Ecostruxure Building Commission Privacy Notice

We commit to serve you, our customers, with care, consideration, and respect and to protect your privacy and personal information.

Our Data Privacy Policy explains how and why we use personal information. This supplemental notice provides additional information about Ecostruxure Building Commission

1. Who is in charge of data processing?

The processing of personal information is carried out by Schneider Electric USA, Inc. (“we”) as data controller for global processing such as operating and improving the service.

2. What types of personal information do we process?

• Contact information
• Transaction and interaction information including accou`````nt information and related records, professional information (company & function)
• Online & technical information (information about devices you use, such as their identifiers, model and version)
• Approximate geolocation
• Features of the application you use, subject to your consent
• Like any system, connections are logged for security purposes.

In cases where your account is managed by someone else (such as an administrator or employer), they may provide data on your behalf.

We use information for the purpose of delivering our services, interacting with users, managing customer relationships, ensuring security and compliance with contract and terms of use, and analyzing use of services to improve them. This is based on our legitimate interest to operate the platform and to provide services to our customers. We will also ask for your consent as required by laws. If we cannot collect this information we cannot provide the service.

We may collect and use other types of personal information as described in our Data Privacy Policy. Depending on the circumstances, these activities may be based on the execution of a contract with you, on our legitimate interest, on the legitimate interest of a third party, or for compliance with a legal obligation.

We do not make decisions based solely on automated processing which may produce legal effects or similarly affect you.

3. How long do we keep your personal information?

We keep information as needed to perform the purposes described above, taking into consideration the need to provide the services, marketing requirements, security requirements, legal requirements and statute of limitations.

4. Who do we share personal information with and where is it processed?

Personal information will be processed by our affiliates and suppliers involved in the provision of the services and in the performance of the purposes described in Section 2. We take measures to ensure that personal information receives an adequate level of protection. We do not sell your personal information.

Our affiliates and suppliers provide service including hosting and maintenance, performance monitoring and security. As we are a global company, teams and suppliers may have global or multi-country roles, and they can be located anywhere in the world, in countries with different privacy standards than the country of our customers.

We have internal policies applied by our affiliates and we conclude contracts with our suppliers to ensure appropriate safeguards. Our group has adopted Binding Corporate Rules (BCR). In addition, we conclude Standard Contractual Clauses and rely on EU Commission’s adequacy decisions. To obtain more details and copies of safeguards put into place, you may contact global-data-privacy@schneider-electric.com.

We may also share your information, as necessary:

• with competent authorities, based on a good faith belief that disclosure is necessary to respond to a judicial process, a valid official inquiry, or if otherwise required by law;
• to defend our legal rights, or to protect the rights or safety of any person or entity;
• as instructed by you, our customer or the user;
• with third parties in the context of reorganization of operations.

5. How do we secure personal information?

We follow generally accepted industry standards to protect personal information and we maintain appropriate administrative, technical and physical safeguards to protect it against accidental or unlawful destruction, accidental loss and unauthorized alteration.

However, no method of transmission over the internet or of electronic storage is 100% secure. Therefore, we cannot guarantee absolute security.

6. How to exercise your choices and rights about your personal information?

To exercise the data protection rights granted under applicable data protection law, such as the rights to be informed, to access, to rectify, to withdraw consent, to request restriction or erasure, the right to object and data portability, you may make a request at the contact details available within the service or at Global-Data-Privacy@schneider-electric.com. To ensure the security of your personal information, we may ask you to provide other details to verify your identity.

You may address questions or comments about our privacy practices or this privacy notice to our Group Data Protection Officer (Group DPO):

DPO@schneider-electric.com

DPO Schneider Electric

35 rue Joseph Monier

CS 30323

92506 Rueil Malmaison-

France

If you believe that we have processed your personal information in violation of applicable law, you may file a complaint with the Group DPO at the contact details above or with the regulatory supervisory authority in your country

This privacy notice may change from time to time. We will provide information about material changes. Last updated: July 2021