Maxeon Data Protection and Privacy Policy

1. “Consumer” means an individual who: (a) has contacted us through any means to find out more about us, any goods or services we provide, or any opportunities offered by us, e.g. distributor relationships, and (b) may, or has, entered into a contract with us for the supply of any goods or services by us.
2. “Personal Data” means data, whether true or not, about a consumer who can be identified: (i) from that data; or (ii) from that data and other information to which we have or likely have access.
3. Other terms used in this Policy shall have the meanings given to them in the PDPA (where the context so permits).

1. The Personal Data we directly collect from you
   When you interact with us, including on the Digital Platforms, we collect information about you, including Personal Data that may directly or indirectly identify you. The following explains the categories of Personal Data we may collect from you and how we collect such information:
   1. Online Forms: When you complete an online form to allow Maxeon, or a Maxeon authorized independent distributor or installer, to contact you, we collect identifiers such as your name, address, telephone number, and email address. We may also collect information relating to your energy consumption, geolocation information, and images of your home or business from, including those from publicly available sources, such as Google Earth.
   2. Communications with Maxeon: When you contact Maxeon by telephone, email or other electronic means, such as online chat, or social media accounts, including through private message features, we collect identifiers and any other Personal Data you choose to provide, as explained below.
      1. Telephone: When you contact Maxeon by telephone, we will collect the telephone number that you use to call us. During a call, Maxeon may additionally collect your name, address, email address, and information about your energy needs and usage, as well as information about your Maxeon system and any issues you may be experiencing. If you are representing a business contact for a commercial client or prospect, this may include your Personal Data. Maxeon records its telephone calls for training and quality assurance purposes. You have the option to proceed on a recorded or non-recorded line.
      2. Email and Electronic Means: When you communicate with Maxeon via email or other electronic means, including through any virtual assistant, we will collect your user or screen name, email address, name and any Personal Data you voluntarily choose to include in the communication, so that we can respond to your inquiry and provide you with quality service.
   3. Business Contacts: Maxeon collects the personal or business contact information you provide at trade shows or similar events, including through business card scans or drops, to allow us to contact you or to receive information about us, opportunities with us, or our products or services.
   4. Testimonials: When you provide testimonials to Maxeon for us to publish on the Digital Platforms or in marketing materials, with your consent, we collect and may publish identifiers that may include your name, contact information, and information about your experience with Maxeon products and services.
   5. Product Warranty Registrations: If you register a product warranty with Maxeon or authorize an independent distributor to do so on your behalf, we will collect your name, address, information about products purchased, and contact information, including telephone number and email address.
   6. Social Media, Online Forum, Blogs, Message Boards, Chat Rooms: You may choose to interact with Maxeon via social media platforms on which Maxeon is active, including, but not limited to Facebook, LinkedIn, or through blogs, chat or messaging features available through the Digital Platforms. Relating to these interactions, Maxeon may collect your screen name, real name and any information that you choose to provide such as posts, comments or feedback that you post or leave on pages, feeds or inboxes belonging to Maxeon. There are areas of the Digital Platforms and social media platforms that are visible to other users or the general public, e.g., blogs. We recommend that you do not post Personal Data to these areas of the Digital Platforms. YOU ASSUME ALL RESPONSIBILITY FOR ANY LOSS OF PRIVACY OR HARM RESULTING FROM YOUR VOLUNTARY DISCLOSURE OF PERSONAL DATA IN PUBLIC AREAS OR FORUMS.
   7. Applications: When you sign up or use a Maxeon application or service, we collect the Personal Data you provide to create a profile or account. This may include identifiers such as your name, address, zip or postal code, telephone number, and e-mail address.
   8. Surveys: If you respond to surveys issued by Maxeon, we will collect your e-mail address, name, and any information you provide in response to or relating to the survey. If we disclose information relating to the survey to third parties, we will do so, where practicable, in non-identifying, aggregated form.
   9. Consent: We may use your Personal Data for any other purpose for which you consent (including any purposes disclosed in this Policy).
   10. Combining Information We Collect: We may combine any of the information we collect from or about you and use it in the manner described in this Policy.

   We collect the above information from you, including where you are acting in your personal capacity on behalf of a third party whom you represent (e.g., as an employee, contractor or agent).

   We do not seek sensitive information about you (such as health or medical history, ethnicity, political leanings, religious beliefs, trade union membership, sexual preferences, etc.) and you should not provide such information to us.

   Wherever practicable, we will enable you to deal with Maxeon anonymously or pseudonymously, however, in many cases it is not practicable to interact in this way. If you choose not to provide some of your Personal Data, this may prevent us from providing our products or services to you or limit our ability to provide the level of service you would normally expect from us.

2. Personal Data that we collect on the Digital Platforms

   The Digital Platforms and our emails you may interact with use cookies, pixel tags, analytics tools, and other similar technologies to collect information about your equipment, browsing actions and patterns. These technologies collect the following information about you from your browser or device whenever you access or use the Digital Platforms: your IP address, pages visited, videos watched, links clicked on, emails received, opened or interacted with, documents downloaded, time spent on the site, geographic location, device type, your computer's operating system, and your browser name.

   Data Analytics: We may use third-party data analytics service providers such as Google Analytics to measure the web traffic on different parts of our Digital Platforms in order to improve them. Google Analytics, which anonymously tracks users who have JavaScript enabled, uses technical tools like first-party cookies and JavaScript code to collect information about your interactions with our Digital Platforms. The tracking information may include detailed data about what you do on our Digital Platforms, such as the web pages you visit and for how long and the websites you visited directly before and after coming to our Digital Platforms. In addition, first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) are used to report how your ad impressions, uses of ad services, and other interactions are related to visits to our Digital Platforms. We use information from Google Analytics to administer and update our Digital Platforms, assess whether our users match the expected demographics, and determine how key audiences are navigating the content. Google may retain and use, subject to the terms of its privacy policy, information collected in your use of the Google Analytics Information Disclosures and Sharing. Google Analytics offers website visitors the ability to prevent Google from recording, processing, and using the data generated by the Google Analytics cookie. You may opt-out by downloading and installing the browser plug-in available through Google at the following link: http://tools.google.com/dlpage/gaoptout.

   To learn more, including about how to control our use of cookies and similar technologies, please review our Cookie Policy.

   The Digital Platforms contain links to other third-party websites. If you follow a link to any of those third-party websites, please note that they have their own privacy policies and practices. Maxeon does not accept any responsibility or liability for third-party websites’ policies or collection, use, disclosure or management of your Personal Data. Please check these policies before you submit any Personal Data to any third-party websites.

3. Personal Data Maxeon receives from third parties
   1. Third Parties with Whom We Have a Relationship: Maxeon may receive your Personal Data from third parties with whom we have a relationship, including our authorized independent distributors, in connection with your purchase of a Maxeon system, e.g. a warranty registration.
   2. Purchase of Personal Data from Unaffiliated Third Parties: Where permitted by applicable law, Maxeon may choose to purchase your Personal Data from third-parties, e.g. lead generators, and will use your information in accordance with applicable law (and with your consent, where required), to determine whether you are interested in purchasing a Maxeon product or service, whether that product or service is right for you, or whether the opportunity to become a Maxeon installer or distributor is of interest to you.
   3. Referral Programs: We may receive your Personal Data from third parties as part of a referral program, including our “Refer a Friend” or “Friends and Family” programs and offers. These may include programs offered by your employer, trade groups or affiliation groups. Your information will only be used for determining your interest in a Maxeon product. If you provide us with Personal Data about any third-party who is an individual, you must obtain that person’s permission to give us the information and inform them that you have given the information to us.
   4. Third-Party Site Information: Some of our applications leverage data, including images, from third-party sites or databases, including “Google Earth” images included in our “design a system” or “estimator” functionalities or utility information provided to us by your utility company with your consent. We may also aggregate publicly available information about you, from social media or publicly available websites, e.g. position within a company. Where required, we will seek your consent to collect this data.
4. Monitoring Data: Personal Data Maxeon receives from monitoring your photovoltaic system

   To the extent you have a Maxeon photovoltaic (PV) system that includes monitoring functionality, Maxeon and its service providers associated with monitoring activities will receive your Monitoring Data. Monitoring Data includes an account name or identifier associated with you or your PV system, together with data collected by monitoring products that is associated with you and the location of your PV system, including energy consumption and production information, energy use information, battery storage information, fault information, a precise geolocation or address, utility revenue information, and hardware and software information. We may receive this data directly from you or your PV system, or indirectly through a third party that provides monitoring services or equipment included with your PV system. The data may be displayed through our Digital Platforms, including our monitoring website and applications. We may share this data with third parties in providing monitoring and reporting services to you. These third parties include the monitoring equipment manufacturers, monitoring service providers, system installers, dealers, operations and maintenance providers, governmental regulatory agencies, and utility companies. We may also provide or sell data in aggregated form (in a form where the source cannot be identified) to third parties who are not connected to the monitoring system, such as government agencies and research firms. For more information about our use of your data and our Digital Platforms, please refer to our Terms of Use.

1. To provide or deliver to you the information, products, services, support or transactions you requested from us, including through the Digital Platforms, such as information about Maxeon, a consultation/quote with Maxeon or an approved Maxeon installer or independent distributor (where available), blog or newsletter subscription, or our energy savings calculation/estimators, to process your order, to supply and/or install such products and related services, including product maintenance, product safety notices and warranty servicing, where applicable, and to provide monitoring services.
2. To maintain and improve the customer relationship.
3. To respond to your queries, including where you have provided us your contact information at a trade show or similar event.
4. To enforce our legal obligations and rights, including our Digital Platforms Terms of Use , and any contractual rights (e.g., the collection of debt).
5. To keep in contact with you regarding your purchase of our products and services, your Digital Platforms registrations and compliance with the terms and conditions of use of the Digital Platforms.
6. If we communicate with you by telephone (for instance, if we call you to conduct a consultation you have requested via the Digital Platforms or if you call our customer service center with a query about one of our products or services), we may record and monitor our call to help train our staff and to ensure a high quality of customer service.
7. Where you have submitted your personal data relating to a job application, to process and evaluate your application.
8. To conduct market research or surveys, internal marketing analysis, consumer profiling activities, analysis of consumer patterns and choices, planning and statistical trend analysis in relation to our products or services.
9. To directly market our products, services and, where relevant, installer opportunities or distributorships, to you, including via SMS, phone call, email, fax, mail social media and/or any other appropriate communication channels, in accordance with any consent requirements.
10. To facilitate your participation in, and our administration of any events, including contests, promotions or campaigns.
11. If you are interested in purchasing our products and services, to provide independent distributors/ installers of our products in your area with your information so they can contact you with purchasing and pricing details. Or if you have provided your information to a distributor/installer that chooses to disclose this information to us, including for warranty registration and servicing purposes.
12. To better understand how you use the Digital Platforms and to produce statistical reports of aggregate website activity.
13. To identify patterns and trends related to your use of the Digital Platforms to enable us to improve the design and operation of the Digital Platforms and your browsing experience.
14. To improve our products and services.
15. To validate your identity in connection with any consents obtained from you via the Digital Platforms.
16. To analyze and improve the effectiveness of our marketing programs and the Digital Platforms.
17. From time to time, we may release in aggregate the browsing information we have gathered from visitors, such as by publishing a report on trends in the usage of the Digital Platforms which may be anonymous.
18. To gather further information about you from third party sources. For instance, we may use your email address to gather information about which social networks and other web services you subscribe to for analytical or personalization purposes to improve our products and improve the Digital Platforms for users.
19. To manage our contractual relationships with vendors, suppliers and other third parties with whom we do business.
20. To conduct aggregate analysis and develop business intelligence that enable us to operate, protect, make informed decisions, and report on the performance of our business and to improve the effectiveness of our marketing activities.
21. To allow you to participate in interactive features of our service, when you choose to do so.
22. Where you have agreed, we may use your Personal Data to send you information promoting our and selected third parties’ products and services by post, fax, telephone, email, text and/or via social networks and other web-based services you subscribe to, and where required by law, we will ask for your consent at the time we collect your Personal Data to conduct any of these types of marketing, (subject to paragraph 4 below).
23. If you agree to receive direct marketing from other companies, we may disclose your email address and other contact details to other companies so that they can contact you directly about their products and services.
24. We use Personal Data to comply with international laws applicable to publicly traded companies, including those relating to the detection, prevention and monitoring of fraud, anti-corruption, and money-laundering, which including obligations like Know-Your-Customer and reporting obligations.
25. To monitor, detect and prevent fraud.

We may send you marketing communications, including email communications about our products and services, invite you to our events, or otherwise communicate with you for direct marketing purposes, provided that we do so in accordance with applicable law, including any consent requirements. You may unsubscribe at any time.

We will provide an option to unsubscribe or opt-out of further communication on any electronic marketing communication sent to you or you may opt out by contacting us as set out in Section 11 below.

We may share your Personal Data with trusted third parties or in other instances, including where required by law. We will use contractual or other means, (e.g. Binding Corporate Rules (“BCRs”)), to protect Personal Data disclosed to third parties where required to ensure that the recipient keeps the Personal Data confidential and does not use it for any other purpose except performing the services.

1. Related Entities: We share Personal Data we collect amongst Maxeon’s related entities to provide our products and services and for internal business administrative purposes.
2. Business Partners: We share Personal Data with business partners, including independent distributors or installers, to provide our products and services.
3. Service Providers: We share Personal Data with service providers that: (1) process information on our behalf; (2) provide infrastructure, products or services to us or on our behalf or help us operate or improve our business, including mailing services, printing, archival and contract management services; (3) participate with us in the provision, maintenance, or operation of the Digital Platforms, including application, development and technical support, processing, storing, hosting and data analysis; and (4) provide you with information, products and/services relating to your Maxeon system or when it is necessary to provide information, products or services to you.
4. Our Professional Advisers: We share Personal Data with our professional advisers (such as lawyers, accountants or auditors) to the extent that is reasonably required.
5. Your representatives: We share Personal Data any persons acting on your behalf including those persons nominated by you, executors, trustees and legal representatives.
6. Corporate Transactions: In the event we enter into or intend to enter into a transaction that alters our business structure, such as a sale, reorganization, merger, joint venture, change of control or other disposition of all or any portion of our business, assets or stock, we may share your Personal Data with third parties to facilitate and/or complete the transaction.
7. Prevention of Harm: We may disclose Personal Data we collect about you to the necessary authorities if we believe you have abused a service offered by us via the Digital Platforms or otherwise by using it to attack other computer systems or to gain unauthorized access to any other computer system, to engage in spamming or otherwise to act in an unlawful manner or to breach the Terms of Use.
8. By Law, to Protect Rights and to Comply with Our Policies: We disclose your Personal Data if required or authorized to do so by applicable law, including when: (1) required to do so by law, e.g. in response to a subpoena or court order (domestic or overseas) or an inquiry by regulators anywhere in the world; (2) we believe, in our sole discretion, that disclosure is reasonably necessary to protect against fraud, or to protect the contractual or property or other rights of us or other users, third parties or the public at large; or (3) we believe that you have abused the Digital Platforms by using it to attack other systems or to gain unauthorized access to any other system, to engage in spamming or otherwise to violate applicable laws.

We store your Personal Data in different ways, including in paper and in electronic form, both at our own premises and with the assistance of our service providers.

We take all reasonable precautions and implement appropriate technical and organizational measures to ensure a level of security to protect the security and the confidentiality of your Personal Data against unauthorized access, disclosure, alteration or destruction. This includes, but is not limited to the following, where applicable: up-to-date antivirus protection, encryption, and disclosing Personal Data both internally and to our authorized third-party service providers and agents only on a need to know basis. Third parties who provide services related to our information technology systems are also obliged to protect the security and the confidentiality of your Personal Data against unauthorized access, disclosure, alteration or destruction. However, no data transmission over the Internet or from a website can be guaranteed to be secure from intrusion. Therefore, while we use reasonable efforts to protect your Personal Data in accordance with data protection legislation requirements, we cannot guarantee its absolute security. Any unauthorized access to or use of the Digital Platforms or the information stored by us should be reported to us immediately by sending an email to customers@maxeon.com.

All Personal Data you provide to us is stored on our secure servers (and the secure servers of our service providers), accessed and used subject to our security policies and standards (and the security policies and standards of our service providers). Where we have given you (or where you have chosen) a password and/or user name which enables you to access certain parts of the Digital Platforms, you are responsible for keeping this password and/or user name confidential and for complying with any other security procedures that we notify you of. We ask that you never share a password with anyone.

Your Personal Data may be accessed by staff or suppliers in, transferred to, and/or stored at, a destination outside Singapore in which data protection laws may be of a lower standard than in Singapore. We store the information we collect via the Digital Platforms and other sources (such as our customer call centers) on centralized computer systems hosted by or on behalf of Maxeon. Some of these systems are located outside of Singapore, including in the United States and the Philippines.

These countries may have different laws and data protection compliance requirements from those that apply in Singapore. In such instances, Maxeon has engaged suppliers who are United States Privacy Shield certified and/or have otherwise agreed to protect such information in accordance with the standards in Singapore’s data protection laws.

In accordance with applicable data protection legislation, we will retain your Personal Data for as long as is necessary for the purposes for which it was collected. Certain transaction details and services and correspondence, such as those relating to your purchase of Maxeon products or the warranty on your Maxeon products, may be retained until the time limit for claims in respect of the transaction has expired or in order to comply with regulatory requirements regarding the retention of such Personal Data, and then archived in accordance with legal requirements, i.e. with statutory limitation requirements. Certain Personal Data, including those of individuals who provide Personal Data to Maxeon, but who do not purchase Maxeon products or services within two years of initial contact with Maxeon, will be deleted or otherwise archived after two years from the initial date of contact with Maxeon.

We reserve the right to make changes to our practices and this Policy at any time. The “Effective Date (Last Updated)” date at the top of this Policy will let you know when it was last revised. Any changes to this Policy will become effective when we make the revised version of this Policy available on our website, www.maxeon.com and update the links to the Policy on the Digital Platforms. We will not provide you with a notice advising of the change. It is therefore important that you regularly check our website, www.maxeon.com, and the Digital Platforms for any changes affecting this Policy. You are deemed to have acknowledged and agreed to any amended version of this Policy of you continue to use the Digital Platforms or our services after changes have taken place pursuant to this Section 11.

Under the relevant data protection legislation, you have the following rights regarding your Personal Data:

1. Access: You have the right to access, review and request a copy of the Personal Data we hold about you subject to certain exceptions. For a request to access personal data, we will provide you with the relevant personal data within forty-five (45) days from such request being made. Where a request cannot be completed in the above time frame, we will notify you of the reasonably soonest time in which we will respond.
2. Correction or Deletion of Personal Data: You may request correction or deletion of the Personal Data we hold about you. Maxeon reserves the right not to change or delete Personal Data it considers to be accurate or necessary to be maintained. We reserve the right to request legal confirmation of changes. We are reliance on you to provide us with accurate information, including your timely communication of any corrections or changes thereto. We will not be responsible for relying on or using any inaccurate or incomplete personal data where you have provided such personal data and/or failed to update us of any changes in your personal data.
3. Withdrawal of Consent: If you consented to the collection, use or disclosure of your information, you may (in certain instances) withdraw that consent at any time, which will not affect the lawfulness of the collection, use or disclosure before your consent was withdrawn. We will process your request within a reasonable timeframe from the receipt of the request.
4. Complaints: If you have any complaint or grievance regarding how we are handling your Personal Data or about how we are complying with the PDPA, please contact us in writing at DPOSG@maxeon.com.
5. Fees: Depending on the nature of the work required to process your access request, we may impose a fee to recover our administrative costs. This will be assessed on a case-by-case basis by our Data Protection Officer. Where such a fee is imposed, we will provide you with a written fee estimate. We will only process your request when you agree to the payment of the fee, which will be due before any information is disclosed. In certain cases, we may require a deposit from you before we process the access request. You will be notified if a deposit is required when we provide you with the written estimate of the fee, if any.

You can exercise these rights by contacting us in writing at data-protection@maxeon.com, and including your full name, contact details, and the details of your request. Maxeon reserves the right to request additional identity verification.

You may contact our Data Protection Officer (“DPO”) if you have any inquiries or feedback on our personal data protection policies and procedures by writing to Maxeon DPO, 8 Marina Boulevard #05-02, Marina Bay Financial Centre, Singapore 018981, or by email to DPOSG@maxeon.com.

You can also reach out to Maxeon by contacting us.