Publication/last update date: March 7th, 2022
This privacy notice (the "Privacy
Notice") applies to the processing of your personal data carried out
by LEGRAND in the context of your access to LEGRAND services (the "Services")
provided through the Home + PRO application, the Hotel+PROJECT, the Upservice and “EnerUp + Project” applications (the "Application"), as professional and qualified installer of
products manufactured by LEGRAND or by other entities of its group.
For
the avoidance of doubt, the Privacy Notice does not cover:
- the
processing carried out by LEGRAND of personal data relating to end-customers
using products manufactured by LEGRAND (or by other entities of its group):
these processing activities are carried out under the exclusive responsibility
of LEGRAND and are described in a separate document made available by LEGRAND
directly to its end-customers through their dedicated application;
- your
processing of the personal data relating to your customers (including
end-customers for whom you have installed products manufactured by LEGRAND (or
by other entities of its group): these processing activities are carried out
under your exclusive responsibility and must be
described in a separate document provided by yourself to the relevant data
subjects.
For the purpose of this Privacy Notice, the term "Applicable
Data Protection Regulation" means the European regulation no. 2016/679 of 27 April 2016 (the "General Data Protection
Regulation" or "GDPR") as well as any data protection legislation or
regulation that applies to the processing of personal data described in this
Privacy Notice, including:
- with respect to the processing carried out by NETATMO SAS and/or
LEGRAND FRANCE, the French law no. 78-17 of 6 January 1978 and its application
decree no. 2019-536 of 29 May 2019 (the "French Data Protection
Legislation");
- with respect to processing carried out by BTICINO Spa, the Italian
Legislative Decree no. 196 of 30 June 2003 (the "Italian Data
Protection Code").
Any reference to the Applicable Data Protection Regulation shall be
deemed to include any subsequent replacement of or amendment to the Applicable
Data Protection Regulation (or part of the same).
The processing of personal data described in this Privacy
Notice are implemented under the joint responsibility of the following
companies belonging to the LEGRAND group ("LEGRAND" or "we"
(and its derivatives)):
LEGRAND
FRANCE
128, avenue du Maréchal de Lattre de
Tassigny
87045 Limoges Cedex
(France)
BTICINO Spa (or "BTICINO")
Viale Borri 231
21100 VARESE (Italy)
For more
information about the allocation of roles between the aforementioned joint
controllers regarding the processing of your personal data, you can obtain the
key points of the arrangement between the joint controllers on request regarding the concerned
processing, by contacting us using the contact
information provided in the "CONTACT US & CONTACT OUR DPO" section.
To benefit
from our offer (e.g. to use the Application), you need
to be registered by creating an account (the "Account").
When creating the Account, you will be asked to enter an email address and
a password (hashed). Please note that these log-in details are both required
and necessary to provide the Services that you are requesting. If a mandatory
field is not filled in, your Account cannot be created
and you will not be able to benefit from the Services.
|
Type of personal data |
Purposes of the processing |
Legal basis |
|
Email address* Password* Phone number |
Creation and management of your Account |
Performance of the contract based on the general terms of use of the
Application** |
|
|
Sending communications, surveys and/or quizzes in
connection with your Application, the Services or products manufactured by
LEGRAND you have installed at end-customers' premises (the
"End-Customers Products") |
Our legitimate interest in continuously developing and improving our
Services, our communications and commercial relations |
|
|
Direct marketing and customized business
development based on analytical profiling (if any) We will process
your email address in order to send you offers, news and promotions relating to the
Services and End-Customers Products offered by LEGRAND |
Your consent |
|
Analytical
profiling in order to customize our business communications We can send you communications ,
surveys and/or quizzes in connection with your Application, the Services
and/or End-Customers Products you have installed |
Our legitimate interest in continuously
developing and improving our Services, our communications
and commercial relations |
|
|
Notifications done pursuant to the
General terms of use of the Application |
Performance of the contract based on the general terms of use of the
Application** |
|
|
Processing of your requests to exercise
your rights Management of consent and withdrawal of
consent, management of opposition requests against business prospections and
profiling Sending of information regarding changes
made to the Privacy Notice |
Compliance with our obligations
resulting from the Applicable Data Protection Regulation |
*The collection and processing of these personal data are mandatory and necessary for the
creation of your Account and allow access to the relevant Service.
**The general terms of use of the
Application are available here
|
Purposes of the
processing |
Legal basis |
|
|
Language of
the device used to access the Application / our Services, city and country (determined from your IP
address and/or the language you selected) |
Customization of the language on your Application |
Performance of the contract based on the general terms of use of the
Application* |
|
Communications in your Application for business purposes |
Legitimate interest in drawing your attention to our Services and
End-Customers Products; and for the ongoing improvement of our communications |
|
|
Push notifications and/or communications in your Application
for operational / technical purposes |
Performance of the contract based on the general terms of use of the
Application* |
|
|
- Email address - Technical logs, sent only on voluntary basis: data/protocols
managed/exchanged by applications and devices in order to
perform the designed functionalities - details as software and hardware versions, device models etc. - Personal data collected by third-party cookies and services necessary
for the proper performance of the Application and audience measurements (see
the COOKIES AND SIMILAR TECHNOLOGIES section for further details) |
R&D
analysis in order to improve the content and
functionalities of our Application and Services |
Our legitimate interest in the ongoing improvement of our Application and
Services For personal data collected by third-party cookies and services
necessary for the proper performance of the Application and audience measurements
(see the COOKIES AND SIMILAR TECHNOLOGIES section for further details) |
|
Configuration of the installation and customization of the user
experience |
Performance of the contract based on the general terms of use of the
Application* |
|
|
- Date and time of the support request - Exchanges and notes relating to the support
provided - Your Account and contact details |
Technical support |
Performance of the contract based on the general
terms of use of the Application* |
|
Date and time of your last connection through
the Application |
Identification and deletion of inactive user
account |
Our legitimate interest to avoid maintaining
inactive user account |
|
Audience analysis data |
Evaluation of the effectiveness of our
business campaigns. To learn more about this processing,
please see the "COOKIES AND SIMILAR TECHNOLOGIES" section below. |
Your consent |
|
User location |
Fine location and background location
may be used by the app in order to use Bluetooth
connection to discover devices in certain Operating System |
Your consent |
*The general terms of use of the Application are available here
When we indicate
in the Privacy Notice that we are relying on our legitimate interests to
process your personal data, this means that we consider that our legitimate
interests are not overridden by your interests or fundamental rights and
freedoms, in light of the circumstances and measures
that we take to protect your privacy. You can obtain more information about
this analysis (the "Balancing test") on request, by contacting
us using the contact information provided in the "CONTACT US & CONTACT
OUR DPO" section.
Only
the following recipients will have access to your personal data, within the
limits set out below:
· The
internal departments of LEGRAND FRANCE established in France and those of
BTICINO in Italy:
- The
Research and Development (R&D) teams responsible for the Application have
access to: the personal data of your Account (email address only)
and the personal data collected by third-party cookies and services necessary
for the proper performance of the Application and audience measurements (see
the COOKIES AND SIMILAR TECHNOLOGIES section for further details);
- The marketing teams, responsible for direct marketing
and business prospecting operations, have access, where relevant, to:
the personal data of your Account (email address, type of End-Customers
Products you have installed);
-
The teams from our customer service department have access to:
the personal data of your Account (email address only), personal data used for
support purposes when you request it, the type of
End-Customers Products you have installed and the history of your conversations
with our customer service department.
- The administrators
of LEGRAND's cloud which hosts all of your personal data;
- The Research and
Development (R&D) teams responsible for the Application have access to: the personal data of your Account (email address only),
and the personal data collected by third-party cookies and services necessary
for the proper performance of the Application and audience measurements (refer
to the COOKIES AND SIMILAR TECHNOLOGIES
section);
- The marketing teams, responsible for direct marketing and business
prospecting operations, have access, where relevant, to:
the personal data of your Account (email address only), the personal data
collected as part of the analytical profiling described above, the personal
data collected through the use of cookies and third-party audience measurement
services and by the advertising identifiers (refer to the COOKIES AND SIMILAR
TECHNOLOGIES section);
· The service provider named Microsoft AZURE,
responsible for hosting the LEGRAND cloud architecture and the personal data centers which are located in the Netherlands. For your information, your
personal data may be transferred to Microsoft AZURE for hosting purposes in the
United States of America;
· The service provider named SALESFORCE,
supplier of the LEGRAND CRM client base management tool, in order to manage our
commercial relationship with you . For your information, your personal data may be transferred to SALESFORCE
for hosting purposes in the United States of America;
· The service provider named Creeo Studio s.r.l., established in
Italy, for the purpose of distributing our newsletter, where relevant;
· The service provider
NTTData Italia S.p.A., established in Italy, for purpose of analyzing technical support tickets;
· GOOGLE, which has access to the personal data relating to
your browsing when you accept it through the Application or through our cookies
banner on the web Application. For your information, your personal data may be
transferred to GOOGLE for hosting purposes in the United States of America. To
learn more, please refer to the "COOKIES AND SIMILAR TECHNOLOGIES"
section below;
You are
hereby informed that the aforementioned recipients of
personal data are subject to a confidentiality obligation and have undertaken
to use your personal data in accordance with our contractual arrangements and
the Applicable Data Protection Regulation. Where your personal data are
transferred outside the European Economic Area ("EEA"), we
have notably put in place security and confidentiality safeguards that are
deemed appropriate in the light of the GDPR. For your information, you may
obtain access to these safeguards, on request, by contacting us at the address
indicated in the "CONTACT US & CONTACT OUR DPO" section.
We process
your personal data for the durations described below:
|
Purpose of the processing |
Retention
duration of the personal data |
|
|
· Commercial prospecting and direct marketing
activities via email or directly on the Application |
Term of
our contractual relationship, which ends either (i)
by sending LEGRAND a request to delete the Account and the related data (see "CONTACT
US & CONTACT OUR DPO" section), or (ii) upon expiration of the
grace period that you are given to reactivate your Account as of your request
to unsubscribe (in accordance with the APPLICATION TERMS OF USE ). Furthermore,
your Account will be deleted if it remains inactive for three (3) consecutive
years since its last use, unless you object to this deletion. |
|
|
· Notifications or alerts on your Application |
Term of our contractual relationship, which ends either (i) by sending LEGRAND a request to delete the Account and
the related data (see "CONTACT US & CONTACT OUR DPO"
section), or (ii) upon expiration of the grace period that you are given to
reactivate your Account as of your request to unsubscribe (in accordance with
the APPLICATION
TERMS OF USE ). Furthermore, your Account will be deleted if it remains inactive for
three (3) consecutive years since its last use, unless you object to this
deletion. |
|
|
· Surveys and quizzes · Competitions |
Two (2) years following the personal data collection |
|
|
· Analytical profiling in
order to customize our business communications |
Term of our contractual relationship, which ends either (i) by sending LEGRAND a request to delete the Account and
the related data (see "CONTACT US & CONTACT OUR DPO"
section), or (ii) upon expiration of the grace period that you are given to
reactivate your Account as of your request to unsubscribe (in accordance with
the APPLICATION TERMS OF USE). Furthermore, your Account will be deleted if it remains inactive for
three (3) consecutive years since its last use, unless you object to this
deletion. |
|
|
· Language selected for the device used to access
the Application / our Services in order to adapt the
content of our communications for business purposes and for operational /
technical purposes |
Term of our contractual relationship, which ends either (i) by sending LEGRAND a request to delete the Account and
the related data (see "CONTACT US & CONTACT OUR DPO"
section), or (ii) upon expiration of the grace period that you are given to
reactivate your Account as of your request to unsubscribe (in accordance with
the APPLICATION
TERMS OF USE ). Furthermore, your Account will be deleted if it remains inactive for
three (3) consecutive years since its last use, unless you object to this
deletion. |
|
|
· Evaluation of the effectiveness of our
business campaigns using audience measurement tools installed in the
Application |
Google Analytics: thirteen
(13) months as from the date on which the measurement tool is placed in the
Application
|
|
|
Account management and configuration of the Application: · Creation and management of your Account, conditioning your access to our
Services · Configuration of the installation and customization of your user
experience · Creation of your customer card on the LEGRAND customer management tool
(Salesforce) |
Term of our contractual relationship,
which ends either (i) by sending LEGRAND a request to delete the Account and the related data
(see "CONTACT
US & CONTACT OUR DPO" section), or (ii) upon expiration of the
grace period that you are given to reactivate your Account as of your request
to unsubscribe (in accordance with the APPLICATION TERMS OF USE ). Furthermore, your Account will be
deleted if it remains inactive for three (3) consecutive years since its last
use, unless you object to this deletion. |
|
Processing of the personal data
collected when you use the Application and/or the Services:
· R&D analysis in order to improve the content
and functionalities of our Services · Technical support · Identification and deletion of an inactive Account |
Term of our contractual relationship, which ends either (i) by sending LEGRAND a request to delete the Account and
the related data (see "CONTACT US & CONTACT OUR DPO"
section), or (ii) upon expiration of the grace period that you are given to
reactivate your Account as of your request to unsubscribe (in accordance with
the APPLICATION
TERMS OF USE ). Furthermore, your Account will be deleted if it remains inactive for
three (3) consecutive years since its last use, unless you object to this
deletion. |
|
|
· Processing of your requests to exercise your rights · Sending of information regarding changes made to the Privacy Notice · Management of consent and withdrawal of consent, management of
oppositions against receiving business prospecting and profiling, management
of requests to unsubscribe from business communications |
Three (3) consecutive years as from the receipt of the request regarding
the exercise of your rights or the sending of information regarding changes
made to the Privacy Notice |
|
|
Location |
Informations about user's location are used only for
discovering devices with Bluetooth connection; data are cancelled after this
usage. |
|
Please note that the above durations remain
subject to mandatory data retention requirements that
may apply to us and, where relevant for the establishment, exercise or defence of legal claims, to the applicable statutory
limitation periods.
Lastly, we draw to your attention that
uninstalling our Application
does not automatically imply the deletion of your personal data. To do so, you
must send a voluntary deletion request to LEGRAND (see "CONTACT US & CONTACT
OUR DPO"
section) or make a request to unsubscribe (in accordance with the APPLICATION TERMS OF USE).
You may have
the opportunity to subscribe for services provided by third-party partners that
result from the sharing of our APIs (for example services making it possible to make
available some functionalities from another interface, etc.). When you decide
to use these third-party services partners, you must grant a delegation for
access to the personal data available on the LEGRAND
cloud, since we do not make your personal data available to third-party
services partner without your express consent. This subscription shall also be
subject to acceptance of specific general terms of use from the third-party
services partner. In this case, the user recognizes that LEGRAND does not
possess and has no control over these third-party services partners and that it
is not responsible for the processing of personal data implemented by these
third-party services partners. For more information about how these third-party
services partners process your personal data, we recommend that you refer to
the concerned third-party services partner's privacy notice.
We have
implemented adequate physical, electronic and
administrative protection security measures in accordance with applicable
regulations to protect your personal data. However, we wish to draw users'
attention to the potential risks regarding confidentiality of the personal data
related to internet usage. In particular, users are responsible for putting in
place or ensuring the existence of means securing their personal internet
network, as well as for ensuring the proper configuration of the box connected
to the internet access provider, and other wireless access means (e.g. WIFI, 4G, etc.).
We intend to keep your personal data accurate, complete
and up-to-date. In order to
do so, you can visit the "MY ACCOUNT" section of your Application.
Pursuant to the
Applicable Data Protection Regulation, you benefit from the following rights in
relation to the processing of your personal data:
· Right of access: you can ask to
obtain a copy of your personal data from us, as well as to receive information
regarding the processing of your personal data (such as the categories of
personal data that are processed, the purposes of the processing, the
categories of recipients to whom the personal data is communicated, the
retention period of the personal data);
· Right to rectification: you can ask us
to correct, complete, update your personal data if it is inaccurate,
incomplete, ambiguous and/or expired;
· Right to erasure: you can ask us
to delete your personal data under certain circumstances (for example, in
application of Article 17 of the GDPR, if your personal data is no longer
necessary for the purposes for which they were collected or are processed; or
if you have withdrawn your consent for processing your personal data, as long
as the prior consent was the legal basis for their collection and processing
and there is no longer any other legal basis justifying the latter);
· Right to restriction: you can ask us
to limit the processing of your personal data under certain circumstances (for
example, in application of Article 18 of the GDPR, when you contest the
accuracy of the personal data, the time needed for us to verify this point);
· Right not to be subject to certain specific
processing: you can ask us, in application of Article 22 of the
GDPR, not to subject you to a decision based exclusively on automated
processing, including profiling, producing legal effects concerning you or
significantly affecting you in a similar manner;
· Right to object: you may
object to the processing of your personal data for a reason relating to your
specific situation (in accordance with, and within the limits of, Article 21 of
the GDPR). Where personal data are processed for direct marketing
purposes, you can object at any time to such processing, including where it
includes profiling activities (to the extent that they
relate to such direct marketing);
· Right to portability:
you can ask to receive your personal data – when they are processed on the
legal basis of your consent or if necessary for the performance of a contract –
in a structured, commonly used and machine-readable format, and request that we
transmit them to another data controller (for example, another service provider);
· Right to withdraw consent: you can
withdraw your consent at any time, without providing a reason, for all of the
processing activities described in the Privacy Notice for which the legal basis
for processing is your consent;
· Right in case of death: pursuant to article 85 of the French Data Protection
Legislation, you can define guidelines relating to the preservation, erasure and communication of your personal data by
NETATMO and/or LEGRAND FRANCE after your death. These guidelines may be general
or specific. The general guidelines relate to all of
your personal data and can be recorded with a trusted digital third party
certified by the French supervisory authority. The specific guidelines relate
to the processing of your personal data described in this Privacy Notice, and can be recorded with us.
To exercise any of these rights, you may send your request at any time,
using the contact information provided in the "CONTACT US & CONTACT OUR DPO" section of this Privacy Notice. Requests will be
processed as long as you can validly prove your
identity and the subject of your request is clearly identified. Requests will be processed promptly, and
in any case within no more than one (1) month from receipt of the request. If
needed, this period may be extended by two (2) months, depending on the
complexity of the request and number of requests. In this case, we will inform
you of the reasons for this extension. No payment will be required to exercise your
rights, except in case of clearly unfounded or excessive request. In this case,
we also reserve the right not to grant your request.
In addition to the
rights described above, you may lodge a complaint at any time with a competent
supervisory authority. For instance, under the GDPR, you may lodge such a
complaint in the country in which you reside or work (if relevant) or where the
alleged breach has occurred, if you feel that our processing of your personal
data breaches the Applicable Data Protection Regulation. In
France, the supervisory authority is the Commission Nationale de l'Informatique et
des Libertés (the"CNIL"). In
Italy, the supervisory authority is the Garante
per la Protezione dei Dati Personali (the"GPDP").
You can see the date of
the last update to the Privacy Notice by referring to the "Last update" note at the top of the Privacy Notice.
When we are considering making substantial changes to this Privacy Notice
(for example, a change to the processing purposes of the personal data, the
identity of one or several data controllers, or the manner in
which you can exercise your rights), we will inform you before these
changes become effective, via email (and also, where possible, via an in-app notification). This information is accompanied by an "I understand" button, which we ask you to click on in order to confirm that you have understood the changes.
You are hereby informed that you
can consult this Privacy Notice at any time on our website “myconnectedaccount”, which is accessible from your
Application.
By email:
Via the online
form on the website
https://www.legrandgroup.com/en/data-privacy
By mail:
Service Consommateurs Legrand
128, avenue du Maréchal de Lattre de Tassigny
87045 Limoges Cedex - France
Our DPO:
Data Protection
Officer – Julie Celma
128, avenue du Maréchal de Lattre de Tassigny
87045 Limoges Cedex – France
fr-sm-data-protection-officer@legrand.com