Privacy Policy - Solavita Partner

1. Policy Overview

1.1 This Privacy Policy explains how Solavita Partner collects, uses, stores, shares, and protects personal information.

1.2 This Policy is formulated in accordance with the European Union’s General Data Protection Regulation (GDPR) and applicable Personal Data Protection Acts (PDPA) in relevant jurisdictions. It applies to all users of the Platform.

2. Information We Collect

To provide you with channel management and business collaboration services, we will collect the following essential information in line with our business procedures:

2.1 Registration and Account Information

When you register for an account on the Platform, we require the following information to verify your identity:

Personal account information: Name, email address (used as your login user name), login password, and contact number (optional).
Company information: Business role (channel role), company name, company address (comprising country, primary administrative division, and detailed address), classification of company registration certificate, and company registration certificate number.

2.2 Activation and Verification Information

To activate your account and sign the cooperation agreement, we need to collect the following information:

Contract documents: Electronic contract that is duly signed.
Tax information: Tax number category and company tax number.

2.3 Operational and Management Information

In the course of using the Platform for daily business management, you may choose to provide:

Employee sub-account information: To grant access permissions to your employees, you are required to provide their employee ID, name, position, corporate email address, and contact number (optional). Special notes: You shall ensure that you have obtained lawful authorization from your employees before providing their information.
Financial information: Your company’s bank account details, which are used for business settlement.

2.4 Device and System Permissions

To ensure the normal operation of the App and to enable specific features (e.g., uploading project photos), we may request your permission to access your device’s network, camera/photo album, storage, notification, and device information. You can manage these permissions at any time in your device settings. Refusing to grant permissions will not compromise the fundamental security of your account but may restrict your access to certain features.

Permission Type	Purpose of Use	Impact of Not Granting Permission
Network access permission	User account login and identity verification Synchronization and display of project data and business information Proper functioning and updates of system features	The application will be unable to operate normally.
Camera and photo album permission	Uploading project-related images and documentation Capturing and submitting on-site photos or documents required for business purposes	Users will be unable to capture or upload images through the application, but other features not dependent on this function will remain available.
Storage permission	Uploading or downloading project-related documents Caching necessary business data locally to improve user experience	Users may be unable to upload, download files, or use related features.
Notification permission	Business reminders System messages and notifications for important features	Users will not receive relevant notifications, but the basic features of the application will still be available.
Device information permission	Ensuring application compatibility Analyzing system operating state Troubleshooting and security protection	The application’s stability analysis and certain compatibility optimization efforts may be impaired.

Permission management instructions:

The permissions listed above are utilized strictly to the extent necessary for their corresponding features.
We will not invoke these permissions without notifying users or obtaining their consent.
Users may revoke any granted permissions at any time through their device’s system settings.

3. Purpose of Information Use

We collect and use information for the following purposes:

Core functional services: Facilitating channel partner registration & verification, project management, and business collaboration features.
Communication and notifications: Sending business reminders, system messages, and important notices to you.
Compliance and risk control: Fulfilling legal obligations, including tax audits, anti-money laundering reviews, and contract performance management.
Technical support: System maintenance, security management, and troubleshooting.

4. Data Roles and Information Sharing

4.1 Data Controller: Shenzhen Skyworth Photovoltaic Technology Co., Ltd. (along with its related affiliates) serves as the data controller that determines the purposes and methods for processing personal information collected via this Platform.

4.2 Independent Responsibility of Channel Partners: When end-user information (e.g., the name and address of a household where an installation is performed) is shared with you (the channel partner) through the Platform, or when you independently collect and upload such information to the Platform, you become an independent data controller upon receiving such data. You hereby commit to:

Strictly complying with applicable laws and regulations, including GDPR/PDPA, when processing end-user data.
Refraining from using such data for "order selling", "order transferring," or any other non-agreed purposes without obtaining explicit authorization from the end user.

4.3 Third-Party Service Providers: We may engage third-party service providers (e.g., cloud service providers, map service SDKs, and email pushing services) to assist in providing our services. We will only share information for lawful, legitimate, necessary, specific, and clearly defined purposes.

5. Data Storage and Cross-Border Transfer

As we operate globally, this entails cross-border transfers of your data. We apply stringent measures to safeguard data security.

5.1 Regional storage architecture

Your data will be stored on server nodes corresponding to the geographic region of your business activities:

Europe, Middle East, and Africa: Data is stored on servers located in Frankfurt, Germany, in full compliance with GDPR requirements.
Southeast Asia: Data is stored on servers in Singapore, in adherence to PDPA requirements.

5.2 Cross-Border Transfer and Access

For the purposes of global business administration, technical support, and system maintenance, the data stored on the aforementioned overseas servers may be transferred to Hong Kong, China, or accessed remotely by our headquarters team based in the Chinese mainland.

5.3 Safeguards for Cross-Border Transfers

To ensure compliance in cross-border data transfers, particularly those involving data originating from the EU and Singapore, we have adopted the following measures:

Standard contractual clauses (SCCs): We enter into data transmission agreements in accordance with the standard contractual clauses endorsed by the European Commission and relevant regulatory bodies to guarantee that recipients uphold an equivalent standard of data protection.
Transfer impact assessment (TIA): We perform periodic transfer impact assessments to confirm that changes in the legal environment do not diminish the level of data protection.
Technical encryption: Data transmissions are secured using encryption technologies to protect information throughout the transmission link.

6. Data Retention Period

6.1 We retain your data only for as long as necessary to achieve the business purposes for which it was collected, or as mandated by applicable laws and regulations. After your account is canceled, your personal information will be deleted or anonymized in accordance with legal requirements.

6.2 Data that must be retained under legal, financial, or auditing regulations will be preserved for the statutory retention period.

7. User Rights

Pursuant to applicable laws, you are entitled to the following rights:

Access and copy: Viewing and receiving a copy of your personal information.
Rectification and deletion: Requesting corrections to inaccurate data or the removal of information that is no longer required.
Data portability: Requesting the transfer of your information to another service provider, where technically feasible.
Objection and restriction of processing: You can object to the processing of your information or request restrictions on such processing under certain circumstances.
Complaint to regulatory authorities: You have the right to file a complaint with your local Data Protection Authority (DPA) or other relevant supervisory body.

8. Information Security

8.1 Technical measures: The Platform implements industry-leading encryption technologies, strict system access controls, audit logging, and firewall systems.

8.2 Emergency response: In case of a security incident resulting in personal information leakage, we will execute our emergency response procedures and, where legally mandated, notify the appropriate regulatory bodies and affected users within 72 hours.

9. Protection of Minors

The Platform does not provide services to individuals under the age of 16. If we discover that information of a minor has been collected inadvertently, we will immediately delete it.

10. Policy Updates

Any updates to this Policy will be communicated to users through announcements on the Platform or other appropriate methods.

11. Contact Information

For questions or complaints regarding privacy matters, please contact us at:

itdept@skyworth.com