PRIVACY NOTICE – AWABOT PLATFORMS

DECEMBER 2025

As part of its activities, AWABOT collects personal data about the Users of its platforms.
It is further specified that AWABOT, in the context of the services provided through its Platforms, also processes personal data on behalf of its users.
AWABOT does not intend to substitute itself for the controllers regarding the data for which users remain the owners and controllers, and for which they are subject to their own obligations.
In this respect, AWABOT recalls that, in accordance with the applicable legal framework on personal data protection, its users are bound by obligations toward the individuals whose data they process.

Pursuant to French Law No. 78-17 of 6 January 1978 as amended (hereinafter the “French Data Protection Act”) and Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the “GDPR”), this privacy notice aims to inform you about how AWABOT uses and protects the information you provide when using our Platforms.

1. Who are we?

This privacy notice is issued by AWABOT,
a simplified joint-stock company with a share capital of €620,275.00,
whose registered office is located at 16 Bis Avenue de la République, 69200 Vénissieux, France, and registered with the Lyon Trade and Companies Register under number 532 028 172.

AWABOT may act:

• as a data controller, or
• as a data processor, in connection with projects commissioned by its clients.

To ensure compliance of its processing activities, AWABOT has designated a dedicated point of contact for personal data protection: privacy@awabot.com

2. Under what conditions do we collect your personal data?

As part of the commissioning and use of:

• the AWABOT SMILE MANAGER deployment management platform,
• the Beam® telepresence robot connection app and its fleet management platform,
• and the websites:
  • https://awabot.com/,
  • https://awabot-smile.com/,
  • https://telepresence.awabot.com/,

AWABOT, as well as all persons working with it directly or indirectly, may implement processing operations involving the collection of data, in particular from the following sources:

• contact forms on AWABOT websites;
• creation of a User or Administrator account on AWABOT Smile Manager and on the Beam® platform;
• creation of a deployment form via the AWABOT Smile Manager platform;
• creation of accounts for the use of Beam® robots;
• cookies placed or read on your device when connecting to AWABOT Platforms.

3. Why do we collect your data?

a. As part of the provision of our services and performance of our General Terms and Conditions of Sale:

• Contacting and communicating with the AWABOT team.
• Creating your user or administrator account.
• Creating and managing a robot or a fleet of robots.
• Creating and monitoring deployments.
• Connecting to and using one or more Beam® robots.
• Monitoring telepresence service activity.
• Managing and tracking technical incidents.

b. Based on AWABOT’s legitimate interests:

• Ensuring maintenance and incident management related to the platforms and robot fleets.
• Providing access to administration and use of the telepresence service.
• Gathering information to improve our Platforms (including via cookies and connection data).

c. Based on legal obligations:

• Complying with legal, tax, or accounting obligations.
• Responding to requests from public authorities.
• Responding to your GDPR rights requests.

d. Based on consent:

• Audience measurement on websites (via cookies).
• Sending newsletters.

4. What data do we process?

In accordance with the data minimisation principle, AWABOT ensures that only data strictly necessary for the purposes pursued is collected.
Some data is essential in order for you to use our services (mandatory fields indicated by an asterisk). Without this data, AWABOT will not be able to create your account or respond to certain requests.

The data collected varies depending on your user profile and the Platform used.

a. AWABOT Smile Manager Platform & Website

Administrators:

• email address, last name, first name
• access and event logs
• data from third-party accounts used for single sign-on

Telepresence device users:

• email address (personal, professional, or pseudonymised)
• access and event logs
• data from third-party accounts used for single sign-on

External contacts (organizations):

• title, last name, first name, business address, phone number, email address
• access and event logs
• data from third-party accounts used for single sign-on

b. Beam® Platform & Website

Administrators:

• email address, last name, first name
• access and event logs
• data from third-party accounts used for single sign-on

Telepresence device users:

• email address (personal, professional, or pseudonymised)
• access and event logs
• data from third-party accounts used for single sign-on

c. Awabot website

Website users:

• email address, last name, first name, title, phone number (if contact request)
• business sector, type of request (if contact request)

5. Use of cookies

Browsing our sites may result in cookies being stored on your device.
These cookies do not directly identify the user but store browsing information.

No cookie is placed without your consent, in accordance with applicable regulations, except for cookies strictly necessary for the operation of the site (e.g., session maintenance, language).

For more information on the cookies placed on your device, you can consult the cookie banner of the relevant site.

Cookies are stored for a maximum period of 13 months, after which your consent will be requested again.

You may exercise your GDPR rights by email at privacy@awabot.com or by mail at:
AWABOT — 16 Bis avenue de la République, 69200 Vénissieux, France

6. Do we transfer your personal data?

As data controller, AWABOT is the recipient of Users’ personal data.
Data may also be transmitted to legally authorised authorities.

In the context of its processing activities, AWABOT may transmit or grant access to certain data, for technical or logistical reasons, to the following processors:

• Authorised persons within AWABOT, within the limits of their duties.

Sub-processors responsible for hosting and managing technical incidents:

• Google Cloud (United States) for the Beam® infrastructure.
  → Transfer governed by the EU–US Data Privacy Framework adequacy decision (DPF).
• OVH (France) for the AWABOT SMILE Manager solution.

In the context of specific inclusion-focused projects, your data may be transmitted, with your consent, to project-owning clients, in their capacity as data controllers.

Some services may require data to transit through or be hosted on servers located in other countries.
AWABOT takes all necessary measures to ensure an adequate level of security and confidentiality, notably through:

• European Commission Standard Contractual Clauses;
• appropriate technical and organisational measures;
• reinforced contractual obligations imposed on its partners.

7. How long do we retain your data?

• Deployment-related data: deleted at the end of the deployment (except for the name and location of the institution).
• User account data: retained for the duration of the contract with the client institution.
• Then archived to comply with legal obligations, before being permanently deleted at the end of the applicable statutory periods.

8. How do we ensure the security of your data?

AWABOT undertakes to protect collected personal data against:

• loss,
• destruction,
• alteration,
• unauthorised access or disclosure.

To this end, AWABOT implements appropriate technical and organisational measures such as:

• restricted access for authorised personnel,
• pseudonymisation and encryption,
• securing system access,
• regular backups,
• regular control and updating of security measures.

For more information: privacy@awabot.com

9. Your rights

You have the following rights:

• right of access;
• right to rectification;
• right to erasure;
• right to restriction;
• right to object;
• right to data portability.

To exercise your rights: privacy@awabot.com
If you believe your rights are not being respected, you may lodge a complaint with the French Data Protection Authority (CNIL) at www.cnil.fr.

10. Changes to this notice

As AWABOT’s activities may evolve, this privacy notice may be updated.
In the event of substantial changes, the update date will be amended and, where necessary, prior notice will be provided.

Where required by law, your consent will be obtained for any changes related to the use of your data.