SolarPilot Energy GmbH., which has its legal headquarters at Arndtstrasse 27b, 22085 Hamburg, Germany, and its affiliates (hereinafter referred to as ‘SolarPilot” or ‘we’) is the Data Controller for processing the personal data you provided through our SolarPilot Application (hereinafter referred to as ‘APP’).
We highly value the protection of your personal data and related privacy rights and are committed to providing you with a secure and satisfactory experience. This policy explains how we collect, use, disclose, process, and protect the personal data that you authorize us to collect or that we actively collect when you use our website. If our website, products, or services, have separate Personal Data Protection Policy or Privacy Policy, those separate policies will take precedence. For sections not specified in the separate policies of the application, products, or services, this policy will apply.
This policy will help you understand the following:
a)To assist the service providers of SolarPilot in account registration and login, we will process the following personal data:
| Processing Activities | Types of Personal Data | Purposes | Legal Basis |
| To assist you with registering and logging into our system platform account | Account name Login password Email or mobile number Generated account ID Name Company name County or region of the company Profile picture | To activate an account for you on our system platform and verify the authenticity of service provider users | Based on your consent |
| To assist you in managing your account, we will help you set up sub-account | Account name Email or mobile number Generated account ID Company name County or region of the company Account role Profile picture | To enable a sub-account for you on our system platform and assist you in managing the status of your sub-account’s power station | Based on your consent |
| To assist you with power station management and northbound management | Contact person’s name Contact person’s email Contact person’s mobile number Your company address and postal code | To assist you in maintaining the power station and northbound queries for third-party users | Based on your consent |
b)If you are a property owner, the service provider of SolarPilot may assist you in opening your property owner account or guide you to open the account by yourself. In order to help you register and log in as a property owner, we will process the following personal data:
| Processing Activities | Types of Personal Data | Purposes | Legal Basis |
| To assist you as an owner-user with the management of your power station | Account name Generated account ID Login password Email or mobile number Country or region where the property owner is located Power station address Profile picture | To activate an account for you on our system platform and verify the authenticity of service provider users | Based on your consent |
c)Based on the above two business scenarios, we will also process relevant device information associated with you. Please note that this device information is not identifiable and does not constitute your personal data.
| Scenarios | Involved device information | Purposes |
| When providing photovoltaic safety analysis and early warning response functions | Data of power station device | To identify potential security issues in the system, corresponding alarm messages will be pushed within the system |
| When you create a power station | Picture of power station | To assist in the assessment of energy device safety |
| When you use the device management feature | SIM card number of the device | 4G communication support for devices |
| When you use device debugging or website construction wizard functions | Your terminal’s GPS location information | To locate the current terminal’s area in order to recommend device upgrade packets suitable for that region and electrical grid standard codes, and for setting the latitude and longitude information of the inverter, so as to display the position of the inverter on the management system |
In order to ensure the proper functioning and secure, stable operation of our APP, we will request or utilize the following permissions related to the operating system:
Android Operating System Application Permissions List
| Permission Name | Permission Function Descriptions | Scenarios and Purposes |
| CAMERA | To take photos and videos, complete scanning QR codes | To complete photography for assisting you in taking photos of energy storage devices, power station images, scanning QR codes to add power stations, and uploading detailed physical layout diagrams |
| PHOTO | Access to your photo album | To uploading photos of the equipment taken, power station images, detailed diagrams of the physical layout, power station pictures, and your account profile picture |
| ACCESS_FINE_LOCATION | Obtaining precise geographical location information through the Global Positioning System (GPS) or network-based location information (such as cell towers and WLAN) | To manually turn on location services and find nearby charging stations |
| READ_EXTERNAL_STORAGE | Provide the functionality to read data from the phone’s storage space | To read images, documents, and other content from storage, primarily for the purpose of recording crash log information (if any) and other functionalities. (Only for Android 4.4 and below versions.) |
| WRITE_EXTERNAL_STORAGE | Provide the functionality to write to external storage | To write, download, save, modify, delete images, files, crash logs, etc. (Only for Android 4.4 and below versions.) |
| Clipboard | Access clipboard contents | Copy text content |
| Location | Approximate location | For local weather data display |
| Photos and videos | Photos | For power station image upload and analysis |
| Device or other IDs | Device or other IDs | For account security risk control |
IOS Operating System Application Permissions List
| Permission Name | Permission Function Descriptions | Scenarios and Purposes |
| NSPhotoLibraryAddUsageDescription | Add content to the photo album | To write, download, save, modify, delete images, files, crash logs, and other information |
| NSPhotoLibraryUsageDescription | Read the contents of the photo album | To read images, documents, and other content stored on the device, mainly for uploading physical layout drawings of the equipment and uploading your account profile picture |
| NSCameraUsageDescription | Use camera | To assist you in capturing physical layout diagrams of equipment, completing the scanning of QR codes, and other related functions that require this permission |
| NSLocationWhenInUseUsageDescription | Obtain geolocation only when the APP is in use | To fulfill security assurances as well as related functions based on geographic location services |
a)Sharing with processors
Our services may involve entrusting third-party suppliers to process your personal data. For example, we may hire service providers to assist us in providing customer support. We also commission solar equipment providers for the installation, operation, and maintenance of the devices.
We will sign strict data processing agreements with companies who we entrust to process personal data. We require them to process personal data in accordance with our requirements, this policy, and other relevant confidentiality and security measures.
b)Sharing with other companies
We will share personal data in the following circumstances:
1. We will share personal data among group companies or affiliated companies. We will only share your personal data within group companies or affiliated companies for specific, clear, and legitimate purposes, and only disclose the information necessary to provide services.
2. To comply with applicable laws, regulations, legal procedures, or legitimate government requests, to enforce our terms of use, other agreements, policies, and standards, including investigating potential violations, protecting our rights, property, or safety, conducting risk management, screening, and investigating illegal, fraudulent, deceptive, or malicious activities, we will share your personal data.
c)Transfer your personal data
We will not transfer your personal data to any company, organization, or individual, except in the following circumstances:
1. Transfer with your consent: After obtaining your consent, we will transfer your personal data to other parties.
2. In the event of a merger, acquisition, or bankruptcy liquidation, if personal data transfer is involved, we will require the new company or organization holding your personal data to continue to be bound by this policy, otherwise, we will require the company or organization to seek your consent again.
d)Disclosure your personal data
We will only disclose your personal data in the following circumstances:
1. After obtaining your explicit consent;
2. Based on legal disclosure: In the event of legal, legal procedures, litigation, or government department requests, we may disclose your personal data.
As an international company, we operate globally, which means that personal data may be transferred, stored, and processed outside of the country or region where it was initially collected, in our affiliates, subsidiaries, or service providers, business partners located in other countries of the organization, or are accessed from these countries. The applicable laws in the countries and regions where we operate may differ from the laws applicable to your country of residence. We will protect your personal data in accordance with its policy wherever it is processed and takes appropriate contractual or other steps to protect it under applicable laws. We will delete or anonymize your personal data within seven days of the successful cancellation of your account, unless otherwise stipulated by laws and regulations.
If personal data of users in the EEA, Switzerland, or the UK is being transferred to a recipient located in a country outside the EEA, Switzerland, or the UK, which has not been recognized as having an adequate level of data protection, we ensure that the transfer is governed by the European Commission’s standard contractual clauses. If you would like further details on the safeguards we have in place under the data transfer, you can contact us as described in How can you contact us section.
We promise that, unless otherwise stipulated by laws and administrative regulations, the storage time of your personal data will always be within a reasonable and necessary period. According to relevant laws, regulations, and industry regulatory authorities, we should comply with the minimum storage time requirements. After the storage period has expired, we will delete or anonymize your personal data. If we terminate our services or operations, we will notify you in advance and delete or anonymize your personal data after the termination of services or operations, except as otherwise required by national laws, regulations, normative documents, government policies, orders, or for the purpose of fulfilling our legal obligations.
1. We have used security measures that comply with industry standards to protect the personal data you provide, to prevent unauthorized access, disclosure, use, modification, damage, or loss of data. We will take all reasonable and feasible measures to protect your personal data. We will take specific measures, including the use of SSL/TLS encryption, to ensure that your personal data is securely transmitted from your browser to our network system.
2. We operate a secure data network protected by industry-standard security controls and systems, such as firewalls, intrusion detection systems (IDS), data encryption, and password protection systems. We will regularly review and enhance our company’s security and privacy policies as needed, and only authorized personnel can access the information provided by our users.
3. We will take all reasonable and feasible measures to ensure that irrelevant personal data is not collected. We will only retain your personal data for the period necessary to achieve the purposes described in this policy unless an extension of the retention period is required or permitted by law.
4. The internet environment is not 100% secure, and we will do our best to ensure or guarantee the security of any data you send to us. If our physical, technical, or managerial protection facilities are compromised, resulting in unauthorized access, disclosure, tampering, or destruction of information, and causing damage to your legitimate rights and interests, we will assume corresponding legal responsibilities.
5. After an unfortunate personal data incident, we will promptly inform you in accordance with legal and regulatory requirements: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, suggestions for you to take preventive measures and reduce risks, and remedial measures for you. We will inform you of the relevant situation of the incident by email, letter, phone, push notification, etc. If it is difficult to inform each data subject one by one, we will adopt reasonable and effective methods to make announcements.
6. At the same time, we will proactively report the disposal of personal data incidents to regulatory authorities as required.
You have the following rights regarding your personal data. To exercise such rights outlined in this section, you can contact us using the contact details provided in How can you contact us section.
When making a request regarding your personal data, please specify which right you are exercising and which data it concerns. Note that your rights are not absolute and may be withheld in accordance with applicable data protection laws. If your request is rejected, you will be informed of the reasons for doing so. Your communications may be recorded to help resolve any issues arising from your request. We will process your request as soon as possible and provide you with information on actions taken within one month of receiving your request.
a)Your right to access, rectification, erasure, restriction of processing and data portability
You have the right to request access to your personal data, seek the rectification or erasure of your personal data, and request the restriction of the processing, within the limits of applicable data protection laws. Additionally, you have the right to receive the personal data you have submitted in a structured, commonly used, and machine-readable format, and to transmit such data to another controller without hindrance, within the limits of applicable data protection laws. We will communicate rectification or erasure of your personal data to each recipient to whom the personal data have been disclosed unless this is impossible or involves disproportionate effort.
You can access and rectify your account name, password, email, phone number, and profile picture by navigating to “System” > “Accounts”.
b)Your right to object
If applicable and in accordance with data protection legislation, you have the right to object to the processing of your personal data at any time, on grounds relating to your situation, unless there are compelling legitimate grounds for such processing which override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims. However, you have an absolute right to object to the processing of your personal data for direct marketing purposes at any time.
c)Cancel your account
You can navigate to “System” > “Account Management” > “Account Cancellation” and, after thoroughly reading the account cancellation considerations, you may request to cancel your account. We will verify your identity by sending a verification code to your phone number or email. Once your identity is confirmed, we will proceed with the account cancellation for you.
Please be aware that once the cancellation is complete, we will process your request and either delete or anonymize your personal data within seven days. We ask that you do not log into your account during this seven-day period to ensure the cancellation is completed smoothly. If you use your account name and password to log in again within these seven days, your cancellation request will become invalid, and you will need to apply for cancellation again.
d)Your right to lodge complaint with supervisory authority
You have the right to lodge a complaint with a supervisory authority, in particular in the country of your residence, your place of work or of the place of the alleged violation. Click here for a list of supervisory authorities.
Our products, website, and services are mainly aimed at adults. Minors under the age of 13 should not create their own data subject accounts without the consent of their parents or guardians. If you are a parent or guardian and you believe that your minor has submitted personal data to us, please contact us through the contact information provided in this policy so that we can take appropriate action.
To provide you with services, we may access software development kits (SDKs) and Application Programming Interface (APIs) provided by third parties. We will evaluate the legality, legitimacy, and necessity of the information collected by these third parties and require them to take protective measures for your personal data. However, please note that this policy does not apply to the products or services provided by these third-party SDKs and APIs. We strongly recommend that you take the time to read the privacy policy of these third-party SDKs and APIs to understand how they handle your personal data.
| Third-party Name | Product/Type | Shared Information | Purpose of Use | Privacy Policy Link |
| Google Map | Map service | Location | Show the location of the power station on the map page | https://policies.google.com/privacy |
| Open Weather | Weather service | Location | Show the weather of the power station | https://openweather.co.uk/privacy-policy |
According to the applicable laws, regulations, and the needs of service operations, we will make modifications to this policy from time to time. Without your explicit consent, we will not reduce the rights you should enjoy under this policy. We will post any changes to this policy on the corresponding pages of the services we provide. When significant changes occur to this policy, we will also notify you in a prominent manner.
The “significant changes” in this policy include but are not limited to:
a)Significant changes in our service model, such as the purpose of processing personal data, the types of personal data processed, and the way personal data is used;
b)Significant changes in our ownership structure and organizational structure, such as changes in ownership caused by business adjustments, bankruptcy, mergers and acquisitions, etc.;
c)The main objects of personal data sharing, transfer, or disclosure change;
d)Significant changes in your rights to participate in personal data processing and the way they are exercised;
e)Changes in the department responsible for protecting personal data security, contact methods, and complaint channels;
f)When the personal data impact assessment report indicates a high risk.
If we make changes to this policy, we will publish the changed policy and update the “update date” at the top of this policy.
If you have questions about your personal data processing, we suggest first reviewing this Privacy Statement. For inquiries, concerns, or to exercise your data subject rights, contact us at privacy@solarpilot.com. We prioritize your privacy and aim to respond within a month or as stipulated by the relevant local privacy protection law once your identity is confirmed. If you feel your concerns are not adequately addressed, you have the right to file a complaint with a competent supervisory authority according to the section Your right to lodge complaint with supervisory authority in this policy.