MSI Privacy Policy

  • 1
  • 2

(I) International Transfer of Personal Data

Summary – International Transfer of Personal Data
We transfer Personal Data to recipients in other countries. Where we transfer Personal Data from the EEA to a recipient outside the EEA that is not in an Adequate Jurisdiction, we do so on the basis of Standard Contractual Clauses.

Because of the international nature of our business, we transfer Personal Data within the MSI group, and to third parties as noted in Section (G) above, in connection with the purposes set out in this Policy. For this reason, we transfer Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.

Where we transfer your Personal Data from the EEA to recipients located outside the EEA who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided in Section (R) below.

Please note that when you transfer any Personal Data directly to a MSI entity established outside the EEA, we are not responsible for that transfer of your Personal Data. We will nevertheless Process your Personal Data, from the point at which we receive those data, in accordance with the provisions of this Policy.

(J) Data Security

Summary – Data Security
We implement appropriate technical and organisational security measures to protect your Personal Data. Please ensure that any Personal Data that you send to us are sent securely.

We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.

Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

(K) Data Accuracy

Summary – Data Accuracy
We take every reasonable step to ensure that your Personal Data are kept accurate and up-to-date and are erased or rectified if we become aware of inaccuracies.

We take every reasonable step to ensure that:

  • your Personal Data that we Process are accurate and, where necessary, kept up to date; and
  • any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.

From time to time we may ask you to confirm the accuracy of your Personal Data.

(L) Data Minimisation

Summary – Data Minimisation
We take every reasonable step to limit the volume of your Personal Data that we Process to what is necessary.

We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.

(M) Data Retention

Summary – Data Retention
We take every reasonable step to ensure that your Personal Data are only retained for as long as they are needed in connection with a lawful purpose.

We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:

(1) we will retain Personal Data in a form that permits identification only for as long as:
(a) we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or

(b) your Personal Data are necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your personal data are included in a contract between us and your employer, and we have a legitimate interest in processing those data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data),
plus:
(2) the duration of:
(a) any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and
(b) a additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),
and:
(3) in addition, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim.

During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.

Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:

  • permanently delete or destroy the relevant Personal Data; or
  • anonymize the relevant Personal Data.

(N) Your Legal Rights

Summary – Your Legal Rights
Subject to applicable law, Data Subjects of the EEA whose Personal Data we collect have a number of rights, including: the right not to provide your Personal Data to us; the right of access to your Personal Data; the right to request rectification of inaccuracies; the right to request the erasure, or restriction of Processing, of your Personal Data; the right to object to the Processing of your Personal Data; the right to have your Personal Data transferred to another Controller; the right to withdraw consent; and the right to lodge complaints with Data Protection Authorities. In some cases it will be necessary to provide evidence of your identity before we can give effect to these rights.

As a citizen of the EEA and subject to applicable law, you may have the following rights regarding the Processing of your Relevant Personal Data:

  • the right not to provide your Personal Data to us (however, please note that we will be unable to provide you with the full benefit of our Sites, Apps, Products, or services, if you do not provide us with your Personal Data – e.g., we might not be able to process your requests without the necessary details);
  • the right to request access to, or copies of, your Relevant Personal Data, together with information regarding the nature, Processing and disclosure of those Relevant Personal Data;
  • the right to request rectification of any inaccuracies in your Relevant Personal Data;
  • the right to request, on legitimate grounds:
    • erasure of your Relevant Personal Data; or
    • restriction of Processing of your Relevant Personal Data;
  • the right to have certain Relevant Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
  • where we Process your Relevant Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive Policy of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
  • the right to lodge complaints regarding the Processing of your Relevant Personal Data with a Data Protection Authority (in particular, the Data Protection Authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred, each if applicable).

Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:

  • the right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf; and
  • the right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes.

This does not affect your statutory rights.

To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section (R) below. Please note that:

  • the rights described apply only to Data Subjects of the EEA;
  • in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
  • where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.

(O) Cookies and similar technologies

Summary – Cookies and similar technologies
We Process Personal Data by using Cookies and similar technologies. For more information, please see our Cookie Policy .

When you visit a Site or use an App we will typically place Cookies onto your device, or read Cookies already on your device, subject always to obtaining your consent, where required, in accordance with applicable law. We use Cookies to record information about your device, your browser and, in some cases, your preferences and browsing habits. We Process Personal Data through Cookies and similar technologies, in accordance with our Cookie Policy .

(P) Terms of Use

Summary – Terms of Use
Our Terms of Use govern all use of our Sites, our Apps, and our services.

All use of our Sites, Apps, Products, or services is subject to our Terms of Use. We recommend that you review our Terms of Use regularly, in order to review any changes we might make from time to time.

(Q)Direct Marketing

Summary – Direct Marketing
We Process Personal Data to contact you with information regarding Sites, Apps, Products, or services that may be of interest to you. You may unsubscribe for free at any time.

We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, Apps, Products, or services that may be of interest to you. If we provide Sites, Apps, Products, or services to you, we may send information to you regarding our Sites, Apps, Products, or services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us, subject always to obtaining your prior opt-in consent to the extent required under applicable law.

You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Sites, Apps, Products, or services you have requested.

(R) Details of Controllers

Summary – Details of Controllers
There are several MSI entities that act as Controllers for the purposes of this Privacy Policy.

For the purposes of this Policy, the relevant Controllers are:

Controller entity Contact details
Micro-Star International Co., Ltd. Data Protection Officer <privacy-eu@msi.com>
Micro-Star Netherlands Holding B.V. Data Protection Officer <privacy-eu@msi.com>
Mystar Computer B.V. Data Protection Officer <privacy-eu@msi.com>
MSI Computer Sarl Data Protection Officer <privacy-eu@msi.com>
MSI Computer (UK) Ltd. Data Protection Officer <privacy-eu@msi.com>
MSI Computer Europe B.V. Data Protection Officer <privacy-eu@msi.com>
MSI Polska SP. Z O.O. Data Protection Officer <privacy-eu@msi.com>
MSI Italy S.R.L. Data Protection Officer <privacy-eu@msi.com>
MHK International Co., Ltd. Data Protection Officer <privacy-eu@msi.com>
Postal address for all:
MHK International Co., Ltd.
z.Hd. Michael Engler
Hanauer Landstraße 316
D-60314 Frankfurt am Main

Our Data Protection Officer is contactable using the details set out above. California Residents seeking to exercise their data privacy rights should refer to the guidance provided in Section (T) below.

(S) California Privacy Law

Summary – California Privacy Law
Under the California Consumer Privacy Act (“CCPA”), we must disclose our practices regarding the collection, use, and disclosure of the Personal Information of California Residents (“Consumers”). Consumers are also afforded additional rights with regard to the Personal Information we collect about them that include the rights of access, deletion, and to be free from discrimination. This section of our Privacy Policy includes the disclosures required by the CCPA and Section (T) below describes the rights afforded to Consumers. We also describe the methods by which a Consumer may exercise these rights and some of the statutory exceptions that may apply.

Collection of Personal Information: We have collected and will collect the following general categories of Personal Information about Consumers:

  • Personal Identifiers;
  • Categories of personal information related to California Customer Records statute (Cal. Civ. Code § 1798.80);
  • Commercial Information;
  • Characteristics of protected classification information;
  • Internet or other electronic network activity information; and
  • Other consumer or household information: Registration Records

Use of Personal Information: We may use the categories of Personal Information described above to:

  • Maintain or service customer accounts;
  • Provide customer service;
  • Process or fulfill orders and transactions;
  • Verify customer information;
  • Process payments;
  • Provide advertising or marketing services;
  • Provide analytic services;
  • Perform internal research for technological development;
  • Ensure the quality and safety of services or devices;
  • Improve the quality and safety of services or devices;
  • Comply with applicable law and law enforcement requirements;
  • Protect against malicious, deceptive, fraudulent or illegal activity;
  • Prosecute those responsible for malicious, deceptive, fraudulent or illegal activity; and
  • Defend against or bring legal action, claims and other liabilities.

Disclosure and Sale of Personal Information. MSI does not sell any Consumer Personal Information to third parties. In particular, MSI does not sell the Personal Information of minors under 16 years of age. Although MSI has disclosed your personal information to third parties in the past, and may in the future, MSI has not disclosed your personal information to third parties in the past 12 months.

(T) Consumer Rights Under CCPA

Summary – Consumer CCPA Rights
If you are a Consumer, the CCPA grants you the following specific rights regarding your Personal Information. To exercise your rights under the CCPA, please follow the instructions described in this section.

Right to Know About Personal Information. Consumers have the right to submit a verifiable consumer request that we disclose the following in a readily useable format, covering the 12 month period preceding the verifiable consumer request:

  • The categories of Personal Information we collected about you.
  • The purposes for which the categories of Personal Information collected about you will be used.
  • The categories of sources for the Personal Information we collected about you.
  • The categories of third parties with whom we share Personal Information.
  • Our business or commercial purpose for collecting Personal Information.
  • The specific pieces of Personal Information we collected about you.
  • The categories of Personal Information we have disclosed for a business purpose.

Verifiable consumer requests to know may be submitted through one of the following methods:

  • Call us toll free at 1-888-447-6564
  • E-mail us at <ccpa@msi.com>
  • Please use this Access Request Form to submit your request.

Right to Request Deletion of Personal Information. Consumers have the right to request that we delete any Personal Information that we have collected from them. However, we are not required to comply with a request to delete, if it is necessary for us to retain the Personal Information in order to:

  • Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  • Debug products to identify and repair errors that impair existing intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  • Comply with legal obligations.
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Verifiable consumer requests to delete may be submitted through one of the following methods:

  • Call us toll free at 1-888-447-6564
  • E-mail us at <ccpa@msi.com>
  • Please use this Deletion Request Form to submit your request.

Right to Non-Discrimination. Consumers have the right to be free from discrimination when they exercise their Consumer rights under the CCPA, including by:

  • Denying you goods or services.
  • Charging you a different price or rate for goods or services, including through granting discounts or other benefits, or imposing penalties.
  • Providing you a different level of quality of goods or services.
  • Suggesting that you may receive a different rate for goods or services or a difference level or quality of goods or services.

(U) Contact Us

If you have any questions about this Policy or how MSI obtains and uses your Personal Information, please contact us by e-mail at ccpa@msi.com or by postal mail at:

MSI Computer Corp.
901 Canada Court
City of Industry, CA 91748

(V) Definitions

  • "App" means any application made available by us (including where we make such applications available via third party stores or marketplaces, or by any other means).
  • "Adequate Jurisdiction" means a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
  • "California Resident" means (1) every individual who is in the State of California for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State of California who is outside the state for a temporary or transitory purpose.
  • "Cookie" means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
  • "Controller" means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
  • "Data Subject" means an identified or identifiable natural person.
  • "Data Protection Authority" means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
  • "EEA" means the European Economic Area.
  • "Personal Data" means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
  • "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:
    • Personal identifiers,
    • Categories of personal information described in Cal. Civ. Code § 1798.80(e);
    • Characteristics of protected classifications under California or federal law;
    • Commercial information;
    • Biometric information;
    • Internet or other electronic network activity information;
    • Geolocation data;
    • Audio, electronic, visual, thermal, olfactory, or similar information;
    • Professional or employment related information;
    • Education information; and
    • Inferences for use in creating a consumer profile
  • "Process", "Processing" or "Processed" means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • "Processor" means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
  • "Profiling" means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  • "Relevant Personal Data" means Personal Data in respect of which we are the Controller.
  • "Sensitive Personal Data" means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law.
  • "Standard Contractual Clauses" means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
  • "Site" means any website operated, or maintained, by us or on our behalf.
ca