SafeSolar App GDPR-Privacy Agreement

Data protection statement

Date: May 1, 2024

The purpose of this Data Protection Statement is to explain when you visit our website https://safesolar.fonrich.com and use our products or services, including but not limited to "Fonrich SafeSolar" (collectively, "Products" or "Services"), we, Fonrich (Shanghai) New Energy Technology Co., Ltd. (registered address is Room 103, Building 6, No. 3279 Sanlu Road, Minhang District, Shanghai, email info@fonrich.com) ( "We"), how we will collect, use, store, process or otherwise process (collectively, "Processing") your personal data.

This Data Protection Statement applies not only to our customers, but also to our other business partners and visitors to our website.

If necessary and required by law, if this Data Protection Statement does not inform you of the processing of your personal data in other scenarios, we will also inform you separately.

Please read carefully and thoroughly understand this Data Protection Statement before you provide us with any personal data.

1. The purpose, scope and legal basis for our processing of personal data

1.1 Purposes of processing and categories of personal data processed in connection with the use of products and services

We will process the following categories of personal data for the following purposes:

1. In order to register/log in to products or services ("Registration Purpose"), we may process the following personal data about you: your company name, user name, mobile phone number, email address, password and IP address.

1. In addition, during the registration and login process, we may ask you to provide additional information to complete your personal information, including your name, address, avatar and other information. If you do not provide the above additional information, it will not affect your login/registration of our products or services.

2. In order to provide you with remote monitoring services ("monitoring purpose") for the photovoltaic power station bound to your account ("bound power station"), we may process the following personal data about you:

1. User’s identity information, including your username, name, mobile phone number, and email address;

2. Bind the power station information, including the status, name, type, installed capacity, geographical location information, power generation, equivalent hours, and grid connection time of the power station;

3. Monitor, transceiver, protector and optimizer equipment information, including the serial number, device type, power, bound power station, signal strength, and software version of the monitor, transceiver, protector and optimizer you use;

4. Terminal device information, including device parameters and system information, geographical location information, device identifier information (IMEI, IDFA, Android ID, Cell ID, MAC, OAID, IMSI and other device-related information);

5. Network information, including your IP address, WiFi information, and base station information.

1. In particular, if you use our collector device, our collector will collect your WiFi information (SSID and password). This information will only be saved in the local memory of the collector device, and will only be used for the collector's own network use. It will not be uploaded to our or any third-party server, and we will not access this information.

2. In order to provide after-sales services, protect your legitimate rights and interests, and resolve related disputes with you ("After-sales Purposes"), we may process the following personal data about you:

1. Fault-related information, including the type of inverter, monitor, transceiver, protector and optimizer device you are using, serial number, installation date, installation location, fault description, and system logs;

2. Contact/recipient information, including contact/recipient’s username, name, phone number, company name and category.

1. In order to improve products or services, and to introduce and promote our company, other companies in the group of which our company is a part, products or services, brand activities and other information to you (the above services are collectively referred to as "promotion services", and the above purposes are collectively referred to as "promotion purposes"), we may process the following personal data about you, subject to further legal requirements:

The above-mentioned registration purposes, monitoring purposes, after-sales purposes and promotion purposes are collectively referred to as "processing purposes".

1.2 Processing of personal geographical data

Please note that for monitoring purposes we have to process your geolocation information in order to locate the location of your bundled power station. For after-sales purposes, we have to process your geographical location information in order to locate the location of your bundled power station and provide after-sales services such as repair and replacement. Please understand that if you refuse to provide the above-mentioned sensitive personal data, we will not be able to achieve monitoring purposes and after-sales purposes, and we will not be able to provide you with relevant functions and services.

1.3 No processing of personal data of minors or special categories of personal data

We do not collect any personal data from minors or special categories of personal data for any processing purpose. You must not provide us with any personal data of minors or special categories of personal data.

1.4 Our legal basis for processing personal data

Pursuant to Article 6 of the GDPR, we process personal data based on the following lawful grounds: (i) the processing of personal data is based on your explicit consent, in particular in the case of marketing purposes; (ii) the processing of your personal data is necessary for us to perform and enter into an agreement with you; (iii) the processing of your personal data is necessary for us to comply with a legal obligation to which we are subject; (vi) Your personal data is processed for the purposes of legitimate interests, such as cybersecurity and data protection, fraud detection, service maintenance and control, support, backup, data disaster recovery; and (v) for email marketing in accordance with Section 7 (3) of the German Unfair Competition Act.

2. How we process personal data

2.1 How we collect your personal data

For the purpose of processing, if legal requirements are met, especially if there is a legitimate interest within the meaning of Article 6 Paragraph 1 (f) of the GDPR, we will collect your personal data ourselves or through entrusting third parties to collect your personal data through websites, mobile applications, cookies and similar device identification technologies and other tools, facilities or devices.

If you provide us with any other person's personal data, you ensure that you have obtained that person's separate consent for such provision. Otherwise, if your provision causes us to infringe on the personal data rights of others, we will reserve the right to pursue it.

2.2 How we use your personal data

1. For registration purposes, we will use your personal data in the following ways by ourselves or by entrusting third parties to do so:

2.

1. We will identify your user identity based on your company name, mobile phone number, email address, avatar, password and other information;

3. For monitoring purposes, we will use your personal data by ourselves or by entrusting third parties to use it in the following ways:

4.

1. We will identify your user identity based on your user name, mobile phone number, email address and other information;

2. We will build a website for you based on the device information such as the device serial number and the bound power station information, and monitor, calculate and display the power generation and status of your equipment and bound power stations.

5. For after-sales purposes, we will use your personal data in the following ways by ourselves or by entrusting third parties to do so:

6.

1. Based on the fault-related information you provide, we will analyze the cause of the fault and work with you to resolve product or service-related disputes;

2. We will provide you with feedback and provide after-sales service based on your contact information/recipient information.

7. For promotional purposes, we will use your personal data in the following ways by ourselves or by entrusting third parties (including advertisers and other service providers):

8.

1. We will improve our products and services based on the feedback you provide;

2. Subject to meeting further legal requirements, we will send you non-personalized information push or commercial marketing information based on your mobile phone number, email address and device identifier information, such as sending you generalized promotional text messages, showing and pushing generalized information to you, etc.

Please note that we do not perform automated decision-making on individuals.

3 How we store your personal data

2.3.1 Storage location

For your personal data we collect and generate within the EU, we will store it ourselves or entrust a third party (such as a server provider) to store it within the EU.

2.3.2 Storage period

Unless otherwise provided by laws and administrative regulations, we will only store your personal data for the shortest period necessary to fulfill the purpose of processing. After expiration of the above storage period, we will delete your personal data or anonymize it in accordance with the requirements of applicable law.

2.4 How we provide your personal data to others

We generally will not provide your personal data to any third party. However, if any of the following circumstances exist, we may provide your personal data to third parties on the premise of complying with relevant legal provisions:

1. If we have obtained your separate consent;

2. If it is necessary for the conclusion or performance of a contract to which you are a party, for example, in the case of sending your personal data to a dealer or other subcontractor;

3. If it is necessary to perform legal responsibilities or obligations (such as providing to administrative agencies, judicial agencies and other government agencies in accordance with relevant legal provisions);

4. If it is necessary to respond to public health incidents, or to ensure the health of natural persons or the safety of property in emergencies;

5. Or under other circumstances stipulated by laws and administrative regulations.

If we need to transfer your personal data due to merger, division, dissolution, declaration of bankruptcy, etc., we will inform you in advance of the name and contact information of the recipient, and will obtain your consent when required by law. The recipient will continue to fulfill its obligations as a controller of personal data.

2.5 We will not disclose your personal data

We will not disclose your personal data unless we obtain your separate consent.

2.6 Self-processing and processing by third parties

We will process your personal data ourselves or by entrusting a third party to process it based on the purpose of processing and the aforementioned processing methods. If we process it ourselves, we will designate necessary employees to process your personal data on our behalf and supervise the employees' personal data processing activities to fully protect your personal data. If we entrust a third party to process, we will sign an entrustment processing agreement or any other necessary data protection agreement with the recipient in accordance with Article 28 of the GDPR, and supervise the recipient's personal data processing activities to fully protect your personal data.

2.7 Anonymization

If we take technical measures or other necessary measures to anonymize your personal data so that the processed information cannot identify a specific individual and cannot be restored, the use, storage, external provision, disclosure and other processing of such processed information do not require notification to you or your consent.

3. How we will protect your personal data

We will do our best to protect the confidentiality of your personal data. We use reasonable data security measures that comply with high industry standards. We have also adopted strict rules, including technical and physical management measures, to protect your personal data, including preventing the misuse of personal data and preventing unauthorized hacking.

4. Your rights regarding the processing of personal data

We guarantee that you have the following rights with respect to your personal data:

1. The right of access provided for in Article 15 of the GDPR;

2. Right to rectification under Article 16 GDPR;

3. The right to erasure provided for in Article 17 of the GDPR;

4. The right to restrict processing provided for in Article 18 of the GDPR;

5. The right to data portability stipulated in Article 20 of the GDPR;

6. Right to object pursuant to Article 21 GDPR.

The restrictions set out in Articles 34 and 35 of the BDSG apply to the right to information and the right to erasure.

You can claim the above rights from us at info@fonrich.com or by mail to our mailing address stated at the beginning of this Data Protection Statement.

In addition, you have the right to lodge a complaint with a data protection supervisory authority.

You can also raise questions or complaints about data protection to us at info@fonrich.com or by mail to our correspondence address.

Please pay special attention to the fact that before you exercise your right to object, you should fully consider the consequences of the objection. Once you object to specific processing, we will no longer be able to provide you with the corresponding functions or services, and you will be solely responsible for the resulting consequences and responsibilities, including losses caused to you or any third party due to your inability to use the corresponding functions or services.

5. Others

5.1 Updates to this Data Protection Statement

We reserve the right to update or modify this Data Protection Statement from time to time. If the modification results in a substantial reduction of your rights under this Data Protection Statement, we will notify you of the change via email, letter, telephone notification, announcement, in-software push, etc.

If you receive a change notice but do not agree with the revised Data Protection Statement, you should immediately notify us in writing. Otherwise, you will be deemed to have accepted our modifications to the relevant terms of the Data Protection Statement. If you continue to provide your personal data to us or third parties entrusted by us or cooperate with the collection of your personal data after receiving the change notice, or continue to use our products or services, it shall be deemed that you have accepted our modifications to the relevant terms of this Data Protection Statement.

5.2 How to contact us

If you have questions, comments or suggestions about this Data Protection Statement or any matters related to your data, you can contact us by sending an email to info@fonrich.com.