(I) International transfer of Personal Data
Because of the international nature of our business, we transfer Personal Data within the MSI group, and to third parties as noted in Section (G) above, in connection with the purposes set out in this Policy. For this reason, we transfer Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.
Where we transfer your Personal Data from the EEA to recipients located outside the EEA who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You are entitled to request a copy of our Standard Contractual Clauses using the contact details provided in Section (R) below.
Please note that when you transfer any Personal Data directly to a MSI entity established outside the EEA, we are not responsible for that transfer of your Personal Data. We will nevertheless Process your Personal Data, from the point at which we receive those data, in accordance with the provisions of this Policy.
(J) Data Security
We have implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.
Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your Personal Data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.
(K) Data Accuracy
We take every reasonable step to ensure that:
- your Personal Data that we Process are accurate and, where necessary, kept up to date; and
- any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.
From time to time we may ask you to confirm the accuracy of your Personal Data.
(L) Data Minimisation
We take every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.
(M) Data Retention
We take every reasonable step to ensure that your Personal Data are only Processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain your Personal Data are as follows:
(1) we will retain Personal Data in a form that permits identification only for as long as:
- we maintain an ongoing relationship with you (e.g., where you are a user of our services, or you are lawfully included in our mailing list and have not unsubscribed); or
- your Personal Data are necessary in connection with the lawful purposes set out in this Policy, for which we have a valid legal basis (e.g., where your personal data are included in a contract between us and your employer, and we have a legitimate interest in processing those data for the purposes of operating our business and fulfilling our obligations under that contract; or where we have a legal obligation to retain your Personal Data),
- (2) the duration of:
- any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Data, or to which your Personal Data are relevant); and
- an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Data that are relevant to that claim),
- (3) in addition, if any relevant legal claims are brought, we continue to Process Personal Data for such additional periods as are necessary in connection with that claim.
During the periods noted in paragraphs (2)(a) and (2)(b) above, we will restrict our Processing of your Personal Data to storage of, and maintaining the security of, those data, except to the extent that those data need to be reviewed in connection with any legal claim, or any obligation under applicable law.
Once the periods in paragraphs (1), (2) and (3) above, each to the extent applicable, have concluded, we will either:
- permanently delete or destroy the relevant Personal Data; or
- anonymize the relevant Personal Data.
(N) Your Legal Rights
As a citizen of the EEA and subject to applicable law, you may have the following rights regarding the Processing of your Relevant Personal Data:
- the right not to provide your Personal Data to us (however, please note that we will be unable to provide you with the full benefit of our Sites, Apps, Products, or services, if you do not provide us with your Personal Data – e.g., we might not be able to process your requests without the necessary details);
- the right to request access to, or copies of, your Relevant Personal Data, together with information regarding the nature, Processing and disclosure of those Relevant Personal Data;
- the right to request rectification of any inaccuracies in your Relevant Personal Data;
- the right to request, on legitimate grounds:
- erasure of your Relevant Personal Data; or
- restriction of Processing of your Relevant Personal Data;
- the right to have certain Relevant Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable;
- where we Process your Relevant Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive Policy of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
- the right to lodge complaints regarding the Processing of your Relevant Personal Data with a Data Protection Authority (in particular, the Data Protection Authority of the EU Member State in which you live, or in which you work, or in which the alleged infringement occurred, each if applicable).
Subject to applicable law, you may also have the following additional rights regarding the Processing of your Relevant Personal Data:
- the right to object, on grounds relating to your particular situation, to the Processing of your Relevant Personal Data by us or on our behalf; and
- the right to object to the Processing of your Relevant Personal Data by us or on our behalf for direct marketing purposes.
This does not affect your statutory rights.
To exercise one or more of these rights, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in Section (R) below. Please note that:
- the rights described apply only to Data Subjects of the EEA;
- in some cases it will be necessary to provide evidence of your identity before we can give effect to these rights; and
- where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
(O) Cookies and similar technologies
We Process Personal Data to contact you via email, telephone, direct mail or other communication formats to provide you with information regarding Sites, Apps, Products, or services that may be of interest to you. If we provide Sites, Apps, Products, or services to you, we may send information to you regarding our Sites, Apps, Products, or services, upcoming promotions and other information that may be of interest to you, using the contact details that you have provided to us, subject always to obtaining your prior opt-in consent to the extent required under applicable law.
You may unsubscribe from our promotional email list at any time by simply clicking on the unsubscribe link included in every promotional email we send. After you unsubscribe, we will not send you further promotional emails, but in some circumstances we will continue to contact you to the extent necessary for the purposes of any Sites, Apps, Products, or services you have requested.
(R) Details of Controllers
For the purposes of this Policy, the relevant Controllers are:
|Controller entity||Contact details|
|Micro-Star International Co., Ltd.||Data Protection Officer|
|Micro-Star Netherlands Holding B.V.||Data Protection Officer|
|Mystar Computer B.V.||Data Protection Officer|
|MSI Computer Sarl||Data Protection Officer|
|MSI Computer (UK) Ltd.||Data Protection Officer|
|MSI Computer Europe B.V.||Data Protection Officer|
|MSI Polska SP. Z O.O.||Data Protection Officer|
|MSI Italy S.R.L.||Data Protection Officer|
|MHK International Co., Ltd.||Data Protection Officer|
|-||Postal address for all:
MHK International Co., Ltd.
z.Hd. Michael Engler
60314 Frankfurt am Main
Our Data Protection Officer is contactable using the details set out above. California Residents seeking to exercise their data privacy rights should refer to the guidance provided in Section (T) below.
(S) California Privacy Law
Collection of Personal Information: We have collected and will collect the following general categories of Personal Information about Consumers:
- Personal Identifiers;
- Categories of personal information related to California Customer Records statute (Cal. Civ. Code § 1798.80);
- Commercial Information;
- Characteristics of protected classification information;
- Internet or other electronic network activity information; and
- Other consumer or household information: Registration Records
Use of Personal Information: We may use the categories of Personal Information described above to:
- Maintain or service customer accounts;
- Provide customer service;
- Process or fulfill orders and transactions;
- Verify customer information;
- Process payments;
- Provide advertising or marketing services;
- Provide analytic services;
- Perform internal research for technological development;
- Ensure the quality and safety of services or devices;
- Improve the quality and safety of services or devices;
- Comply with applicable law and law enforcement requirements;
- Protect against malicious, deceptive, fraudulent or illegal activity;
- Prosecute those responsible for malicious, deceptive, fraudulent or illegal activity; and
- Defend against or bring legal action, claims and other liabilities.
Collection of Sensitive Personal Information
We have collected and will collect the following categories of sensitive Personal Information about Consumers:
- Social security, driver’s license, state identification card, or passport number;
- account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
- precise geolocation;
- racial or ethnic origin, religious or philosophical beliefs, or union membership;
- contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication;
- genetic data;
- biometric information for the purpose of uniquely identifying a consumer;
- health related personal information; and
- personal information concerning a consumer’s sex life or sexual orientation.
Use of Sensitive Personal Information
We do not use or disclose sensitive Personal Information for the purpose of inferring characteristics about the consumer, but rather only for the following business or commercial purposes:
- To process payments for goods and services
- To operate and provide our website and associated services
Categories of Sources of Personal Information
We collect or obtain Personal Information about you from the following sources:
- Information you provide to us: We collect Personal Information when you provide it to us (e.g., when you register an account with us; where you contact us via email or telephone, or by any other means, or when you provide us with your business card, or when you submit a job application).
- Automatically:We collect or obtain Personal Information when you use website.
Disclosure of Personal Information. Although MSI has disclosed your personal information to third parties in the past, and may in the future, MSI has not disclosed your personal information to third parties in the past 12 months.
Selling and Sharing of Personal Information
MSI does not sell the Personal Information of minors under 16 years of age. In the preceding twelve (12) months, MSI has “sold” or “shared” the following categories of Consumer Personal Information to the following categories of third parties.
The purposes for which we Process Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:
|Categories of Third Parties||Categories of Personal Information|
We do not knowingly “sell” or “share" the Personal Information of minors under the age of 16 without appropriate consent. For consumers who are at least 13 years of age and less than 16 years of age, consent will require the consumer to use a two-step process where the consumer first, clearly requests an opt-in and then second, separately confirms their choice to opt-in. For consumers under 13 years of age, consent must be provided by a parent or guardian of the child pursuant to a reasonable method for ensuring that the person consenting to the sale or sharing of the personal information about the child is the parent or guardian of the child
We have “sold” or “shared” your Personal Information for the following business or commercial purposes:
- For use in engaging in behavioral advertising and marketing campaigns with third parties; and
- To enable third parties to perform analytics on usage on our Website.
When we disclose Personal Information for a business purpose, we generally enter a contract that describes the purpose and requires the recipient to both keep that Personal Information confidential and not use it for any purpose except performing the contract.
Retention of Personal Information
We take every reasonable step to ensure that your Personal Information is processed for the minimum period necessary for the purposes set out in this Policy. The criteria for determining the duration for which we will retain each category of Personal Information collected are as follows:
(1) we will retain Personal Information in a form that permits identification only for as long as:
- we maintain an ongoing relationship with you (e.g., where you are a user of the App, or you are lawfully included in our mailing list and have not unsubscribed); or
- your Personal Information is necessary in connection with the lawful purposes set out in this Policy, (e.g., to maintain or service your account; to verify your information; or where we have a legal obligation to retain your Personal Information information);
- (2) the duration of:
- any applicable limitation period under applicable law (i.e., any period during which any person could bring a legal claim against us in connection with your Personal Information, or to which your Personal Information is relevant); and
- an additional two (2) month period following the end of such applicable limitation period (so that, if a person brings a claim at the end of the limitation period, we are still afforded a reasonable amount of time in which to identify any Personal Information that are relevant to that claim),
- (3) in addition, if any relevant legal claims are brought, we continue to process Personal Information for such additional periods as are necessary in connection with that claim.
(T) Consumer Rights Under CCPA
Right to Know About Personal Information. Consumers have the right to submit a verifiable consumer request that we disclose the following in a readily useable format, covering the 12 month period preceding the verifiable consumer request:
- The categories of Personal Information we collected about you.
- The purposes for which the categories of Personal Information collected about you will be used.
- The categories of sources for the Personal Information we collected about you.
- The categories of third parties with whom we share Personal Information.
- Our business or commercial purpose for collecting Personal Information.
- The specific pieces of Personal Information we collected about you.
- The categories of Personal Information we have disclosed for a business purpose.
Verifiable consumer requests to know may be submitted through one of the following methods:
- Call us toll free at 1-888-447-6564.
- E-mail us at firstname.lastname@example.org
Right to Request Deletion of Personal Information. Consumers have the right to request that we delete any Personal Information that we have collected from them. However, we are not required to comply with a request to delete, if it is necessary for us to retain the Personal Information in order to
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with legal obligations.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Verifiable consumer requests to delete may be submitted through one of the following methods:
- Call us toll free at 1-888-447-6564
- E-mail us at email@example.com
Right to Correct. Consumers have the right to request that we correct inaccurate Personal Information maintained about them, taking into account the nature of Personal Information and the nature of processing. However, we are not required to comply with a request to correct where we have a good-faith, reasonable, and documented belief that a request is fraudulent or abusive, or if we have determined based on the totality of the circumstances, that the contested Personal Information held by us is more likely than not accurate and therefore does not require correction. In assessing the totality of the circumstances, we will consider: (a) the nature of the personal information; (b) how we obtained the contested information; and (c) documentation relating to the accuracy of the information, whether provided by you, by us, or another source.
We will accept and consider any documentation that you provide in connection with a request to correct. We may require you to provide documentation supporting a request to correct depending on: (a) the nature of the Personal Information at issue; (b) the nature of the documentation upon which we consider the Personal Information to be accurate (e.g., whether the documentation is from a trusted source or is otherwise verifiable); (c) the purpose for which we collect, maintain, or use the Personal Information (e.g., if the Personal Information is essential to the functioning of the application, we may require more documentation); and (d) the impact on you. We will only use such documentation provided for the purpose of correcting your Personal Information and to comply with our record-keeping obligations for consumer requests.
Verifiable consumer requests to correct may be submitted through one of the following methods:
- Call us toll free at 1-888-447-6564
- E-mail us at firstname.lastname@example.org
Right to Opt-Out of Selling or Sharing Personal Information. Consumers have the right, at any time, to direct a business that shares or sells personal information about the consumer to third parties not to share or sell the consumer’s personal information. As described above, we sell or share your personal information, as those terms are defined in the CCPA.
If you would like to opt out of the “selling” or “sharing” of your Personal Information, you may submit a request by
- Call us toll free at 1-888-447-6564
- E-mail us at email@example.com
We will honor a request to opt-out of sharing your personal information through an opt-out preference signal in a frictionless manner. Opt-out preference signals apply both to your device and your account. You may enable an opt-out preference signal by…
Right to Non-Discrimination. Consumers have the right to be free from discrimination when they exercise their Consumer rights under the CCPA, including by:
- Denying you goods or services.
- Charging you a different price or rate for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Providing you a different level of quality of goods or services.
- Suggesting that you may receive a different rate for goods or services or a difference level or quality of goods or services.
Notice of Financial Incentive. We offer consumers who provide personal identifiers, including their name and email address, access to a rewards program. As participants in this rewards program, consumers will receive points that can be exchanged for merchandise, gift cards, and more. The value of this personal information will vary depending on the consumer's purchases from MSI and the extent to which they redeem their reward points with MSI in the future. Consumers may opt-in to our loyalty program by signing up on our website at rewards.msi.com. Consumers may cancel their participation in this program at any time by unchecking the “MSI Reward Program” checkbox on their “My Profile” page.
Authorized Agent. Under the CCPA, you may appoint an authorized agent to submit requests to exercise your rights on your behalf. Should you choose to do so, for your and our protection, we will require you to provide the authorized agent with signed permission to submit a request on your behalf, verify your identity directly with us, and directly confirm that you have provided the authorized agent permission to submit the request. We note, should your authorized agent fail to submit proof that they have been authorized to act on your behalf, we will deny their request.
(U) Contact Us
If you have any questions about this Policy or how MSI obtains and uses your Personal Information, please contact us by e-mail at firstname.lastname@example.org or by postal mail at:
MSI Computer Corp.
901 Canada Court
City of Industry, CA 91748
- “App” means any application made available by us (including where we make such applications available via third party stores or marketplaces, or by any other means).
- “Adequate Jurisdiction” means a jurisdiction that has been formally designated by the European Commission as providing an adequate level of protection for Personal Data.
- “California Resident” means (1) every individual who is in the State of California for other than a temporary or transitory purpose, and (2) every individual who is domiciled in the State of California who is outside the state for a temporary or transitory purpose.
- “CCPA” means the California Consumer Privacy Act, as amended, including as amended by the California Privacy Rights Act of 2020, Cal. Civ. Code §1798.100 et. seq. and its implementing regulations.
- “Cookie” means a small file that is placed on your device when you visit a website (including our Sites). In this Policy, a reference to a “Cookie” includes analogous technologies such as web beacons and clear GIFs.
- “Controller” means the entity that decides how and why Personal Data are Processed. In many jurisdictions, the Controller has primary responsibility for complying with applicable data protection laws.
- “Data Subject” means an identified or identifiable natural person.
- “Data Protection Authority” means an independent public authority that is legally tasked with overseeing compliance with applicable data protection laws.
- “EEA” means the European Economic Area.
- “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual. "Personal data" does not include de-identified data or publicly available information.
- “Personal Information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes, but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household:
- Personal identifiers,
- Categories of personal information described in Cal. Civ. Code § 1798.80(e);
- Characteristics of protected classifications under California or federal law;
- Commercial information;
- Biometric information;
- Internet or other electronic network activity information;
- Geolocation data;
- Audio, electronic, visual, thermal, olfactory, or similar information;
- Professional or employment related information;
- Education information; and
- Inferences for use in creating a consumer profile.
- “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” means any person or entity that Processes Personal Data on behalf of the Controller (other than employees of the Controller).
- “Profiling” means any form of automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
- “Relevant Personal Data” means Personal Data in respect of which we are the Controller.
- “Sensitive Personal Data” means Personal Data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, any actual or alleged criminal offences or penalties, national identification number, or any other information that are deemed to be sensitive under applicable law.
- “Standard Contractual Clauses” means template transfer clauses adopted by the European Commission or adopted by a Data Protection Authority and approved by the European Commission.
- “Site” means any website operated, or maintained, by us or on our behalf.