The Somfy Group would like to be and remain your partner of choice as part of your exploration and experience with smart home solutions and related products and services. We value the trust you place in us and are committed to being fully transparent about how we collect, use and protect your personal data. We recognize your need to exercise reasonable control over your personal data and we undertake to implement mechanisms, procedures and policies that ensure the confidentiality, integrity and security of your personal data throughout its life cycle.

The Somfy Group has appointed a Data Protection Officer (DPO) to ensure that our activities are carried out in accordance with applicable laws.

---

For any questions regarding this Policy, to exercise your rights or to file a complaint with our organization, please contact our DPO (regardless of the Somfy entity with which you have been in contact):

DPD
50, avenue du Nouveau Monde
74300 Cluses, France
+33 4 5096 7000
dpo@somfy.com

---

This Data Protection Policy ("Policy") informs you about what you can expect when SOMFY Protect by Myfox (hereinafter referred to as "SOMFY Protect")* collects and uses personal data, namely:

*For the purposes of this policy, "Somfy Protect" refers to Somfy Protect by Myfox, S.A.S., a company domiciled in Regent Park II - Building 1, 2460 voie l'Occitane, 31670 Labège, France

We can also refer to Somfy Protect by using the terms "we" or "us".

Please review our Policy carefully and familiarise yourself with its contents.

In order to offer you the Service under the best possible conditions, SOMFY Protect, acting as data controller, collects and processes your personal data.

This Policy applies:

- when you visit the SOMFY Protect websites,

- when you interact with SOMFY Protect to establish a business relationship,

- when you use SOMFY Protect's software, web and mobile applications and materials (the "Services") that we make available to you or when you connect to certain platforms or other solutions that we may provide you with or put at your disposal.

This Policy does not apply to Somfy Group employees or applicants for a position who may refer to our data protection policy on our careers website: https://www.somfy-group.com/en-en/careers/getting-to-know-us/somfy-privacy-policy-recruitment.

The legal entity responsible for the personal data collected from you is SOMFY Protect which collects and processes your personal data as part of the Services ("Data Controller").

If SOMFY Protect offers you the opportunity to access its Services and Products through a third-party website or service provider ("TPS"), you may also need to read and agree to the terms of service and the privacy policy of the said TPS in order to be able to use the SOMFY Protect Services.

SOMFY Protect Services may contain advertisements from companies other than Somfy Protect that may have links to their own websites. We are not responsible for the content of these websites or their privacy practices. If you have questions about how these websites use your personal information and data, you should refer to their policies and contact them directly.

Personal data refers to data that can be attributed to you personally.

We collect personal data directly from you (a), but also indirectly through other sources (b) for example when you browse Somfy Group websites or subscribe to our content on social networks.

Regardless of whether we collect your personal data directly or indirectly, we undertake to process personal data only in a manner that is suitable, relevant and limited to the purposes for which we collected it.

           a. Data collected directly from you

We may collect and use personal data that you transmit during interactions with our services.

This may include:

• your title;
• your full name;
• your contact details;
• the products or services that interest you or your company;
• your opinion and your preferences regarding a product;
• your communication preferences;
• your comments about our services

We also collect information that you provide when you conduct business with us, when you subscribe to one of our services, when you complete contact forms, or when you create accounts on any of our websites, when you get in touch with our customer team or media relations team, during trade shows or other events in which you are involved.

The data collected in such cases includes (in addition to the above data):

• your customer number;
• your bank details;
• your credit card numbers;
• your signature;
• any photo that you provide;
• any location data you decide to share with us.

Other information collected when you use our products and related applications may include:

• the date of your subscription;
• your email address;
• your cloud ID and passwords;
• your MAC address, IP address and other information that helps us to make sure it's really you logging into your account;
• your mobile phone number;
• certain information collected from your control device (including your mobile device identification number or computer system), information about your activities in the context of Somfy Protect Services, including log files (server logs or Internet logs), device information, network information, and depending on the services you have chosen, location data or biometric data, and usage statistics about your interactions with Somfy Protect Services and cookies
• correspondence exchanged and all the information contained therein, including location data and other information on the current status of your home and its surroundings (depending on the connected Equipment)

           b. Indirectly, via other sources

We may be required to process information and personal data about you received from a Third-Party Service Provider (TPS). If you can access SOMFY Protect Services or use them via a TPS, SOMFY Protect may receive or be granted access to certain information and personal data about you by this TPS. By contractually accessing SOMFY Protect Services via the TPS, you authorise Somfy Protect to access, use and store this information and personal data. You can control and learn more about the settings for transmitting this personal data to the TPS from which you access or use our Service. For example, Somfy Protect may be able to access and store your name, profile picture, location, gender, and other information to which you or the TPS have previously authorised access at the TPS.

Use of location data by the app

The apps offered by Somfy Protect may receive information about your location from mobile operating systems (Android, iOS) as long as you have agreed to such processing.

However, we do not conduct ongoing monitoring of movements; they only receive occasional information from their partners that the person is located in a pre-defined zone in order to enable them to interact with services and connected objects.

We may from time to time collect information about you from third parties or from other publicly available sources such as information that you make available on your company's website or from public registries such as the Trade and Companies Register.

           c. Cookies and other trackers

We also collect information about you indirectly, e.g., when you browse Somfy websites in accordance with the Cookies policy available on such websites or when you subscribe to our content on social networks.

You may change your cookies preferences any time through the preferences center accessible on our websites.

Mobile apps.

We use several types of what are referred to as local tracking trackers in our mobile apps to improve interactivity and offer practical features for users.

This use is based on our legitimate interest: it is a question of:

• trackers required for the app to function

Such technical trackers enable the app to function optimally. In particular, they enable the user to use the features offered by the app, e.g., maintaining your identification while browsing.

• User interface customization trackers

Such trackers enable the app to adapt to the user’s profile based on the equipment they have. As they are an intrinsic, expected element of the service, they are exempt from consent.

• Technical information feedback trackers

These trackers make it possible to continuously improve the app by providing contextual elements concerning crashes of the app.

For more transparency, we would like to inform you that analytical trackers are also put in place in our apps. Nevertheless, they target groups of users and cannot be used to identify individuals.

We collect and use your personal data when necessary to negotiate or perform a contract with you, for example to:

• manage and maintain our business relationship (e.g., notify users of updates to the Services or the availability of new compatible products), including creating and maintaining an account within our systems;
• manage your orders: for example to make payments, ship final products or services and inform you of the status of your order;
• provide services in accordance with our contractual agreement; provide customer services, for example to process any requests (including support requests) that you may have and to register and internally share such requests in order to respond more appropriately and improve our products and services in the future.

We may have access to your personal data and the content of all your online communications (including chat conversations, voice communications, videos, IP addresses and your personal information) to provide the Somfy Protect Services you subscribe to, including for account creation and the maintenance of our services.

You are free not to transmit such personal data, but you should be aware that failure to provide such data will prevent us from negotiating or performing the contract.

We also collect and use your personal data when it is in our legitimate interest, e.g. to:

• analyse your feedback/comments and your opinions about our products or services in order to continuously improve them and continue to develop them in the future;
• manage your enquiries when you contact the media relations or investor relations teams via the contact form on our website or when you use one of our complaint channels;
• create statistics to improve our products or services;
• send you marketing information, newsletters and/or end-user surveys about our activities and our products or services that may be of interest to you during our business relationship.

We may also, on the basis of our legitimate interest, share your personal data with any Affiliate of the Somfy Group and also:

• with third-party service providers who assist us in our operations in accordance with applicable data protection laws, including software providers, hosting or legal/tax consulting services, as well as transport or credit/banking card services;
• In the event of a merger, sale or acquisition of a structure.

We also collect and use your personal data with your consent. It includes the data you decide to provide us with when you open an account with our organisation or in response to a specific request you send us, e.g. to:

• subscribe to any of our services or partners or to improve them;
• activate your Somfy device;
• receive marketing communications or newsletters about our activities, products or services.

Consent to enable us to process your data under such circumstances is optional. However, not giving consent will in most cases prevent us from delivering all or part of the services you subscribe to.

On this occasion, we collect or process your data in accordance with legal or regulatory requirements.

Your personal data may be processed and transmitted:

• in order to meet a written and substantiated request from an administrative or judicial authority authorised to receive communication of it
• to prevent fraud and any illegal activities
• to agencies, judicial officers and departmental officers as part of their debt collection assignment

We do not sell your personal data to third parties. We may share (i) aggregated information (i.e., information about you and other users collectively, but not specifically identifying you); (ii) anonymous information; and (iii) certain technical information (including certain personal data such as IP addresses, MAC addresses for mobile devices and mobile device identifiers) for the purpose of developing and disseminating targeted advertising within the Somfy Protect Services and on third-party websites after receiving your prior consent.

We only share your personal data in accordance with the provisions of this Policy and therefore mainly with our employees in the various departments and possibly with other entities of the Somfy Group, solely for the following purposes: customer management (at all phases of the contract, including after-sales service), central administration of customer and supplier relations and to streamline Somfy's business operations. The sharing of the personal data in question is carried out on the basis of the Somfy Group's legitimate interest and the maintenance of an efficient commercial structure.

When we share your personal data with third parties in the manner set out in this Policy, particularly in point 4 (e.g. for shipments, financial transactions and software services), we ensure that the third parties in question provide sufficient guarantees to implement appropriate technical and organizational measures to ensure compliance with applicable data protection laws.

We put in place a series of technical and organizational measures to secure your personal data and protect it against destruction, loss, alteration or unauthorized access. We are committed to protecting the video transmissions of our users as well as all of their personal data.

The members of our staff who process your personal data have entered into a confidentiality agreement.

We may disclose your personal information and data to third-party companies, acting as subcontractors of Somfy Protect, to provide services on our behalf, including payment processing, data analysis, sending emails, hosting services, customer services, and so that they may assist us in our marketing efforts. We instruct all such third-party service providers not to use your personal data for any purpose other than providing services on behalf of Somfy Protect. Subcontractors of Somfy Protect are bound by a duty of confidentiality or must comply with an appropriate regulatory duty of confidentiality.

We impose strict security requirements on any third-party service provider in accordance with the provisions of this Policy.

SOMFY Protect, however, wishes to draw the attention of the users of its Services to the possible risks in terms of confidentiality of your personal data related to the operating of the Internet. It is important that you protect and maintain the security of your Customer Account and your personal computer network. It is the responsibility of users of the SOMFY Protect Services to immediately report any unauthorized use of a Customer account. We ask that you take all precautions to protect your personal information (including the password of your Customer account) and to log out from your session after use.

If your account is hacked, this may result in unauthorized use of SOMFY Protect Services. You should therefore be careful and ensure the security of your personal data.

Even if we take reasonable precautions to guard against potential security breaches on our websites and on our databases and files on our users, no website or transmission over the Internet is completely secure, and we cannot guarantee that unauthorized access, hacking, data loss or other harm will never occur.

We keep your personal data as long as necessary for each of the purposes set out above.

However, we may retain some of your personal data for compliance with applicable laws and regulations (e.g. for tax or verification purposes) and in accordance with our internal data retention rules.

When it is no longer necessary to retain data that can still identify you, we may either delete, anonymise or aggregate it so that you are no longer identifiable as an individual natural person.

We store and process your personal data mainly on servers located in the EU/EEA or in Switzerland.

However, we operate as a global company and rely on international service providers to assist us with our global solutions. Your personal data may be transferred to a country other than the one in which you reside.

Somfy Protect may employ subcontractors located or hosting their data outside the European Union. As such, any transfer of your data to a country outside the European Union will be conducted under sufficient and appropriate security and confidentiality terms under European law.

You can contact us through our DPO (dpo@somfy.com) to exercise your rights in relation to your personal data that we collect or use.

Your rights include your:

• right of access and rectification. You have the right to receive confirmation as to whether or not we process your personal data and in such cases you have the right to request a copy of the personal data that we hold about you and you may correct or supplement the personal data that we hold about you at any time by contacting us.

For Somfy Protect Services, two access channels are possible:

* Information collected and processed from a TPS

• To manage information about you that Somfy Protect may receive from a TPS, you will need to follow the instructions provided on the relevant TPS website for updating information and changing privacy settings. You can also sometimes manage certain aspects of the collection and use of your personal information and data by consulting the settings of your device (mobile) and checking the permissions of each application.

* The information collected and processed via the Somfy Customer Account

• You may access and/or update your personal information and data through your Customer Account as part of the Service.

Any information shared with a TPS may be retained by that third party after we have removed it from our files. Please refer to the privacy policies of this TPS to get information about their procedures for deleting your personal data stored in their databases.

You can help Somfy to ensure that your contact information and preferences are accurate, complete and up-to-date by filling out an up-to-date contact form on any of our websites or by contacting our DPO at the following email address dpo@somfy.com with your corrections and updates;

• right of access and limitation. You have the right at any time to oppose the use of your personal data by us for solicitation purposes. In certain circumstances, you may also limit our use of your personal data, for example when we take steps to correct inaccurate data as a result of your request; You may choose not to receive additional promotional emails from Somfy Protect by clicking on the "unsubscribe" link in the emails in question.
• right to erasure. We delete your personal data at your request unless we are obliged to keep your personal data in order to comply with applicable laws and regulations and in accordance with our own data retention rules;
• right to control cookies and other technologies on our websites. We use cookies to improve your browsing experience on our websites. When you visit our websites for the first time, you are asked to configure your choices and give your consent regarding the use of cookies and other technologies. You can manage your selections at any time using our preferences center. You may set your preferences for how you would like your data to be used based on the purposes and third-party partners. Some third parties may process data based on a legitimate interest and you may choose to unregister.
• right to withdraw your consent. When we process your personal data on the basis of your consent, you may withdraw your consent at any time; however, this may mean that it will no longer be possible to provide the service you request;
• right to receive and transfer: You have the right to receive your personal data that you have transmitted to us in a commonly used electronic format. You have the right to transfer the data in question to another controller (data portability);
• right to file a complaint. You may contact us if you believe that our use of your personal data does not comply with the provisions of applicable data protection laws. You also have the right to lodge a complaint with the data protection supervisory authority of your country or the country in which the Data Controller processing your personal data is located.

Somfy Protect Services are not intended for minors and we do not intentionally collect any personal information from minors. If information was collected about a minor by the Services, the minor's legal representative may contact the DPO to rectify, modify or delete this information.

The date of this Policy is established before the introductory paragraph above. We may change this Policy at any time without notice, unless the changes in question contain material changes that could affect the rights of natural persons under applicable privacy and data protection laws, in which case you will be informed of the changes in question by a prominent notice at the beginning of this Policy.