Privacy Policy
Welcome to the SOFAR Monitor website or mobile app (hereinafter
referred to as "SOFAR Monitor"). As you are a registered user of
SOFAR Monitor, we would like to let you know about our updated
Privacy Policy, which will come into effect on 4 September
2023.
We are committed to protecting the privacy of your personal data
and, as part of our privacy practices, we specifically emphasize
that this Privacy Policy applies at all times during your use of our
Platform.
This policy applies to the products and services provided by the SOFAR
monitoring software platform or web version or mobile APP under the
name of Shenzhen SOFARSOLAR Co., Ltd. You can use the functions of our
APP or website application to enjoy the services, such as knowing the
basic information of the power plant you have created at any time,
being informed of the abnormal alarm information of the power plant,
and contacting us at any time to provide the service of the data of
the power plant for you, and so on.
Last updated: August 2023.
If you have any questions, comments or suggestions, please contact
us using the contact information below:
Email: service@sofarsolar.com
Telephone: 400-892-5766
-
Rules for the Collection and Use of Personal Information on the
SOFAR Cloud Monitoring Platform
- How we protect your personal information
- Your Rights
- how we handle children's personal information
- How your personal information is transferred globally
- How this policy has been updated
- How to contact us
We recognize the importance of your personal information and will
do our best to keep it safe and secure.
We are committed to maintaining your trust in us by adhering to the
following principles to protect your personal information: the
principle of lawfulness, fairness and transparency, the principle of
purpose limitation, the principle of data minimization, the
principle of accuracy, the principle of storage limitation, the
principle of integrity and confidentiality and so on. At the same
time, we are committed to protecting your personal information by
adopting appropriate security measures in accordance with the
industry's mature security standards.
Please read and understand this Privacy Policy carefully before
using our SOFAR Cloud Monitoring Platform and Services.
Rules for the collection and use of personal information for business
functions
1、What personal information we collect about you
We rely on necessary personal information in order to provide and
fulfil the Bumiputra Cloud Monitoring Platform and Services. By
choosing to use the SOFAR Cloud Monitoring Platform, you provide us
with, or allow us to collect, the necessary information, and we
collect only the personal information that is necessary for the
SOFAR Cloud Monitoring Platform and Services, as set forth in the
table below:
Service
Personal Information
APP Account Registration
User's mobile phone number and email address, user's password,
user's name, and country or region
Power Station Management
Name of power station, location of power station
Equipment Management
Device SN number
User Management
User name, user password, user's mobile phone number and email
address
2、How we use your personal information
For the necessary personal information, we will use it to provide
the business function, including SOFAR Cloud Monitoring Platform APP
account registration, power plant management, equipment management,
and user management functions.
Service
Personal Information
Use
APP Account Registration
User's mobile phone number and email address, user's password,
user's name, and country or region
In the scenario where users take the initiative to request new
accounts or roles, assist users to complete account creation; in
the case where users lose or forget their passwords, assist
users to complete the account password reset; in the scenario
where users take the initiative to request opening of an API
account or locating related issues, BASF needs to assist in
completing the opening of an API account, logging in, debugging
of data, and increasing the number of associated power stations
in an API account, and other operations
Power Station Management
Name of power station, location of power station
Answer customer queries or provide services requested by users,
and perform bug location and data repair in the power station
when bugs occur in the platform.
Equipment Management
Device SN number
After-sales personnel remotely view and operate the equipment to
repair faults or improve product performance.
User Management
User Management User name, user password, user's mobile phone
number and email address
Manage users.
3、How we entrust the processing, sharing, transfer, public disclosure
of your personal information
(1) Commissioning
Some of the services in the First Flight Cloud Monitoring Platform
are provided by external vendors. For example, we engage service
providers to assist us with customer support.
Companies, organizations and individuals with whom we have
entrusted the processing of personal information will be bound by
strict confidentiality agreements requiring them to implement
appropriate technical and organizational measures to process
personal information in accordance with applicable laws and
regulations, this Privacy Policy and any other relevant
confidentiality and security measures.
(2) Sharing
We will not share your personal information with any companies,
organizations and individuals outside of our company, unless we have
your express consent or based on mandatory provisions of laws and
regulations.
We will only share your personal information for lawful,
legitimate, necessary, specific, and explicit purposes, and will
only share personal information that is necessary to provide the
service. The relevant third parties are not authorized to use the
shared personal information for any other purpose. We will require
them to take relevant confidentiality and security measures to
handle the personal information, and to clarify the responsibilities
and obligations of the co-operating parties for the protection of
your personal information.
We may share your personal information externally in accordance with
laws and regulations, or in accordance with the mandatory
requirements of governmental authorities.
(3) Transfers
We will not transfer your personal information to any companies,
organizations or individuals, except in the following circumstances:
a) Transfer with explicit consent: We will transfer your personal
information to other parties with your explicit consent;
b) In the event of a merger, acquisition or insolvency where a
transfer of personal information is involved, we will require the
new company or organization holding your personal information to
continue to be bound by the Privacy Policy before we require that
company or organization to seek authorized consent from you
again.
(4) Public disclosure
We will only publicly disclose your personal information in the
following circumstances:
a) with your express consent;
b) Disclosure based on law: We may publicly disclose your personal
information when required to do so by applicable laws and
regulations.
How we protect your personal information
(1) We implement appropriate technical and organizational measures
to protect the personal information you provide against unauthorized
access, public disclosure, use, modification, damage or loss of
data. We take all reasonably practicable steps to protect your
personal information. For example, personal information is
anonymized, access rights are controlled, SSL transmission is
encrypted, personal information data is encrypted, and other
security measures that comply with applicable laws, regulations and
industry standards.
Anonymization: The purpose of the security measure that personal
information is not identifiable is achieved by masking parts of the
personal information collected, such as name, telephone number,
email address and contact address.
Access Control: We adopt a series of security measures (e.g.
authorization process approval, segregation of duties, security
management system, etc.) to ensure that your personal information is
only allowed to be viewed by authorized personnel related to the
after-sales service of our products, and that unauthorized personnel
do not have the right to access your personal information.
Encryption of transmission: Our after-sales service website only
allows access via the encrypted protocol of https, and our SSL
certificates are from DigiCert (the world's leading provider of
digital trust) to keep your personal information safe during
transmission over the web.
Data encryption: Your personal information will be stored in our
database in the form of AES encryption to protect the security of
your personal information.
(2) Our data security capabilities: we have developed an annual
information security training programmed, regular training on privacy
protection and information security awareness of the company's
employees to ensure that our employees have adequate sense of security
to better protect the personal information of customers; the Division
has established an organizational structure for the management of
information security, in the organizational, personnel, physical,
technical and other aspects of the information security management
work to continuously improve and improve. We have established an
organizational structure for information security management.
(3) We will implement appropriate technical and organizational
measures to ensure that no unrelated personal information is
collected. We will only retain your personal information for as long
as is necessary to fulfil the purposes set out in this policy, unless
we need to extend the retention period or are permitted to do so by
law.
(4) The Internet environment is not 100 per cent secure and we will
endeavor to ensure or warrant the security of any information you send
to us. If our physical, technical, or managerial safeguards are
breached, resulting in unauthorized access to, public disclosure of,
alteration of, or destruction of the information, leading to damage to
your legitimate rights and interests, we will be held legally liable.
(5) After the unfortunate occurrence of a personal information
security incident, we will, in accordance with the requirements of
laws and regulations, promptly inform you of: the basic situation and
possible impact of the security incident, the disposal measures we
have taken or will take, the suggestions you can independently take to
prevent and reduce the risk, and the remedial measures for you. We
will promptly inform you of the situation related to the incident by
email, letter, phone call, push notification, etc. When it is
difficult to inform the subject of personal information one by one, we
will take a reasonable and effective way to make a public
announcement.
We will also proactively report on the handling of personal
information security incidents as required by applicable laws and
regulations.
Your rights
In accordance with the relevant applicable laws and regulations,
standards and common practices in other countries and regions, we
guarantee that you will exercise the following rights with respect to
your personal information:
(1) Access to your personal information
You have the right to access your personal information, subject to
the exceptions provided for in laws and regulations.
If you wish to exercise your right of access to the data, you can do
so yourself at https://corp.sofarsolarmonitor.com/login
If you are unable to access this personal information through the
above link, you can always use our web form to contact. Or send
email to service@sofarsolar.com
We will respond to your request for access within thirty days.
For other personal information generated in the course of your use
of our products or services, we will provide you with it as long as
we don't need too much input. If you wish to exercise your right of
data access ,please send email to service@sofarsolar.com
(2) Correction of your personal information
You have the right to ask us to correct any personal information we
process about you if you discover that it is incorrect. You can make
a request for correction in the ways listed under "(i) Access to
your personal information".
If you are unable to correct this personal information through the
link above, you can always use our web form to contact. Or send
email to service@sofarsolar.com
We will respond to your request for correction within thirty days.
(3) Deletion of your personal information
In the following cases, you may make a request to us to delete your
personal information:
1. If our handling of personal information violates laws and
regulations;
2. If we collect or use your personal information without your
consent;
3. If we process personal information in breach of our agreement
with you;
4、If you no longer use our products after-sales service, or you
cancelled the account;
5、If we no longer provide you with product after-sales service.
If we decide to respond to your request for deletion, we will also
simultaneously notify the entities that obtained your personal
information from us and ask them to delete it in a timely manner,
unless otherwise required by law or regulation, or if those entities
have been independently authorized by you to do so. When you delete
information from our Services, we will respond to your deletion
request within thirty days.
(4) change the scope of your authorized consent
The after-sales service we provide for our products requires some
basic personal information in order to be completed. You can give or
withdraw your consent to the collection and use of additional
personal information at any time. You can do this yourself by using
the authorization information on the platform or by contacting the
corresponding after-sales service.
When you withdraw your consent, we will no longer process the
corresponding personal data. However, your decision to withdraw your
consent will not affect the processing of personal data previously
carried out on the basis of your authorization.
(5) Cancellation of accounts by subjects of personal information
You can cancel your previously registered account at any time,
either by cancelling your account on the platform or by contacting
the corresponding after-sales service. After cancellation of your
account, we will stop providing you with SOFAR Cloud Monitoring
Platform and services, and delete your personal information upon
your request, unless otherwise provided by laws and regulations.
You can cancel your account in the following ways:
1. Web page: You can log out through the management/cancellation of
merchants in the first-level menu and click the apply for
cancellation button.
2. On the APP side: In Personal Settings/Account Related/Account
Security, go to Cancel Account, click Confirm Cancellation, and
cancel the account.
(6) Acquisition of copies of personal information by the subject of
personal information
You have the right to obtain a copy of your personal data, which you
can do yourself by using the export function of the platform or by
contacting the corresponding after-sales service to deal with it for
you.
Where technically feasible, we may also transfer a copy of your
personal information directly to a third party nominated by you at
your request.
(7) Automated decision-making in constraint information systems
In the First Flight Cloud Monitoring Platform, we may make decisions
based solely on non-human, automated decision-making mechanisms,
including information systems, algorithms, and the like. If these
decisions significantly affect your legitimate interests, you have the
right to ask us for an explanation and we will provide appropriate
remedies.
(8) Responding to your request above
For security purposes, you may be required to provide a written
request or otherwise prove your identity.
We may ask you to verify your identity before processing your
request.
We will respond within thirty days. If you are not satisfied, you
can file a complaint through the following channels:
service@sofarsolar.com
In principle, we do not charge you for reasonable requests, but for
requests that are repeated more than is reasonable, we will charge a
fee for the cost of the request, if appropriate. We may refuse
requests that are unnecessarily repetitive, require excessive
technical means, pose a risk to the legitimate rights and interests
of others, or are highly impractical.
We may not be able to respond to your request in the following
circumstances:
1. Those directly related to national security and defense security;
2. Directly related to public safety, public health, and significant
public interests;
3. Directly related to the prevention, investigation, detection or
prosecution of criminal offences or the execution of criminal
penalties, including the safeguarding against and the prevention of
threats to public security;
4. For the purpose of safeguarding the life, property and other
significant legitimate rights and interests of the subject of
personal information or other individuals;
5. Responding to a request from a subject of personal information
will result in serious damage to the legitimate rights and interests
of the subject of personal information or other individuals or
organizations.
How we handle children's personal information
Our First Flight Cloud monitoring platform and services are
primarily intended for adults. Children should not create their own
personal information subject accounts without parental or guardian
consent.
In cases where personal information about children is collected with
parental consent, we will only use or publicly disclose this
information as permitted by law, with the express consent of the
parent or guardian, or as necessary to protect the child.
If we become aware that personal information of children has been
collected without prior verifiable parental consent, we will endeavor
to delete the relevant data as soon as possible.
How your personal information is transferred globally
In principle, your personal data collected by SOFAR may be processed
or accessed in the country/region where you use our products and
services or in other countries/regions where SOFAR or its affiliates,
subsidiaries, service providers or business partners have a presence.
These jurisdictions may have different data protection laws. In such
circumstances, we will take measures to ensure that data is processed
as required by this Policy and applicable laws, which includes when
transferring the data subject’s personal data from the EU to a country
or region which have been acknowledged by the EU commission as having
an adequate level of data protection, we may use a variety of legal
mechanisms, such as obtaining the consent to the cross-border transfer
of a data subject in the EU, or implementing security measures like
anonymizing personal data before cross-border data transfer.
If you request us to transfer your personal information collected by
us to countries or regions outside of China and the European Union,
you may be required to provide the relevant data protection laws or
regulations of the country or region to ensure that the cross-border
transfer of the information complies with the relevant local laws and
regulations. If you firmly request us to carry out cross-border
transfer of information without proving that the cross-border transfer
of information complies with the relevant local data laws and
regulations, we have the right to refuse and stop providing services
to you. If you provide us with inaccurate information that causes the
cross-border transfer of information to violate the relevant local
data protection laws and regulations, the loss caused by this shall be
borne by you, and we have the right to claim compensation from you for
any loss caused by this.
How this policy will be updated
Our personal information protection policy is subject to change. We
will not reduce your rights under this Personal Information
Protection Policy without your express consent. We will post any
changes to this policy on this page and will also archive an older
version of this policy for your review.
For material changes, we will also provide more prominent notice
(including, for certain services, email notices describing the
specific changes to the Personal Information Protection Policy).
Material changes within the meaning of this policy include, but are
not limited to:
1. Significant changes in our service model. For example, the
purpose of processing personal information, the type of personal
information processed, and how personal information is used;
2. We experience significant changes in our ownership structure,
organizational structure, etc. Such as changes in ownership caused
by business restructuring, bankruptcy and mergers and acquisitions;
3. Changes in the primary recipients of personal information to be
shared, transferred or publicly disclosed;
4. Significant changes in your rights to participate in the
processing of personal information and the manner in which they are
exercised;
5. In the event of a change in the department responsible for
handling the security of personal information, our contact details
and complaint channels;
6. When the personal information security impact assessment report
indicates a high risk.
How to contact us
If you have any questions, comments or suggestions regarding this
Privacy Policy, please contact us at: service@sofarsolar.com
We have a dedicated department for the protection of personal
information, which can be contacted in the following ways:
it@sofarsolar.com
Normally, we will respond within thirty days.