Welcome to the SOFAR Energy web or mobile app (hereinafter referred to as "SOFAR Energy"). As you are a registered user of SOFAR Energy, we would like to make you aware of our updated Privacy Policy, which will come into effect on 25 December 2023.
We are committed to protecting the privacy of your personal data and, as part of our privacy practices, we specifically emphasise that this Privacy Policy applies at all times during your use of our Services.
This policy applies to the products and services provided by the SOFAR Energy or the web or mobile APP under the name of Shenzhen SOFARSOLAR Co., Ltd. You can enjoy the services provided by our web or mobile APP, such as querying basic information, getting abnormal alarms, contacting us to get data service at any time, and so on.
If you have any questions, comments or suggestions, please contact us using the contact information below:
Email: service@sofarsolar.com
Telephone: 400-892-5766
We recognise the importance of your personal information and will do our best to keep it safe and secure.
We are committed to maintaining your trust in us by adhering to the following principles to protect your personal information: the principle of consistency of authority and responsibility, the principle of clarity of purpose, the principle of opt-in consent, the principle of minimum necessity, the principle of ensuring security, the principle of subjective participation, the principle of openness and transparency, and so on. At the same time, we are committed to protecting your personal information by adopting appropriate security measures in accordance with the industry's mature security standards.
Please read and understand this Privacy Policy carefully before using our Services in the SOFAR Energy.
We rely on certain information in order to provide and fulfil the services of the SOFAR Energy. By choosing to use the SOFAR Energy, you provide us with, or allow us to collect, the necessary information, and we collect only the personal information that is necessary for the SOFAR Energy, as set forth in the table below:
For the necessary personal information, we will use it to provide that business function, including the SOFAR Energy APP account registration, power plant management, equipment management, and user management functions.
Some of the services in the SOFAR Energy are provided by external vendors. For example, we engage service providers to assist us with customer support. Companies, organisations and individuals with whom we have entrusted the processing of personal information will be bound by strict confidentiality agreements requiring them to process personal information in accordance with our requirements, this Privacy Policy and any other relevant confidentiality and security measures.
We will not share your personal information with any companies, organisations and individuals outside of our company, unless we have your express consent or based on mandatory provisions of laws and regulations. We will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes, and will only share personal information that is necessary to provide the service. The relevant third parties are not authorised to use the shared personal information for any other purpose. We will require them to take relevant confidentiality and security measures to handle the personal information, and to clarify the responsibilities and obligations of the co-operating parties for the protection of your personal information. We may share your personal information externally in accordance with laws and regulations, or in accordance with the mandatory requirements of governmental authorities.
We will not transfer your personal information to any companies, organisations or individuals, except in the following circumstances:
a) Transfer with explicit consent: We will transfer your personal information to other parties with your explicit consent;
b) In the event of a merger, acquisition or insolvency where a transfer of personal information is involved, we will require the new company or organisation holding your personal information to continue to be bound by the Privacy Policy before we require that company or organisation to seek authorised consent from you again.
We will only publicly disclose your personal information in the following circumstances:
a) with your express consent;
b) Disclosure based on law: We may publicly disclose your personal information when required to do so by law, legal process, litigation, or mandatory requirements of governmental authorities.
(一)We have put in place industry standard security measures to protect the personal information you provide against unauthorised access, public disclosure, use, modification, damage or loss of data. We take all reasonably practicable steps to protect your personal information. For example, personal information is anonymised, access rights are controlled, SSL transmission is encrypted, personal information data is encrypted, and other industry-standard security measures are in place.
Anonymisation: The purpose of the security measure that personal information is not identifiable is achieved by masking parts of the personal information collected, such as name, telephone number, email address and contact address.
Access Control: We adopt a series of security measures (e.g. authorisation process approval, segregation of duties, security management system, etc.) to ensure that your personal information is only allowed to be viewed by authorised personnel related to the after-sales service of our products, and that unauthorised personnel do not have the right to access your personal information.
Encryption of transmission: Our after-sales service website only allows access via the encrypted protocol of https, and our SSL certificates are from DigiCert (the world's leading provider of digital trust) to keep your personal information safe during transmission over the web.
Data encryption: Your personal information will be stored in our database in the form of AES encryption to protect the security of your personal information.
(ii) Our data security capabilities: We have an annual information security training plan, and regularly conduct privacy protection and information security awareness training for our employees to ensure that our employees have good security awareness and can better protect customers' personal information; Our company has established an organizational structure of information security management, and constantly improves and improves information security management in organizational, personnel, physical, technical and other aspects.
(c) We will take all reasonably practicable steps to ensure that no irrelevant personal information is collected. We will only retain your personal information for as long as is necessary to fulfil the purposes set out in this policy, unless we need to extend the retention period or are permitted to do so by law.
(d) The Internet environment is not 100 percent secure and we will endeavour to ensure or warrant the security of any information you send to us. If our physical, technical, or managerial safeguards are breached, resulting in unauthorised access to, public disclosure of, alteration of, or destruction of the information, leading to damage to your legitimate rights and interests, we will be held legally liable.
(e) After the unfortunate occurrence of a personal information security incident, we will, in accordance with the requirements of laws and regulations, promptly inform you of: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can independently take to prevent and reduce the risk, and the remedial measures for you. We will promptly inform you of the situation related to the incident by email, letter, phone call, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will take a reasonable and effective way to make a public announcement.
We will also proactively report on the handling of personal information security incidents as required by the regulatory authorities.
In accordance with the relevant Chinese laws and regulations, standards and common practices in other countries and regions, we guarantee that you will exercise the following rights with respect to your personal information:
(i) Access to your personal information
You have the right to access your personal information, subject to the exceptions provided for in laws and regulations.
If you wish to exercise your right of access to the data, you can do so on your own in the following ways:
If you are unable to access this personal information through the above link, you can always use our web form to contact. Or send an email to service@sofarsolar.com.
We will respond to your request for access within thirty days.
For other personal information generated in the course of your use of our products or services, we will provide you with it as long as we do not need to invest too much in it. If you wish to exercise your right of data access Please send an email to service@sofarsolar.com
(ii) Correction of your personal information
You have the right to ask us to correct any personal information we process about you if you discover that it is incorrect. You can make a request for correction in the ways listed under "(i) Access to your personal information".
If you are unable to correct this personal information through the link above, you can always use our web form to contact. Or send an email to service@sofarsolar.com.
We will respond to your request for correction within thirty days.
(iii) Deletion of your personal information
In the following cases, you may make a request to us to delete your personal information:
1. If our handling of personal information violates laws and regulations;
2. If we collect or use your personal information without your consent;
3. If we process personal information in breach of our agreement with you;
4、If you no longer use our products after-sales service, or you cancelled the account;
5、If we no longer provide you with product after-sales service.
If we decide to respond to your request for deletion, we will also simultaneously notify the entities that obtained your personal information from us and ask them to delete it in a timely manner, unless otherwise required by law or regulation, or if those entities have been independently authorised by you to do so. When you delete information from our Services, we may not immediately delete the corresponding information in our backup systems, but will delete the information when the backups are updated.
(iv) change the scope of your authorised consent
The after-sales service we provide for our products requires some basic personal information in order to be completed. You can give or withdraw your consent to the collection and use of additional personal information at any time. You can do this yourself by using the authorisation information on the platform or by contacting the corresponding after-sales service.
When you withdraw your consent, we will no longer process the corresponding personal data. However, your decision to withdraw your consent will not affect the processing of personal data previously carried out on the basis of your authorisation.
(v) Cancellation of accounts by subjects of personal information
You can cancel your previously registered account at any time, either by cancelling your account on the platform or by contacting the corresponding after-sales service. After cancellation of your account, we will stop providing the services in the SOFAR Energy, and delete your personal information upon your request, unless otherwise provided by laws and regulations.
You can cancel your account in the following ways:
1、Webpage: You can logout by clicking the button of applying for logout through the first level menu of Manage/Logout Merchants, and then logout.
2、App.........in Personal Settings/Account Related/Account Security, go to Logout Account, click Confirm Logout, and then logout your account.
(vi) Acquisition of copies of personal information by the subject of personal information
You have the right to obtain a copy of your personal data, which you can do yourself by using the export function of the platform or by contacting the corresponding after-sales service to deal with it for you. Where technically feasible, we may also transfer a copy of your personal information directly to a third party nominated by you at your request.
(vii) Automated decision-making in constraint information systems
In the SOFAR Energy, we may make decisions based solely on non-human, automated decision-making mechanisms, including information systems, algorithms, and the like. If these decisions significantly affect your legitimate interests, you have the right to ask us for an explanation and we will provide appropriate remedies.
(viii) Responding to your request above
For security purposes, you may be required to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.
We will respond within thirty days. If you are not satisfied, you can file a complaint through the following channels: service@sofarsolar.com
In principle, we do not charge fees for reasonable requests, but for requests that are repeated or more than reasonable, we will charge a fee for the cost according to situation. We may refuse requests that are unnecessarily repetitive, require excessive technical means, pose a risk to the legitimate rights and interests of others, or are highly impractical.
We will not be able to respond to your request in the following circumstances:
1. Related to the fulfilment by the controller of personal information of the obligations stipulated in laws and regulations;
2. Those directly related to national security and defence security;
3. Directly related to public safety, public health, and significant public interests;
4. Directly related to criminal investigation, prosecution, trial and execution of judgements;
5. If the controller of the personal information has sufficient evidence that the subject of the personal information has subjective malice or has abused his or her rights;
6. For the purpose of safeguarding the life, property and other significant legitimate rights and interests of the subject of personal information or other individuals, but it is difficult to obtain the consent of the person himself/herself;
7. Responding to a request from a subject of personal information will result in serious damage to the legitimate rights and interests of the subject of personal information or other individuals or organisations;
8. Involving trade secrets.
The SOFAR Energy and services are primarily intended for adults. Children should not create their own personal information subject accounts without parental or guardian consent. In cases where personal information about children is collected with parental consent, we will only use or publicly disclose this information as permitted by law, with the express consent of the parent or guardian, or as necessary to protect the child.
Although local laws and customs define a child differently, we consider any person under the age of 14 to be a child.
If we become aware that personal information of children has been collected without prior verifiable parental consent, we will endeavour to delete the relevant data as soon as possible.
In principle, the personal information we collect and generate in the People's Republic of China will be stored in the People's Republic of China.
Because we provide our products or services through resources and servers located around the world, this means that, with your authorised consent, your personal information may be transferred to, or accessed from, jurisdictions outside the country in which you use the product or service.
Such jurisdictions may have different data protection laws, or even no laws at all. In such cases, we will ensure that your personal information receives sufficiently equivalent protection in the People's Republic of China. For example, we may request your consent for cross-border transfers of personal information or implement security measures such as data de-identification prior to cross-border data transfers.
If you request us to transfer your personal information collected by us to countries or regions outside of China and the European Union, you may be required to provide the relevant data protection laws or regulations of the country or region to ensure that the cross-border transfer of the information complies with the relevant local laws and regulations. If you firmly request us to carry out cross-border transfer of information without proving that the cross-border transfer of information complies with the relevant local data laws and regulations, we have the right to refuse and stop providing services to you. If you provide us with inaccurate information that causes the cross-border transfer of information to violate the relevant local data protection laws and regulations, the loss caused by this shall be borne by you, and we have the right to claim compensation from you for any loss caused by this.
Our personal information protection policy is subject to change. We will not reduce your rights under this Personal Information Protection Policy without your express consent. We will post any changes to this policy on this page and will also archive an older version of this policy for your review.
For material changes, we will also provide more prominent notice (including, for certain services, email notices describing the specific changes to the Personal Information Protection Policy). Material changes within the meaning of this policy include, but are not limited to:
1. Significant changes in our service model. For example, the purpose of processing personal information, the type of personal information processed, and how personal information is used;
2. We experience significant changes in our ownership structure, organisational structure, etc. Such as changes in ownership caused by business restructuring, bankruptcy and mergers and acquisitions;
3. Changes in the primary recipients of personal information to be shared, transferred or publicly disclosed;
4. Significant changes in your right to participate in the processing of personal information and the manner in which it is exercised;
5. In the event of a change in the department responsible for handling the security of personal information, our contact details and complaint channels;
6. When the personal information security impact assessment report indicates a high risk.
If you have any questions, comments or suggestions regarding this privacy policy, please contact us at service@sofarsolar.com
We have a dedicated department for the protection of personal information, which can be contacted in the following ways: it@sofarsolar.com
Normally, we will respond within thirty days.