ONE GLOBAL GROUP
Somfy operates in 59 countries and is the world leader in automatic controls for openings and closures in homes and buildings. It offers a range of motorized solutions and control points and is a key player in smart home systems.
12/03/2024
La Fondation Somfy
Organization
22/01/2018
Commitment
Finance
News & media
27/05/2020
SOMFY’s Privacy Policy regarding personal data
Last update: June 2024
At SOMFY, we want to be and remain your partner of choice on your journey exploring and experiencing smart home solutions and related products or services (our “Products and Services”). We value the trust you put in us and commit to being fully transparent about how we collect, use and protect your personal data. We recognize your need for reasonable control over your personal data, and we commit to implementing mechanisms, procedures and policies that ensure the confidentiality, integrity and security of your personal data throughout its life cycle.
SOMFY Group and the companies composing it (collectively referred to herein as “the Group”, “we”, “us”, or “our”) appointed a Data Protection Officer (DPO) who will ensure that our activities are carried out in compliance with applicable laws.
|
For questions regarding this Policy, to exercise your rights or to lodge a complaint with us, please contact our DPO (irrespective of which Somfy entity you have been in contact with): dpo@somfy.com |
This privacy policy (“Policy”) informs you what to expect when we collect and use personal data, i.e.:
- Who is concerned by this Policy?
- Who is responsible?
- How do we collect your personal data and what personal data do we process?
- What do we do with your personal data?
- Who is receiving your personal data?
- How is your personal data protected?
- The data retention;
- International data transfers;
- Your rights;
- Minors;
- Changes to this Policy.
We kindly ask you to carefully review our Policy and to acquaint yourself with its content.
1. Who is concerned by this Policy?
This Policy applies to you when you visit our websites, when you use our contact forms accessible on the websites of the Group companies, when you interact with us with a view to establishing a business relationship, throughout your business relationship with us, when you use the Products and Services we make available to you or when you connect to certain platforms, applications or other solutions we may provide or make available.
This Policy does not apply to SOMFY employees, nor to job applicants who may refer to the privacy policy on our careers site:
Somfy Privacy Policy - recruitment (somfy-group.com)
2. Who is responsible?
The legal entity responsible for the personal data collected from you is the entity that determines how, when and why it collects and uses your personal data (“Data Controller”).
The identity of the Data Controller will depend on who you are:
- If you are a visitor of one of our websites (someone who only views pages on this website), the Data Controller is the SOMFY entity presented on the website you visit), together with SOMFY Activities SA, 50 avenue du Nouveau Monde, 74300 Cluses, France.
- If you are an investor, the Data Controller is SOMFY Activities SA, 50 avenue du Nouveau Monde, 74300 Cluses, France.
- If you are a customer or a supplier , the Data Controller is the legal entity that manages your business relationship with SOMFY. This information can be found on the invoice or purchase order you receive or in the agreement you have entered into with SOMFY.
- If you are a indirect customer interacting with a Product or Service offer marketed by SOMFY, the Data Controller is the SOMFY entity established in the territory of your country of residence.
- If you belong to a company whose activity could be of interest to the services marketed by SOMFY, the Data Controller is the legal entity that manages your relationship with SOMFY. This information can be found in the agreement you have entered with SOMFY or can be obtained from your usual contact person at SOMFY.
3. How do we collect personal data and what personal data do we process?
Personal data refers to data that can be attributed to you personally.
We collect personal data directly from you (a), but also indirectly through other sources (b), for example when you browse SOMFY websites, or subscribe to our feeds on social media. Regardless of whether we collect your personal data directly or indirectly, we commit to only process personal data that is adequate, relevant and necessary to fulfil the purpose for which it was collected.
a. Data collected directly from you
We may collect and use personal data that you provide during your interactions with our Products and Services.
This may include:
- your title;
- your full name;
- your contact details;
- your role within your company;
- the products or services that are of interest to you or your company;
- your opinion and preferences about a product;
- your communication preferences;
- your feedback about our Products and Services.
We also collect the information that you provide to us when transacting with us, when subscribing to any of our services, when completing contact forms or creating accounts on any of our websites, when you get in touch with our customer or media relations teams, during fairs or other events, including digital ones, that you attend.
Data collected in such cases can include (in addition to the data referred to above):
- your client number;
- bank account details;
- credit card numbers;
- your signature;
- your date of birth;
- any photo that you provide;
- any location data that you decide to share with us;
- data that facilitates the delivery of your order;
- the content of your call and written messages.
Other information collected when you use our products and related applications may include:
- the date of your subscription;
- your email address;
- your cloud ID;
- your IP address;
- your mobile phone number;
- certain information collected from your controller device, including log files, device information and network information, data related to the use of our Products (usage data) and depending on your chosen services, location or biometric data.
We may process the following personal data attributable to you as a visitor to any premises of a SOMFY Group entity:
- name;
- company;
- identity card number;
- vehicle plate number;
- date and time arriving and leaving our premises.
Eventually, we may process the following personal data that can be attributed to you as visitor to our websites:
- the type of internet browser you use;
- the type of operating system and device you use to access the website;
- the domain name of your Internet service provider;
- the website you came from;
- your country of residence and language;
- the pages and options you visit and access on the website;
- Other login and account setup information when you are authenticated.
b. Data collected indirectly, through other sources
We also collect information about you indirectly, for example, when you browse SOMFY websites, or subscribe to our feeds on social media.
We may use cookies to enhance your browsing experience on our websites. Cookies are small text files which are stored on the device you use to access the Internet (computer, mobile phone, tablet), they hold a modest amount of data specific to a particular user and website and allow us to:
- recognise you when you return to our website;
- inform you of new topics that may be of interest to you;
- customise content that may be useful;
- Measure the audience on our websites for commercial purposes;
- Generate targeted and lookalike audiences in order to provide you with advertising and recommendations that may be relevant to you.
We use two types of cookies:
Cookies that are strictly necessary for the functioning of our websites
We use cookies that are strictly necessary for the functioning of our websites (e.g. cookies to identify you on our websites or cookies to remember the content of your shopping cart).
If you do not want to accept the use of cookies, you can change your web browser settings to automatically deny the storage of cookies or to inform you each time a website requests permission to store a cookie. By choosing not to accept these cookies, our websites would not work properly.
Cookies to improve the interactivity of our websites
Our website relies on certain services offered by third party. These include, but are not limited to:
1. Share buttons: Google - Meta - Microsoft - Pinterest - LinkedIn - Spotify – YouTube
2. Videos broadcast on the website : YouTube API (see terms of use and privacy policy)
We also use advertising cookies to so that we can show ads that we deem relevant for you, either on our website, or when you surf the Internet generally. Such cookies enable us, for example, to analyse your visits and personalise the offers we make, the advertisements you see and the communications we send you. We also use cookies to limit the number of times you see a particular ad and help us assess the impact of a campaign. Processing is carried out on the basis of your consent. When you first visit our website, an information banner will be displayed on the page. By continuing to browse the website after clicking on “Accept All”, you expressly consent to the Group placing the cookies you have authorised on your device. The banner will be displayed until you make a choice. If you do not wish to accept all or some of the cookies, we you can select ‘Manage Preferences’ on the banner and follow the detailed instructions. You can also change your cookie preferences at any time through our cookie management tool by accessing our Cookie Policy. Not accepting advertising cookies does not impact your user experience when surfing our websites.
The cookies we use include session cookies that are deleted when you close your browser, and permanent cookies that remain on your browser until they expire, or you delete them. The period of validity of the consent to the deposit of permanent cookies may not exceed 13 months. At the end of this period, we will ask for your consent again.
Our websites and communication tools are known to be particularly attentive to the needs and expectations of our customers and visitors. We may also collect information about you from third parties or from publicly available sources such as information about you made available on your company’s website, or from public registries or information on your profile on a third-party social network if you allow such social network to share it with us. This data may be general information related to your account (e.g., name, email address, profile picture, gender, date of birth, current city, login, etc.) and any other information or activity that you allow the social network to share with us. For example, we may receive your information (or part of it) when you download or interact with one of our applications on a social network. To learn more about how we may obtain your social media information, please visit the website of the relevant third-party social network.
4. What do we do with your personal data?
We collect and use your personal data where this is necessary to negotiate or perform a contract with you, e.g. to:
- Manage and maintain our business relationship, including to create and maintain an account in our systems;
- Manage your orders: for example to process payments, ship and deliver final products or services and inform you about the status of your order;
- Provide services in line with our contractual arrangement;
- Deliver customer services, for example to address any queries you may have and record and share internally such queries to better answer them and improve the quality of our Products and Services in the future.
We also collect and use your personal data where this is in our legitimate interest, e.g. to:
- Analyse your feedback, comments and opinions about our Products or Services to always improve our offer portfolio and further develop our commercial action;
- Manage your inquiries when contacting our media or investors relations or when contacting us via the contact form on our website or when using one of our channels for raising complaints;
- Create statistics to improve our Products or Services;
- Send you information about Products and Services you own.
Also based on our legitimate interest, we may share your personal data with any affiliate of the SOMFY Group, and also:
- with third party service providers that support our operations in line with applicable data protection laws, including software providers, hosting or legal/tax consultancy services, transportation or credit card/banking services.
- in connection or in the course of a merger, sale or acquisition of a business.
We also collect and use your personal data with your consent. This includes data that you decide to provide when setting up an account with us or make a purchase, or in response to a specific request that you communicate to us, e.g. to:
- Subscribe or upgrade to any of our services or to a service offered by one of our partners;
- Activate your SOMFY device;
- Participate in end-user surveys regarding our activities and our Products and Services;
- Participate in events and competitions organised by SOMFY Group or its partners;
- Receive marketing communications or newsletters about our activities, Products or Services;
In some cases, your data may be shared with subcontractors with sufficient guarantees regarding compliance with applicable data protection laws. With your prior consent, your data may also be used to provide you with promotional and advertising offers on our Products and Services, either directly or through partners (Meta, Google, Microsoft and Pinterest). In this case, we undertake to share your data (name, surname, email address, country and phone number) in a secure manner, ensuring that no reuse of your data will be carried out. If you are registered on these social networks and no longer wish to receive these advertisements, you can refer to their respective data protection policies. Consenting to allowing us to process your data is such circumstances is optional. However, failure to provide that consent may prevent you from accessing some of our Services.
Eventually, we may share your personal data in the following cases:
- to respond to the request of an administrative or judicial authority entitled to receive it or upon simple request if required by law, in order to protect our rights, property and safety or that of third parties;
- to prevent fraud and possible illegal activities.
5. Who is receiving your personal data?
We only share your personal data in line with this Policy, and therefore mainly with our employees across different departments and from other entities of the Group, only for the following purposes: customer management, central administration of customer and supplier relationships, and for the purpose of streamlining SOMFY’s business operations. This sharing of personal data is carried out is based on SOMFY Group’s legitimate interest to administer its contractual relations within the SOMFY Group and maintain an effective business structure.
As part of our activities, we may transfer your personal data to third-party service providers. These third-party service providers use personal data only for the purpose of enabling us to provide the Products and Services to which you have subscribed. They may include IT service providers, logistics or marketing partners, data providers, hosting providers, or service providers who assist us with email delivery, financial transaction management, or information analysis.
Where we share your personal data with third parties as outlined in this Policy (e.g. for shipments, financial transactions, software services), we ensure that such third party provides sufficient guarantees to implement appropriate technical and organizational measures to ensure compliance with applicable data protection laws. We will never pass on any personal data to third parties for their own marketing or commercial purposes without your consent.
6. How is your personal data protected?
We put in place a series of technical and organisational measures to secure your personal data and to protect it from unlawful destruction, loss, alteration or access.
Our staff, agents and sub-contractors processing your personal data have signed a confidentiality agreement, or are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.
We impose strict security obligations also on any third-party service provider who handles your personal data in line with this Policy.
7. Data retention
We retain your personal data for as long as it is necessary for each of the purposes outlined above.
We may however retain certain of your personal data for compliance with applicable laws and regulations (e.g. for tax and audit purposes) and in accordance with our internal data retention rules.
When it is no longer necessary to keep data which can still identify you, we may either delete it, anonymise it or aggregate it so that you are no longer identifiable as a single natural person.
|
Processing purposes |
Retention Period |
|
Buying a SOMFY Product Management of communications related to SOMFY’s Products and Services requiring consent Order management from a SOMFY website |
5 years from the last commercial or contractual contact |
|
Management of prospect data |
3 years from the last commercial contact |
|
Invoices and accounting data |
10 years from the issue date |
|
Using Services dedicated to SOMFY’s Products (other than login information data, pages viewed and IP addresses) |
5 years maximum from the last connection to the user's personal account |
|
Participation in a game organised by SOMFY |
1 year maximum at the end of the game if the participant is a prospect |
|
Management of customer deletion, access, or opposition requests |
5 years from the date of application |
8. International data transfers
We store and process your personal data mainly on servers located in the European Economic Area (EEA) or Switzerland.
However, we operate as a global company and rely on international service providers to support our global solutions. Your personal data may be transferred to another country other than the one you reside in.
Any transfer of data outside the EEA, Switzerland or to countries that do not benefit from an adequacy decision issued by the European Commission is strictly governed by the European Commission's Standard Contractual Clauses or by any other appropriate transfer mechanism. These transfers are carried out in strict compliance with the applicable regulations and, where they exist, after obtaining the required authorisations from the relevant supervisory authorities.
9. Your rights
You can contact us through our DPO to exercise your rights over your personal data that we collect or use.
Your rights include:
- Your right to correct. You can help SOMFY ensure that your contact information and preferences are accurate, complete and up to date by filling out the appropriate form on any of our websites, specifying the purpose of the corrections and providing us with proof (e.g. invoice) if necessary. Please do not send copies of passports or identity cards.
- Your right Your right to object and to restrict. You have the right at any time to object to the use of your personal data by us for direct marketing purposes. Under certain circumstances, you can restrict our use of your personal data, for example while we take steps to correct inaccurate data following your request.
- Your right to erasure. We delete your personal data on your request unless we need to retain your personal data to comply with applicable laws and regulations and in accordance with our data retention rules.
- Your right to withdraw consent. Where we process your personal data based on your consent, you can withdraw your consent at any time; this may mean, though, that it may not be possible to continue providing the service that you requested. You can withdraw your consent via the Preference Center.
- Your right to receive and transmit. You have the right to receive the personal data relating to you and that you have provided to us, in a commonly used electronic format. You have the right to transmit that data to another controller (data portability).
- Your right to lodge a complaint: You can contact us if you believe that our use of your personal data is not aligned with applicable data protection laws. You also have the right to lodge a complaint with the data protection supervisory body in your country, or in the country where the Data Controller of your personal data is located.
10. Minors
SOMFY's Products and Services are not intended for minors, and we do not intentionally collect any personal information from minors. However, when using some of our Services, you may be able to create user profiles for minors. In this case, personal data is entered at the initiative of the legal representative, who may modify or delete this information at any time directly from his or her connected Product. When information is collected about a minor by the Services, the minor’s legal representative may also contact the DPO to rectify, modify or delete this information.
11. Changes to this Policy
This date of this Policy is set out before the introductory paragraph above. We may modify this Policy at any time without notice, except if such modifications contain substantial changes that may affect individuals’ rights under applicable privacy and data protection laws, in which case you will be notified of such changes by a prominent notice at the beginning of this Policy.