SMA Solar Technology AG Data Protection Notice for the Installer App

In this data protection notice, SMA Solar Technology AG,Sonnenallee 1, 34266 Niestetal, Germany("we","us") provides information about how we collect and use (i.e., process) your personal data when using the SMA 360° App (the "app").

1. Which type of personal data do we collect from you?

Personal data is all information about an identified or identifiable natural person that you communicate to us or that we collect otherwise. This includes:

Registration data: In order to be able to use the functions in our app, prior registration with us using your Installer account data is required. For this, you must state your e-mail address or username as well as your password.

Contact details:You can register a customer"s new system in the app. To do this, enter your contact details (company, name, address, e-mail address and telephone number). We will store this data in SMA Sunny [Design/Salesforce Pardot].

Location data: If you register a customer"s new system in our app, you have the option to enter your address/the address of the system to be registered using your location. The location function of your mobile device is used to determine the address at which you are located. The determined address will then be stored in SMA Sunny [Design/Salesforce Pardot].

System planning: Using the app, you can use the customer"s data to plan a new system. The customer data is then used by us to determine what benefits a new system would have for the customer. This can be sent to the customer upon request. Your personal data will not be processed by us.

Server log data: When you use the app and it connects to our servers to use various features, data about it, (e.g., the date and time of your visit, the functions called up, the type and operating system of the mobile device you are using, as well as your IP address) is temporarily stored in a log file. We can also create user profiles on this under a pseudonym. It is then not possible to deduce any direct information about you.

Providing this data is required to use the app, unless the provision is not expressly voluntary.

2. What do we use your personal data for?

2.1 For the authorization of services and administration of your information (Installer account)

Your registration and energy data is used for the authorization and/or rendering of the services and for the administration of your Installer account data. This is required for the provision of the app and is therefore based on Article 6(1), Letter b) GDPR (execution of a contract). This personal data is stored with us for the duration of the existence of your customer account and three (3) months after.

2.2 For contact information

If you create a new system in our app, we will process your contact details in connection with the registered system, as we need your contact data as part of the subsequent monitoring services that we provide to the respective customer [and to you], so that we and the customer can contact you with questions, problems or requests in connection with the system. Processing your contact details is necessary in order to provide the contractual services. The legal basis for the processing is therefore the execution of precontractual measures and the initiation and, if necessary, conclusion of a contract, Article 6(1), Letter b) GDPR.

This data is stored in SMA Sunny Portal and then deleted when the system is no longer registered with SMA.

2.3 For determining addresses

We will process your location or the location of the system during the registration of a new system if you click this button and do not want to enter the address manually. When you click this button, we will determine your current location via GPS in order to quickly provide you with the address. Data about your location will be used only for the registration of the new system. We will exclusively determine the address (street, house number, city, geocoordinates) and no further location data. If the address was determined by you, only this data will continue to be stored.

The legal basis for processing your location data is your consent (Article 6(1), Letter a) GDPR). The data processed with your consent will be stored until you withdraw your consent (see Section 6.3). As soon as the specific address is determined and only the address data is stored, this processing is based on performing the duties contained in the contract (see Section 2.2). The address data will remain stored until the system is no longer registered with SMA.

2.4 Server log data

The storage of the server log data is necessary for the rendering of the service for technical reasons and then to ensure system security; the data will be deleted after 90 days at the latest. This is required, on the one hand, for the provision of the app and is based on Article 6(1), Letter b) GDPR (execution of a contract), and on the other, to ensure system security and is based on Article 6(1), Letter f) GDPR (legitimate interests.

After that, the server log data will be anonymized for statistical reasons and for the improvement of the app quality and this anonymous data is analyzed. The server log data will not be linked to your personal data and the server log data will not be merged with other personal data sources. Anonymization will occur to comply with data protection law in further use for statistical purposes and for quality assurance and thus on the basis of Article 6(1), Letter f) GDPR (legitimate interests).

2.5 Advertising and product development, right to object

We would also like to use the data about the contents of the services used that are collected during registration and entered or accrued during your use of the services, in order to inform you about our products and services relating to smart energy solutions and about our other products (advertising).

With your express permission to receive our newsletter, we will contact you and/or via e-mail with information, offers and promotions about our products that are personally tailored to you and your interests or use. This processing is based on Article 6(1), Letter a) GDPR (consent). The data processed with your consent will be stored until you withdraw your consent (see Section 6.3) or the data is no longer relevant, whichever comes first.

2.5.1 No automated decision-making

We do not make a decision solely based on automated data processing that will have legal effects on you or significantly affects you in a similar manner.

3. Sharing the data with third parties

3.1 When do we share data with service providers for the rendering of our services?

In compliance with the legal requirements, we use Appsfactory Gmbh

as our service provider for the provision of the app by means of order data processing, i.e., on our behalf, according to our instructions and under our control.

3.2 Transmission to recipients outside the EEA (European Economic Area)

We do not intend to transmit the data to recipients outside the European Economic Area, with the exception of the use of the Google Firebase tool (see Section 4.2.1).

4. Cookies and web analytics

4.1 What are cookies ?

We use cookies to make our app as user-friendly as possible and to increase the relevance of our advertising to the users of our app. Cookies allow information to be kept for a certain period of time and to identify the user"s app-capable medium.

If you are visiting our app for the first time, the privacy notice with consent to cookies will be displayed on the first page. If you then agree to the processing of your data by cookies, this consent will be stored in your app so that we do not have to display this notice each time you access the app.

4.2 Which cookies do we use, on which legal basis and for how long?

We use two types of cookies in our app: (1) optional cookie analysis and (2) optional targeting or advertising cookies

4.2.1 Cookie Analysis/Google Firebase

With cookie analysis, we gather and store the following data:

·   Frequency of page views

·   Search terms

·   Use of website functions

·   Duration of visit

Your data, collected using cookie analysis, is pseudonymized so that it is no longer possible to assign data to a respective user if that user has not clearly and actively given his/her consent.

We use cookie analysis to improve and optimize the quality of our online service and its content and to also review and improve the range and retrievability of our online service. The legal basis for processing is your consent in accordance with the first time you use the app (Article 6(1), Letter a) GDPR).

To analyze user behavior for the aforementioned purposes, we use Google Firebase, which itself employs cookies as explained. We use Google Firebase for statistical evaluations. Google Firebase is an analytics service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94034, USA ("Google").Google Firebase analyzes your use of the app and our services. The information generated by these cookies about your use of our app will generally be transmitted to and saved by Google in the United States. Google uses the advertising ID of your device. Google will use the information to evaluate the use of our app and to provide us with other services associated with the use of apps.

You can find more information on this at https://firebase.google.com/terms/data-processing-terms.

The data will be deleted as soon as it is no longer needed for our record-keeping purposes. This is usually after 90 days.

The consent you have given may be revoked at any time (see 6.3).

4.2.2 Targeting and advertising cookies

Targeting and advertising cookies are used to better target advertising to you and your interests. SMA Solar Technology AG (SMA) stores only and exclusively the personal data belonging to website users that have registered voluntarily/on their own initiative on our websites in order to receive information on products and services, because they want to subscribe to the SMA Newsletter or download documents. If they have given their consent, they can also receive promotional e-mails that are relevant to their interests.

Our app is linked to the Pardot tool. Pardot is a piece of marketing automation software from Salesforce.com EMEA Limited (Salesforce), Village 9, Floor 26 Salesforce Tower, 110 Bishopsgate, London, UK, EC2N 4AY.

Personal data provided voluntarily is initially stored in Pardot to then be processed using the Salesforce CRM system for the purpose of contacting and/or sending you information. Salesforce does not store any IP addresses but uses the individual assignment references "unique visitor ID" and "unique identifier." Deriving personal information is not possible.

You can learn about how Salesforce processes your information when visiting websites here: (LINK:https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5 ).

SMA uses Pardot as a marketing analysis service that makes it possible to maintain, assess and expand the SMA online service and SMA marketing communications and to optimize the content on SMA websites. Furthermore, to protect users and partners, fraud and security risks can be detected and eliminated, if necessary. Data will be processed in Salesforce on our behalf using cookies.

We also use these cookies to tailor advertisements on our websites and apps to you so that you can later be presented with exactly the type of advertising that may be of real interest to you, based on your user behavior.

The legal basis for processing is your consent in accordance with the first time you use the app (Article 6(1), Letter a)GDPR).The consent you have given may be revoked at any time (see 6.3).

5. Security

We and our service providers have implemented technical and organizational security measures to protect your personal data managed by us against accidental and intentional manipulation, loss, destruction and unauthorized access. Our data processing and our security measures are constantly being improved according to the current level of technology.

When your personal data is transmitted to us, it is encrypted via Secure Socket Layer (SSL). Personal data shared between you and us or other involved companies is always transmitted via encrypted connections that correspond to the current state of the art.

Naturally, our employees and our commissioned service providers are obliged to maintain data secrecy.

6. Your rights

6.1 Information,correction blocking deletion

If you have any questions regarding the processing of your personal data by us, we will provide you with information on the personal data stored about you at any time and free of charge. You are also entitled to the correction of incorrect data as well as blocking/restricting the processing or deletion of your personal data no longer required as well as the transmission of the data provided as far as technically possible. If the GDPR makes these rights subject to conditions, this applies only if these are fulfilled.

6.2 Complaints

You also have the right to complain to a supervisory authority for data protection. The supervisory authority responsible for us is Der Hessische Beauftragte f"r Datenschutz und Informationsfreiheit (Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany).

6.3 Revocation/objection

If you have given your consent to data processing, you may revoke it at any time with future effect, i.e., the legality of the data processing up to the time of revocation will remain unaffected.

If we process your personal data on the basis of a legitimate interest according to Article 6(1), Letter f) GDPR, you can object to this processing for reasons that result from your particular situation at any time. We will then determine whether our legitimate interest in the data processing also prevails in your case or whether your interests due to your particular situation prevail. In the latter case, we will stop processing your data according to your objection. In this case, we will be unable to process existing and future orders.

6.4 Exercising your rights

Please contact us with your concerns at the office indicated below 7. We reserve the right to verify your identity so that your personal data does not become known to unauthorized persons.

7. Contact details

You can reach us as follows:

SMA Solar Technology AG Sonnenallee 1

34266 Niestetal, Germany

Phone: +49-5619-5220

Fax: +49-561-952-2100

E-mail: info@SMA.de


Our Data Protection Officer can be reached as follows:

SMA Solar Technology AG Data Protection Officer, Sonnenallee 1

34266 Niestetal, Germany

E-mail:datenschutz@SMA.de

8. Amendments

From time to time, it is necessary to amend the content of this privacy notice. Thus, we reserve the right to amend it at any time. We will also publish the amended version of the privacy policy here. Therefore, you should reread the privacy policy when visiting us again.

Dated October 2019