AVEVA Privacy Policy

We collect information directly from you when you:

• browse our websites;
• create an AVEVA account to access AVEVA products and services;
• sign up for an online programme, seminar, event, or promotion;
• request information about our products and services;
• attend an AVEVA-sponsored event, including conferences, webinars, workshops, or participate in AVEVA surveys, questionnaires, research, product evaluations, trials, tech previews, and beta programmes;
• correspond with us or request information from us.

In addition, information about you may be provided to AVEVA indirectly by selected third-party sources, including:

• third parties such as your employer, company administrator, or business partner;
• our affiliates and subsidiaries within the AVEVA and Schneider Electric group of companies that you have interacted with;
• social media networks and advertising networks if you interact with us on social media;
• personal information contained in online forums, blogs, and testimonials you provide voluntarily;
• marketing and business information enrichment sources;
• third parties who collect information about you on behalf of AVEVA (such as when you download an AVEVA whitepaper).

We may combine the information we obtain about you from the above sources. For example, we may combine the information we collect during AVEVA events with information we collect online.

Depending on how you interact with us, we may process the following categories of personal information:

Contact Information — your name, postal address, email address, telephone number, mobile number, job title, department, and company or employer name. This may include contact information obtained from event organisers or third-party sources to support our sales and marketing activities.

Account Information — information used to create and manage your accounts on AVEVA Online Tools, including username, user ID, authentication credentials (such as passwords and security questions), and associated device or login information.

Usage and Activity Information — information about how you interact with our Online Tools, including pages visited, features used, time spent on our platforms, session logs, browsing and search history, files viewed, and other usage patterns.

Technical and Device Information — information about the devices you use to access our Online Tools, such as IP addresses, browser type and version, operating system, device identifiers, geolocation, and internet service provider.

Cookies and Tracking Information — information collected through cookies, web beacons, pixel tags, and similar access and storage technologies, including your interactions with content and advertisements across our websites and third-party platforms.

Marketing Communications and Preferences — records of your consents, permissions, and preferences, such as whether you wish to receive direct marketing about AVEVA products, services, and events.

Profile and Preference Information — information about your individual interests, preferences, feedback, and responses to our user experience surveys, interviews and product reviews.

Inference Information - information we derive or generate about you based on your interactions with our Online Tools, such as likely preferences, interests, product usage patterns, or general geographic location.

AI Interaction Information — information collected when you interact with AI-powered features, including website chatbots, in-product AI assistants, and AI-powered search embedded in our Online Tools. This includes your prompts and queries, content you provide, conversation history, session metadata (such as timestamps and duration), feedback, and content generated in response to your inputs.

Audio and Visual Information — images, likeness, photographs, voice recordings, video recordings, and transcripts collected during AVEVA events, webinars, workshops, customer support calls, or through security video surveillance at our premises.

Physical Access Information — information required to access AVEVA events, offices, or facilities, including your name, date and time of visit, and photograph (where applicable).

Training and Certification Information — information relating to training programmes completed and certifications achieved through AVEVA.

Online Content and User-Generated Information — information contained in your submissions to online forums, blogs, community sites, and testimonials, or obtained from publicly available sources such as social media channels.

Transaction and Payment Information — details about purchases, orders, and payments made when you register for events, subscribe to services, or otherwise transact with us.

Business Profile Information — information used to evaluate you or your organisation as a business partner, distributor, vendor, or customer.

Feedback — your feedback relating to our products, services, or events, received directly or via third parties with permission to share it with us.

We use the personal information we collect for the purposes set out below. For information on the legal bases, we rely on for each of these purposes, please see the Legal Bases for Processing section below.

To provide our products and services; to deliver, manage, and administer AVEVA products, software, and services to you and your organization; to create and manage your account, registrations, subscriptions, and licenses; to provide training, technical support, consulting, and professional services; to process orders, payments, and invoices; to manage our contractual relationships with customers, partners, and suppliers; to communicate with you, including responding to your enquiries, feedback, or complaints.

To manage your participation in AVEVA events, surveys, and site visits: to administer your participation in AVEVA events, webinars, workshops, surveys, and product evaluations; to manage event registrations and communications; to facilitate your visit to our offices or other sites (including health, safety, and security checks).

For marketing and advertising purposes: to send you marketing communications (such as emails, text messages, or push notifications) about AVEVA products, services, and events that may be of interest to you; to show you personalised advertisements on social media platforms and other websites; to measure the effectiveness of our marketing campaigns and understand your marketing preferences.

To improve our websites and online services: to understand how you use AVEVA websites, portals, and applications; to evaluate and improve the functionality, performance, and user experience of our online services; to conduct analytics and user interaction testing, to identify and fix technical issues and bugs.

For product development and business operations purposes: to operate, evaluate, and improve our business and the products and services we offer; to conduct research and development, including testing and troubleshooting; to perform accounting, auditing, and other internal business functions; to manage and protect the AVEVA brand.

For legal, security, and compliance purposes: to detect, prevent, and investigate harmful, fraudulent, or illegal activity; to enforce our terms and conditions, acceptable use policies, and contractual obligations; to verify and protect your account against unauthorised access or abuse; to protect the health, safety, and security of our employees, visitors, and assets; to prevent data loss and ensure the security of our systems and networks; to comply with applicable legal and regulatory requirements, including responding to lawful requests from courts, regulators, and law enforcement authorities.

We may also use your information in other ways for which we provide specific notice at the time of collection and obtain your consent to the extent required by applicable law.

We will only process your personal information where we have a lawful basis to do so. Depending on the purposes for which your personal data is processed, we rely on one or more of the following legal bases:

Performance of a contract — where the processing is necessary to perform a contract with you or your organisation, or to take steps at your request prior to entering into a contract (for example, to provide you with our products and services, manage your account, or process your order);

Legitimate interests — where the processing is necessary for our legitimate business interests (or those of a third party), provided that those interests are not overridden by your rights and freedoms. We rely on legitimate interests for purposes such as:

• internal administration and management of our business;
• improving and developing our products, services, and online platforms;
• marketing and advertising to business contacts;
• ensuring the security of our systems, networks, and premises;
• conducting analytics to understand how our services are used; and
• managing and protecting the AVEVA brand.

You have the right to object to processing based on legitimate interests — see the Your Privacy Rights and Choices section for more information.

Legal obligation — where the processing is necessary for us to comply with a legal or regulatory obligation to which we are subject (for example, tax reporting, health and safety requirements, or responding to lawful requests from authorities);

Consent — where you have given us your clear and informed consent to process your personal information for a specific purpose (for example, to receive marketing communications or for the use of certain cookies). You have the right to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal;

Vital interests — in rare and exceptional circumstances, where the processing is necessary to protect someone's life.

Where we process your personal information for more than one purpose, more than one legal basis may apply.

We may use AI and automated technologies in connection with our products, services and business operations. This includes both AI-assisted and fully automated methods, which operate alongside human oversight. We are committed to using AI responsibly and transparently.

How we use AI

Examples of how we may use AI and automated technologies on our Online Tools include:

• To improve and optimise our products and services;
• To provide customer support (e.g., AI-assisted chatbots or virtual assistants);
• To conduct analytics, detect patterns, and enhance user experience;
• To assist with internal business operations, including IT security and fraud detection;
• To personalise content and communications.

What data may be processed by AI systems

Depending on the context, AI tools may process:

• Information you provide when interacting with our services (e.g., queries, inputs, support requests);
• Usage and behavioural data generated through your interaction with AVEVA platforms;
• Business contact information for the purposes of relationship management and communications.

Third-party AI providers

In some cases, AI processing may be carried out by trusted third-party providers on our behalf. Where this occurs, appropriate contractual safeguards (including data processing agreements) are in place to protect your personal data. These providers are not permitted to use your data for their own purposes, including AI model training, unless separately disclosed.

Automated decision-making

We do not use solely automated decision-making (including profiling) that produces legal effects or similarly significantly affects you without meaningful human involvement. Where automated processing is used to support a decision, a human review is available.

Human oversight

Our use of AI is subject to human oversight. AI-generated outputs that relate to decisions affecting individuals are reviewed by qualified personnel before action is taken.

AI Transparency Notices

In addition to this Privacy Policy, we may provide separate AI transparency notices where required under applicable AI governance laws (including the EU AI Act) to provide you with additional information about specific AI systems you interact with.

We use cookies and similar tracking, access, and storage technologies, including web beacons and smart pixels, to uniquely identify your browser and to collect personal information about you which allows us to remember you when you return to our websites and provide you with personalised experience and advertisements.

You can change your cookie preferences at any time by clicking the Cookie Preferences link at the bottom of our website. When editing your cookie preferences, please note that your settings only apply to the browser you use to submit your opt-out request. If you use multiple browsers or devices, you must opt out on each browser, on each device.

Our websites are not designed to respond to "do not track" signals from browsers. To learn more about our use of cookies, please view our Cookie Policy.

Interest-Based Advertising

We use advertising services on our Online Tools, such as advertising networks, digital advertising partners, and social media platforms, to provide you with advertising about AVEVA products and services tailored to your individual interests. Both AVEVA and third-party websites that participate in ad networks collect information about your online activities over time.

You may also see our ads on other websites because we engage third-party ad buying networks. This enables us to target our messaging to you through demographic, interest-based, and contextual means and helps us track the effectiveness of our marketing campaigns.

To learn more how to opt out of ad network interest-based advertising visit the NAI website: https://optout.networkadvertising.org and the DAA website: https://optout.aboutads.info. You can also request that we refrain from using your personal information in this way by contacting us through our Marketing Data Subject Request Form.  

AVEVA takes all legal steps to eliminate piracy of our software products and to protect our intellectual property rights. In this context, AVEVA's software may utilise various technologies, such as a security mechanism, that can detect the installation or use of illegal copies of the software, and collect and transmit data about those illegal copies (the "AVEVA Licence Compliance Software").

If AVEVA's software is illegally installed or used, licence telemetry data (including limited categories of personal information) of the affiliated user accounts may be collected and processed by AVEVA in the course of carrying out its compliance activities. This data is transferred in a pseudonymised format. Wherever possible, any personal information transferred does not allow for the identification of an individual person by AVEVA personnel via the AVEVA Licence Compliance Software.

Our compliance teams will use this information, combined with other information we have on record, to confirm the details of the corporate entity together with an approximate geographic region where the infringing incident has occurred.

AVEVA uses this functionality to pursue the legitimate interest of protecting its business assets, including licence compliance, and apprehending parties that violate AVEVA licence terms and our intellectual property rights.

How we use your personal informaWe may use your personal information to send you communications about our products, services, and events, or related products and services, that may be of interest to you. This may include marketing relating to products or services offered by other companies within the Schneider Electric group. We may send you marketing communications by email, telephone, post, or other direct communication channels, where permitted by law and in accordance with your marketing preferences.

We may add your details to our marketing database where you:

• make an enquiry about our products or services;
• attend or register for an AVEVA event or an industry-related event organised on our behalf;
• purchase our products or services;
• request that a third party share your contact details with us so that we can send you updates about our products or services;
• register for a product demo and/or create an account on our AVEVA Knowledge and Support or Training sites;
• provide your consent to receive marketing communications via our website at the "Contact Us" page or other communication channels.

Once you are added to our marketing database, we may update your profile based on your interactions with our Online Tools (including social media), at events, and in the context of marketing activities, in order to provide you with tailored marketing experience and communications on our products and services that are likely to be of interest to you.

If you attend an event organised by AVEVA or on our behalf, we may process information related to your participation in the event, and information on your attendance or activities may be shared with our sponsors or business partners.

Communication Preferences

We offer you choices in connection with the communications you receive from us. To update your email, telephone, or other communication preferences, or to limit the communications you receive, you can:

• follow the "Unsubscribe" link in any of our marketing emails;
• update your preferences in your AVEVA account settings (where applicable);
• visit our Communication Preference Centre;
• complete the Marketing Data Subject Request Form; or
• contact us at dataprotection@aveva.com.

Please note that opting out of marketing communications does not affect your receipt of operational or transactional communications that are important to your use of our products and services — such as service updates, security notifications, subscription or licence status changes, support communications, event registration confirmations, or account management messages.tion for marketing

We do not sell your personal information. We do not share or otherwise disclose personal information about you except as described in this Policy or at the time of collection.

We may share your personal information with:

Schneider Electric Group Companies. We may share your personal information with other companies within the Schneider Electric group, our subsidiaries and affiliates. Those companies may use your personal information on a need-to-know basis for shared services (such as IT infrastructure, systems maintenance, hosting, service delivery, or corporate administration), marketing (subject to your marketing preferences), and other purposes identified in this Privacy Policy.

Service Providers. We may transfer personal information to service providers who perform services on our behalf. We do not authorise these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements. Examples of these service providers include entities that provide IT hosting, data processing, payment processing, order fulfilment, business administration, customer support, analytics, website and application functionality, cyber monitoring, and marketing services.

Channel Partners. We may share your personal information with approved AVEVA partners (such as distributors and resellers) to offer and provide our products and services to you, or as part of a joint sales promotion or our business relationship with them.

Our Customers and Your Organisation. Where you use AVEVA products or services through your employer or another organisation, we may share your personal information with that organisation — for example, to report on service usage, support issues, training completion, or credential attainment, or to connect you with your company administrator.

Co-Branding Partners. Where we run co-branded events or offerings with other businesses, we may share or jointly collect your personal information with partner organisations. Where such events take place, we will provide a link to this Privacy Policy at the point of data collection.

Professional Advisors. We may share your personal information with our professional advisors, including legal, tax, insurance, audit, and other corporate advisors who provide professional services to us.

Parties to a Corporate Transaction. We reserve the right to transfer personal information we have about you in the event of a potential or actual sale or transfer of all or a portion of our business or assets (including in the event of a merger, acquisition, joint venture, reorganisation, divestiture, dissolution, or liquidation) or other business transaction.

Analytics and Advertising Companies. We work with third-party analytics and advertising companies (such as advertising networks and search engine providers) to serve advertisements and optimise your experience on AVEVA websites. For additional information, refer the How We Use Cookies and Similar Technologies section above.

Other Third Parties. In addition, we may disclose personal information about you: (i) if we are required or permitted to do so by applicable law, regulation, or legal process (such as a court order or subpoena); (ii) to law enforcement authorities or other government officials to comply with a legitimate legal request; (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity; (iv) to establish, exercise, or defend our legal rights; or (v) with your consent.

We may also share your information in other ways for which we provide specific notice at the time of collection and obtain your consent to the extent required by applicable law.

How We Protect Your Information When Sharing

Where we engage a third party to process your personal information on our behalf, we carry out appropriate due diligence and require them to enter into written agreements that impose adequate security measures and data protection obligations to ensure your personal information is appropriately safeguarded. These service providers are contractually restricted from using or disclosing such information except as necessary to perform services on our behalf or to comply with legal requirements.

We maintain administrative, technical, and physical safeguards designed to protect your personal information against accidental, unlawful, or unauthorised destruction, loss, alteration, access, disclosure, or use. These safeguards include:

• encryption of personal information in transit and at rest, where appropriate;
• restricting access to personal information on a need-to-know basis to employees and authorised service providers who require access to fulfil their job requirements; and
• regular review and testing of our security measures to ensure they remain effective and appropriate to the nature of the information we process.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority and, where required by applicable law, inform affected individuals without undue delay.

While we take reasonable steps to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security of your data.

We also encourage you to take steps to protect your personal information, including keeping any account credentials confidential and notifying us promptly if you believe your account has been compromised.

In offering and providing our products and services, we transfer the personal information we collect to, and store it in, countries other than the one in which it was originally collected — including the United States, India, and other jurisdictions where AVEVA, its affiliates, or service providers operate. Those countries may not provide the same level of data protection as your country of residence.

We will transfer your personal information only for the purposes described in this Policy. To the extent required by applicable law, when we transfer your personal information to countries that are not recognised as providing an adequate level of data protection, we take measures to protect that information, including as appropriate:

• relying on adequacy decisions issued by the European Commission, UK Government, or other relevant authority;
• executing data transfer agreements based on the European Commission's Standard Contractual Clauses pursuant to Article 46 of the General Data Protection Regulation (GDPR), or the UK's International Data Transfer Agreement (IDTA) or Addendum; or
• putting in place other appropriate data transfer mechanism(s) recognized under applicable law.

If you have questions about our data transfer practices, you can contact us at: dataprotection@aveva.com .

To the extent permitted by applicable law, we retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, in accordance with this Policy. This generally means we will keep your personal information for the duration of our relationship with you or your organisation, or for as long as you maintain an account with us. When determining how long to retain personal information, we consider the following factors:

• the purposes for which the personal information was collected, including to provide and improve our products and services;
• the duration of our contractual or business relationship with you or your organisation;
• whether we have a continuing legitimate business need to retain the information;
• your marketing preferences and how you engage with AVEVA;
• any legal, regulatory, tax, or accounting requirements that apply to the personal information, taking into account applicable statute of limitation periods; and
• whether the personal information may be relevant to complying with applicable laws, resolving disputes, or enforcing our agreements.

Once we no longer have a legitimate need or legal basis to retain your personal information, we will either securely delete or anonymise it. Where deletion is not immediately possible (for example, because the information is held in backup archives), we will securely isolate it from further processing until deletion is possible.

As described in the Your Privacy Rights and Choices section below, to the extent provided by the law of your jurisdiction, you may request that we delete your personal information or restrict the processing of such information by contacting us at: dataprotection@aveva.com.

You have rights and choices in connection with the personal information we hold about you. To the extent provided by the law of your jurisdiction, you may have the following rights:

Access. You can request a copy of the personal information we maintain about you.

Rectification. If you think the personal information we hold about you is inaccurate or incomplete, you can ask us to correct or complete it.

Erasure. In certain circumstances, you can ask us to delete your personal information.

Restriction. You can ask us to restrict the processing of your personal information in certain circumstances (for example, where you contest the accuracy of the data).

Objection. Where we process your personal information based on our legitimate interests, you have the right to object to such processing.

Automated decision-making. You have the right to object to decisions made solely by automated means (including profiling) that produce legal or similarly significant effects on you.

Withdraw consent. Where we rely on your consent to process your personal information, you have the right to withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in reliance on other lawful processing grounds.

Exceptions

There are some exceptions to these rights. For example, it will not be possible for us to delete your data if we are required by law to keep it or if we hold it in connection with a contract with you or your organisation. Similarly, access to your data may be refused if making the information available would reveal personal information about another person, or if we are legally prevented from disclosing such information.

How to Exercise Your Rights

To exercise any of the above rights, please contact us at dataprotection@aveva.com. To help protect your privacy and maintain security, we may take reasonable steps to verify your identity before processing your request.

When AVEVA Acts as a Data Processor

In some cases, AVEVA processes personal information on behalf of our customers in connection with the use of our products and services. Where this applies, AVEVA acts as a data processor and the customer is the data controller. If you wish to exercise your privacy rights in relation to personal information processed in this capacity, please contact the relevant AVEVA customer directly. If you are a customer account administrator and require assistance, you may contact us at: dataprotection@aveva.com.

Marketing Preferences

You can opt out of receiving marketing communications (such as email or other direct messages) at any time by contacting us via one of the Communication Preferences channels described in the How We Use Personal Information for Marketing section above.

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional privacy rights. Subject to certain exceptions, you have the right to:

Know — what categories and specific pieces of personal information we have collected about you over the previous 12 months, including the sources from which it was collected, the purposes for collection, and the categories of third parties with whom it was shared;

Correct — inaccurate personal information we hold about you;

Access — and receive a copy of your personal information in a portable format;

Delete — your personal information;

Limit — our use and disclosure of your sensitive personal information to purposes necessary to provide our products and services; and

Opt out — of the sharing or sale of your personal information (including through cookies and similar tracking technologies).

How to Exercise Your California Rights

To opt out of the sharing of your personal information through cookies and similar technologies, click the Cookie Preferences link in the footer of the relevant AVEVA website.

To submit a request related to your other California privacy rights, please contact us at: dataprotection@aveva.com. To help protect your privacy and maintain security, we will take reasonable steps to verify your identity before processing your request.

Non-Discrimination

We will not deny, charge different prices for, or provide a different level or quality of goods or services to you because you choose to exercise any of your California privacy rights.

Authorised Agents

You may designate an authorised agent to submit a request on your behalf. We may require the authorised agent to provide proof of your written permission and may need to verify your identity directly.

How to Contact Us

If you have any questions or comments about this Privacy Policy, our privacy practices, or your privacy rights and preferences, please contact our Data Protection Officer at:

Email: dataprotection@aveva.com

If you have any questions or comments about this Privacy Policy, our privacy practices, or your privacy rights and preferences, please contact our Data Protection Officer at:

Email: dataprotection@aveva.com

Post: Data Protection Officer, AVEVA Group Limited, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.

If you have questions, requests, or concerns relating to one of our customers’ handling of your personal information (where AVEVA acts as a data processor), please contact the relevant customer directly. If you require assistance, you may also contact us at: dataprotection@aveva.com.

If you believe there has been an infringement of data protection law in connection with your personal information — including concerns relating to how we collect, use, store, share, or secure your data, how we handle your rights requests, or our use of cookies and marketing communications — you have the right to make a complaint directly to us.

How to submit a complaint

You can submit a data protection complaint to us by

• Email: dataprotection@aveva.com
• Post: Data Protection Officer, AVEVA Group Limited, High Cross, Madingley Road, Cambridge, CB3 0HB, United Kingdom.

You do not need to use any particular format or wording — simply describe your concern and provide sufficient information for us to identify you and investigate the matter.

What happens next

When we receive your complaint, we will:

• acknowledge receipt of your complaint within 30 days;
• investigate your complaint without undue delay, keeping you informed at appropriate stages; and
• communicate the outcome of our investigation to you clearly and without undue delay.

We take all data protection complaints seriously and will endeavour to resolve your concern directly. We would appreciate the opportunity to address your complaint before you escalate it to a supervisory authority.

Your right to complain to a supervisory authority

You have the right at any time to lodge a complaint with a data protection supervisory authority. This right is not affected by our complaints process, and you are not required to complain to us first.

• UK: Information Commissioner's Office (ICO) — https://ico.org.uk
• EU: Your local data protection authority — a full list is available at https://edpb.europa.eu

This Privacy Policy may be updated from time to time to reflect changes in our privacy practices or applicable law. We will indicate at the top of this Privacy Policy when it was most recently updated. Where we make material changes, we will take reasonable steps to inform you. We encourage you to periodically review this Privacy Policy for the latest information on how we protect your personal information.