Schneider Electric Online Marketplace Privacy Notice

1. Who is in charge of data processing?

The processing of personal data is carried out by Schneider Electric FZE, a limited liability company incorporated under the laws of United Arab Emirates, registered under no. 2277 JAFZA Freezone, Dubai, UAE, having our registered address at Plot No. S10809, PO box 1719 Jebel Ali, (hereinafter referred to as “we” or “data controller”).

This privacy notice describes how we collect, use, share, or otherwise process personal information as a data controller in the course of operating the Schneider Electric Online Marketplace. We commit to ensure an adequate level of protection for personal data in compliance with applicable laws. We have adopted internal policies which impose common rules for the collection, use and disclosure of personal information by all entities belonging to Schneider Electric Group. To know more, please read our Data Privacy Policy.

2. What types of personal data do we process?

We collect and process the following categories of personal data:

• Identification data, such as name/last name, email address, postal address, account ID, customer account number;
• Information, related to our customer service, such as support requests;
• Information, related to your online purchases, such as favorite list and shopping cart information;
• Professional life data, such as job title, job function, company name and address;
• Traffic data and user behavior data, such as IP address and Device information;
• Bank information, such as your debit card number.

In cases where your account is managed by someone else (such as an administrator or employer), they may provide data on your behalf, on the basis of your consent.

3. Why do we collect and use personal data?

We use information we collect for the following purposes:

• to deliver our services (e.g: give access to the platform). The legal basis for processing personal data for this purpose is Article 6, para. 1, “b” of the General Data Protection Regulation (“GDPR”): the performance of our contract with you;
• to interact with users in relation to complaints or feedback received. The legal basis for processing personal data for this purpose is the law and regulation of the personal data of the UAE Personal Data Protection Act no. 45/2021; and the Qatar personal data protection law.no.13 of 2016; and the Sultanate of Oman Personal data protection law no.6 of 2022; and The Kuwait data privacy protection law no.26 of 2024 and its amendments as may be from time to time;
• - to manage customer relationships (e.g: manage the orders). The legal basis for processing personal data for this purpose is Article 6, para. 1, “b”, GDPR: the performance of our contract with you.
• - to process payment of the products. The legal basis for processing personal data for this purpose is Article 6, para. 1, “b”, GDPR: the performance of the contract between the data controller and you.

We also process information to gather the ratings on our products and services, ensure security and compliance with contract and terms of use, and analyze use of services to improve them. This is based on our legitimate interest to operate Schneider Electric Online Marketplace and to provide services to our customers (Article 6, para. 1, “f”, GDPR). Some of the processing activities, such as the provision of information relating to the standard pricing, costs and products, as well as activities related to personalized experience, are based on your consent. (Article 6, para. 1, “a”, GDPR)

We do not make decisions based solely on automated processing which may produce legal effects or similarly affect you.

4. How long do we keep your personal data?

We keep personal data as needed to perform the purposes described above, taking into consideration the need to provide the services, marketing requirements, security requirements, legal requirements and statute of limitations.

• Personal data, processed for the purposes of the performance of the contract between the data controller and you, is stored for no longer than 5 years after the end of the completion or termination of the contract.
• Personal data, processed on the basis of a legal obligation, is stored until the compliance with this obligation, unless a longer period is required under the law.

5. Who do we share personal data with and where is it processed?

We do not sell your personal data.

Personal data will be processed by our affiliates and suppliers involved in the provision of the services and in the performance of the purposes. Their activities include hosting and maintenance, performance monitoring, payment services provider and security.

Teams and suppliers may have global or multi-country roles, and they can be located anywhere in the world, in countries with different privacy standards than the country of our customers. We take measures to ensure that personal data receives an adequate level of protection. We have internal policies applied by our affiliates and we conclude relevant contracts with our suppliers to ensure appropriate safeguards. Our group has adopted Binding Corporate Rules (BCR). In addition, we conclude Standard Contractual Clauses and rely on EU Commission’s adequacy decisions. To obtain more details and copies of safeguards put into place, you may contact global-data-privacy@schneider-electric.com.

We may also share your personal data, as necessary:

• with competent authorities, based on a good faith belief that disclosure is necessary to respond to a judicial process, a valid official inquiry, or if otherwise required by law;
• to defend our legal rights, or to protect the rights or safety of any person or entity;
• -as instructed by you, our customer or the user;

6. How do we secure personal data?

We follow generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. We maintain appropriate administrative, technical and physical safeguards to protect personal data against accidental or unlawful destruction, accidental loss and unauthorized alteration.

Please note that no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee absolute security.

7. How to exercise your choices and rights about your personal data?

As a data subject, you have the following rights under the applicable data protection law:

(a) Right of Access: You have the right to obtain confirmation and/or detailed information, including a copy of the personal data processed about you.

(B) Right to Rectification: You have the right to request that your personal data be corrected (updated) without undue delay.

(C) Right to Erasure (“right to be forgotten”): If the corresponding requirements are met, you may request that the personal data related to you be deleted without undue delay.

(D) Right to Restriction of Processing: If the corresponding requirements are met, you can request the restriction of the processing. In such case, the respective personal data are designated accordingly and, if applicable, only processed for specific purposes.

(E)Right to Object: You may object to the collection and further processing of your personal data where there is no legal basis for us to continue processing it.

(F) Right to Data Portability: If the corresponding requirements are met, you have a right to data portability in respect of personal data concerning you which you have provided to us, i.e. the right to receive these data in a structured, commonly used and machine-readable format and, if applicable, the right to transmit those data to another controller without hindrance from our side.

(G)Right to Withdraw your Consent: In case the data processing is based on your consent, you have the right to withdraw the consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.





In order to exercise these rights, you may make a request at the contact details available within the application or at global-data-privacy@schneider-electric.com. To ensure the security of your personal data, we may ask you to provide other details to verify your identity.





8. How to contact us?

Email: DPO@schneider-electric.com

Address: DPO Schneider Electric, 35 rue Joseph Monier, CS 30323, 92506 Rueil Malmaison, France





9. Which is the responsible Complaints Office?

If you believe that the data controller has processed your personal data in violation of applicable law, you may file a complaint with the Group DPO at the contact details above or with (a) Schneider Electric FZE, a limited liability company incorporated under the laws of United Arab Emirates, registered Under no. 2277 JAFZA Freezone, Dubai, UAE, having our registered address at Plot No. S10809, PO box 1719 Jebel Ali, Dubai, UAE.





10. Changes to this privacy notice

Please note that this privacy notice may change from time to time. We will provide information about material changes.

Last updated: March 2025

                                                   Schneider Electric Online Marketplace Privacy Notice