Contents

Privacy Policy..................................................................................................................................................... 2

I.     Notice clause............................................................................................................................................ 2

II.    The data we collect.............................................................................................................................. 3

III.      Purposes of using personal data........................................................................................... 6

IV.      Cookies and tokens......................................................................................................................... 7

V.    Rights of the data subject............................................................................................................... 9

VI.      How We Use Your Personal Data........................................................................................ 15

VII.     How We Process Childrens Personal Data................................................................ 16

VIII.       Security Measures..................................................................................................................... 16

IX.      Methods for Exercising Your Rights to Privacy......................................................... 17

X.       Data Retention Period................................................................................................................ 19

XI.      Third-Party SDK Data Collection and Usage Instructions.................................. 19


Privacy Policy

I.             Notice clause

Thank you for your interest in our company. Alpha ESS Co., Ltd. has always placed a particularly high priority on data protection, and our website can be used without needing to provide personal data. However, if you as a data subject wish to use specific corporate services via our website, we will need to process your personal data. We have prepared this policy to inform the public about the nature, scope, and purposes of our collection, use, and processing of personal data. This policy also informs data subjects of their rights. As the data controller, Alpha ESS Co., Ltd. has established a range of technical and organizational measures to ensure that personal data processed via this website is protected as comprehensively as possible. As such, data subjects also have the option to send their personal data to us using other means (e.g., by phone).

The privacy policy can be revised and updated in time, and it will be notified on our company's website in time. If you have any questions, comments, or advice regarding this policy, please contact Alpha ESS at:

Alpha ESS Europe GmbH

Tel: +49 6103 459 160 1

Email: europe@alpha-ess.de

Michael Steininger-Yang, Data Protection Officer (DPO), Alpha ESS Europe GmbH

Alpha ESS Europe GmbH

Tel: +49 6103 459 160 1

Email: europe@alpha-ess.de

II.            The data we collect

We collect personal data for a variety of purposes, including maintaining efficient business operations and providing you with the best product experience. At Alpha ESS, we collect the data you provide, data about your interaction with Alpha ESS, and data regarding product usage. Users provide data directly, such as when they create an Alpha ESS account. Other types of data are collected through the interaction process with our products, your use of and experience with our products, and related communications.

We also obtain data from third parties. We protect any data obtained from third parties in accordance with the purposes described hereinafter, as well as any other restrictions posed by the data sources.

Google Analytics: Google Analytics is a web-based analytics service. Web analytics is the process of gathering and analyzing the data related to visitors to a website. The information collected by this function includes the website a user came from (also known as the source of referral), the subpages a user has visited, the visit frequency and duration of subpages, etc. No personal data of users are collected or used throughout this process. Web analytics is mainly used for website optimization and cost-benefit analysis of Internet advertisements. The components of Google Analytics are operated by Google Inc. at 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

Baidu Maps: We locate the neighborhood blocks where the devices are by converting the latitudes and longitudes in Google Maps to those in Baidu Maps, calling Baidu Maps' official APIs and referring to the national address and postal codes. The locations will be displayed on the map in the home page of installer, distributors, and service company. This function is only used to count the number of devices within a certain region and is not used to identify the User's exact location. Please refer to Baidu Maps' Privacy Policy at https://lbsyun.baidu.com/index.php?title=openprivacy.

Google Maps: We locate the neighborhood blocks where the devices are by calling Google Maps' official APIs and referring to the national address and postal codes. The locations will be displayed on the map in the home page of installer, distributors, and service providers .. This function is only used to count the number of devices within a certain region and is not used to identify the User's exact location. Please refer to Google Maps' Privacy Policy at https://policies.google.com/privacy?gl=CN&hl=zh-CN.

Weather data: We locate the neighborhood blocks where the devices are by calling Google Maps' positioning plug-in and referring to the national address and postal codes. Then, we call Weatherbit's official APIs to obtain the latest local weather information and display it in the platform's user interface. Please refer to Weatherbit's Privacy Policy at https://www.weatherbit.io/privacy.

You may reject our request for your personal data. You may have to provide your personal data to keep our products operational or to enjoy our services. If you choose not to provide such data, you will not be able to use our products or some services.

Types of data that we collect include:

Contact data: email address, contact address, contact person and phone number.

Credentials: password and check code used to authenticate and access accounts.

Statistics: data related to you, such as country, country, city, zip code, time zone and your preferred language.

Interaction: data regarding your usage of the Alpha ESS platform. This is provided by you when you submit search inquiries to use our products and is provided by us when errors are reported. Interaction data includes:

Device and usage data: data about your device, the products and the functions that you use, including information about your hardware and software, the performance of our products, and your settings. For example:

Device and configuration data: data about your device, device configuration, and neighboring networks. For example, the IP address, SN, device identifiers, location and language settings, and neighboring WLAN access points of the device. Such data are used for device interaction only and not for any other purposes.

Troubleshooting and help data: data submitted when you contact Alpha ESS for help, such as authentication information and data related to your device and its corresponding products.

Location data: data related to your device's location (the neighborhood block where it is located). We deduce the location via national addresses and postal codes.

WIFI configuration: data about your WIFI configuration. We need to access your geographic location authorization and current WIFI SSID while you use AlphaESS mobile application to configure WIFI. Refuse to access will limit the WIFI configuration related functions.

III.          Purposes of using personal data

We have outlined the purposes of using personal data in the following section.

Personal data

Purposes of usage

Email address

User registration, user login, password retrieval, user name retrieval, product suggestions, customer complaints, authentication

Phone number

User registration, customer complaints, after-sales services, contact user under emergency

Contact address

User registration, after-sales services, such as on-site maintenance services

User name

User registration, password retrieval, product suggestions, customer complaints

Password

User registration, identity verification

IP address

Obtaining local time zones via the IP address; analyzing issues via the IP address whenever the device malfunctions

Device identifiers

System identification device

WLAN access point information, such as WIFI configuration and GPS.

To access the local network to communicate with hardware

Running log

Help solve problems may occur on equipment

As per Alpha's request, when helping end-users file customer complaints, installers/distributors/service providers must obtain the User's consent before using the email address, phone number and user names. Please confirm that the above three vendors have obtained your consent before helping you file customer complaints. During this process, those installers/distributors/service providers become the controller of part of your private personal data. The safety of your private personal data will then be protected by them.

Users have the responsibility to update their detailed address and contact information with Alpha in a timely manner and to allow Alpha's after-sales personnel to modify the information bound with their devices accordingly to ensure the accuracy of data. Otherwise, you may not be able to use the software on your device. If in the process of using our products, you have any objections to the purposes and permissions of the use of your personal data as outlined in this policy, you may withdraw consent to this Privacy Policy and exercise your rights as a data subject by deleting private personal data or canceling your account.

IV.          Cookies and tokens

Cookies, used on Alpha ESS' webpages, are small text files that are placed on your device to store data. Web servers that place cookies in their domains can request such data. Such data usually consist of a string of numerals and alphabetical characters that can exclusively recognize your computer. However, they may contain other information as well. We use cookies and similar technologies to allow you to log in. You may reset your Internet browsers to reject all cookies or to specify certain cookies that allow transmission. If cookies are disabled on your device, some features on our websites and some of our services may not operate normally. We respect "do not track" (DNT) signals or other similar technologies detected and identified by the system. When such a DNT browser mechanism exists in your device, we will not track any information or place any cookies.

Tokens are used for account system authentication of the currently logged-in User to allow cloud data interchange and to store user accounts and passwords for authentication so that you will not be required to log in every time you open the app. Tokens will be stored in the system for two hours. They will be automatically deleted once the User has logged out.

Setting your browser to stop cookies:

Internet Explorer:

http://windows.microsoft.com/en-gb/internet-explorer/delete-manage-cookies

Google Chrome:

https://support.google.com/chrome/answer/95647?hl=en

Mozilla Firefox:

https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer?redirectlocale=en-US&redirectslug=Cookies

Safari:

https://support.apple.com/en-gb/guide/safari/sfri11471/mac

Opera:

https://help.opera.com/en/latest/web-preferences

V.            Rights of the data subject

a) Right to confirm

As authorized by European legislators, each data subject shall have the right to confirm whether their data are being processed by data controllers. Data subjects may contact our Data Protection Officer or other controller employees at any time to exercise their right of confirmation.

b) Right to access

As authorized by European legislators, each data subject shall have the right to obtain information about their personal data, regardless of the time of storage, and to obtain copies of such information free of charge. European directives and regulations have also entitled data subjects with the rights to obtain the following information: purposes of the process; types of such personal information; receivers or types of receivers whose personal data have been or are going to be disclosed, especially receivers in other countries or receivers of international organizations; the expected storage period of personal data (if possible), or when such period is impossible to obtain, the criteria to determine such a period; whether data subjects have the right to request controllers to modify or delete their personal data, or to restrict the processing of any personal data of data subjects, or to object to such processing; the right to file a complaint to the regulating authorities; and if personal data were not collected from data subjects themselves, any useful information about the data sources.

c) Right to rectify

As authorized by European legislators, each data subject shall have the right to rectify any of their incorrect personal data held by data controllers in a timely manner. Considering the purposes of the processing, data subjects have the right to complete any incomplete personal data, including by providing supplemental statements. If data subjects wish to exercise this right of rectification, they may contact our Data Protection Officer or other controller employees at any time.

d) Right to delete (Right to be forgotten)

As authorized by European legislators, each data subject shall have the right to ask their data controllers to delete any personal data about them in a timely manner. Data subjects shall withdraw their consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there shall be no other legal basis for the processing. Data subjects object to the processing in accordance with Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or data subjects object to the processing in accordance with Article 21(2). Personal data have been processed illegally. Personal data must be deleted to ensure that controllers comply with their legal obligations as stated by the laws of the alliance or any member states. Personal data collected must be related to the provision of informational social services as described in Article 8(1) of the GDPR.

If any of the above apply, and data subjects wish to delete their personal data stored by Alpha ESS Co., Ltd, they may contact our Data Protection Officer or other controller employees at any time. The Data Protection Officer or other employees at Alpha ESS Co., Ltd must comply with the request for deletion without delay and shall notify all positions that are engaged in the processing of personal data of the request. If users wish to delete data on their own, they may do so by canceling their account by going to [Basic settings] - [User's information settings] - [Cancel account].

If controllers have already made the personal data public and are required to delete such personal data in accordance with Article 17(1), they shall consider available technologies and the costs of implementation and take reasonable measures, including technical measures, to notify other controllers who process personal data requested by data subjects that such controllers delete any links, reproductions or copies of such personal data where such processing is not required. Under specific circumstances, the Data Protection Officer or other employees at Alpha ESS Co., Ltd may arrange necessary measures.

When end-users submit their request to delete their personal data to Alpha or delete personal data on their own, any private personal data held by Alpha at its installers/distributors/service providers shall also be deleted. For cases in which Alpha acts as the processor only and not the data controller, Alpha will notify the data controllers of the User's request to delete data by email and phone.

 

e) Right to restrict data processing

Each data subject shall possess the right, as granted by the European legislators, to restrict the data controller from processing his/her personal data, in any one of the following cases:

The data subject questions the accuracy of their personal data; the data controller can verify the accuracy of personal data within a certain time limit. The data processing is illegal, and the data subject requests that the use of personal data be restricted, rather than deletion.

Personal data for processing purposes are no longer required by the data controller, but continue to be required by the data subject, in order to establish, exercise, or defend a legal claim. The data subject has objected to processing data under Article 21(1) of the GDPR, and is awaiting confirmation of whether the legal grounds of the data controller will take precedence over his/her own.

A data subject who requests restrictions upon the processing of personal data stored by Alpha ESS Co., Ltd in any one of the above cases may contact our Data Protection Officer or another employee. One of these will make arrangements to restrict data processing.

f) Right to data portability

Each data subject shall possess the right, as granted by European legislators, to receive their personal data in a structured, commonly used and machine-readable format from the data controller. The data subject shall have the right to transfer such data to another data controller without hindrance by the data controller providing the data, provided that such data are processed based on consent given under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or under a contract entered into pursuant to Article 6(1)(b) of the GDPR, and the data are automatically processed, unless the processing is necessary for tasks performed in the public interest or the exercise of the data controllers official authority. In addition, in exercising his/her right to data portability under Article 20(1) of the GDPR, each data subject shall possess the right to have his/her personal data directly transferred from one controller to another, provided that doing so is technically feasible and will not adversely affect the rights and freedoms of others. In order to safeguard their right to data portability, data subjects may contact the Data Protection Officer or another employee designated by Alpha ESS Co., Ltd.

g) Right to object

Each data subject shall possess the right, as granted by European legislators, to object at any time to the processing of their personal data on grounds related to their particular circumstances in accordance with Article 6(1)(e) or (f) of the GDPR. This also applies to analyses made based on these provisions. In case of objection by a data subject, Alpha ESS Co., Ltd will cease to process his/her personal data, unless we can establish persuasive legal grounds for the processing of such data that take precedence over the interests, rights and freedoms of the data subject, or for the purpose of establishing, exercising or defending legitimate claims.

In addition, each data subject shall have the right to object, on grounds related to their particular circumstances, to the processing of their personal data by Alpha ESS Co., Ltd for scientific, historical research or statistical purposes, under Article 89 (1) of the GDPR, unless this processing is necessary for tasks performed in the public interest.

In order to exercise the right to object, a data subject may contact the Data Protection Officer or other employees of Alpha ESS Co., Ltd directly. In addition, notwithstanding Directive 2002/58/EC, the data subject can freely exercise the right to object using automatic means, in accordance with appropriate technical standards when using socialized services for the data.

h) Automatic personal decision-making, including analysis

All data subjects shall have the right, as granted by European legislators, not to be subject to a decision based solely on automatic data processing (including analysis), which produces legal effects concerning him or her, or similarly significantly affects him or her, provided that the decision is necessary for the conclusion or performance of a contract between the data subject and the data controller, or authorized by the laws of the Union or Member State to which the controller is subject, which also stipulates that appropriate measures should be taken to safeguard the rights, freedoms and legitimate interests of data subjects, or the explicit consent of data subjects is obtained.

Alpha ESS Co., Ltd shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject where a decision is made as required for the conclusion or performance of a contract between the data subject and the data controller, or with the explicit consent of the data subject.

i) Right to withdraw consent for data protection

All data subjects shall possess, as granted by European legislators, the right to withdraw their consent to the processing of their personal data at any time. Any data subject who intends to exercise this right to withdraw consent may contact the Data Protection Officer or other employees of Alpha ESS Co., Ltd directly.

VI.          How We Use Your Personal Data

Alpha ESS Co., Ltd will only share/disclose your personal data to relevant parties, and in a way that you are aware of, or in the circumstances mentioned below:

1. We will share your user data with your explicit consent. After obtaining your express consent, we will transfer your user information to other parties, with the list of specific permissions as follows:

Other Party

Information for Use

Purpose

Google Maps

Country, postal code

Display device location on platform user interface

Baidu Map

Country, postal code

Display device location on platform user interface

Weatherbit

Country, postal code

Forecast local weather to maximize revenue from electricity sales

 

Other Party

Information to access

Information to modified under users permission

Purpose

Installer

Email, phone number, user name, running log

Email, phone number, user name

Establish customer complaint management system

Distributor

Email, phone number, user name

Email, phone number, user name

Establish customer complaint management system

Service company

Email, phone number, user name

Email, phone number, user name

Establish customer complaint management system

2. We will disclose your personal data to third-party service providers who provide us with certain business-related services, such as network hosting, data analysis, infrastructure provision, customer support services, email sending services and other similar services, so as to ensure that such third parties can provide services for us. See the purposes of use of personal data, above, for details.

VII.         How We Process Childrens Personal Data

We do not provide service to minor who is under 18 years old or collect their personal data. And we require users to not provide any personal data from minors. If we are awarded that a childs personal data was collected accidentally, it will be deleted as soon as possible.

VIII.       Security Measures

We will maintain the integrity and security of your personal data by taking commercially reasonable physical, administrative and technical safeguards. Alpha ESS Co., Ltd employs a variety of security measures to guarantee the data security of users and devices.

1. Security algorithms and transmission encryption protocols are adopted for data communications.

2. Strict data filtering and verification and a complete data review process are adopted for data processing.

3. Concerning data storage, all users' data are securely encrypted and stored on Microsoft Azure servers. These are currently located in Singapore and continuously monitored by the Azure Data Centers operation and maintenance team on a 24/7 basis in order to prevent unauthorized access to data, unauthorized actions and guard against environmental risks, and to guarantee the security of the transmission process and the completeness and accuracy of data transmitted.

4. In addition to the above technical security measures, Alpha ESS Co., Ltd has also developed a series of security measures at the institutional and control levels, such as defining job descriptions and roles, offering training on security and privacy, raising employees' level of data protection awareness, and controlling access permissions, in order to prevent the loss, illegal usage, unauthorized access to, disclosure of, tampering with or destruction of data.

If, for any reason, you believe that data transmission to or from Alpha ESS Co., Ltd is no longer secure, please inform us immediately by sending an email to europe@alpha-ess.de.

We will inform you of any security incident that affects the security of your personal data via email, telephone, or push message as soon as possible, along with suggested measures to reduce or avoid related risks, and other information. When necessary, we will adopt timely remedial measures in accordance with our internal emergency plan for security incidents, and report to the relevant competent authorities in accordance with regulations.

IX.          Methods for Exercising Your Rights to Privacy

We respect your rights and protect your personal data. You may exercise any of the following rights in the following ways:

1. Email us at europe@alpha-ess.de

You can exercise your personal rights free of charge. According to the relevant requirements of local data protection laws, we will reply to your request within 15 business days if your account service is provided within the Chinese mainland, and within 30 days if your account service is provided outside mainland China.

In your request, you should state what data you intend to change and whether you wish to have your personal data deleted from our database, or specify any restrictions you wish to place on our use of your personal data. Please note that we may require verification of your identity for security reasons.

You may:

1. Request access to personal data of yours which we process

2. Request correction of your personal data where it is inaccurate or incomplete

3. Request the deletion of your personal data

4. Request temporary or permanent restrictions upon the processing of part or all of your personal data

5. Request the processing of your personal data with your consent or under a contract entered into by and between us, or that your personal data is transmitted to you or a third party when we automatically process it

6. When we are using your personal data on the basis of your consent or our legitimate interests, you may express your objection or refusal to permit this by sending an email to europe@alpha-ess.de. We will comply with your requests as far as is reasonably practicable.

X.            Data Retention Period

We will process your personal data for the purposes stated in this Policy as quickly as possible, unless specific legal requirements exist demanding its retention for a longer period of time. We will determine an appropriate retention period based on the amount, nature and sensitivity of personal data, and destroy your personal data after the retention period ends. Where you explicitly request deletion of your personal data, we will delete it and cease to retain it. In case of inability to destroy the data for technical reasons, we will take appropriate measures to prevent its further use.

XI.          Third-Party SDK Data Collection and Usage Instructions

We may access software development kits (SDKs) provided by third parties in order to ensure the stable operation of Alpha.ESS services or implement related functions. We will strictly test the security of the application programming interfaces (APIs) and SDKs used by authorized partners for the acquisition of relevant information, and conclude agreements with them concerning strict data protection measures, in order to ensure that they process personal data in accordance with this Policy and other relevant confidentiality and security measures.

The third-party SDKs we access mainly provide services to meet your and other users' needs, so we may change them to fulfill new service needs, or due to changes in our service functions. We will provide you with information on our access to third party SDKs by keeping the relevant information in this Policy up to date.

Alpha.ESS accesses the following third-party SDK(s) (the personal data collected is dependent on whether you use the following third-party services):

Name of third party

Purpose

Details of personal data collected

Privacy Policy Website

Umeng SDK

Statistical analysis of user behaviors

Device model, device name, app version, crashes, freezes, daily activity, usage time, memory usage, app BundleID, CPU architecture, network type, new users, active users, number of launches, version distribution, channel, SSID, and IMEI

https://www.umeng.com/policy?spm=a211g2.211692.0.0.70087d23tNlINT