Xperia Privacy Policy

Important notification on Xperia Privacy Policy. Please read here.
This Privacy Policy was last updated in May 2022.

Welcome to Xperia. Xperia is brought to you by Sony Corporation, which we refer to as “Sony” “we”, “us” or “our” here.

We take your privacy seriously. Here we explain what, why and how we collect and use your personal data and how we protect it.

If you are an Xperia user, please read this privacy policy carefully to learn more about how we use your personal data.

Contents

  1. Our role in your privacy
  2. Your responsibilities
  3. Information that you provide us
  4. Information that we collect
  5. How Sony uses the information that we collect
  6. Sharing data about you
  7. International transfers of your information
  8. Marketing Communications and Profiling
  9. Security of your information
  10. Access to your information and your rights
  11. How long we keep your personal data
  12. Links to other sites
  13. Children’s privacy
  14. Changes
  15. Contact us

1. Our role in your privacy

If you are an Xperia customer or user this privacy policy applies to you. We explain what happens when you use Xperia, including how we use your interactions with Xperia. We also explain what your rights are.

Sony Corporation is the data controller of your personal data. This means that we are responsible for deciding how and why your personal data is used.

Sony Corporation is based in Japan, so we have appointed our subsidiary Sony Europe B.V., as legal representative in the UK and the EEA. This means that you can contact Sony Europe if you have any questions or concerns about your privacy.

2. Your responsibilities

  • Read this privacy policy
  • Please also read any contract between you and Sony (this is often called “End User License Agreement” or “Terms of Use”)

If you give us information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. By submitting the information, you confirm that you have the right to authorise us to process it on your behalf as described in this privacy policy.

3. Information that you provide us

Some of our applications or services require you to create an account. When creating your account(s), we may ask you to provide your name, date of birth, location, contact details, applicable device ID(s) relating to the devices you are using to access and receive particular applications and services, interests and account and marketing preferences and your current mobile network operator.

4. Information that we collect

Information on how you use Xperia

  • Your device ID, IP address, login information, browser type and version, time zone setting, domain, browser plug-in types, geolocation information about where you might be, operating system and version.
  • Your usage patterns, content (including any advertisements) that you view and interact with including personal data on the services and applications you are using on-device to personalise services to your specific needs.
  • Device and application settings, errors and hardware activity,
  • Device information and service, product or server logs which hold technical data which may include personal data about your use of our service, product or websites,

Personal data we collect in relation to social networks

If you use any of our social network features, pages or plug-ins, or you use our products or services that allow interaction with social networks, we may receive personal data relating to such use. For instance:

  • If you log in to one of our websites, applications or services using your social network account, we receive basic details from your social network profile. The basic details we receive may depend on your social network account privacy settings. Typically, this includes your social network ID and name. We only receive additional personal data from your profile if you give us permission to access it.

Please read your social network’s privacy policy so understand how it will use your information.

What about sensitive information?

We don’t collect any “sensitive” information about you except when we have your specific consent or if we are required to by law. By “sensitive”, we mean information like racial or ethnic origin; political opinions; religious/philosophical beliefs; trade union membership; genetic information; biometric information; health information; information about your sexual life or orientation; or information about offences or alleged offences.

5. How Sony uses the information that we collect

We have to have a valid reason for using your information. It is called the “legal basis of processing”. Sometimes we might ask your permission to do something like when we ask if you want to use Xperia services.
The only time we use your information without your permission is if the law says it is fine to do so and it fits with the rights you have.

Here are the reasons for which we use your information:

A. Keeping Xperia running

  • When we are using personal data to offer our products and services to you, the processing is based on a contract between you and Xperia. We may use information we have collected, including personal data, to:
    • provide you with a product or service you have requested, including any back-up and restoration service;
    • process your registration with us or create an account;
    • provide you with required notices and software updates which may contain critical security and functionality patches that make your device more secure and protect the personal data on the device; and
    • send important information (including via text message, push notifications) regarding essential changes to applicable terms of use and/or other communications or notifications as may be required to fulfil our legal and contractual obligations.

Legal basis: contract, legitimate interest

B. Improving Xperia

We work constantly to make our products and services better. We work to ensure quality, to develop identity management, and to strengthen network and information security. To make product improvements, provide software updates, manage bugs and crashes, Xperia obtains your permission to access the relevant data on your device. We are able to analyze software errors and hardware issues so that we can improve our products and services and give you the best possible Xperia experience.
The data we access is your device ID, device and application settings, errors and hardware activity. We use your IP address to determine your general location and use this to serve you information in your local language.

Such product improvement/development is only done on an aggregated basis, not on an individual user level, so specific users are not targeted.

We obtain your consent for product improvement through the Xperia Services app or the Setup wizard. If you go to [Settings > About phone > Detailed Diagnostics] you can give or withdraw your consent.

Please note that we automatically conduct some analysis of technical errors on your phone by accessing some of the log data on your phone: this is in our legitimate interest to improve Xperia from a technical point of view.

Legal basis: Consent; Legitimate interest

C. Marketing and advertisement

We work with Sony offices in your local region to bring you the latest information, articles, offers and promotions about Xperia and Sony’s other products and services available to you in your area. As part of this, we may use and share your information with your local Sony office and use your information to send you offers, news and updates by push notification to your device and by email on behalf of your local Sony office. Push notifications are messages that pop up on your mobile device.

If you use Facebook or Google to sign in and create an account, Facebook or Google will share your email address with us. If you give us permission, we will use your email address to send you tailored SONY news, offers and recommendations from your local Sony office.

For more information regarding marketing and your choices, please refer to the “Marketing Communications and Profiling” section below.

Legal basis: Consent

D. Fraud prevention investigation and compliance

  • Xperia may use personal data to prevent fraud and to investigate violations or our policies. We may use personal data to comply with applicable laws, regulations and court orders and to comply with valid legal information requests from such bodies. We may use your personal data to enforce or defend the legal rights of any Sony group company or the terms of use of any Sony product or service.

Legal basis: legal obligation; legitimate interest

E. Other purposes

  • We may use your personal data for other purposes:
    • to link or combine the personal data that we collect from the different sources outlined above (including personal data received from other Sony group companies about your use of other Sony group products and services). Personal data may be linked via a unique identifier, such as an account number Alternatively, we may decide to combine two or more databases into a single database of customer information. We may link or combine personal data for your and/or our convenience (for example, to allow you to more easily register for a new service), and to provide you with better, personalised services and content.

Legal basis: legitimate interest
Here is what each of these "legal bases" mean:

Consent

You have given clear consent for you to process your personal data for a specific purpose.

Contract

Processing your data is necessary for a contract you have with us, or because we have asked you to take specific steps before entering into that contract.

Legitimate interests

Processing your data is necessary for our legitimate interests or the legitimate interests of a third party, provided those interests are not outweighed by your rights and interests.

Legal obligation

We are obliged to process your data to comply with applicable laws and regulations.

6. Sharing data about you

Sharing of data by Sony

In general, Sony does not sell, rent or otherwise disclose data about you to third parties without your consent. However, there are exceptions:

Other Sony group companies

We may disclose personal data about you including related product or service usage information and any customer preference information as provided by you from time to time to other Sony group companies where:

  • You use other Sony group companies’ products or services and have shared personal data with them previously. In such circumstances, we and the other relevant Sony group company may combine all of Sony’s data about you and use it in accordance with our respective Privacy Policies.
  • we have engaged such other Sony group companies to provide data processing services to us (and these other Sony group companies will only process your personal data in accordance with our instructions and shall be subject to appropriate confidentiality and security obligations);
  • you use your Xperia devices and/or applications or services to access, purchase or download content, services, applications or products that are published, developed, supported or offered by other Sony group companies. They may combine this personal data with other details they hold about you. Unless they provide you with their own privacy policy, they may use your personal details for the purposes explained in this privacy policy. Where you have multiple accounts with different Sony group companies, these Sony group companies may also share personal data with us in accordance with their own privacy policies; or
  • Sony sells or transfers a portion or all of our business to another Sony group company

Our service providers

We regularly use third party service providers and other Sony group companies to provide us with services: for example, to host apps, conduct data analytics and provide account management and back-up services. When we do this we sometimes have to share data that we hold with them to get these services to work properly. Your personal data is shared only when strictly necessary. We ensure that these service providers and other Sony group companies have the same safeguards to protect your personal data as detailed in this privacy policy.

Third Party Advertising Partners

Where you download and/or use any Xperia applications and/or services that include third party advertisements (whether featured within the application or service itself or displayed to end users using a frame, wrapper, pop-up or any other form of advertising functionality), we may share personal data we collect about your usage of the applications and services with our advertising partners so that they can better target and/ or personalise advertisements displayed within any Xperia service or application used by you. Some of our third-party advertising partners act independently, and thus will handle shared data under the terms of their own privacy policies. When such sharing occurs, our applications and/or services will notify you when you first activate the application and/or service. Additionally, you can control personalised ads in your browser’s cookie settings and in your Android device via the Settings menu (Settings -> Google -> Ads).

Legal and business purposes

We may also disclose information we collect:

  • To government bodies and law enforcement agencies to prevent fraud, to comply with the law and to meet a reasonable request from such bodies;
  • To third parties (including professional advisors) to enforce or defend the legal rights of any Sony group company or the terms of use of any Sony product or service;
  • To a third party purchaser or seller, and its and our professional advisors, in connection with a corporate event such as a merger, business acquisition or insolvency situation.

Statistics and generic information

We prepare aggregate or de-identified information (including “generic” statistics) for a number of purposes as outlined above. As we consider that you cannot reasonably be identified from this information, we may share it with any third party (such as our partners, advertisers, industry bodies, the media and/or the general public) or with any other Sony group company.

7. International transfers of your information

Sony is part of the Sony group, which is a global organisation. For the purposes explained in this policy, your information may be transferred to Sony group companies (including service providers operating on their behalf) and other third parties in countries which do not have the same level of data protection laws as those in the country where you are located.

Please note that some of our servers are located in Japan and Europe. Japan has been recognised as a country that offers the same levels of protection as the EEA and the UK.

Sony uses a variety of legal mechanisms, including EU Standard Contractual Clauses, to help ensure that your rights and protections will travel with your information. This is why each of those Sony group companies (and their authorised data processors) will comply with our internal policy relating to processing of personal data which complies with the key data protection principles of fair handling of personal data and ensuring adequate level of protection of personal data.
Please contact us if you want to receive further information regarding international data transfers.

8. Marketing Communications and Profiling

All marketing for Xperia is handled by your local Sony office. Your local Sony office can support you with your preferences for what marketing you receive from Sony’s Electronics businesses. Please note that if you have questions to do with Playstation, you need to contact Playstation directly.

Go to https://www.sony.net/electronics/ to find your local Sony office.

Your local Sony office may ask us to use your information for profiling purposes. The decisions about profiling are made by your local Sony office and we process your information in line with their instructions. The information we use is information registered to the account you sign in to; and your device ID, device and application settings, device and application’s status of use and hardware activity.

By profiling we mean that your local Sony office personalises the messages sent to you so that you can receive new product information, articles, offers and promotions that are tailored to your interests. You may notice this personalisation and targeting when you use Sony products and services, when your local Sony office contacts you with marketing communications and when you visit Sony and third-party websites and services that show advertisements from Sony or our advertising partners (for example, you might see an advertisement for a product that you have recently viewed on one of our websites).

Your local Sony office’s privacy policy has more information on how we use your information and your rights to object to direct marketing, including profiling relating to direct marketing.

Please note that we may occasionally send you important information about Xperia products and services that you are using or have used (such as product safety announcements and service changes) or your accounts. These notices are not affected by your marketing communication preferences.

9. Security of your information

What we do to protect your information

We take reasonable security measures (i.e. a number of steps) to protect your information from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, including where appropriate:

  • Using Secure Sockets Layer (SSL) encryption when collecting or transferring sensitive information, (SSL encryption is designed to make the information unreadable by anyone but us)
  • Limiting access to the information we collect about you (for instance, only those of our personnel who need your information to carry out our business activities are allowed access)
  • Putting in place physical, electronic, and procedural safeguards in line with industry standards

What you should do to protect your information

As general best practice on the Internet, it is recommended that individuals take great care with user accounts, and follow some basic rules:

  • Do not use trivial passwords (such as single dictionary words).
  • Do not use the same password for multiple accounts.
  • Do use very long passwords (at least 10 characters, but preferably much longer).
  • Do use passwords which contain a combination of upper and lower case letters, numbers and special characters e.g. $%^& etc.
  • Do keep passwords securely (never written down, or shared with anyone) and change periodically.

If you believe your privacy has been breached, please contact us immediately.

10. Access to your information and your rights

If you would like a copy of the personal data that we store about you or exercise any of the rights below, please contact us. You may be asked to provide some proof of identification so that we can verify that it is you making the request.

If you are located in the EU/EEA, you have the following rights in respect of the personal data that we collect.

  • You have the right to access (including a copy of) your personal data (Art. 15 GDPR); to correct, delete or restrict (stop any active) processing of your personal data (Art. 16- 18 GDPR); and to obtain the personal data you provide to us for a contract or with your consent in a structured, machine readable format, and to ask us to share (port) this personal data to another controller (Art. 20 GDPR).
  • In addition, you can object to the processing of your personal data in some circumstances (in particular, where we don’t have to process the data to meet a contractual or other legal requirement, or where we are using the data for direct marketing - Art. 21 GDPR).
  • Where we have asked for your consent, you may withdraw consent at any time (Art. 7 para 3 GDPR). If you ask to withdraw your consent to SONY processing your data, this will not affect any processing which has already taken place at that time.

These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.

You also have the right to complain If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may contact the Information Commissioner’s Office (www.ico.gov.uk) (which is the regulator responsible for data protection in the United Kingdom, where Sony Europe - our legal representative - is located). Alternatively, if you are located outside of the United Kingdom, you may contact your local data protection authority.

11. How long we keep your personal data

We will only retain your personal data in accordance with our internal retention policies or for as long as is reasonably necessary for the various purposes set out in “How Sony uses the information we collect” section above, as well as to otherwise comply with any applicable laws and regulations concerning the mandatory retention of certain types of personal data relating to our customers and/or any commercial transactions with them. Should any personal data held by us no longer be required by us for any of the purposes set out in “How Sony uses the information we collect” section above, we undertake to take reasonable steps to destroy or de-identify any personal data after a reasonable period of time has elapsed. If you are concerned that we have not complied with your legal rights or applicable privacy laws, you may contact us or your local data protection authority.

12. Links to other sites

Some of our websites may contain links to other websites that are not operated by Sony, including websites operated by other Sony group companies.

While Sony tries to link only to sites that share Sony’s high standards and respect for privacy, we are not responsible for the content, security or privacy practices of those other websites. You should view the privacy and cookie policies displayed on those websites to find out how your personal data may be used.

13. Children’s privacy

Sony considers a child to be anyone under the age of 16. We do not knowingly seek or collect personal data from or about children without the consent of a parent or guardian.
If Sony becomes aware that personal data that has been submitted to us relates to a child without the consent of a parent or guardian, Sony will use reasonable efforts to:

  • Delete that personal data from its files as soon as possible; or
  • Ensure, where deletion is not possible, that this personal data is not used further for any purpose, nor disclosed further to any third party

Any parent or guardian with queries regarding our processing of personal data relating to their child should contact us

14. Changes

Sony reserves the right to make changes to this Privacy Policy. This Privacy Policy may be updated from time to time for any reason. We will notify or request your consent (whenever necessary under the applicable law) of any changes to this Privacy Policy through Xperia.

15. Contact us

Sony Europe B.V., a Dutch company with its business address at Taurusavenue 16, 2132LS Hoofddorp, the Netherlands, is Sony’s legal representative in the UK and the EU.

You can contact us in the following ways:

1. Via our online web form:

https://services.sony.co.uk/supportmvc/en/contact/pim

2. By email:

You can also contact us by emailing privacyoffice.SEU@sony.com.

3. By mail:

If you are in the EU

You can write to us at our business address above, or at The Privacy Office c/o Sony Europe Legal Department, The Heights, Brooklands, Weybridge, Surrey KT13 0XW, United Kingdom.

If you are in the UK

You can write to our UK branch at The Privacy Office c/o Sony Europe Legal Department, The Heights, Brooklands, Weybridge, Surrey KT13 0XW, United Kingdom.