PRIVACY POLICY

Last updated: June 2024

For the purposes of this Privacy Policy, the following terms mean:

“ Data recipient ”: the natural or legal person, public authority, service or any other body which receives communication of personal data, whether or not a third party.
“ Personal data ”: any information relating to an identified or identifiable natural person; an “identifiable natural person” is deemed to be a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to his or her physical, physiological, genetic, psychological, economic, cultural or social identity;
“ DPO ” ( data protection officer ): data protection officer;
“ Data subject ”: an identified or identifiable natural person.
“ Controller ”: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing;
“ GDPR ”: General Data Protection Regulation;
“ Processor ”: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

COMPLIANCE WITH DATA PROTECTION LEGISLATION

The Legrand Group collects and processes your data in compliance with the legislation on the protection of personal data, namely, among others, EU Regulation 2016/679 of the European Parliament and of the Council (GDPR), the Data Protection Act No. 78-17 and any other European or national regulations applicable in this area, which may be added subsequently (hereinafter referred to as "Data Protection Legislation").

SITE HOSTING

The Site "portal.buildingmanager.legrand.com" ("the Site") is hosted on the cloud of the company Amazon Web Service (AWS) France (67 Boulevard du Général Leclerc, 92110 Clichy, France) AWS in France (amazon.com)

The Site "myconnectedaccount.legrand.com" ("the Site") is hosted on the servers of the Legrand Group company, Netatmo SAS (93 rue nationale, 92100 Boulogne-Billancourt) hosted on the Microsoft Azure cloud in Europe: https://azure.microsoft.com/fr-fr/overview/sales-number .

IDENTITY OF THE DATA CONTROLLER

Any processing of personal data collected is carried out under the responsibility of:

Name and contact details of the Data Controller	Legrand SNC 128, av. of Maréchal de Lattre de Tassigny 87045 Limoges Cedex (France) E-mail: webmaster.legrand@legrand.fr
Legal information on the Data Controller	General Partnership with capital of €7,765,345 SIRET No. 389 290 586 000 12 APE Code 4669 ARCS Limoges B 389 290 586 VAT identification number FR 15 389 290 586

DATA COLLECTED AND PURPOSES OF PROCESSING

DATA YOU PROVIDE TO US

Data collected	Purposes of processing	Legal basis for processing
E-mail*	Identity Verification / Site Login	Legal obligation (Article 5, GDPR)
Password*	Identity Verification / Site Login	Legal obligation (Article 5, GDPR)
Name, First name *	Customer relationship
Language *	Interface in user language
City, Country	Location
Phone number	Customer Support
Customer Site (Name, Postal Address) *	Use of the services provided by the application

*Mandatory data

The data identified as mandatory, collected on the legal basis of the contract when creating your Legrand account, are essential to the provision of the service. Failure to respond to a mandatory field will result in compromising access to the site.

We keep all this data for the duration of the contract and for a period of 30 days after the deletion of your user account (following a request for voluntary deletion on your part according to the procedure described in the article Exercising user rights ).

DATA COLLECTED WHEN USING OUR SERVICES

Data collected

Purposes of processing

Area Manager IP Addresses

Usage-related metrics (non-exhaustive):

Temperature/Humidity/Brightness

Consumptions

Occupation/People Counting

Status of lighting

HVAC Status

Use of the services provided by the application

We keep all this data for a period of 30 days after the deletion of your user account (following a request for voluntary deletion on your part according to the procedure described in the article Exercising user rights ).

EXERCISE OF USER RIGHTS

In accordance with the applicable Personal Data Regulations, you benefit from the following rights regarding the processing of your personal data:

Right of access : you can request to obtain a copy of your personal data from us, as well as to receive any information concerning the processing of your personal data (such as the categories of personal data that are processed, the purposes of the processing, the categories of recipients to whom the personal data are communicated, the retention period of the personal data);
Right to rectification : you can ask us to correct, complete, update your personal data if it is inaccurate, incomplete, ambiguous and/or obsolete;
Right to erasure : you can ask us to delete your personal data under certain conditions (for example, pursuant to Article 17 of the GDPR, if your personal data is no longer necessary for the purposes for which it was collected or is being processed; or if you have withdrawn your consent for the processing of your personal data, where consent was the legal basis for the collection and processing and there is no other legal basis for it);
Right to restriction of processing : you can ask us to restrict the processing of your personal data under certain conditions (for example, pursuant to Article 18 of the GDPR, when you contest the accuracy of your personal data, for the period required to verify this);
Right not to be subject to specific processing : you can ask us, pursuant to Article 22 of the GDPR, not to be subject to a decision based exclusively on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you;
Right to object : you may object to the processing of your personal data for a reason relating to your particular situation (in accordance with, and within the limits of, Article 21 of the GDPR). If personal data are processed for direct marketing purposes, you may object at any time to that processing, including where it includes profiling activities (as long as they relate directly to that direct marketing);
Right to portability : you can request to receive your personal data – when processed on the legal basis of your consent or for the performance of a contract – in a structured, commonly used and machine-readable format, and request that we transmit this data to another controller (for example, another service provider);
Right to withdraw your consent : you can withdraw your consent at any time, without providing any justification, for all processing activities described in the Privacy Policy for which the legal basis for the processing is your consent;
Right in the event of death : in accordance with Article 85 of the French Data Protection Act, you can define guidelines regarding the preservation, deletion and communication of your personal data by LEGRAND after your death. These guidelines may be general or specific. The guidelines relate to all your personal data and may be registered with a digital trusted third party certified by the National Commission for Information Technology and Civil Liberties. The specific guidelines relate to the processing of your personal data described in this Privacy Policy, and may be registered with us.

To exercise any of these rights, you may submit your request at any time, using the contact information provided in the “Contact Us and Our DPO” section of this Privacy Policy. Requests will be processed provided that you are able to prove your identity, and that your request is clearly identified. Requests will be processed as soon as possible, and in any event within a maximum of one (1) month from receipt of your request. If necessary, this period may be extended by two (2) months, depending on the complexity of the request and the number of requests. In this situation, we will inform you of the reasons for this extension. No payment is required for the exercise of your rights, except in the case of a clearly unfounded or excessive request. In such cases, we also reserve the right not to follow up on your request.

In addition to the rights described above, you have the right to lodge a complaint, at any time, with the competent supervisory authority. For example, under the GDPR, you can lodge such a complaint in the country in which you reside or work (if applicable) or where the alleged infringement took place, if you have reason to believe that the processing of your personal data infringes the applicable Personal Data Regulation. In France, the supervisory authority is the Commission Nationale de l’Informatique et des Libertés (the “ CNIL ”).

The Site allows you to modify the data provided when creating your Legrand account:

Name
First name
E-mail
Contact language
Password
Language
Country

From the Site, you can consult the General Conditions of Use and the Confidentiality Policies that you have accepted in order to use the connected applications of the Legrand group. In the event of an update of these documents, you will also be able to read the changes that we have made to them and to renew your consent to the new conditions of use and/or processing of your personal data in order to be able to continue to use the connected applications of the Legrand group if you wish.

ACCESS TO DATA

Only the following have access to your personal data, within the limits of their respective attributions:

The internal services of the LEGRAND company, established in France: Research and Development department as well as the teams responsible for managing the Site;

The service provider AWS France, responsible for hosting the data collected via the website;

· Legrand company subcontractors responsible for the architecture of the environments;

We inform you that the aforementioned recipients are subject to an obligation of confidentiality and may only process your data in accordance with our contractual provisions and applicable legislation.
We also inform you that we may be required to share your personal data if this is necessary to safeguard your vital interests or those of another natural person, if this is necessary for compliance with a legal obligation to which we are subject as well as for the establishment, exercise or defense of legal claims.

DATA SECURITY

The LEGRAND Group has implemented adequate physical, electronic and administrative protection measures that comply with regulations to protect your personal data. However, the LEGRAND Group wishes to draw users' attention to the potential risks in terms of data confidentiality related to the operation of the Internet. It is in particular up to users to set up or ensure the existence of means to secure their personal computer network, as well as to ensure the correct configuration of the connection box (box) connected to the Internet access provider, and other radio accesses (e.g.: WIFI, 4G, etc.).

COOKIES AND SIMILAR TECHNOLOGIES

When you browse, cookies are placed on your device (computer, mobile phone, tablet), subject to the choices you have expressed and which you can change at any time by adjusting your settings (see the section below Accepting or refusing cookies ).
Placed on your device when you visit a site, a cookie is a small text file on said site, which records information relating to browsing (pages viewed, date and time of viewing, etc.) and whose main objective is to improve your viewing and to allow you to receive personalized services. The term "cookie" hereinafter refers to cookies

TYPE OF COOKIES

Internal cookies necessary for the operation of the Site:

Host-next- auth.csrf -token

Secure-next- auth.callback - url

Secure- next - auth.session-token

(Session cookie to retain the user's identity during

his use of the Site. Expiration: Session)

(Session cookie to retain the user's identity during their use of the Site. Expiration: Session)

(Session cookie to retain the user's identity during use of the Site. Expiry: 24 hours)

These cookies are strictly necessary for the operation of the Site.

ACCEPT OR REFUSE COOKIES

You can configure your browser so that cookies are saved in your terminal or rejected, either systematically or according to their issuer, or to be informed when a cookie is saved in your terminal, in order to allow you to accept or refuse it.
However, deleting all cookies used may lead to the alteration or loss of certain settings or information and make navigation difficult or even impossible. The configuration of each browser is different. It is described in the help menu of your browser, which will allow you to know how to modify your wishes regarding cookies. Here is how to control or prevent the recording of cookies:

UNDER FIFTEEN YEARS

In offering its information society services, the Legrand Group does not target minors under the age of 15 as a user group. However, access to the Site is not reserved for adults because it does not present content prohibited for minors.
The Site does not intentionally collect or use personal information concerning minors under the age of 15. If information is collected on a minor by the Site, the minor's legal representative may contact the Group's Data Protection Officer to rectify, modify or delete this information (see article Exercising User Rights ).

MODIFICATION OF THIS DOCUMENT

This document may be modified at any time without notice. We invite you to consult it regularly.

CONTACT US AND CONTACT OUR DPO

By email:

Via the online form https://www.legrandgroup.com “ Contact us ” section

By mail

Legrand Consumer Service

128 Avenue of Maréchal de Lattre de Tassigny

87045 LIMOGES cedex France

Our DPO:

Data Protection Officer – Julie CELMA

128 Avenue of Maréchal de Lattre de Tassigny

87045 LIMOGES cedex France

fr-sm-data-protection-officer@legrand.com