Personal data means any information relating to an identified or identifiable natural person (“Data Subject”). As the Controller in the sense of the GDPR, we collect personal data for the provision of SUNGROW Website services. Below you can find the categories of personal data that we collect and information on how we use and process such data:

1.1. Personal data you provide

1.1.1. When you make personalized settings, you may provide data according to your preferences in connection with the personalization of SUNGROW Website (e.g. track behavioral trajectories, analyze website traffic and usage behavior, optimize our advertising efforts). We may use cookies to achieve this purpose. You can find more detailed information through our Cookie Policy contained in Section 4 of this privacy policy.

1.1.2. We collect personal data directly from you through the following methods when you interact with the SUNGROW Website:

● Account Registration: Data provided when you register for a user account on the website.

● Form Submissions: Data provided by you when completing contact forms, registration forms (e.g., for events), lead generation forms, or event questionnaires.

● Marketing Preferences: When you actively provide consent to receive marketing communications from us.

● Phone Calls: We record phone calls with our customer service to process your data as outlined in Section 3, 'Processing of Personal Data: Short Overview,' of this privacy policy. You have the option to not be recorded during a phone call. To proceed with an unrecorded call, please follow the instructions provided by the customer service representative. Please note that for unrecorded calls, we will not have a record of the conversation for future reference.

● Email: We process personal data from customer service emails to address your inquiries and manage your service requests.

1.2. Personal data we collect automatically

1.2.1. When you visit SUNGROW Website, your visit will be logged like for any other website. This means that initially, the following automatic logging data (“Log Data”), which your browser/device transmits to us. This data is only collected for data security purposes and for error analysis.

We process your personal data for specific purposes and process only the personal data relevant for achieving that purpose. Depending on our business relationship with you and the products and services that we are providing to you, we use collected personal data for the following purposes as assigned to the above description of the respective processing activity:

We may use cookies and similar technologies when you visit SUNGROW Website. Cookies are small text files that are stored by your browser and saved on your computer. Cookies and similar technologies are used to make the website more user-friendly.

For more detailed information on how we use cookies and similar technologies and how you can manage your settings and preferences regarding cookies, please refer to our Cookie Policy.

On our websites, we incorporate social plugins from popular social networks like LinkedIn, Instagram, Facebook, X and YouTube. Here’s how they work:

When you visit our websites, social media plugins are initially deactivated. This means no information is transmitted to the network operators. If you want to use any of these networks, simply click on the respective plugin to establish a direct connection to their servers.

If you're logged into your user account on a social network when you activate the plugin, the network can recognize your visit to our websites and associate it with your account. To prevent this, please log out of the network before activating the social plugin. The social network cannot detect your visits to other websites of ours unless you activate its social plugin on those sites too.

When you activate a social plugin, the network directly transfers the available content to your browser, which integrates it into our websites. During this process, data transfers controlled by the respective social network may occur. Your connection to a social network, the data transfers between the network and your system, and your interactions on the platform are governed solely by the network’s data protection provisions.

Please note that our website may feature links to external websites beyond our control, and this Privacy Policy does not apply to them. If you access these websites through the provided links, the operators of those websites may collect information from you according to their own privacy policies, which may differ from ours.

5.1. Third-party service providers

We may share your personal data with third-party service providers (such as hosting providers, IT and maintenance support providers, customer support, marketing, and survey services providers) strictly for the purpose of providing and maintaining our services. who are subject to written data processing agreements as required by Article 28 GDPR. These agreements ensure that providers process your data only on our instructions, maintain robust security standards, uphold confidentiality, and do not subcontract your data without our approval. We regularly monitor these providers for ongoing GDPR compliance.

5.2. Government authorities

Personal data may further be shared with government authorities and/or law enforcement officials if required by law or a court order or if required for the legal protection of our legitimate interests in compliance with applicable laws and whilst protecting your personal data.

As a rule, we process your personal data in the country or region where we operate or where our SUNGROW Website services are provided. However, in the context of delivering these services, your data may be transferred to countries outside the EU/EEA. This may occur, for instance, if one of our carefully selected and contractually bound service providers is in such a third country.

If we transfer your personal data outside the EU/EEA, we ensure that appropriate safeguards are in place to protect your data. These transfers may occur to countries that have been recognized by the European Commission or relevant authorities as providing an adequate level of data protection through an adequacy decision. For transfers to countries without such a decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized transfer mechanisms.

You can find more information here:

1) if your personal data is transferred to countries/territories with adequacy decision, the cross-border transfer is subject to the mechanism of an adequacy decision. (Art 45 of the GDPR)

2) if your personal data is transferred to other countries/territories, we will evaluate the ability of personal data protection and network security safeguards and take measures from the catalogue set out in (Art 46(2) of the GDPR), such as EEA Standard Contractual Clauses (SCCs) and/or UK International Data Transfer Agreement (IDTA).

You can obtain copies of the applicable safeguards from us by sending a respective request to the contact details outlined in Section “Contact us” below.

Sungrow attaches great importance to the security of your personal data and has implemented appropriate technical and organizational measures. The SUNGROW Website will use encryption techniques such as transport layer security protocol (TLS) to protect your personal data during transmission. When we store your personal data, we use computer systems with limited access authority, and these systems are deployed in facilities protected by physical security measures.

To ensure the security of your personal data, we have conveyed to the whole SUNGROW Website team the applicable privacy and security and strictly implement privacy protection measures within the team.

You have the rights to protect your personal data as follows. If you would like to exercise any of the following rights, please contact us as described in Section “Contact us” below.

8.1.  Right of access

According to Art 15 of the GDPR, you have the right to receive information about your personal data processed by us upon request.

8.2. Right to rectification

According to Art 16 of the GDPR, you have the right to update or correct your personal data in order to make it accurate.

8.3. Right to erasure

According to Art 17 of the GDPR, you have the right to delete your personal data from our records subject to the following conditions:

1) the respective processing purpose has been achieved;

2) we have unlawfully processed your personal data;

3) you have withdrawn your consent for a certain type of data processing without another legal basis applying to the data processing;

4) you have successfully objected to the data processing;

5) in cases where there is an obligation to delete personal data on the basis of applicable law; or

6) the personal data have been collected in relation to the offer of information society services referred to in Art 8 (1) of the GDPR.

Account Cancellation:

You can request the cancellation and deletion of your account by contacting our service email at media@mkt.sungrowpower.com. Following your request for account cancellation, we will retain your account data for a limited period (e.g., 90 days) for internal analysis purposes, such as aggregated statistical reporting on user churn and website performance metrics, before initiating the final deletion process. This analysis will be conducted using pseudonymised or aggregated data where possible to protect your identity.

8.4. Right to restriction of processing

According to Art 18 of the GDPR, you have the right to request us to restrict the processing of your personal data under the following conditions:

1) the accuracy of your personal data is contested;

2) you request limited processing instead of deletion under the conditions of a justified right of deletion;

3) the data is no longer required for the purposes pursued by us, but you need the data to assert, exercise or defend legal claims; or

4) the success of an objection is still disputed.

8.5. Right to data portability

According to Art 20 of the GDPR, you have the right to receive from us all the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Furthermore, you have the right to request us to forward this personal data to another Controller under the following conditions:

1) the data processing is based on consent (Art 6 (1) (a) of the GDPR) or the contract (Art 6 (1) (b) of the GDPR); or

2) the processing is carried out by automated means.

8.6. Right to object

According to Art 21 of the GDPR, you have the right to object to us processing your personal data in certain circumstances. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are otherwise legally prevented from disclosing such information.

Unsubscribe from Marketing:

You can unsubscribe from our marketing email at any time by clicking the “Unsubscribe” link found at the bottom of every marketing email.

8.7.  Right to withdraw your consent

According to Art 7 (3) of the GDPR, you have the right to withdraw any consent given to us at any time. If you withdraw a consent, we are no longer allowed to continue the data processing which was the subject of the withdrawn consent in the future. This does not affect the legality of the processing carried out on the basis of the consent up to the point of withdrawal of the consent.

You may withdraw your consent easily, e.g. by contacting us via email at: dpo@sungrow-emea.com. Withdrawing your consent is free of charge and does not affect your other rights under the GDPR.

8.8. Complaints

If you have any concerns about how we process your data, you can contact us as described in Section “Contact us” below.

In the event you still have unresolved concerns, you also have the right to lodge a complaint with a supervisory authority according to Art. 77 of the GDPR, in particular the data protection authority in the Member State of your habitual residence or place of work. (Please see this directory (https://edpb.europa.eu/about-edpb/board/members) for more details with regard to the local data protection authorities.)

Finally, please note that where we require personal data to comply with legal obligations or to provide you the SUNGROW Website services, the provision of such data is mandatory: if such data is not provided, then we may not be able to manage our business relationship with you, or to meet legal obligations placed on us. In all other cases, provision of requested personal data is optional.

This data is retained only for the period necessary to resolve your inquiry or provide the requested information. Upon your request to delete your personal data, we will erase it, except where we have a legal obligation to retain it.

Sungrow will keep your information only as long as necessary for the duration of any relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this privacy policy.

Our SUNGROW Website services can only be used by persons of legal age and is not designed for access and use by persons under the legal age threshold (“Minors”). Therefore, Sungrow requires that users do not provide any personal data of Minors. Sungrow does not knowingly collect or store any personal data of Minors. If we learn that personal data of Minors has been collected, we will remove such data.

SUNGROW Website may update its privacy policy from time to time. If we make major changes to our privacy policy, we will issue announcements and the updated privacy policy on SUNGROW Website.

For any queries, feedback, complaints and suggestions in relation to the use of SUNGROW Website, please contact us by using the following contact details of our data protection officer: dpo@sungrow-emea.com.