STMicroelectronics’ corporate Privacy Statement (“Privacy Statement”)

Last Updated: May 2023

This Privacy Statement details the privacy practices of STMicroelectronics International N.V. and its group companies (to facilitate the reading we refer to us in this document as “ST”, “we”, “us”, and “our”) in connection with our print, digital events, live event, products and services, including www.st.com, associated webpages (e.g., eCommerce website), other websites or portals we own and operate; newsletters and other content we provide; live event we host, and any other site or service that posts or links to the Privacy Statement (to facilitate the reading we collectively refer to all of items as “Services”).

It is important for you (we use “you”, “your” to refer to you as the individual interacting with our Services) to understand that by using our Services, you are accepting the practices described in our Privacy Statement. Consequently, if you do not agree to the terms of this Privacy Statement, please do not use our Services.

We reserve the right to modify or amend the terms of our Privacy Statement at any time. If we do so, we will post the modify or amended Privacy Statement in our websites and you will be notified via a message on our websites. Any changes to this Privacy Statement will become effective as of the date that appears at the very beginning of this document in the section “Last Updated”. Thus, your continued use of our Services following the posting of changes to these terms will mean you accept those changes.

Our Services are under constant development. This Privacy Statement may therefore be modified and updated on an ongoing basis. Please check back to it regularly.

1. WHO IS RESPONSIBLE FOR PERSONAL DATA PROCESSING?

According to data protection law, responsibility for data processing lies with the company that determines whether such processing is to take place, for what purposes it is to take place and how it is to be configured. STMicroelectronics International N.V. (located at WTC Schiphol Airport Schiphol Boulevard 265 1118 BH Schiphol, The Netherlands) is responsible for data processing under this Privacy Statement.

2. FOR WHOM THIS PRIVACY STATEMENT IS INTENDED?

Visitors to our websites;
Holders of a myST account;
Customers in our online stores;
Users of our online offers and apps;
Individuals who write to us or contact us in any other way;
Recipients of information and marketing communications;
Participants in competitions and prize draws;
Participants in customer and public events;
Participants in market research and opinion and customer surveys;
Contacts at our suppliers, distributors, and other business partners.

3. WHAT INFORMATION DO WE COLLECT?

Information You Provide to Us. There are several circumstances in which you provide (by email, telephone, face to face, in paper form and via our website and digital applications) us with personal information in connection with the Services, which may include:

Registration data, such as information you provide when you register for any of our Services or when you register via the Services to our events (live or virtual).

Subscription data

During the registration to the myST account, we also store the IP address of the computer system assigned by the Internet service provider (ISP) and used at the time of the registration, as well as the date and time of the registration. The collection of this data is necessary to understand the (possible) misuse of the e-mail address of a user, and it therefore serves the aim of our legal protection.

When we interact with a myST account holder we use tracking pixels. A tracking pixel is a miniature graphic embedded in e-mails, which are sent in HTML format to enable log file recording and analysis. This allows a statistical analysis of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, we may record when an e-mail was opened by a user, and which links in the e-mail were called up by users and perform analysis to adapt the content of future messages to better serve the interests of users.

Marketing data, such as information related to your preferences for receiving communications, subscribing to our publications, newsletters, and other content, completing surveys, participating in market research, and entering a contest, sweepstakes, or game relating to the Services.

Communications, such as information you provide when you send us an email, pitch, submit content or post a comment, request for information, or otherwise correspond with us.

Demographic information, such as your city, state, country of residence, postal code, gender, and age.

Profile information, such as your username and password that you may set to establish an online account with us, your photograph, interests, social medial account ID and preferences.

Content you choose to upload to the Services, such as text, images, audio, and video, along with the metadata associated with the files you upload.
Transaction data, such as your order history, products, and services (if applicable) you have purchased via our website(s) for instance, or when downloading our software, and information needed to process and fulfill your order, including your order details and delivery address.
Other information that we may collect which is not specifically listed here, but which we will use as otherwise disclosed at the time of collection.

Technical data. When you make use of our Services, we collect certain technical data such as your IP address or device ID. Technical data also include the protocols in which we record the use of our systems (log files). In some cases, we may also assign a unique code number (an ID) to your end device (tablet, PC, smartphone, etc.), for example by using cookies or similar technologies, to be able to recognize it.

Technical data can in particular also be used to collect behavior data, that is, details about your use of websites and mobile apps. we are usually unable to derive who you are from technical data.

Technical data can also be used to collect behavior data, that is, details about your use of websites and mobile apps. we are usually unable to derive who you are from technical data.

the IP address of your device and further device IDs (e.g., MAC address);
code numbers assigned to your device by cookies and similar technologies (e.g., pixel tags);
details of your device and its configuration, such as operating system and language settings;
details about the browser with which you access the offer, and its configuration;
information about your movements and actions on our websites and in our apps;
details about your Internet provider;
your approximate location and the time of use;
system recordings of accesses and other events (log files).

Information from Third Parties. To help keep our data current and to provide you with the most relevant content and experiences, we may combine information provided by you with information from third party sources, in accordance with applicable law. For example, the size, industry, and other information about the company you work for will be obtained from sources different including professional networking sites, business databases and registries, and other information we are able to obtain from our service providers. Our processing of personal data for these purposes includes both automated and manual (human) methods of processing.

Information from social media websites: When you interact with us on a social media platform, such as Facebook, Twitter, Instagram, or LinkedIn, or otherwise connect your account on the third-party platform or network to your account through our Services, we may collect information about you available from that page or platform or that you make available to us on that page or account.
Information from commercially available sources: We may collect certain information about you from third parties, including business partners (such as advertising, event or webinars organizers, event or webinars partners, and joint marketing partners) data providers (such as information services and data licensors).

Community forums. Our Services offer publicly accessible blogs, forums, issue trackers, and wikis. You should be aware that any information you provide on these websites - including profile information associated with the account you use to post the information - may be read, collected, and used by any member of the public who accesses these Services. Your posts and certain profile information may remain even after you terminate your account. We urge you to consider the sensitivity of any information you input into these websites. To request removal of your information from publicly accessible websites operated by us, please contact us as provided below. In some cases, we may not be able to remove your information, in which case we will let you know if we are unable to and why.

4. FOR WHAT PURPOSE DO WE USE YOUR INFORMATION?

We use your information for the following purposes and as otherwise described at the time of collection:

Providing the Services. To provide you with our Services. We may also use your information to technically establish and maintain the Services, provide support, enable, and support security features, communicate with you about the Services, and provide information about our Services.

Providing Customer Support Services. We may use your information to provide customer support to you.

Performance of a contract with you. We may process your information because it is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.

Contacting and Communicating with You about our Services. We process personal data for relationship management and marketing purposes, for example to send you written and electronic messages and offers and carry out marketing campaigns. These may comprise our own offers, or those of our partners.

Newsletters, advertising e-mails, in-app messaging, and other electronic messages;
Advertising brochures, magazines, and other printed matter;
Advertising messages and spots on screens and other advertising spaces;
Invitations to events, prize draws, and competitions.

You can refuse contacts for marketing purposes at any time (see the section Privacy Choice below). For newsletters and other electronic messages, you can generally opt out of the corresponding service from your customer account or via an unsubscribe link included in the message.

Content and Advertising Analytics. We may use your information to help us better understand your use of, and our delivery of, the Services. For example, your selection of the content offered by our Services optimizes our Services and its performance.

To use the services of our distributors. We use your information as part of our business relationship with our distributors with whom we have entered into a contract to distribute and sell certain of our products. Section 6 below provides you with additional information on the usage of your information with our distributors.

Learning about Our Users and Services. We aim to improve our offers continuously and make them more attractive for you. We therefore process personal data for market research and product development purposes. To do so, we particularly process master, behavior, transaction, and preference data, as well as communication data and information from customer surveys, other surveys and studies, and further information, for example from the media, the Internet, and other public sources. As far as possible, we make use of pseudonymized or anonymized information for these purposes.

the conducting of customer surveys, other surveys, and studies;
the further development of our offers (e.g., structuring of product range, location selection, pricing, and campaign planning, etc.);
the assessment and improvement of the acceptance of our offers and our communication in connection with offers;
the optimization and improvement of user-friendliness of websites and apps;
the development and testing of new offers;
the review and improvement of our internal processes;
statistical evaluations, for example to evaluate information about our customers’ interactions with us on an anonymous basis;
assessment of the supply situation on a given market and the behavior of our competitors;
market monitoring, for example to understand current developments and trends and respond to them.

Debugging. We may use your information to identify and repair errors that impair existing intended functionality of our Services.

To Aggregate Data or Create Anonymous Data. We may create aggregated, de-identified or other anonymous data records from your personal information and other individuals whose personal information we collect. We make personal information into anonymous data by excluding information (such as your name) that makes the data personally identifiable to you. We may use this anonymous data and share it with third parties for our lawful business purposes, including to analyze and improve the Service and promote our business.

Information Security. We may use your information (i) to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, and to prosecute those responsible for that activity, (ii) to reduce errors in our database, authenticate our users, and prevent abuse of our system, we may on occasion supplement your information you submit to us with information from third-party sources.

the analysis of transactional and behavioral data to detect suspicious behavior patterns and fraudulent activities;
the evaluation of system recordings of the use of our systems (log files);
the prevention, mitigation, and detection of cyber and malware attacks;
analyses and tests of our networks and IT infrastructures, and system and error checks;
control of access to electronic systems (e.g., logins for user accounts);
documentation purposes and creation of backups.

Protecting Our Rights, Protecting Others’ Rights and Safety, and Fraud Prevention. We wish to be able to enforce our claims and to defend ourselves against the claims of others. We therefore also process personal data for the protection of rights, for instance in order to enforce claims judicially, before or out of court, and before authorities, or to defend ourselves against claims. Depending on the situation, we process different categories of personal data, such as contact data and details of events that have led to or could lead to a dispute.

establishment and enforcement of our claims, which may also include claims of companies affiliated with us and of our contractual and business partners;
defense against claims made against us, our employees, affiliated companies, and our contractual and business partners;
clarification of case prospects and other issues of a legal, economic, or other nature;
participation in proceedings before courts and authorities wherever applicable. For example, we may secure evidence, have case prospects investigated, or submit documents to authorities. Authorities may also request us to disclose documents and data carriers containing personal data.

Compliance with Law. We process personal data to comply with legal obligations and to prevent and detect infringements. Examples of this include receiving and processing complaints and other messages, complying with court and administrative orders, and measures for detecting and investigating misuse.

Protection of minors;
Clarifications concerning business partners;
the receipt and processing of complaints and other messages;
the conducting of internal investigations;
ensuring compliance and risk management;
the disclosure of information and documents to authorities if we have an objective reason or are legally obliged to do so;
assistance with external investigations, for instance by criminal prosecution or supervisory authorities;
guaranteeing the legally required standard of data security;
fulfillment of duties of disclosure, duties to provide information, or reporting obligations, for instance in connection with obligations under supervisory and tax law, such as in the case of archiving obligations and for the prevention, detection, and investigation of criminal and other offenses;
the statutory combating of money laundering and of the financing of terrorism.

All such cases may concern local laws or foreign regulations to which we are subject, as well as self-regulations, industry and other standards, our own corporate governance, or official directives.

5. WHAT IS THE LEGAL BASIS FOR PROCESSING PERSONAL DATA?

doing so is necessary to fulfill an agreement with the person concerned or for pre-contractual measures;
it is necessary for the exercise of legitimate interests (see a list of examples below);
doing so is based on consent;
doing so is required for compliance with local and/or foreign legal obligations.

the supply of products and services to third parties;
customer support, maintaining contact and other communications with customers;
advertising and marketing activities;
getting to know our customers and other individuals better;
improving existing products and services and developing new ones;
facilitating management and communication within our group of companies, which is necessary with a group that requires cooperation between parties;
mutually supporting companies of our group in their activities and objectives;
combating fraud, and preventing and investigating offenses;
protecting customers and other individuals, as well as our data, secrets, and assets;
ensuring IT security, especially in connection with the use of websites, apps, and other IT infrastructure;
safeguarding and organizing business operations, including the running and further development of websites and other systems;
ensuring corporate management and development;
selling or purchasing companies, parts of companies, or other assets;
the enforcement or defense of legal rights and claims;
complying with local and foreign law, as well as internal rules and regulations.

6. HOW WE SHARE YOUR INFORMATION?

Our group of companies. Your personal information is being shared among the legal entities composing the ST corporate group, for purposes consistent with this Privacy Statement.

Third-Party Service Providers. Please revert to Section 12 below containing details on the processing of data by third-party service providers.

Social Media Services. Please revert to Section 12 below containing details on the processing of data by social media services.

Distributors. We share your personal information with legal entities that distribute and sell our products and solutions. You can access a list of our distributors here. The purpose of the sharing of your personal information is for the distributors to contact you to assess your interest in purchasing our products and solutions, and to sell our products and solutions. You want to make it clear that they cannot use the information we share with them to sell other products and solutions. When using your information, they must comply with the applicable personal data protection laws.

Business Transferees. We may sell, transfer, or otherwise share some or all of your personal information in connection with or during negotiation of any merger, financing, acquisition or dissolution, transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets, or in the event of an insolvency, bankruptcy, or receivership.

Law Enforcement, Legal Process, and Emergency Situations. In some cases, we may use or disclose your personal information to a third party if we are required to do so by law or if we in good faith believe that such action is necessary to comply with the law or legal process; to protect and defend our rights or to prevent misuse of our Services; or to protect the personal safety of our employees, agents, partners, the users of the Services, or the public.

Professional Advisors. We may disclose your personal information to professional advisors, such as lawyers, bankers, auditors, and insurers, where necessary (we implement a process to make sure the sharing is necessary) in the course of the professional services that they render to us.

With Your Consent or At Your Direction. In addition to the sharing described in this Privacy Statement, we may share your information with third parties whenever you consent to such sharing.

7. ONLINE TRACKING

When you use our Services, we and our third-party partners (which provide content, advertising, functionality, measurements, or analytics for our Services) may use cookies, SDKs, web beacons, and other similar technologies to track your use of the Services.

For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, please revert to Section 12 below.

In general, the information collected and generated by third parties is processed and stored by the third parties and will be subject to their respective privacy practices (which we do not control and for which we are not responsible).

Our Services may include interactive features (such as community forums) that allow you to disclose personal information directly to others. Your participation in any such forum is completely voluntary and should correlate with the degree of interaction you want to have with other users. Please note that any personal information you disclose on such forums will generally be publicly accessible.

8. PRIVACY CHOICES

There are a number of ways to opt out of having your online activity and device data collected by third parties, which we have summarized in here. We hope you find this information to be a helpful reference.

One more point, some Internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to “Do Not Track” or similar signals.

9. IMPORTANT INFORMATION FOR USERS IN CALIFORNIA AND NEVADA

This section applies only to consumer who resides in the state of California (U.S, A.) This link California Residents describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information.

This section applies only to consumer that resides in the state of Nevada (U.S, A.) We collect personal information from you while providing the Services. Nevada law allows customers to “opt out” of the sale of certain personal information, called “covered information.” We do not sell covered information as defined in under Nevada privacy law. Information about our data collection and sharing practices are set forth in this Privacy Statement.

10. WHAT RIGHTS DO YOU HAVE IN CONNECTION WITH THE PROCESSING OF YOUR INFORMATION?

You have the right to object to data processing. You can also object to data processing in connection with direct advertising (e.g., advertising e-mails) at any time.

the right to request information about your personal data stored by us;
the right to have inaccurate or incomplete personal data corrected;
the right to request the deletion or anonymization of your personal data;
the right to request that the processing of your personal data be restricted;
the right to receive certain personal data in a structured, commonly used and machine-readable format;
the right to revoke consent with effect for the future, insofar as processing is based on consent.

Please note that these rights may be restricted or excluded in individual cases, e.g., if there are doubts about your identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.

You can exercise the most important of the above rights via your customer account or our generic mailbox privacy@st.com. If you hold a myST account, you can correct your information at any time. From your myST account, you can also request that your account be deactivated or that your personal data be deleted entirely. You can furthermore unsubscribe from newsletters and other advertising e-mails by clicking on the corresponding link at the end of the e-mail.

In addition, you are free to lodge a complaint with a competent supervisory authority if you believe that the processing of your personal data may be in breach of applicable law.

The competent supervisory authority in Netherlands is Autoriteit Persoonsgegevens https://autoriteitpersoonsgegevens.nl/en

The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

The competent supervisory authority in the Principality of Liechtenstein is the Data Protection Authority of the Principality of Liechtenstein.

The competent supervisory authority in Germany is the Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg, Germany

The competent supervisory authority in France is the Commission nationale de l'informatique et des libertés, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07

The competent supervisory authority in Italy is the Garante per la protezione dei dati personali, con sede in Piazza Venezia 11, IT-00187, Roma

11. CHILDREN’S PRIVACY

The Services are not intended for children under 13 years of age. We do not knowingly collect information from children under the age of 16 and we do not target the Services to children under the age of 16. If you are under 16 years of age, do not provide personal information to ST without providing us with consent from your parents. If we discover that a child under the age of 16 has provided us with personal information and we do not have parental consent, we will delete that child’s information as soon as reasonably practicable. If you believe that we have been provided with the personal information of a child under the age of 16 without parental consent, please notify us immediately at privacy@st.com

12. ADDITIONAL ST PRIVACY-RELATED INFORMATION

13. OTHER IMPORTANT INFORMATION

How Your Information Is Secured. The security of your personal information is important to us. We employ a number of organizational, technical and physical safeguards designed to protect the personal information we collect. However, security risk is inherent in all internet and information technologies, and we cannot guarantee the security of your personal information. You need to help protect the privacy of your own information. You must take precautions to protect the security of any personal information that you may transmit over any home networks, wireless routers, wireless (WiFi) networks or similar devices by using encryption and other techniques to prevent unauthorized persons from intercepting or receiving any of your personal information. You are responsible for the security of your information when using unencrypted, open access or otherwise unsecured networks (such as the internet).

How Long Your Information Is Stored. The time period for which we keep your information varies according to the purpose for which it is used for. In some cases, there are legal requirements to keep data for a minimum period. Unless there is a specific legal requirement for us to keep the information, we will retain it for no longer than is necessary for the purposes for which the data was collected or for which it is to be further processed.

Emails and Newsletters. You may always opt-out of receiving future e-mail marketing messages and newsletters from ST by following the instructions contained within the emails and newsletters, or by exercising your rights set forth in Section 10 above, or via your myST account setting. Even after you opt out from receiving promotional messages from us, you will continue to receive transactional messages from us regarding our Services. Please note, you may continue to receive generic ads.

Do We Use Automated Individual Decision-Making? Automated individual decision-making” refers to any decision that is made on a fully automated basis, meaning with no relevant human influences, and has legal consequences for the person concerned or that significantly affects him or her in some other way. We do not do this but will inform you separately, should we opt to utilize automated individual decision-making in individual cases. You will then have the option of having the decision reviewed by a human being if you do not agree with it.

Our Data Protection Authority. The Netherlands is our data protection representative for the European Economic Area and Switzerland.

14. CONTACT US

If you have questions about our Privacy Statement, please contact us:

Via email at privacy@st.com
Via regular mail

ATTN: Head of Global Privacy
STMicroelectronics
39, Chemin du Champ des Filles
1228 Plan-Les-Ouates – Geneva - Switzerland