Last updated: June 2020

Sungrow takes the protection of your personal data very seriously and strictly complies with the applicable data protection laws and regulations, in particular with the provisions of the EU General Data Protection Regulation (GDPR). Please find below information on how we collect and use your personal data when you use our website or are in direct contact with us. You may access this policy at any time on our website. 

1. DATA CONTROLLER

Website operator and Data controller within the meaning of the GDPR is Sungrow Power Supply Co., Ltd., Adr.: No.1699 Xiyou Rd., New & High Tech Zone, Hefei, 230088, China; Tel.: +86 551 6532 7834 (“Sungrow”, “we”, or “us”). 

Our representative located in the European Union within the meaning of Art. 27 GDPR is Sungrow Deutschland GmbH, Balanstraße 59, 81541 München, Tel.: +49 89 324 914 789.

2. YOUR RIGHTS

2.1 You generally have the below individual’s rights, i.e. to ask us:

• for access to and a copy of your personal data that we hold (Art. 15 GDPR)

• that some of your personal data is provided to you or sent to another data controller in a commonly used, machine readable format (Art. 20 GDPR)

• to update or correct your personal data in order to make it accurate (Art. 16 GDPR)

• to delete your personal data from our records in certain circumstances (Art. 17 GDPR)

• to restrict the processing of your personal data in certain circumstances (Art. 18 GDPR)

And you may also have a right:

• to object to us processing your personal data in certain circumstances (e.g. in case we process your data for direct marketing purposes - Art. 21 GDPR).

2.2  These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent.

2.3  If you want to exercise your rights regarding your personal data, please send any requests for information, data subject access requests or objections to the data processing by email to data-protection@sungrow.co or to the address specified under Sec. 1.

2.4  We hope that we can satisfy any queries you may have about the way we process your data. In the event you still have unresolved concerns, you also have the right to lodge a complaint with a supervisory authority according to Art. 77 GDPR, in particular the data protection authority in the Member State of your habitual residence or place of work.

2.5  Finally, please note that where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. 

3.  INTERNATIONAL TRANSFERS AND DATA SECURITY 

3.1  As we are a globally operating company the data that we collect from you may be transferred and stored by us or our service provider(s) outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA (in our case in the People's Republic of China (PRC)) who works at Sungrow or for one of our suppliers. Where information is transferred outside the EEA, and where this is in a country that is not subject to an adequacy decision by the EU Commission, data is adequately protected by EU Commission approved standard contractual clauses, a Privacy Shield certification or a vendor's Processor Binding Corporate Rules. Please let us know if you have any questions or would like to receive a copy of the relevant documents (see below for contact details).

3.2  Our Sites may, from time to time, contain links to other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for the processing on these websites. Please check the policies of these websites before you submit any personal data to these websites.

3.3  We have taken technical and organisational security measures in order to protect your data held by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Your data is transmitted in an encrypted form; we use the encryption TLS 1.2.

4.  COLLECTION OF PERSONAL DATA IN CASE OF USE OF OUR WEBSITE FOR INFORMATION PURPOSES

4.1  If the website is used for information purposes only, i.e. if you do not contact us beyond using our website or otherwise transmit information to us, we collect data which is automatically transmitted by your browser in order to enable you to visit the website. Such storage of data exclusively serves system-related and statistical purposes (on the basis of our legitimate interests according Art. 6 para. 1 lit. f) GDPR) as well as, in exceptional cases, to report criminal offences (on the basis of Art. 6 para. 1 lit. e) GDPR).

We may automatically collect the following data from you:

• technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, the type of device, browser and version, and operating system and platform; and

• information about your visit, including the full Uniform Resource Locators (URL), page response times and download errors.

We also may collect personal data by cookies as outlined below (see Section 10 “Cookies Policy” below. 

5.  COLLECTION AND PROCESSING OF PERSONAL DATA WHEN CONTACTING US AND FOR ADVERTISING PURPOSES

5.1  Your personal data (e.g. your name, phone number and email address) will be collected and processed if you explicitly provide us with such data for contact purposes. The use of this personal data exclusively serves the purpose of processing your request and is based on Art. 6 para. 1 lit. lit. f) GDPR.

5.2  Your personal data will only be used for advertising purposes subject to your previous consent according to Art. 6 para. 1 lit. a) GDPR. The data provided to us by you for the purpose of receiving our newsletter will be stored by us until you unsubscribe from the newsletter and will then be erased subject to legal retention obligations.

5.3     The use of Sendinblue as our newsletter tool for collecting user's data are based on the following:

1. To deliver targeted advertising to users, in order to develop and display personalized and relevant advertising content.

2. To determine the effectiveness of promotional campaigns in order to support marketing activities.

3. To identify usage trends to enable us analyse how our services are used so we can improve them to engage and retain users.

4. To protect our Services, diagnose problems and/or prevent fraudulent activities.

5. To request feedback and understand how our users use our products and services, so we can improve our user's experience.

6. To send users marketing and promotional communications, in order to inform users about special offers and discounts on our products and services.

6.  COLLECTION AND PROCESSING OF PERSONAL DATA FOR THE PERFORMANCE OF CONTRACTS

6.1  We process your personal data (e.g. your name, email address, postal address, telephone number, country, business sector, company name, business interests) for the purposes of establishing and performing the contractual relationship as well as to comply with statutory requirements. The processing is based on Art. 6 para. 1 lit. a) GDPR (communication with the customer's contact person as necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract). The processing is furthermore based on Art. 6 para. 1 lit. c) GDPR as we may have a statutory obligation to store personal data, e.g. in situations of relevance under tax, trade law or fraud prevention.

7.  COLLECTION AND PROCESSING OF PERSONAL DATA IN CASE OF APPLICATIONS

7.1  We furthermore collect personal data when you apply for a position with us. The processing of this personal data by us is required for the performance of the recruiting process, including setting up an electronic job applicant file, managing your application, organising interviews – in short, the processing is necessary for us to enter into an employment contract with you. The processing is based on Art. 6 para. 1 lit. b) GDPR. You can find more details on the processing of your personal data in connection with your application in our [Privacy Announcement for Applicants] which we will provide you separately in due time.

8.  RECIPIENTS/CATEGORIES OF RECIPIENTS OF PERSONAL DATA

8.1  We may share your personal data with affiliates of Sungrow (meaning any company, corporation or other Sungrow entity listed hereunder [PLEASE INSERT HYPERLINK TO WEBPAGE WITH NAMES OF GROUP ENTITIES] for the improving our customer relationships and handling of your requests related to specific countries. 

8.2  Personal data may be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of our legitimate interests in compliance with applicable laws. Personal data may also be shared with third party service providers (like event partners, distributors, Engineering, procurement and construction (EPC) customers), who will process it on behalf of Sungrow for the purposes above.  

8.3  Furthermore, we use service providers for commissioned data processing whom we have instructed with the data processing within the scope of this privacy notice, e.g. within the framework of our website's technical infrastructure (like suppliers for conducting email marketing, event planning and management, and website design and creation). In this context, our technical service providers may also be located outside the EU/EEA. Where your data is transferred outside the EEA, and where this is in a country that is not subject to an adequacy decision by the EU Commission, your data is adequately protected like described above under section 3.

9.  RETENTION PERIOD OF PERSONAL DATA

9.1  Where you are a customer, we will keep your data for the duration of any contractual relationship you have with us, and, to the extent permitted, after the end of that relationship for as long as necessary to perform the purposes set out in this notice in accordance with applicable law.

9.2  Where we process personal data with your consent, we process the data until you ask us to stop and for a short period after this (to allow us to implement your requests). We also keep a record of the fact that you have asked us not to process your data so that we can respect your request in future.

9.3  Data about your visits to our websites and where we process personal data for website security purposes, we will retain this data for [6/12] months following your last visit to our website. 

9.4  Laws may require us to store certain data of you for specific legal retention periods (this can be up to ten years in case of invoices). In other cases, we may retain data for an appropriate period after any relationship with you ends to protect us from legal claims (until the end of statutory limitation periods), or to administer our business (e.g. for book keeping and tax obligations). 

10. COOKIES POLICY 

10.1  Our website use cookies. This helps us to provide you with a good experience when you browse our website and at the same time allows us to improve our website. Cookies are small text files which are stored on your hard drive allocated to the browser used by you which provide the party placing the cookie (in this case us) with certain information. Cookies do not damage your computer and do not contain any viruses. Cookies serve the purpose of making our services more user-friendly, effective and secure. For the most part, the cookies that we use are "session cookies". These cookies are deleted automatically at the end of your visit of our website. Other cookies remain on your terminal device until being deleted. These cookies enable us to recognise your browser on your next visit. The use of cookies is now standard for most websites. If you are uncomfortable with the use of cookies, you can manage and control them through your browser, including removing cookies by deleting them from your ‘browser history’ (cache) when you leave the site. See the subsection “How to manage cookies” for further information.

10.2  We use the following categories of cookies:

Necessary cookies

We store cookies on your device if they are strictly necessary for the operation of this website or provision of our services. Necessary cookies in particular help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies. The processing is based on Art. 6 para. 1 lit. f) GDPR

Analytical or performance cookies

These are cookies that are not strictly necessary for the operation of this website or provision of our services, but they enhance the use of Services by remembering certain choices you may make and providing enhanced features. For example, they are used to remember site preferences or choices, such as remembering preferences for language, country, region or other online settings made (e.g. text size, fonts).

These cookies allow us to recognise and count the number of visitors to our Sites and how visitors move around our Sites when they are using them. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

Some analytics and performance cookies are used in connection with services provided by third parties, including the following:

• Google Analytics is a web analytics service provided by Google (please see also the information below). Google Analytics may collect information about your use of the Online Services (including your IP address). Information generated will be transmitted to and stored by Google on servers in the United States of America. For more information, please visit Google's site. Google also provides a browser add-on that allows you to opt-out of Google Analytics across all websites. 

10.3  Before we use cookies which are not strictly necessary for the operation of our website or provision of our services, we obtain consent from you according to Art. 6 para. 1 s. 1 lit. a GDPR. Please also see section “How to manage cookies” below” below.

Use of cookies

How to manage cookies

[You can change your cookie preferences at any time by clicking on the cookie consent management tool on our website. Sungrow's Cookie Consent Manager is a tool that allows you to modify settings related to non-necessary Cookies. It is not possible to modify settings related to Necessary Cookies. You can then adjust the available sliders to ‘On’ or ‘Off’, then clicking ‘Save’. You may need to refresh your page for your settings to take effect. These consent settings are stored in your browser’s local storage, are never (as far as technology permits) transmitted to our servers and do not allow our servers to identify or track individual users.]

Current versions of web browsers also offer enhanced user controls regarding the placement and duration of both first and third party cookies. Search for "cookies" under your web browser's “Help menu” for more information on cookie management features available to you. You can enable or disable cookies by modifying the settings in your browser. You can also find out how to do this, and find more information on cookies at www.allaboutcookies.org. However, if you choose to disable cookies in your browser, you may be unable to complete certain activities on our website or to correctly access certain parts of it. If you would like more information about interest-based advertising, including how to opt-out of these cookies, please visit http://youronlinechoices.eu/.

10.4. Google Analytics: This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". These are text files that are stored on your computer and that allow an analysis of the use of the website by you. We use the information to compile reports and to help us improve the website. The cookies collect specific information, including the number of visitors to the website where visitors have come to the website from and the pages they visited. Please note that the data processing is essentially carried out by Google and Google may use your data collected by Google Analytics for any of its own purposes, such as profiling, and will link it to other data such as any Google Accounts. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Google Analytics cookies are stored and your relevant personal data is processed based on your consent according Art. 6 (1) (a) GDPR. Cookies in connection with Google Analytics have a lifespan of 13 months and will be deleted automatically after that.  

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases the full IP address is sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

We have entered into an agreement with Google for the outsourcing of our data processing and fully implement the strict requirements when using Google Analytics.

You can prevent the collection of your data by Google Analytics with effect for the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser: http://tools.google.com/dlpage/gaoptout?hl=en.

Furthermore, data collection and storage by Google Analytics can be objected to at any time by setting an opt-out cookie, with effect for the future. For this, please click on the following link: Deactivate Google Analytics. By confirming the link, a so-called opt-out cookie is set on your data storage medium. This cookie has a lifetime of 5 years. Please note that, if you delete all cookies from your computer, such opt-out cookie will also be deleted, i.e., if you wish to continue to object to anonymised data collection by Webtrekk, you have to set the opt-out cookie again. The opt-out cookie is set per browser and computer. If you visit our websites from your home and workplace or using different browsers, you have to activate the opt-out cookie for the different browsers or for the different computers.

10.5: Google Tag Manager This website also uses Google Tag Manager. Google Tag Manager is a solution operated by Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) that allows marketed website tags to be managed using an interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not register personal data. The tool causes other tags to be activated which may, for their part, register data under certain circumstances. Google Tag Manager does not access this information. If recording has been deactivated on domain or cookie level, this setting will remain in place for all tracking tags implemented with Google Tag Manager. You can find out more about Google Tag Manager by clicking the following link: http://www.google.de/tagmanager/use-policy.html

11. CHANGES TO OUR PRIVACY POLICY

This Privacy Policy may be updated periodically. Any changes we make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.