Schneider Electric Data Privacy Statement
0. Changes to this Privacy Statement
Schneider Electric may modify this Privacy Statement as needed. This Privacy Statement has evolved since its last update of 13 May 2013.
Schneider Electric reserves the right to modify this Privacy Statement as needed, for example, to comply with evolutions in laws, regulations, Schneider Electric practices and procedures, or requests by supervisory authorities.
In this case, Schneider Electric will inform individuals of Schneider Electric who are impacted of material changes in this Privacy Statement. Schneider Electric will post new versions on relevant internal and external websites.
The main changes and reasons for changes between the current version of this Privacy Statement and the previous version of 13 May 2013 are the following:
– a new presentation as a layered privacy statement, in order to make it easier to read
– wording improvements
– consistent wording across Schneider Electric websites
– specify our data processing and data sharing activities and the types of information processed for improved clarity
– changes to address new regulatory requirements resulting from the GDPR (EU General Data Protection Regulation).
1. Why this Privacy Statement?
Schneider Electric is committed to protecting your privacy and your personal information. This Privacy Statement informs you of our privacy practices and of how your personal information is protected. You should read it before accessing Schneider Electric digital content.
Schneider Electric strongly supports the fundamental rights to privacy and data protection as well as compliance with national and international privacy laws.
This Privacy Statement describes how Schneider Electric processes and protects the personal information of individuals who use our websites and other digital content as well as in the context of our offline business activities.
Schneider Electric has also established this Privacy Statement as an external publication of our Binding Corporate Rules (“BCR”), approved by data protection supervisory authorities of the European Union in November 2012 for the processing of personal information from the EEA as a data controller. In Schneider Electric’s Binding Corporate Rules, we respect and take into account the major principles of EU data protection rules as our Head Office is located in the European Union.
2. What is the Scope of this Privacy Statement? Who Is in Charge of Data Processing?
This Privacy Statement applies to all Schneider Electric subsidiaries and digital content, unless a specific privacy statement or privacy notice has been released to supplement it or to replace it. You should check the privacy statements made available to you on all digital content.
Schneider Electric is a global company, with legal entities, business processes, management organizations, and a system infrastructure that crosses borders. This Privacy Statement applies to all Schneider Electric data processing activities run by our wholly owned subsidiaries, including product and service offerings and digital content (e.g. websites, applications, tutorials, e-training, newsletters, advertising, communication). It may, however, be supplemented by a more specific privacy notice/statement/policy (“statement”) or even superseded by another statement specific to a particular Schneider Electric program, product, service, content or entity. It is important that you read the statements made available to you for your full information.
The data controllers of the data processing activities are the Schneider Electric subsidiaries who have determined the data processing means and purposes. They may vary on a case by case basis. In many instances, Schneider Electric’s Head Office, Schneider Electric Industries SAS, 35 rue Joseph Monier 92500 Rueil Malmaison- France, is the data controller of global data processing activities, including the www.schneider-electric.com website.
This Privacy Statement binds all Schneider Electric wholly owned subsidiaries and their employees.
Any order made by you online is also subject to the terms and conditions provided on the relevant sites. You must read them.
3. Why Do We Collect and Use Personal Information?
We use your personal information for various purposes including to fulfill your orders and requests, to manage our relationship, conduct surveys, improve our products, services, online content as well as your user journey, manage your account and the programs you join, analyze the activities on our websites, run our marketing activities, provide you with contextual and targeted advertising, ensure the security of our activities, protect against fraud and, more generally, run our business activities.
Our primary goal in collecting information is to provide our customers and other users with superior service and a smooth, efficient and personalized experience while using our digital content.
Schneider Electric collects personal information for the following purposes:
– To fulfill orders of products, services and digital content. We collect this information to deliver your order, to obtain payment, to communicate with you about the status of your order and for contract management purposes.
– To process job applications from candidates.
– To address your requests for information. If you contact us, we keep a record of your correspondence or comments, including personal information, in a file specific to you. We use this information to help us provide you better service in the event you contact us again.
– To provide you with the technical support you request from us. Personal information is necessary to identify your systems, understand the configuration of the products, diagnose your questions, and provide solutions.
– For relationship management purposes. It includes communicating with you about the products, services and digital content you have acquired to ensure you use them in the best way possible, including via emails and newsletters. For instance, location data may be used to suggest sources of products or support near you.
– To conduct surveys and polls. We collect personal information from individuals who volunteer to complete surveys or participate in polls. We use this information to get to know you better, measure satisfaction and improve our products, services and digital content.
– To improve our products, services and digital content; for instance we analyze the use of our applications and sites in order to identify areas and functionalities where users have difficulties and we redesign them.
– To manage your account. When you register, we use your personal information to give you access to digital content and our services, authenticate you and interact with you about it.
– To run our promotional programs and activities: we collect personal information from you when you join a promotional or reward program or activity. We use this information to administer the program or activity, to send you relevant emails about the program and activity, notify winners, and make the winners’ list publicly available in accordance with applicable regulations and laws.
– For us (including our subsidiaries) and selected third parties to send you marketing information by mail, fax, phone, text messages, email and electronic communications about promotions, news and new products or services that we think may be of interest to you in compliance with applicable opt-in and opt-out requirements.
– To provide you, through pop-ups, banners, video, emails and any other advertising format, with certain communications and/or targeted advertising about our products and services (or of our subsidiaries). For instance:
• we may provide you with contextual advertising or other content, based on the content of the visited webpage or other information we have about you, when you navigate through our digital content;
• the digital content; and also
• third-party websites or apps that have no link to our digital content. The advertising on these third-party websites may include advertising about Schneider Electric.
– To ensure the security of our products, services and digital content of our activities and of others, for the protection against fraud and the compliance with our terms and conditions and this Privacy Statement. We may also investigate potential breaches.
– To enable or administer our business, such as for quality control and consolidated reporting.
– To support corporate transactions or reorganizations in which Schneider Electric is involved.
– For business continuity and disaster recovery.
– To comply with legal obligations to which we are subject. For example accounting and tax obligations.
– Any other purpose otherwise conveyed to you.
4. What Types of Personal Information Do We Process?
Schneider Electric processes various types of personal information including identity and contact related information, professional related information, information about your preferences, your interactions with us, financial related information, online traffic data and the content you provide us. In most instances this information is obtained from you. We also purchase lists from marketing agencies and obtain information from our partners through Cookies and social networks.
Personal information (also called personal data) is any information relating to an identified or identifiable individual. An identifiable individual is one who can be identified, directly or indirectly, in particular by reference to an identifier or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
The types of personal information we process about you may include:
• identity and contact related information, such as your name, company, email address, phone number, photo, age range, contact addresses
• professional related information, such as customer type, job function, job title, purchasing authority, purchasing timeframe; acquisition and use of Schneider Electric products, services and digital content; or if you are a job candidate your educational, professional and employment background
• your preferences such as product and service preferences, contact preferences, marketing preferences, and as a job candidate your job interests
• your interactions with us such as your queries, orders, claims, survey answers
• financial related information such as bank account details, credit card information
• online traffic data such as IP address, device and system identifiers, your Schneider Electric user ID and password, log in details, referring website, type of browser used, consulted content and location, based either on your IP address or on information transmitted by your mobile device.
• content that you have provided via online forums or otherwise (see section 5 “Your Content” below).
You will need to provide some personal information to benefit from digital content. We will indicate it as the case may be. If you do not provide this information, you may not enjoy all or part of such digital content.
This Privacy Statement does not cover personal information rendered anonymous, that is if individuals are no longer identifiable or are identifiable only with a disproportionately large expense in time, cost, or labor. If anonymized data becomes identifiable, then this Privacy Statement shall apply.
In most instances we collect this information directly from you or your employer who has a business relationship with us. We may also obtain information through a reseller or a business partner, by purchasing customer lists from marketing agencies, from your online browsing experience, from social networks when you connect with these network’s credentials and through Cookies (see our Cookie Notice). You may obtain more precise information on the third-party source of personal information (if any) by contacting us at the email address indicated in section 9.
5. Your Content
You may have occasion to contribute content, including photos or comments, to online forums, applications or other digital platforms operated by Schneider Electric. Your content must be harmless. It must respect the rights and interests of others. You need to have obtained consent before sharing someone else’s data. You should apply caution before sharing information on the forum.
The content you provide us with must respect the rights and interests of others, including their rights to the protection of personal information and privacy. It should not be offensive, disrespectful or harmful in any way.
If you provide us with information about another person, you confirm that you have first obtained their consent to the processing of their personal information, including sensitive personal information, and that you have informed them of our identity and the purposes (as set out above) for which their personal information will be processed.
While Schneider Electric strives to protect your personal information, providing it online on a shared forum is not risk-free. If you post, comment, indicate interest, or share personal information, including photographs, to any forum, social network, blog, or other such forum, please be aware that any personal information you submit can be read, viewed, collected, or used by other users of these forums, and could be used to contact you, send you unsolicited messages, or for purposes that neither you nor Schneider Electric have control over. Schneider Electric is not responsible for the personal information you choose to submit in these forums. You should apply caution before deciding to share information about yourself or another person.
6. Who Do We Share Personal Information With?
We share personal information with the Schneider Electric subsidiaries and the service providers involved in our activities, with advertising and marketing agencies, with social networks if you use their login credentials, with third-party websites if you register with Schneider Electric credentials, competent regulatory bodies and authorities and business successors.
Schneider Electric is a global group of companies which works as one. The teams which serve you may work for different subsidiaries. We believe that it is in our legitimate interest as well as in your interest that we share your personal information with Schneider Electric subsidiaries on a need to know basis to carry out the data processing activities described in this Privacy Statement, for example for customer relationship management, sales or product support, marketing, product development purposes, improvement of the products, services and digital content, data quality checks, or security, regulatory and compliance purposes.
We resort to service providers to carry out data processing activities and to provide our products, services and online content to you. These service providers include, without limitation, providers of hosting facilities, information systems, marketing agencies, IT support, security services, financial services, carriers who deliver products, outside accounting firms, lawyers and auditors.
We also share the information as follows:
– In connection with the provision of advertising, we may share some limited personal information (e.g. device identifiers, Cookie identifiers) with ad exchanges or agencies that manage advertising on third-party websites and apps on which you may see advertising.
– Schneider Electric may disclose your personal information as necessary to potential buyers and successors in title, to facilitate a merger, consolidation, transfer of control or other corporate reorganization in which Schneider Electric participates. – Where required by law or court orders or in order to protect our legal rights, we will disclose your personal information to government agencies, regulators and competent authorities.
– In other ways described in this Privacy Statement or to which you have otherwise consented.
– In the aggregate with other information in such a way so that your identity cannot reasonably be determined (for example, statistical compilations).
We will not sell or rent your personal information to a third party without your permission.
7. How Do We Protect Your Personal Information?
Schneider Electric complies with widely recognized key data protection principles (fairness, purpose limitation, data quality, data retention, compliance with individuals’ rights, security) and takes reasonable measures for the security of personal information.
Schneider Electric respects the privacy rights and interests of individuals. Schneider Electric subsidiaries will observe the following principles when processing your personal information:
1. Processing personal information fairly and lawfully. ;
2. Collecting personal information for specified, legitimate purposes and not processing it further in ways incompatible with those purposes.
3. Collecting personal information which is relevant to and not excessive for the purposes for which it is collected and used. We may render information anonymous when feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses. ;
4. Maintaining accurate personal information, and where necessary, keeping it up-to-date. We will take reasonable steps to rectify or delete information that is inaccurate or incomplete.
5. Keeping personal information only as long as it is necessary for the purposes for which it was collected and processed. ;
6. Processing personal information in accordance with individuals’ legal rights. ;
7. Taking appropriate technical, physical, and organizational measures to prevent unauthorized access, unlawful processing, and unauthorized or accidental loss, destruction, or damage to personal information.
8. When processing sensitive personal information, ensuring appropriate notice and consent or that the processing otherwise complies with applicable law;
All Schneider Electric subsidiaries must ensure that the above principles are complied with.
Schneider Electric and its subsidiaries are committed to taking commercially reasonable technical, physical, and organizational measures to protect personal information against unauthorized access, unlawful processing, accidental loss or damage, and unauthorized destruction.
We offer the use of a secure server to enable you to place orders or access your account information. We implement access control measures for our internal systems that hold personal information. Authorized users are given access to such systems through the use of a unique identifier and password. Access to personal information is provided to our staff for the sole purpose of performing their job duties. We sensitize our employees on proper use and handling of personal information. Our service providers are also required to maintain security measures similar to ours.
We implement security measures to determine the identity of registered users, so that appropriate rights and restrictions can be enforced for these users. If you are a registered user, we use both logins and passwords to authenticate you. You are responsible for maintaining the security of your login credentials.
By using our digital content or providing personal information to us, you agree that we may communicate with you electronically or otherwise about related security, privacy, use and administrative issues. In spite of our efforts to implement appropriate security measures, online browsing carries inherent risks and we cannot guarantee that it is risk-free.
8. Third-Party and Social Media Websites
We also provide social media links that enable you to share information with your social networks and to interact with Schneider Electric on various social media sites. Your use of these links may result in the collection or sharing of information about you. We encourage you to review the privacy policies and the privacy settings of the social media sites with which you interact to make sure you understand the information that may be collected, used, and shared by those sites and to adjust these settings as you see fit.
9. What Are Your Rights?
You can request access to your personal information and request it to be amended or deleted if inaccurate. You can always object to direct marketing.
Schneider Electric will comply with your rights to access and correct your personal information. You may inquire as to the nature of the personal information stored or processed about you by any Schneider Electric entity and you will be given access to your personal information regardless of the location of the data processing and storage.
If personal information is inaccurate or incomplete, you may request that it be amended.
Requests may be sent to: Global-Data-Privacy@schneider-electric.com
You always have the right to object to our marketing communications. Your prior consent is sought when required by applicable law. To opt out of emails, simply use the functionality provided at the bottom of any email we send you.
Country specific sections may supplement this section.
10. Important Information for Individuals in the EEA
If you are located in the EEA, Schneider Electric also complies with GDPR specific requirements including those relating to legal grounds for processing, cross border data transfers, automated decision making and profiling, data retention, additional rights, claims and DPO contact details.
10.1 What Legal Grounds is Schneider Electric Relying on to Use Personal Information?
The use of personal information is necessary, with respect to the purposes mentioned in section 3 above, to, respectively:
• Perform the contract entered into between Schneider Electric and you in the context of the use of our products, services or digital content. The performance of the contract includes knowing who you are, and your specialty and interacting with you for its performance. It also includes addressing your requests for information, support, your job applications, managing your accounts and your enrollment into our programs and ensuring compliance with the terms and conditions and with this Privacy Statement.
• Comply with legal obligations to which we are subject. For instance mandatory tax and accounting obligations or addressing filing obligations and requests by competent regulatory bodies and authorities.
• When it comes to:
• Surveys, some are carried out in our legitimate interest because they are to measure your satisfaction with services you requested from us. For other surveys we will request your consent. You will always be free not to respond.
• Providing you with marketing communications and interest-based advertising, these activities carried out by us and by our subsidiaries are in our legitimate interests. We will always provide you a possibility to opt out and seek your prior consent where required by applicable law.
• Using location data transmitted by your mobile device, we will seek your prior consent where required by applicable law.
We may also process your personal information for the purposes of our legitimate interests provided that such processing shall not outweigh your rights and freedoms, in particular to:
• Protect you, us or others from threats (such as security threats or fraud),
• Comply with the laws that are applicable to us around the world,
• Improve our products, services and digital content,
• Perform profiling to provide targeted content and interest-based advertising,
• Share information between Schneider Electric subsidiaries and service providers as described in section 6,
• Understand and improve our online activities, our business, our customer basis and relationships in general.
• Enable or administer our business, such as for quality control and consolidated reporting.
• Manage corporate transactions, such as mergers or acquisitions.
10.2 Will Personal Information Be Transferred Abroad?
Schneider Electric being a global Company, the teams working on fulfilling the data processing purposes may have global or multi-country roles. They can then be located anywhere in the world where Schneider Electric operates, including outside the European Union, in countries which do not have equivalent standards for the protection of personal information as in the country where you are located. We may also transfer data to service providers located outside of the EU, including in the United States of America. In the event that these data transfers cannot claim an adequacy decision by the European Commission, Schneider Electric will ensure that they comply with applicable legal requirements, for example, by executing standard contractual clauses or through its Binding Corporate Rules for intragroup transfers as a data controller. To obtain more details on these transfers and, where appropriate, copies of the applicable safeguards put into place, you may contact Global-Data-Privacy@schneider-electric.com
10.3 Do We use Profiling and Make Automated Decisions About You?
We may use profiling to provide you with online content which we believe corresponds to your interests. We combine registration information, such as your work specialty and information about your online activity (i.e. the content you seem to enjoy most) to know you better and provide you with online content corresponding to your profile.
We will not make automated decisions about you that may significantly affect you, unless (1) the decision is necessary as part of a contract that we have with you, (2) we have your explicit consent, or (3) we are required by law to use the technology. In this case, due notice will be provided. – The duration of our relationship (e.g. contract performance duration, account de-activation, your legitimate need to be recognized when you contact us) – Legal requirements for keeping data – Statute of limitations
We keep relevant customers’ data for three years after the end of the contract or the last contact for marketing purposes, and contact data for three years after the last contact for the same purposes.
10.4 How Long Will Personal Information Be Retained?
We will retain your personal information for as long as the information is needed for the purposes set forth in this Privacy Statement and for any additional period that may be required or permitted by law. More precise information is provided in privacy notices applicable to specific digital content. In general, data retention periods are determined taking into consideration:
• The duration of our relationship (e.g. contract performance duration, account de-activation, your legitimate need to be recognized when you contact us)
• Legal requirements for keeping data
• Statute of limitations
We keep relevant customers’ data for three years after the end of the contract or the last contact for marketing purposes, and contact data for three years after the last contact for the same purposes.
10.5 What Are Your Additional Rights?
In addition to the rights provided in section 9 above, you may ask us to erase, restrict or port your personal information and object to the use of your personal information. When data processing is based on your consent, you have the right to withdraw your consent at any time by sending a request to Global-Data-Privacy@schneider-electric.com. For processing necessary to perform the contract or based on legitimate interest, we may not be able to accommodate your request to stop the processing, or if we do so, it may mean that you can no longer access the services or the online content.
10.6 Where Can You Ask Questions and File a Claim?
Questions or comments about the Schneider electric privacy practices or this Privacy Statement can be addressed to the Group Data Protection Officer (DPO):
35 rue Joseph Monier CS3023
92506 Rueil Malmaison-France
If you believe that Schneider Electric has processed your personal information in violation of applicable law or of this Privacy Statement, you may file a complaint with the Group DPO at the contact details provided above or with a supervisory authority.