PERSONAL DATA PROTECTION POLICY - Vae Solis Communications

Our philosophy and commitments

Vae Solis is committed to protecting your personal data and is committed to ensuring a high level of protection for your personal data in accordance with European Regulation 2016/679 and the French Data Protection Act n°78-17.

To this end, you will find below our privacy policy, which explains in particular what personal data we collect, how it is processed and on what basis, how it is stored and your personal rights. We invite you to read it.

Our Data Protection Officer is at your disposal to answer any questions you may have. You can contact him at the following address: rgpd@vae-solis.com

You can find the text of the applicable European Regulation here: https://eur-lex.europa.eu/legal-

content/FR/TXT/?uri=CELEX%3A32016R0679 or contact the regulatory authority (CNIL) via its website www.CNIL.fr.

This version of the personal data policy may be modified by us from time to time and you will be informed accordingly.

Your data controller

Vae Solis is the party responsible for processing your personal data and whose contact details you will find below; it is referred to herein by its name or "We".

Your personal data and their collection by Vae Solis

Your personal data may be collected during: your visit to our site,

our exchanges,
our prospecting activities,
the formation or performance of our contracts.

We do not collect any data that is not necessary for the purpose stated at the time of collection or that is prohibited by law or regulation.

The collection of certain data may be mandatory or optional, and you are informed of which information is mandatory. Your personal data may be collected by third-party service providers or partners, who undertake to comply with European and national regulations on personal data.

Our policy is not to transfer your data outside the European Union; if by exception we do so, such transfer may only take place to a country or organization covered by an adequacy decision (art.45 RGPD) or presenting appropriate sufficient guarantees (art.46 RGPD).

We do not make any automated decisions.
We may collect the following personal data:

Personal data, identity, contact details, images Professional life
Economic and financial personal data

Our processing of your personal data

We process your personal data by inserting it into databases; it is stored, kept and, if necessary, rectified, deleted, archived, anonymized or pseudonymized, or transferred to trusted third parties.

We may process your personal data for the following purposes or for purposes specified to you at the time of collection:

2/7

Your information on our commercial (products, services, etc.) and promotional offers - Communicate with you

We may use your personal data for commercial prospecting purposes, and in particular to send you information on our products/services, our commercial and promotional offers, quotations and other pre-contractual documents, and our latest news by e-mail, post or telephone.

Fulfillment of current contracts and customer care

We use your personal data to carry out current contracts in accordance with your requests. We may also send you information about your order or your current contracts, their execution, your invoices and contractual documents, advice, the execution of our guarantees where applicable and our legal obligations. We also use your personal data to manage our customer relations, your requests or complaints, any disputes and to keep track of your customer history.

Improving the use of our services and enhancing our offerings

We process your personal data to enable you to make optimal use of our services, to improve our offers and products/services, and to track your user experience, conduct satisfaction surveys, polls and anonymous statistics.

Your payments

Your bank details may be collected either directly by us or by a selected, dedicated service provider, who guarantees the complete confidentiality of your bank details. These details are only kept for the time required to complete the contractual relationship or within the legal limits.

Protection against fraudulent initiatives

The personal data collected may be used to combat fraud, particularly with regard to payments or direct debits. In this respect, our payment security service providers may receive this data.

Ensuring compliance with the law and court rulings

Your Data may be used for :

respond to a request from an administrative or judicial authority, a representative of the law, a court officer or comply with a court order;

ensure compliance with our general terms and conditions of sale/service;

protect our rights and/or obtain compensation for any damage we may suffer or limit the consequences thereof;

prevent any action contrary to the laws in force, particularly in the context of fraud prevention.

We may also process your personal data for the following purposes: Security

Personal and property protection, video surveillance and badge security Creation of security directories

Miscellaneous

Diary management
Electronic signature
Legal and contractual warranties

Internet

Create and manage your user account
Customer statistics and surveys: Some data is processed for statistical purposes, in particular to evaluate and improve the performance of our programs, or to measure the audience for our site. Personal data is anonymized for this purpose.

The basis for processing your personal data

3/7

In accordance with the regulations, the processing of your personal data by us is justified if it is based on one of the following grounds:

Your consent to the processing of your data by us : you agree to the processing of your personal data by means of express consent. You can withdraw this consent at any time by contacting our DPO; or

The existence of a contract between you and us: the processing of data is then justified by the need to perform the contract; or

Our legitimate interest in processing your personal data, provided that this proportionate interest respects your fundamental rights and privacy; or

Applicable laws and regulations, where these require us to process and store your personal data.

How your personal data is stored and for how long

We manage your personal data in three phases:

an active phase where the data is stored for the time indicated below in the
"active" database: your personal data is then only accessible to those who have an operational need to access it in order to carry out the authorized processing.

an archiving phase (for an additional period of time to the "active" database) when justified by a legitimate reason: your personal data is then archived with restricted access and for a limited period of time.

A deletion or anonymization phase: at the end of the additional archiving period, your personal data is deleted or anonymized (so that it can no longer be used to identify you personally).

Your personal data is kept for the time required to process it, to support our customer relations where applicable and to fulfill contracts, and within the limits specifically laid down by law. We may keep your personal data for archiving purposes, in order to keep accounting, tax or evidential documents for as long as required by applicable regulations. By way of example, we indicate below the retention periods applying to the following processing operations (subject to regulations imposing a differentiated retention period):

Purpose of processing	Basis of treatment	Retention of personal data in the "active" database	Additional archiving
Prospecting	Your consent	3 years if you have not actively responded to any solicitations. The time limit starts running again if you actively solicit us.	X
Fulfilment of our contractual obligations to you / services	Contract	The time necessary to fulfill the contract and 3 years from the end of the commercial relationship (last activity (such as completion of contract (purchase, service ...), connection to the site as a registered user).	5 years at the end of the contractual relationship
Customer relations	Contract	3 years from the end of the commercial relationship (your last activity with us)	5 years at the end of the contractual relationship

Withdrawal of your consent to the collection or processing of your personal data

Your consent to the collection of your personal data may be withdrawn by writing to our DPO by email or by post to the addresses given at the top of the page, mentioning your surname, forename, e-mail address and any other relevant information.

4/7

mail and address with the precise nature and purpose of your withdrawal request.
You can also send us any comments about your personal data to Vae Solis

Exercising your rights regarding your personal data

You have:
A right of access, which enables you to obtain :

Confirmation that your personal data is or is not being processed;

Communication of a copy of all personal data held by the data controller.

A right to request the portability of certain data: this allows you to recover your personal data in a structured, commonly used and machine-readable format.

A right of opposition: this allows you to opt out of commercial prospecting by us or our partners, or, for reasons relating to your particular situation, to stop the processing of your data for the purposes of research and development, the fight against fraud and prevention.

A right of rectification : this allows you to have information about you rectified if it is obsolete or erroneous. It also enables you to have incomplete information about yourself completed.

A right of deletion : this allows you to obtain the deletion of your personal data, subject to the legal retention periods. This right may apply in particular if your data is no longer required for processing.

A right of limitation : This allows you to limit the processing of your data in the following cases:

In the event of unlawful use of your data;
If you dispute the accuracy of your data;

If you need the data to establish, exercise or defend your rights.

They will then no longer be actively processed, and cannot be modified for the duration of the exercise of this right.

A right to human intervention : data controllers may use automated decision-making to underwrite or manage your contract. In this case, you can ask the Data Protection Officer what criteria were used to make the decision.

You can exercise these rights by e-mail: rgpd@vae-solis.com or by letter to the following address: indicating your surname, first name, address and e-mail address (if applicable your customer references) as well as the subject of your request in clear and legible terms. Vae Solis will respond to your verified request within one month of receipt.

In the event of difficulty, you can contact our Data Protection Officer directly by e-mail: rgpd@vae-solis.com or contact the Commission Nationale de l'Informatique et des Libertés (CNIL).

Our subcontractors and partners

Vae Solis may transmit your personal data to subcontractors carrying out services involving the processing of your data and in compliance with the purposes set out herein; these subcontractors must confer the same level of confidentiality on your personal data as Vae Solis and have undertaken to comply fully with the regulations on personal data, in particular with the RGPD.

We do not trade in your personal data; if you would like to know more, and specifically the identity of the service providers or partners to whom your personal data has been transmitted, you can contact our DPO at the following address: rgpd@vae-solis.com

5/7

Service providers or partners likely to have access to your personal data may include :

service providers likely to manage outsourced services for the execution of our services and contracts;

service providers who help us improve our services, carry out data analysis and optimize our offers, conduct surveys and statistics;

auditors, chartered accountants, consultants, lawyers, auditing firms, IT and outsourcing service providers, security service providers;

investors and buyers.

We may also transmit your personal data to the French authorities, administrations and jurisdictions, in particular in the context of legal proceedings or legal formalities requiring such communication.

Cookie policy

What is a cookie?

A cookie is a file placed on your terminal (e.g. computer, tablet) by Vae Solis when you use the website and depending on your browser. For the duration of its storage, this file will identify your computer the next time you visit the site, enabling us to store your visit and browsing data.

Vae Solis may use various systems to collect personal data, in particular by means of cookies on our website, for which your consent is requested; the following cookies are potentially concerned:

Vae Solis is also likely to issue third-party cookies enabling content on our site to be shared with third parties or tools for expressing your appreciation (e.g. "Like", from social networks); you are then potentially identified by the social network, which will be able to track your browsing. It is your responsibility to inform yourself of the social network's confidentiality and cookie management policy, as our company does not use these tools.

Cookies are subject to your acceptance on our website during your first visit. The period of validity of consent to the deposit of cookies and tracers is a maximum of 13 months, starting from their first deposit in your terminal following the expression of your consent.

You can manage your acceptance or refusal of cookies directly from your browser settings.

You can either accept all cookies, be notified when a cookie is set, or refuse all cookies. If you refuse all or part of the cookies, certain functions of the Site may be compromised or certain pages inaccessible.

To disable cookies:
If you are using Internet Explorer 8. and later :

Go to "Tools" in the menu bar and click on "Internet Options".
Click on the "Privacy" tab at the top
Drag the slider up to the "Block all cookies" setting to block all cookies, or down to the "Accept all cookies" setting to accept all cookies.

For more information, visit http://windows.microsoft.com/fr-fr/internet-explorer/delete- manage-cookies

If you are using Firefox 30.0 and later :

Click on the "menu" button and select "Options".
Select the "Privacy" panel.
In the History area, for the "Retention rules" option, select "Use custom settings for history".
Check the "Accept cookies" box to enable cookies, or uncheck it to disable them.
If you have problems with cookies, make sure that the "Accept third-party cookies" option is not set to Never.
Choose how long cookies can be kept.
Keep them until : "Each cookie will be deleted on its expiry date,

6/7

date set by the site that issued the cookie.
Keep them until : "Closing Firefox": cookies saved on your computer will be deleted when you close Firefox.
Keep them until: "Ask me each time": a warning is displayed each time a website wishes to send a cookie, asking you whether you agree to save the cookie or not.
Click OK to close the "Options" window.

For security/cookies

For more information, visit https://support.mozilla.org/fr/products/firefox/privacy-and-

If you use Google Chrome :

Go to the "Tools" menu
Click on "Settings
Click on "Advanced settings
Click on "Privacy/Content settings".
"Cookies" must be selected. Then select "Block cookies and data from third-party sites".

For more information, see https://support.google.com/chrome/answer/95647?hl=fr If you are using Safari 5.0 and later :

Choose Safari > Preferences and click on "Security".
In the "Accept cookies" section, specify if and when Safari should accept website cookies. To see an explanation of the options, click on the help button (looks like a question mark). If you've set Safari to block cookies, you may need to temporarily accept cookies to open a page. Repeat the above steps, selecting "Always". When you're finished with the page, disable cookies again and delete the cookies from the page.

For more information, visit http://support.apple.com/kb/ht1677?viewlocale=fr_FR

If you have a different browser type or version, please consult your browser's "Help" menu.