Sungrow takes the protection of your personal data very seriously and strictly complies with the applicable data protection laws and regulations, in particular with the provisions of the General Data Protection Regulation (GDPR). Please find below information on how we collect and use your personal data when you use our website or are in direct contact with our staff. You may access this policy at any time on our website.
1. DATA CONTROLLER
Service provider and data controller within the meaning of the data protection law is Sungrow Power Supply Co., Ltd., Adr.: No.1699 Xiyou Rd., New & High Tech Zone, Hefei, 230088, China; Tel.: +86 551 6532 7834. Our representative within the European Union within the meaning of Art. 27 GDPR is Sungrow Deutschland GmbH, Balanstraße 59, 81541 München, Tel.: +49 89 324 914 789.
2. YOUR RIGHTS
2.1 You may at any time request information about the data which we hold about you as well as about their origin, recipients or categories of recipients to which such data is forwarded and about the retention purpose.
2.2 You may request an immediate correction of incorrect personal data related to you or a restriction of processing. Taking into account the processing purposes, you are also entitled to request a completion of incomplete personal data - also by means of a supplementary declaration.
2.3 You are entitled to receive the respective personal data provided to us in a structured, common and machine-readable format and you are entitled to transmit such data to other data controllers without restriction if the processing was based on your consent or if the data was processed by means of automated procedures.
2.4 You may request that personal data about you is immediately erased. We are, inter alia, obliged to erase such data if it is no longer required for the purpose for which it was collected or otherwise processed or if you withdraw your consent.
2.5 You may withdraw your consent to the use of your data at any time.
2.6 You have the right to object to the processing of your personal data where we process your personal data on the basis of legitimate interests.
2.7 Please send any requests for information, data subject access requests or objections to the data processing by email to firstname.lastname@example.org or to the address specified under Sec. 1.
2.8 In case of data protection violations, you have the right to file a complaint with the competent supervisory authority.
3. DATA SECURITY AND DATA PROCESSING IN NON-MEMBER COUNTRIES
3.1 As we are a globally operating company, your personal data will be collected and stored in the People's Republic of China (PRC).
3.2 We have taken technical and organisational security measures in order to protect your data held by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Your data is transmitted in an encrypted form; we use the encryption TLS 1.2.
4. COLLECTION OF PERSONAL DATA IN CASE OF USE FOR INFORMATION PURPOSES, COOKIES
4.1 If the website is used for information purposes only, i.e. if you do not contact us beyond using our website or otherwise transmit information to us, we collect usage data which is automatically transmitted by your browser in order to enable you to visit the website. Such storage of data exclusively serves system-related and statistical purposes (on the basis of Art. 6 para. 1 lit. b) GDPR) as well as, in exceptional cases, to report criminal offences (on the basis of Art. 6 para. 1 lit. e) GDPR).
4.2 Moreover, cookies are stored on your computer when using the website. Cookies are small text files which are stored on your hard drive allocated to the browser used by you which provide the party placing the cookie (in this case us) with certain information. Cookies do not damage your computer and do not contain any viruses. Cookies serve the purpose of making our services more user-friendly, effective and secure. For the most part, the cookies that we use are "session cookies". These cookies are deleted automatically at the end of your visit of our website. Other cookies remain on your terminal device until being deleted. These cookies enable us to recognise your browser on your next visit.
4.4 This information will be stored separately from any other data which we may have been provided with. In particular, the cookie data will not be linked to your other data.
5. COLLECTION AND PROCESSING OF PERSONAL DATA WHEN CONTACTING US AND FOR ADVERTISING PURPOSES
5.1 Your personal data (e.g. your name, phone number and email address) will be collected and processed if you explicitly provide us with such data for contact purposes. The use of this personal data exclusively serves the purpose of processing your request and is based on Art. 6 para. 1 lit. a) and lit. f) GDPR.
5.2 Your personal data will only be used for advertising purposes subject to your previous consent and based on Art. 6 para. 1 lit. a) GDPR. The data provided to us by you for the purpose of receiving our newsletter will be stored by us until you unsubscribe from the newsletter and will then be erased.
6. COLLECTION AND PROCESSING OF PERSONAL DATA IN THE PERFORMANCE OF CONTRACTS
6.1 We process your personal data for the purposes of establishing and performing the contractual relationship as well as to comply with statutory requirements. The processing is based on Art. 6 para. 1 lit. f) GDPR (our legitimate interest is the communication with the customer's contact person). The processing is furthermore based on Art. 6 para. 1 lit. c) GDPR as we may have a statutory obligation to store personal data, e.g. in situations of relevance under tax or trade law.
7. COLLECTION AND PROCESSING OF PERSONAL DATA IN CASE OF APPLICATIONS
7.1 We furthermore collect personal data when you apply for a position with us. The processing of this personal data by us is required for the performance of the recruiting process, including setting up an electronic job applicant file, managing your application, organising interviews – in short, the processing is necessary for us to enter into an employment contract with you. The processing is based on Art. 6 para. 1 lit. b) GDPR.
8. RECIPIENTS/CATEGORIES OF RECIPIENTS OF PERSONAL DATA, DATA TRANSFERS TO NON-MEMBER COUNTRIES
8.1 Your data will be shared with third parties if this is necessary to perform the contract, e.g. to banks for the processing of payments or to public authorities or agencies. In individual cases, data may also be transmitted to collection service providers, lawyers and courts.
8.2 Furthermore, we use service providers for commissioned data processing whom we have instructed with the data processing within the scope of this privacy notice, e.g. within the framework of our website's technical infrastructure. In this context, our technical service providers may also be located outside the EU/EEA. Steps will however be taken to put in place safeguards (including around security) to protect your personal data when it is located in such other countries. This may include the use of European Model Clause Contracts wherever required under the applicable law. Information about European Model Clause Contracts is available online at: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. Please let us know if you have any questions or would like to receive a copy (see below for contact details).
9. RETENTION PERIOD OF PERSONAL DATA
9.1 If your data is no longer needed, it will be erased after expiry of the period for which it is obligatory to preserve records pursuant to tax and commercial law (this can be up to ten years in case of invoices).