Privacy Policy
TBEA Xi'an Electric Technology Co., Ltd. (hereinafter referred to as "TBEA" or "we") attaches great importance to personal information security and privacy rights protection for users who use our data services on our Intelligent Energy Management Platform. We have developed a comprehensive Privacy Policy to protect the rights and interests of our users. When you use our services through our website (https://sig.esolar.tbecloud.com/login, https://eu.esolar.tbecloud.com/login) or the “TB·eSolar” APP, we will clearly inform you how we collect and use your personal information.
This Privacy Policy details the rights of users as data subjects, including the right to object to our processing of certain data. For more information on these rights, please refer to the "Your rights and choices" section below.
We urge you to carefully read this Privacy Policy before you use our services. When you use our services, you may need to authorize the APP to process your personal data within the scope of our Privacy Policy. If you have any questions or need assistance, please contact us via the means listed in the "Contact us" section below.
This Privacy Policy will help you understand the following:
1. How we collect and use your personal information;
2. How we use Cookies and similar technologies;
3. How we share, transfer, and disclose your personal information;
4. How we protect your personal information;
5. Your rights and choices;
6. How your personal data is transferred globally;
7. The whole “TB·eSolar” team's commitment to your privacy rights protection;
8. Retention period;
9. How we handle children's personal information;
10. How this Policy is updated;
11. Contact us.
1.1
You will be requested to read and agree to this Privacy Policy when you
register an account. This Privacy Policy covers how we collect and use your
personal information when you use our services through our website (https://sig.esolar.tbecloud.com/login,
https://eu.esolar.tbecloud.com/login) or
the “TB·eSolar”
APP. We need to collect the following information you register: user name,
country (region), mobile phone number, email address, company name, and the
code of your superior distributor/installer. Such information is essential for
us to create an account and provide the services to you.
1.2
When you log in, we will collect necessary information such as the IP address
of your login device or router, the time zone, date, and time, to ensure
account security and system operation security. Such information will be used
to verify your identity and provide you with the services.
1.3
We will collect the virtual ID of your device when you use the APP. The virtual
ID of the device is a unique pseudonym ID automatically generated by an
algorithm when you install the APP. This ID will not be linked to your mobile
phone number or mobile device hardware information. Such information will be
used to send important messages to you in the APP, such as power plant
disconnection, anomalies, and completion of parameter settings.
1.4
When you connect inverters and meters to the “TB·eSolar” APP, we will collect the
operational data from the relevant device, such as inverter power generation,
real-time power of inverters, and battery charging capacity of energy storage
inverters. Such information will be used to help you monitor and analyze the
operational status of your device.
1.5
We may collect the following information when you monitor and analyze the power
plant's operational status: power plant name, power plant type, power plant
status, installed capacity, real-time power, power generation of the day,
equipment name, equipment status, fault name, fault occurrence time, and power
plant location. Such information will be used to help you carry out
comprehensive management and analysis of your power plant.
1.6
When you share your power plant information, we require you to provide the
email address of the person you are sharing with, provided that you have the
right to do so in accordance with applicable law. If you are not permitted to
share personal information with third parties, please do not enter personal
information for sharing.
1.7
When you add your device during power plant construction or access a near-end
login device, we may require you to enable the Bluetooth, WLAN, photo library
permission and camera access permission for us to collect SSID information. We
request this permission in order to help you add your device to your power
plant or perform near-end device debugging. The data will not be used for any
other purpose. If you don't need this service, you can disable this permission
in the "Settings" of your device.
1.8
When you copy and paste information during the use of the “TB·eSolar” APP,
we may request to use the clipboard copy/paste function and collect text
information from your clipboard. Information from the clipboard will only be
processed on your device and will not be stored for other purposes.
1.9
When you use the map function, we may collect the list of map APPs installed on
your phone, including Gaode Maps, Tencent Maps, Apple
Maps, and Baidu Maps. Such information will help you to choose the appropriate
navigation software. We will not collect your personal information.
1.10
When you use the image upload function, we may require permission to use your
camera and view your photo album. We request this permission to help with your
image uploads. The data will not be used for any other purpose. If you don't
need this service, you can disable this permission in the "Settings"
of your device.
1.11
When you use the storage service, such as log downloads, device upgrades, or
feedback submissions, we may use the permission to delete and create files on
your SD card to enable file download and storage functions.
1.12
Device permission activation: During our service provision, we will request the
following system permissions from your device to ensure you can use the product
features properly. We will seek your consent before making these requests. You
can choose to "allow" or "deny" the permission request.
After you grant authorization, we will activate the relevant permissions. You
can revoke authorization at any time in your system settings, but doing so may
prevent you from using related features.
1.13
We will take reasonable technical and control measures to protect the security
and integrity of any personal information we collect. We will take a series of
security measures to protect your personal information, including but not
limited to encryption technology and access control, to ensure that your
information will not be accessed or misused by unauthorized third parties.
To
ensure smooth website operation, when you visit the “TB·eSolar” website, we may store small data
files called cookies on your computer or mobile device. A cookie is a plain
text file stored on your computer or mobile device by a web server. Cookies are
widely used to help websites run more efficiently and report information to
their owners.
The
purpose of enabling cookies is the same as for most websites or Internet
service providers: to improve the user experience. Cookies allow websites to
remember a user's single visit (using session cookies) or multiple visits
(using persistent cookies). Cookies allow websites to save and update settings,
such as the language, font size, and other browsing preferences for your
computer or mobile device. This means users don't have to reconfigure their
preferences every time they visit the website. If a website doesn't use
cookies, it won't recognize you each time you open the web page.
We
will not use cookies in our services for any purpose other than those described
in this Policy. You can manage or delete cookies according to your preferences.
For more details, please visit AboutCookies.org to learn how to clear all
cookies saved on your computer. Most web browsers have a cookie blocking
function. However, if you do so, you will need to manually change your user
settings each time you visit the service website.
3.1
Sharing
We
will not share your personal information with third parties, except in the
following circumstances:
(1)
We will share your personal information with third parties after obtaining your
express consent.
(2)
We will share your personal information externally in accordance with laws and
regulations, or in accordance with the mandatory requirements of government
authorities.
(3)
For the specific use of shared information by partners, you need to carefully
read the partner's Privacy Policy. Currently, the shared information partners
involved in this APP (or service) include:
|
Name of third party |
Personal information |
Purpose |
Link to the Privacy Policy |
|
Google Maps (Maps
Static API) |
Location
information of plant |
To display
plant on Map |
https://policies.google.com/privacy |
3.2
Personal information transfer
We
will not transfer your personal information to any company, organization, or
individual, except under the following circumstances: We will transfer your
personal information to other parties after obtaining your express consent.
This means that with your express consent, we can transfer your personal
information to other companies, organizations, and individuals.
(1)
We may transfer your personal information to third parties if required by laws,
regulations, legal processes, or mandatory government requirements or judicial
rulings. This is to comply with legal and regulatory requirements and we will
ensure that your personal information is properly processed and protected.
(2)
If personal information transfer is involved in case of a merger, acquisition,
or bankruptcy, liquidation, we will require the new company or organization
that retains your personal information to continue to be bound by this Privacy
Policy. Otherwise, we will request that company or organization to re-obtain
your authorization to ensure that your personal information is adequately
protected and legally used.
3.3
Disclosure
We
will only disclose your personal information under the following circumstances:
(1)
With your or your end-user's prior express consent. This means that before
disclosing your personal information, we will make sure that you or your
end-user clearly understand and agree to us doing so.
(2)
Disclosure based on law. Under certain circumstances, we may need to disclose
your or your end-user's personal information based on laws, legal processes,
public prosecution, or mandatory requirements of government authorities. This
is to comply with legal and regulatory requirements.
(3)
Disclosure in emergency situations, where it is reasonably judged to be
necessary to protect the important legitimate rights and interests of us, our
customers, end-users, or others. In certain emergency situations, we may
disclose your personal information based on reasonable judgment to protect
important legitimate rights and interests.
4.1
Protective measures
To
ensure the integrity and security of the personal information you provide, we
have implemented the following industry-standard security measures:
(1)
Regularly performing comprehensive checks of systems and applications: We
regularly conduct comprehensive checks of our systems and applications to
ensure their security and stability. Once any vulnerability is discovered, we
will promptly perform system repair to prevent hackers from causing data
leakage by exploiting the vulnerability.
(2)
Closely monitoring core data: We implement strict monitoring measures for your
core personal data. We regularly check the systems for sensitive operations and
conduct regular audits on such operations. This allows us to promptly identify
any risky data operations and address them immediately to ensure your data
security.
(3)
Using encryption to ensure data confidentiality: We use advanced encryption
technology to protect the confidentiality of your data. Through encryption, we
can ensure that your data is not accessed or stolen by unauthorized personnel
during transmission and storage.
(4)
Using protective mechanisms to prevent malicious attacks: We employ a series of
protective mechanisms to prevent malicious attacks on your data. This includes
using firewalls, intrusion detection systems, and other security devices to
protect our systems and data.
(5)
Deploying access control mechanisms: We have deployed strict access control
mechanisms to ensure that only authorized personnel have access to your
personal data. This includes using mechanisms such as authentication,
authorization, and role management to ensure that only authorized personnel
have access to your data.
4.2
Certificate acquisition
We
have successfully obtained the following two important information security
certificates:
(1)
Information Security Management System Standard (ISO 27001): This international
certification aims to protect an organization's information resources and
ensure the healthy, orderly, and sustainable development of its informatization
process. ISO 27001 certification demonstrates our professionalism and rigor in
information security management and protection.
(2)
Personal Privacy Information Management System (ISO 27701): This is a widely
recognized international standard for privacy management systems. ISO 27701
integrates privacy protection principles, concepts, and methods into the
information security protection system, helping organizations enhance their
privacy protection and information security capabilities. ISO 27701
certification further demonstrates our professionalism and leading position in
protecting personal privacy information.
4.3
Data security capabilities
Recognizing
the importance of data security, we have implemented appropriate technical and
organizational measures to protect the personal information you provide. The
following are some of the key measures we have taken:
(1)
HTTPS protocol: We use the HTTPS protocol to protect your personal data during
transmission. HTTPS is an encrypted protocol that ensures your data is not
stolen or tampered with during transmission.
(2)
Computer systems with limited access: We store your personal data on computer
systems with limited access. This means that only authorized personnel can
access your data, and any unauthorized access will be denied.
(3)
Physical security measures: We deploy systems storing your personal data in
physically secured facilities to prevent unauthorized access and data leakage.
These facilities are equipped with advanced security measures to ensure the
safety of your data.
4.4
Response measures
In
the unfortunate event of a personal information security incident, we will take
the following response measures promptly in accordance with legal and
regulatory requirements:
(1)
Timely notification: We will promptly inform you of the basic situation and
potential impact of the security incident, so that you can understand the
situation and take appropriate measures.
(2)
Control measures: We will immediately take, or will take, appropriate control
measures to prevent the security incident from escalating or worsening to
ensure that your personal information is protected to the greatest extent
possible.
(3)
Precautionary advice: We will provide you with advice for self-protection and
risk mitigation to help you reduce the risk of personal information leakage.
(4)
Remedial measures: We will take remedial measures to remedy the impact of the
security incident on you and ensure that your personal information is promptly
restored and protected.
(5)
Notification methods: We will promptly inform you of the incident related
information by mail, letter, push notifications, etc. If it is difficult to
inform each data subject individually, we will use reasonable and effective
methods to publish announcements to ensure that you are promptly informed.
(6)
Reporting to regulatory authorities: We will report the handling of personal
information security incidents to regulatory authorities as required, so that
regulatory authorities can keep abreast of the situation and take appropriate
measures.
In
accordance with relevant laws, regulations and standards in China, as well as
common practices in other countries and regions, we guarantee your exercise of
the following rights with respect to your personal information:
5.1
Accessing personal information
After
you register an account and construct a power plant through the “TB·eSolar” APP,
you can access your personal information through the "My Account
Information" page. You can also contact us at any time, and we will
explain and verify the data and information for you. Such information includes,
but is not limited to, the basic information you registered when creating your
account and construct the power plant, such as user name, nick name, mobile
phone number, email address, as well as organization information, supervisory
organization information, and any other information displayed on our platform.
5.2
Correcting personal information
If
you discover any omissions or errors in your personal information, you can
contact us at any time to change the data or provide additional data. Upon
confirmation of any omissions or errors, we will take immediate actions to
change the data or input additional data.
5.3
Deleting personal information
You
may request that we delete your personal information under the following
circumstances:
(1)
If our processing of your personal information violates laws or regulations;
(2)
If we collected or used your personal information without your consent;
(3)
If our processing of your personal information violates our agreement with you;
(4)
If we no longer provide you with products or services.
If we
decide to respond to your deletion request, we will also notify entities that
have received your personal information from us, requesting that they delete it
promptly, unless otherwise provided by law or regulation, or unless those
entities have obtained your independent authorization.
5.4
Changing the scope of authorization
To
provide our services, we require you to grant us certain device permissions,
such as access to notifications, photo albums, cameras, and Bluetooth. You can
disable some or all of these permissions in your device settings at any time,
thereby refusing our collection of your corresponding personal information.
Permissions are displayed and disabled differently on different devices and
systems. Please refer to the instructions provided by the device and system
developers for details.
5.5
Choosing to restrict the processing of personal information
You
also have the right to choose to restrict our processing of your personal
information:
(1)
If you doubt the accuracy of your personal data displayed on the “TB·eSolar” APP,
you may request that we verify the accuracy of your personal information within
a certain period of time.
(2)
If you consider our data processing to be unlawful, you may object to our data
processing and request a restriction on the use of that personal data
information. However, please provide us with reasons for your objection, so
that we can assess the adequacy of our legal basis for the continued processing
of the data.
In
principle, personal information we collect and generate within the People's
Republic of China will be stored in China. However, as a multinational company,
we may need to process your personal information in the country/region where
you use our products or services, or in other countries/regions where TBEA or
its affiliates, subsidiaries, service providers, or business partners have
presence, or such information may be accessed from these countries/regions.
Please
note that the data protection laws of these countries/regions may differ from
those of your country/region. In such cases, we will take appropriate measures
to ensure that the data we collect is processed in accordance with this Policy
and applicable laws.
In
particular, when personal data of data subjects located in the European Union
is transferred to a country or region not recognized by the EU as having an
equivalent level of data protection, we will follow the relevant legal
mechanisms. For example, we may sign standard contractual clauses approved by
the European Commission or request your consent for the cross-border transfer
of personal data. Furthermore, before cross-border data transfer, we will also
consider implementing security measures such as data anonymization to ensure
your personal information is adequately protected.
To
ensure the security of your personal data, we take privacy and security very
seriously. We have communicated privacy and security guidelines to the whole “TB·eSolar” team and strictly enforce privacy
protection measures within the team.
First,
we have established a comprehensive privacy protection system, which specifies
the norms and requirements for the collection, use, storage, transmission and
processing of personal information. We require team members to strictly abide
by these regulations to ensure the compliant use of personal information.
Second,
we have strengthened privacy protection awareness training for team members. We
organize privacy protection training activities on regular basis to improve
team members' awareness and understanding of privacy protection, enabling them
to better understand and implement privacy protection measures.
In
addition, we have adopted various technical means to protect your personal
information. For example, we use encryption technology to store and transmit
your personal information in encrypted form to ensure that your information is
not stolen or tampered with during transmission. We also perform regular
security checks and vulnerability scans on our systems to identify potential
security risks and fix them in a timely manner.
Finally,
we have established a comprehensive incident response mechanism. In the event
of a personal information security incident, we will immediately activate the
incident response mechanism, take necessary measures to prevent the incident
from escalating, and keep you informed of the incident status and progress.
TBEA
will retain the data related to your access to the “TB·eSolar” APP and your account data until you
delete your account data or request the deletion of your personal data, except
where we have legitimate grounds to further retain your data. During your
relationship with us, TBEA will retain your information for as long as
possible, and after the relationship ends, to the extent permitted, for as long
as possible to fulfill the purposes described in the notice. We will delete
your IP address after any session ends.
Please
note that, in accordance with applicable laws and regulations, we may need to
retain certain specific information to meet legal and business requirements.
For example, relevant data may be retained for tax and bookkeeping purposes for
a period of 6 to 10 years. In other cases, TBEA may retain data for an
appropriate period of time after the end of any relationship with you for
purposes such as responding to legal proceedings or managing business (e.g.,
the standard statute of limitations is three years from the end of the year in
which the relevant data was processed).
We
understand and value the importance of protecting children's personal
information. Our products, websites and services are mainly intended for
adults, so we require that children not create their own accounts as personal
information subjects without the consent of a parent or guardian.
We
may collect children's personal information with parental consent. In such
cases, we will only use or disclose such information where
permitted by law, with the express consent of a parent or guardian, or where
necessary for the protection of the child.
If we
discover that we have collected a child's personal information without first
obtaining verifiable parental consent, we will try to delete the relevant data
as soon as possible to protect the rights and privacy of the child.
We
may revise the terms of this Privacy Policy from time to time. Such revisions
will form part of the Privacy Policy and will have the same legal effect as the
original Privacy Policy. We will not reduce your rights under this Policy
without your express consent. When this Privacy Policy is updated, we will
alert you through announcements or other appropriate means to keep you informed
of the latest version of this Privacy Policy. By continuing to use our services
under the circumstances described above, you agree to accept and be bound by
the revised Policy.
We
strongly recommend that you regularly review this Privacy Policy to understand
any changes that may affect your personal information. If you do not agree to
the revised Policy, you should immediately cease using our services and contact
us to learn how to delete your personal information. Your continued use of our
services constitutes your acceptance of this Policy in its entirety.
If you have any questions or suggestions regarding the content of this Privacy Policy, you can contact us by logging in to the "Manufacturer Information" section on our website. You can also direct your questions to us through the following channels:
(1) Address: No. 70, Shanglinyuan 4th Road, Chang'an District, Xi'an City, Shaanxi Province
(2) Customer service hotline: 4006066029