survive (including, without limitation, the provisions concerning ownership, confidentiality, warranties, indemnity, warranty disclaimers, and limitation of liability).
- Additional Terms.
- Separately Licensed Software. Additional terms may be applicable to certain Separately Licensed Software available through the SmartThings Developer Tools. By accessing, downloading or using any Separately Licensed Software, Licensee agree to the applicable separately-specified license terms.
- Open Source Software. The SmartThings Developer Tools may allow Licensee to access, download or use Open Source Software. By accessing, downloading or using any Separately Licensed Software, Licensee agree to the applicable open source licenses.
- SmartThings Platform. Licensee acknowledges that Licensee’s use of the SmartThings Platform requires that Licensee register for Samsung accounts to use the SmartThings Platform, and this registration process requires Licensee to agree to additional Samsung and SmartThings terms.
- Terms Proposed By Licensee. Samsung objects to any additional or different terms in Licensee’s terms of service or Licensee’s other documents. Those other terms of service and documents proposed by Licensee will be considered material alterations to this Agreement and are void.
- General.
- Assignment. Licensee may not assign this Agreement, in whole or in part, without the prior written consent of Samsung. Any attempt to do so without such consent shall be void and of no effect. Samsung may assign this Agreement without the prior written consent of Licensee. In addition, Samsung may use its Affiliates in connection with the performance of its obligations and exercise of its rights under this Agreement. This Agreement shall be binding upon and shall inure to the benefit of the Parties, their respective representatives and permitted successors and assignees.
- Relationship of the Parties. This Agreement shall not be interpreted or construed to create any association, agency, partnership, joint venture, fiduciary duty or any other form of legal relationship between the Parties, and Licensee shall not represent the existence of any such relationship, whether expressly, by implication or otherwise.
- Third-Party Rights. Except as otherwise expressly set forth herein, this Agreement is made for the benefit of the Parties, and is not intended to benefit any third party or be enforceable by any third party.
- Development by Samsung. Nothing in this Agreement limits or otherwise affects Samsung’s right to acquire, develop, license, market, promote or distribute any product or technology that competes with a Licensee Product or performs the same or similar functions as a Licensee Product does.
- Notices. Any notices required to be served on either Party shall be provided to such Party in writing by personal delivery (notice deemed effective upon receipt), overnight courier, and will be deemed to have been fully given or made when: (a) personally delivered; or (b) three (3) days after being mailed via commercially reputable overnight delivery service, to the following addressees:
Samsung, Licensee Service Biz.
Strategy Group, Service Biz.
Team, Mobile Communications Business, Samsung Electronics
Licensee agrees to receive notices and other communications to be made to Licensee, pursuant to this Agreement, by email. Licensee agrees that any notices that Samsung sends to Licensee by email will satisfy any legal communication requirements. A Party may change its email or mailing address by giving the other Party written notice, in accordance with this Section.
- No Waiver. Failure by Samsung to insist upon the strict performance of any of the provisions contained in this Agreement shall in no way constitute a waiver of Samsung’s rights, as set forth in this Agreement, at law or in equity, or a waiver of any other provisions or the right to take action in respect of a subsequent default by Licensee in the performance of or compliance with any of the terms and conditions set forth in this Agreement.
- Remedies. Licensee acknowledges that the disclosure, use or misappropriation of Samsung’s Confidential Information or in violation of this Agreement would cause Samsung irreparable harm for which there may be no adequate remedy by law. Accordingly, Licensee agrees that Samsung shall have the right to apply to any court of competent jurisdiction for injunctive relief and specific performance, without prejudice to any remedies otherwise available to Samsung by law or in equity.
- Governing Law; Venue. This Agreement shall be governed by and construed in accordance with the laws of the Republic of Korea, without reference to provisions on conflicts of law. All disputes, controversies or claims between the Parties arising out of or in connection with this Agreement (including, without limitation, its existence, validity or termination) shall be resolved in accordance with the procedures set out in the Civil Procedure Act of Republic of Korea.
- Entire Agreement. Except as expressly set forth in this Agreement, this Agreement and the documents referenced herein contains the entire agreement between the Parties with respect to the use of the SmartThings Developer Center and the SmartThings Developer Tools (excluding any services which Samsung may provide to Licensee under a separate written agreement) licensed hereunder and supersedes all existing agreements and all other oral, written or other communications between the Parties concerning this subject matter. If any provision of this Agreement (or any portion thereof) is invalid, illegal or unenforceable, the validity, legality and enforceability of the remainder of this Agreement shall not be affected or impaired.
EXHIBIT A – Description of Processing
This Exhibit A sets out an indicative list of Shared Personal Information.
Parties | |
Data Exporter (controller) | Samsung/Licensee |
Data Importer (controller) | Samsung/Licensee |
Purpose of Processing | |
Duration and frequency of Processing | Subject to Applicable Law, continuous for the term of this Agreement |
Purpose of the transfer | In the case of Samsung, to provide the SmartThings Platform and internal operations, including improving the SmartThings Platform In the case of Licensee, to provide the Licensee Products |
Retention period | Subject to Applicable Law and this Agreement, for as long as necessary for the purposes of Processing |
Transfers to sub-processors | In the case of Samsung: Amazon Web Services Inc., United States of America, for data server hosting Salesforce In, United States of America for data server hosting In the case of Licensee, Licensee shall provide a list of its sub-processors to Samsung prior to any sharing of Shared Personal Information |
Shared Personal Information | |
Categories of personal data: | Device data, including identifiers, hardware, and software information Usage data, including actions taken by Users - Contact, registration and profile information, such as name, email, phone, and address for users. - Contact, registration and profile information, such as name, email, phone, and address for shared users and third parties on the user’s contact list (such as home monitoring service provider). - Device information, such as device identifiers (such as IMEI, serial number, MAC address and IP address), hardware information (such as device type related information, sensor related information, battery, country, time and network related information), and software information (such as application related information and configuration information) - Data information collected from devices related to users behaviors and automations, including motion, open/close, temperature, door locks, TV & appliance use. - Data information collected from health and exercise devices (such as heart rate and sleep time). - Usage information, such as when and for how long users use a SmartThings Service (defined below) and its features, permissions and status (such as license keys, license status, expiry dates and registration status), and compiled log data - Location information, including precise geolocation and Wi-Fi and access point information - Customer service related information, such as information provided by users (including any media or attachments) and responses and requests, inquiries and responses made through or about SmartThings Services - Payment information, including forms of electronic payment (such as credit card, Paypal, KakaoPay) and billing addresses. |
Categories of sensitive personal data: | None |
Contact details | |
Samsung | Outlined in Section 14.5 of the Agreement |
Licensee | Contact information provided by licensee during the registration process or otherwise working directly with Samsung, including email address, physical address, mailing address, and phone number. |
EXHIBIT B
TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
This Exhibit B sets out the minimum technical and organizational security measures to be taken by Data Importer for Shared Personal Information.
- Management of authorization
- Access rights to the Personal Information shall only be granted to the person in charge to the minimum extent necessary to perform their duties.
- Access rights of the Personal Information processing system shall be terminated without delay when the Shared Personal Information handler is changed due to personnel shift or retirement.
- Details of authorizations, alterations or cancellations shall be recorded and kept for a minimum of three years (five years for Brazilian Shared Personal Information).
- When a user account that can access the Shared Personal Information processing system is issued, each Shared Personal Information handler shall be issued a separate account and shall not share such user account information with other Shared Personal Information handlers.
- Secure authentication methods shall be used to access the Shared Personal Data processing system (e.g. passwords, biometric authentication, etc.). If passwords are used, lengths of passwords shall consist of at least eight digits (with a combination of at least three of the following: upper and lower case letters, special characters, and numbers) or at least 10 digits (with a combination of at least two of the following upper and lower case letters, special characters, and numbers).
- The Shared Personal Information processor shall take necessary technical measures such as restricting access to the Shared Personal Information processing system in case the wrong password is entered more than a certain number of times so that only the authorized personal information handler can access the Shared Personal Information processing system.
- Access control
- Access to the Shared Personal Information processing system shall be restricted to limit unauthorized access.
- Analyze the IP address connected to the Shared Personal Information processing system to detect illegal leakage of Shared Personal Information.
- Secure connection methods shall be applied, such as virtual private networks (VPN) or secure authentication methods, such as OTP, when a Shared Personal Information handler accesses the Shared Personal Information processing system through external networks such as internet.
- Session time-outs shall be in place to automatically log out accounts when there is no activity for a certain period of time on the Shared Personal Information processing system.
- Encryption of Shared Personal Information
- Each party shall encrypt Shared Personal Information in transit via internet, as well as unique identification information (e.g. social security number), passwords, and biometric information, credit card numbers, bank account numbers, and any other sensitive information at rest. Further, if passwords are stored, they shall be stored in one-way encryption so as not to be decrypted.
- When Shared Personal Information is encrypted, it shall be encrypted and stored with a secure encryption algorithm.
- Procedures for the creation, use, storage, distribution, and destruction of secure cryptographic keys shall be established and enforced in order to safely store encrypted Shared Personal Information.
- When storing unique identification information (e.g. social security number) in a business computer or a mobile device, it shall be encrypted using commercial encryption software or a secure encryption algorithm.
- Logging of system administrator
- System administrator and system operator activities shall be logged and the logs protected and regularly reviewed.
- Log information shall be protected against tampering and unauthorized access.
- Prevention from malicious programs
- Install and operate a security program such as PC vaccine software that can prevent and treat malicious programs, and maintain the latest status through automatic update of the security program.
- If a malware alert has been issued, or if you have a security update notice from your application or from the manufacturer of the operating system software, you shall do so immediately.
- Each Party shall not introduce into the other Party’s computer systems, databases, environments or software, any malicious code, viruses or any other contaminants (for example, in the form of codes, commands, instructions, devices, techniques, bugs, web bugs, or design flaws) that could be used to access, alter, delete, threaten, infect, assault, vandalize, defraud, disrupt, damage, disable, inhibit, or shut down any services, deliverables or business systems, databases, software, or the other Party’s other information or property.
- Safety measures for management workstation
- Prevent unauthorized persons from accessing the management workstation and arbitrary operation.
- Make sure to only use the management workstation for its original purpose.
- Physical security measures
- If there is a separate physical storage place for storing Shared Personal Information such as computer room or data storage room, an access control procedure shall be established and operated.
- Documents or any other storage containing Shared Personal Information shall be kept in a safe place with lock.
- Destruction of Shared Personal Data
- Shared Personal Information shall be destroyed irreparably if the retention period expires or the business purpose is reached.
- Segregation control
- The use of operational data containing Shared Personal Information or any other confidential data for testing purposes shall be avoided.
- If Shared Personal Information or otherwise confidential data is used for testing purposes, all sensitive details and content shall be protected by removal or modification.
- Information security incident management
- Information security events shall be reported to the other Party as quickly as possible, and in accordance with this Agreement.
- All employees of each Party shall be aware of the procedure for reporting information security events and the point of contact to which the events shall be reported.
Each Party shall apply an enterprise information security policy according to ISO/IEC 27001 Standard or similar industry recognized practice. Controls not listed here conform to the ISO/IEC 27001 standard.
EXHIBIT C
EU Controller Model Clauses Modifications
The EU Controller Model Clauses are amended as follows:
Clause 7 | Included |
Clause 11 (Redress) | Included |
Clause 13 (Supervision) and Annex 1.C | The competent supervisory authority shall be the Office of the Data Protection Commissioner (of the Republic of Ireland). |
Clause 17 (Governing law) | Law of Ireland (Republic of Ireland). |
Clause 18 (Choice of forum and jurisdiction) | Courts of Ireland (Republic of Ireland). |
Appendix Annex I.A (List of parties) | As set out in Exhibit A to the Agreement. |
Appendix Annex I.B (Description of the transfer) | As set out in Exhibit A to the Agreement. |
Appendix Annex II (Technical and organizational measures) | As set out in Exhibit B to the Agreement. |
Where Swiss Data Protection Laws apply, the EU Controller Model Clauses are amended as
follows:
Term | Amendment / Selected Option |
References / Definitions | Where the transfer is exclusively subject to Swiss Data Protection Laws:
Where the transfer is subject to both Swiss Data Protection Law and GDPR:
|
Clause 7 (Docking Clause) | Included. |
Clause 11 (Redress) | Included |
Clause 13 (Supervision) and Annex 1.C |
|
Clause 17 (Governing law) |
|
Clause 18 (Choice of forum and jurisdiction) | Courts of Ireland (Republic of Ireland). |
Appendix Annex I.A (List of parties) | As set out in Exhibit A to the Agreement. |
Appendix Annex I.B (Description of the transfer) | As set out in Exhibit A to the Agreement. |
Appendix Annex II (Technical and organizational measures) | As set out in Exhibit B to the Agreement. |
Annex III (Switzerland specific annex) | The term “Member state” must not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (Switzerland) in accordance with Clause 18(c) of the EU Controller Model Clauses. The Parties acknowledge that the EU Controller Model Clauses shall protect the data of legal entities until the entry into force of the Revised FADP. |
For the purposes of the UK Controller Model Clauses, as permitted by clause 17 of the same, the Parties agree to change the format of the information set out in Part 1 of the addendum so that:
- The details of the Parties in table 1 shall be as described in this Agreement, including (with no requirement for signature);
- For the purposes of table 2, the UK Controller Model Clauses shall be appended to the EU Controller Model Clauses (including the selection of modules and the application/disapplication of such optional clauses as specified above); and
- The appendix information listed in table 3 is as set out in this Agreement.