The Somfy personal data privacy policy

Latest update: 06-07-2022

Download the pdf version here

At Somfy, we want to be and remain your partner of choice on your journey exploring and experiencing smart home solutions and related products or services. We value the trust you put in us and commit to being fully transparent about how we collect, use and protect your personal data. We recognize your need for reasonable control over your personal data, and we commit to implementing mechanisms, procedures and policies that ensure the confidentiality, integrity and security of your personal data throughout its life cycle.

Somfy Group appointed a Data Protection Officer (DPO) who will ensure that our activities are carried out in compliance with applicable laws.

For questions regarding this Policy, to exercise your rights or to lodge a complaint with us, please contact our DPO (irrespective of which Somfy entity you have been in contact with): dpo@somfy.com

 

This privacy policy (“Policy”) informs you what to expect when we collect and use personal data, i.e.:

  1. Who is concerned by this Policy?
  2. Who is responsible?
  3. How do we collect your personal data and what personal data do we process?
  4. What do we do with your personal data?
  5. Who is receiving your personal data?
  6. How your personal data is protected?
  7. The data retention;
  8. International data transfers;
  9. Your rights;
  10. Minors
  11. Changes to this Policy.

We kindly ask you to carefully review our Policy and to acquaint yourself with its content.

  1. Who is concerned by this Policy?

This Policy applies to you when you visit our websites, when you interact with us with a view to establishing a business relationship, throughout your business relationship with us, when you use the technology we make available to you or when you connect to certain platforms, applications or other solutions we may provide or make available.

This Policy does not apply to Somfy employees, nor to job applicants who may refer to the privacy policy on our careers site.

 

2. Who is responsible?

The legal entity responsible for the personal data collected from you is the entity that determines how, when and why it collects and uses your personal data (“Data Controller”).

The identity of the Data Controller will depend on who you are:

  • If you are a visitor of this website (someone who only views pages on this website), the Data Controller is the Somfy entity presented on this site.
  • If you are an investor, the Data Controller is Somfy SA, 50 avenue du Nouveau Monde, 74300 Cluses, France.
  • If you are a customer or a supplier the Data Controller is the legal entity that manages your business relationship with Somfy. This information can be found on the invoice or purchase order you receive or in the agreement you have entered into with Somfy.

For any other individuals, with the exception of employees working on Somfy sites, the Data Controller is the legal entity that manages your relationship with Somfy. This information can be found in the agreement you have entered into with Somfy or can be obtained from your usual contact person at Somfy.

 

3. How do we collect personal data and what personal data do we process?

Personal data refers to data that can be attributed to you personally.

We collect personal data directly from you (a), but also indirectly through other sources (b), for example when you browse Somfy websites, or subscribe to our feeds on social media.

Regardless of whether we collect your personal data directly or indirectly, we commit to only process personal data that is adequate, relevant and necessary to fulfil the purpose for which it was collected.

  1. Data collected directly from you

We may collect and use personal data that you provide during your interactions with us.

This may include:

  • your title;
  • your full name;
  • your contact details;
  • your role within your company;
  • the products or services that are of interest to you or your company;
  • your opinion and preferences about a product;
  • your communication preferences;
  • your feedback about our services.
  • The content of your call and written messages.

We also collect the information that you provide to us when transacting with us, when subscribing to any of our services, when completing contact forms or creating accounts on any of our websites, when you get in touch with our customer or media relations teams, during fairs or other events that you attend.

Data collected in such cases can include (in addition to the data referred to above):

  • your client number;
  • bank account details;
  • credit card numbers;
  • your signature;
  • your date of birth;
  • any photo that you provide;
  • any location data that you decide to share with us.
  • Data that facilitates the delivery of your order
  • The content of your call and written messages.

Other information collected when you use our products and related applications may include:

  •  the date of your subscription;
  • your email address;
  • cloud ID;
  • your IP address;
  • mobile telephone number;
  • certain information collected from your controller device, including log files, device information and network information, and depending on your chosen services, location or biometric data.

We may process the following personal data attributable to you as a visitor to any premises of a Somfy Group entity:

  • name;
  • company;
  • name of host;
  • identity card number;
  • vehicle number plate;
  • date; and
  • time arriving and leaving our premises.

 

  1. Indirectly, through other sources

We also collect information about you indirectly, for example when you browse Somfy websites, or subscribe to our feeds on social media.

We may use cookies to enhance your browsing experience on our websites. Cookies are small files which are stored on a user's computer; they hold a modest amount of data specific to a particular user and website.

We use two types of cookies:

Cookies that are strictly necessary for the functioning of our websites

We use cookies that are strictly necessary for the functioning of our websites (e.g. analytical cookies that allow us to assess the use and performance of our websites and to then improve their functionalities).

If you do not want to accept the use of cookies, you can change your web browser settings to automatically deny the storage of cookies or to inform you each time a website requests permission to store a cookie. By choosing not to accept cookies, our websites would not work properly.

Third party cookies to improve the interactivity of our websites

Our website relies on certain services offered by third party. These include, but are not limited to :

Share buttons:
- Twitter
- Instagram
- Facebook

Videos broadcast on the website :
- Youtube API (see terms of use and privacy policy)

You can also change your cookie preferences at any time through our cookie management tool by clicking here and see our cookies privacy policy (insert link)

The processing is conducted on the basis of our legitimate interest to gather, monitor and analyze website activity. You do, however, also have to agree with the processing of cookies as set out in the cookie banner which appears when you enter the website.

We also use advertising cookies to so that we can show ads that we deem relevant for you, either on our site, or when you surf the Internet generally. Such cookies are mainly used to limit the number of times you see a particular ad, and help us assess the impact of an ad campaign.

Not accepting advertising cookies does not impact your user experience when surfing our websites.

We may at times also collect information about you from third parties or from publicly available sources such as information about you made available on your company’s website, or from public registries such as Commercial Register.

 

  1. What do we do with your personal data?

We collect and use your personal data where this is necessary to negotiate or perform a contract with you, e.g. to:

  • Manage and maintain our business relationship, including to create and maintain an account in our systems;
  • Manage your orders: for example to process payments, ship samples or final products or services and inform you about the status of your order;
  • Provide services in line with our contractual arrangement;
  • Deliver customer services, for example to address any queries you may have and record and share internally such queries to better answer them and improve our products or services and services in the future.

You are free not to provide such personal data, but should be aware that failure to provide such data will prevent us from negotiating or executing the contract.

We also collect and use your personal data where this is in our legitimate interest, e.g. to:

  • Analyse your feedback and opinion about our products or services to always improve and further develop them;
  • Manage your inquiries when contacting our media or investors relations or when contacting us via the contact form on our website or when using one of our channels for raising complaints;
  • Create statistics to improve our products or services;
  • Send you marketing communications, newsletters and/or end-user surveys about our activities and products or services that may be of interest to you in the course of our business relationship.

Also based on our legitimate interest, we may share your personal data with any affiliate of the Somfy Group, and also:

  • with third party service providers that support our operations in line with applicable data protection laws, including software providers, hosting or legal/tax consultancy services, transportation or credit card/banking services.
  • in connection or in the course of a merger, sale or acquisition of a business.

We also collect and use your personal data with your consent. This includes data that you decide to provide when setting up an account with us, or in response to a specific request that you communicate to us, e.g. to:

  • Subscribe or upgrade to any of our services or that of our partners,
  • Activate your Somfy device,
  • Receive marketing communications or newsletters about our activities, products or services.
  • Participate in contests

Consenting to allowing us to process your data is such circumstances is optional. However, failure to provide that consent will in most cases prevent us from delivering parts or all of the services you subscribe to.

On occasions, we collect or process your data in line with legal or regulatory requirements.

5. Who is receiving your personal data?

We only share your personal data in line with this Policy, and therefore mainly with our employees across different departments and, possibly, other entities of the Somfy Group, only for the following purposes: customer management, central administration of customer and supplier relationships, and for the purpose of streamlining Somfy’s business operations. This sharing of personal data is carried out on the basis of Somfy Group’s legitimate interest to administer its contractual relations within the Somfy Group and maintain an effective business structure.

Where we share your personal data with third parties as outlined in this Policy (e.g. for shipments, financial transactions, software services), we ensure that such third party provides sufficient guarantees to implement appropriate technical and organizational measures to ensure compliance with applicable data protection laws.

 

6. How your personal data is protected?

We put in place a series of technical and organisational measures to secure your personal data and to protect it from unlawful destruction, loss, alteration or access.

Our staff, agents and sub-contractors processing your personal data have signed a confidentiality agreement, or are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.

We impose strict security obligations also on any third-party service provider who handles your personal data in line with this Policy.

 

7. Data retention

We retain your personal data for as long as it is necessary for each of the purposes outlined above.

We may however retain certain of your personal data for compliance with applicable laws and regulations (e.g. for tax and audit purposes) and in accordance with our internal data retention rules.

Processing purposes

Retention Period

  • Buying a SOMFY product
  • Management of personalized communications of goods and services requiring specific consent
  • Order management on a SOMFY website

5 years from the last commercial or contractual contact

Invoices and accounting data

10 years

When using applications and platforms dedicated by SOMFY (other than connection information data, pages viewed and IP addresses)

5 years maximum from the last connection to the user's personal account

Participation in a game organized by SOMFY

1 year maximum at the end of the game if the participant is a prospect

Management of deletion, access or opposition requests

5 years from the date of application

 

Where it is no longer required to retain data that can still identify you, we will either erase, anonymise or aggregate it so that you may no longer be identifiable as a single individual.

 

8. International data transfers

We store and process your personal data mainly on servers located in the EU/EEA or Switzerland.

However, we operate as a global company and rely on international service providers to support our global solutions. Your personal data may be transferred to another country other than the one you reside in.

Any transfer of data outside the EU/EEA or Switzerland is strictly governed by the European Commission's Standard Contractual Clauses, taking into account the technical risks associated with the legislation of the third country where they exist.

9. Your rights

You can contact us through our DPO to exercise your rights over your personal data that we collect or use.

Your rights include your:

  • Right to correct. You can help Somfy ensure that your contact information and preferences are accurate, complete and up to date by filling out an updated contact form on any of our websites, specifying the purpose of the corrections and providing us with proof (e.g. invoice) if necessary.

Please do not send copies of passports or identity cards.

  • Right to object and to restrict. You have the right at any time to object to the use of your personal data by us for direct marketing purposes. Under certain circumstances, you can also restrict our use of your personal data, for example while we take steps to correct inaccurate data following your request;
  • Right to erasure. We delete your personal data on your request unless we need to retain your personal data to comply with applicable laws and regulations and in accordance with our data retention rules;

You can also change your cookie preferences at any time through our cookie management tool by clicking here.

  • Right to withdraw consent. Where we process your personal data based on your consent, you can withdraw your consent at any time; this may mean, though, that it may not be possible to continue providing the service that you requested; You can send your request at the DPO at the following adress : dpo@somfy.com
  • Right to receive and transmit: You have the right to receive the personal data relating to you and that you have provided to us, in a commonly used electronic format. You have the right to transmit that data to another controller (data portability);
  • Right to lodge a complaint. You can contact us if you believe that our use of your personal data is not aligned with applicable data protection laws. You also have the right to lodge a complaint with the data protection supervisory body in your country, or in the country where the Data Controller of your personal data is located.

10. Minors

We do not knowingly collect or solicit personal information from minors. If we learn that we have collected personal information from a minor, we will delete that information as quickly as possible. If you believe that a minor may have provided us with personal information, please contact us at dpo@somfy.com.

11. Changes to this Policy

This date of this Policy is set out before the introductory paragraph above. We may modify this Policy at any time without notice, except if such modifications contain substantial changes that may affect individuals’ rights under applicable privacy and data protection laws, in which case you will be notified of such changes by a prominent notice at the beginning of this Policy.