Privacy Statement

II. Who We Are

NXP designs purpose-built, rigorously tested technologies that enable devices to sense, think, connect and act intelligently to improve people's daily lives. As the world leader in secure connectivity solutions for embedded applications, NXP is pushing boundaries in the automotive, industrial & IoT, mobile and communication infrastructure markets making the connected world better, safer and more secure. When this Privacy Statement refers to “we”, “us” or “our”, it refers to NXP B.V. and affiliates or subsidiaries which under this Privacy Statement may act as a controller of your personal information: namely, those entities who may be deciding how and why your personal information is being processed.

III. What types of personal information do we collect?

It is important for you to know that “personal information” (or: “data”, “personal information” or “personal data”), means: any information relating to an identified or identifiable individual (or “data subject”). An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Different pieces of information, when collected can lead to the identification of a person, also constitute personal information.

We may process various types of personal information we receive from you depending on the ways you interact with us (e.g. through our websites portal, NXP customer support, etc.). They include the following:

• Name and last name
• E-mail address, address, phone number, fax number, country
• Account and user log-in data
• Bank account information
• Reviews, feedback, comments
• Interactions with promotional or marketing campaigns and offers
• Content created by you within NXP communities
• Registration and attendance data from live training and promotional events
• Downloads from website requiring registration
• Meta information such as time and/or duration of your interaction with us
• IP address, MAC address of the devices you use to interact with us
• Your actual or assumed location (determined by the information mentioned above)
• Information related to your interests (products or services that you are visiting or videos viewed on our websites platforms )
• License agreements and all other legal agreements
• Information related to your requests for information, requests for support and your transactions with NXP
• Cookies and cookie preferences
• Site security and visit information like access control data, and CCTV recordings
• Vehicle image recording data. Please see our privacy statement for vehicle recording by NXP for more information

Your bank account information and location information may be considered as sensitive personal information in certain jurisdictions. We will only process such sensitive personal information for the following necessary purposes:

• Bank account information: needed for any customer purchases;
• Location information: We might use you IP address to generally identify the region you’re are located in so we can customize your experience of our services. We do not use any individual location tracking technologies like GPS tracking to precisely identify your location. Should we ever required to process your precise location data we will only do so after receiving your consent to do so.

Sensitive data will only be processed by implementing strict security measures, separate consents and specific notices if required by applicable data protection regulations.

IV. Children’s Personal Information

NXP will not offer products or services to minors under 18 years old. If you are the parent or guardian of a minor and have any question about matters related to personal information of the minor under your guardianship, you may contact us by means provided below in section XVI of this Privacy Statement.

V. Cookies

When you visit our websites or our digital platforms, cookies might be stored on your devices within the web browser. Cookies are small text files that can store information for a certain period and identify your device. We use cookies to optimize your user experience on our platforms.

We invite you to explore our Cookie Statement and learn more on how we use cookies or other tracking technologies. You can also set your cookie preferences within NXP's domains by clicking on the Cookie Settings button. Some of our services may also use third-party SDKs to provide certain functions. We will provide you the information about how we use SDKs if required under applicable laws and regulations.

VI. Why do we collect your personal information?

Depending on the relationship we have with you, the way you interact with us, the websites or sites you visit, or the product or service you use, we may collect personal information for different purposes, such as:

• Performance and execution of contracts
• Direct marketing, including conducting data analysis to provide you marketing information that you may be interested in
• Lead management and the sales of our products and services via our distributors and partners with whom we have a business relationship
• Business analysis and development, and management reporting
• Providing our products or services
• Developing and improving our products and/or services
• Responding to requests and providing customer support
• Protection our intellectual properties and preventing fraud
• Compliance with legal obligations
• Security and maintenance reasons

VII. Legal Basis

NXP will process Personal Data on a lawful basis (justified reasons) according to the applicable laws and regulations. These legal bases could be:

• The legitimate interest of NXP and management purposes;
• Entering into and performing a contract with you;
• Compliance with NXP’s legal obligations;
• Your specific and informed consent;
• To protect your vital interests.

VIII. When do we share your information with third parties?

For the purposes as described under Section VI “Why do we collect your personal information?”, we only share your personal information with categories of third parties listed below:

• NXP affiliates, given that NXP is an international corporation with several NXP affiliates.
• External service providers that act on behalf of us, such as newsletter distributors, IT hosting providers, marketing service providers, cloud service providers, data analysis service providers, SaaS providers etc.
• Distributors, business partners. We engaged in business relationships with distributors and partners for the offering and sales of our product and services. As part of this relationship we share personal data of individuals we think are interested in our products so those distributors and partners can sell the product/service. The distributors or partner will contact the interested individual to assess their interest and to sell our products and services. We only share the data of those individuals we think are interested in our product or service. We want to make clear that our distributors and partners can only use the shared data for the joint purpose of selling NXP products and services. When using the shared personal data, they must comply with the applicable personal data protection laws.
• Advisory and legal services such as lawyers, bankers, auditors, and insurers, where necessary for the required service.
• Universities when required for specific joint research projects

To the extent required by applicable laws, all third parties receiving your personal information will implement appropriate measures to protect your personal information. When using external service providers, we will require them to process your personal information only for purposes set out in this Privacy Statement. If separate consent is required for the above sharing under applicable laws and regulations, we will notify you and obtain your consent. We do not sell or license your personal information to third parties.

If NXP needs to transfer personal information due to a merger, division, dissolution, declaration of bankruptcy, or other reasons, where required under applicable laws and regulations, NXP will notify you of the name and contact information of the recipient and such a recipient shall continue performing the obligations as described in this Privacy Statement. Otherwise, to the extent required by applicable laws, the recipient shall obtain your consent for their processing of your personal information for other purposes.

IX. How do we safeguard your personal information?

We recognize our responsibility to protect the personal information we collect. We make sure that our measures are in compliance with applicable data protection and data security laws. We have implemented appropriate technical and organizational measures to prevent risks, such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to information. Additionally, we make sure that these measures are in compliance with applicable data protection and data security laws. For instance, we put in place the following measures in order to protect your information:

• Limiting physical access to our premises
• Limiting access to personal information (for instance, only employees on a need-to-know basis have access to your personal information)
• Requiring third-party providers, to the extent by applicable laws, to have acceptable security measures to keep personal information secure and putting in place physical, electronic and procedural safeguards in line with industry standards.

If unauthorized access, leakage, distortion or loss of personal information occurs or might have occurred, we will adopt remedial measures immediately and if required by applicable laws and regulations, inform government authorities and individuals in a timely manner.

X. How long do we retain your information?

We retain your personal information as long as it is necessary to fulfill the specific purposes, as explained under the section "Why we collect your personal information". In certain cases a longer retention of your personal information might be required according to legal obligations. In all other cases, we delete your personal information once the purpose of processing your information is fulfilled.

XI. What are your rights?

According to applicable laws and regulations, you may have certain rights with respect to your personal information, including but not limited to:

• Access and/or modify your data;
• Request to delete your personal information;
• In some situations the restriction of or objection to the processing activity of your information;
• In some situations request a copy of your personal information in a structured, commonly used and machine-readable format;
• Pose any questions related to your personal information and its protection.

In case you want to exercise your privacy rights? Please submit your request via our online form. You can use the same form in case you want to delete your online account.

You can get in touch with us via the contact details provided below (XVI). Upon receiving your request or questions, we will ask you to verify your identity and specify which kind of information you require. We will make sure that your request will be addressed in time and free of charge unless a disproportionate effort is required. Applicable laws and regulations of certain jurisdictions may impose certain restrictions on exercising your personal information rights. In such a case, NXP will comply with the requirements under applicable laws and regulations.

XII. When do we transfer your personal information?

International transfers of your personal data

NXP is a global organization, which owns entities in multiple countries and regions. Please see Global Sites for more information about our global entities. In order to provide you with products and services, fulfill legal obligations or achieve other purposes provided in this Privacy Statement, the personal information we process may be transferred internationally throughout our organization and to third parties worldwide. The countries/regions in which recipients are likely to be located are the countries/regions where NXP is conducting business.

To protect your rights we only store and transfer your personal data in compliance with applicable legal requirements to a region or country where:

1. An adequate level of protection for personal data is provided
2. An instrument covers the requirements for the transfer of personal data such as:
   1. EU Standard Contractual Clauses
   2. Codes of conduct
   3. Certification mechanisms
3. Use other transfer mechanisms provided by applicable data protection and data security laws

If applicable laws and regulations of certain jurisdictions require us to provide you with further notices and obtain your separate consent for the cross-border data transfer, we will further provide such notices and obtain your separate consent.

Our websites sometimes link to services run by other companies. Those companies have their own privacy and cookie notices, so remember that the information you give them will follow their rules. Those companies are not within the control of NXP and NXP is not responsible for the content or personal information protection practices of such services provided by those companies.

XIII. Automated Decision Making

Automated decision making is depending on some regulations restricted, if such regulation applies in your situation, please read through the section below.

If we use automated means to send you targeted push or marketing messages, we will provide you with a method to refuse such targeted messages. If we use automated means to make any decisions that may have major impact on your rights and interests, you may have the right to request us to provide you with an explanation if we are required to do so under applicable laws and regulations. We may also provide you with an opt-out method, where required under applicable laws and regulations, if the decision is made solely based on automated means and such a decision may have major impact on your rights and interests.

XIV. Updates to this Statement

In order to stay compliant with applicable legal requirements, reflect received feedback or changes in our products, services or operations we might change this Privacy Statement from time to time. The current version of this Privacy Statement is always available at: www.nxp.com

XV. Concerns and Complaints

If you are concerned about the way we process your personal information, please contact our Data Protection Officer (DPO) who will investigate your concern. Please understand that the DPO can only handle your request if you authenticate yourself. You will receive a response within a reasonable period. You also have the right to make a formal complaint to the relevant regulator in your jurisdiction.

XVI. Contact Details

In case you may have questions or have a concern or complaint in relation to this Privacy Statement please reach out to our Data Protection Office at:

NXP Semiconductors N.V.
Attn. Data Protection Office
High Tech Campus 60
5656AG Eindhoven
The Netherlands

The Data Protection Office
Email: dataprotection@nxp.com

Please be informed to only use the mail address dataprotection@NXP.com if you have a question with regard to Personal Data (Privacy) matters.

If you believe that you have discovered a potential security vulnerability in an NXP product, please contact PSIRT at psirt@nxp.com.