I. Notice clause
Thank you for your interest in our company. Alpha ESS Co., Ltd. has always placed a particularly high priority on data protection, and our website can be used without needing to provide personal data. However, if you as a data subject wish to use specific corporate services via our website, we will need to process your personal data. We have prepared this policy to inform the public about the nature, scope, and purposes of our collection, use, and processing of personal data. This policy also informs data subjects of their rights. As the data controller, Alpha ESS Co., Ltd. has established a range of technical and organizational measures to ensure that personal data processed via this website is protected as comprehensively as possible. As such, data subjects also have the option to send their personal data to us using other means (e.g., by phone).
Alpha ESS Europe GmbH
Michael Steininger-Yang, Data Protection Officer (DPO), Alpha ESS Europe GmbH
Alpha ESS Europe GmbH
Ⅱ.The data we collect
We collect personal data for a variety of purposes, including maintaining efficient business operations and providing you with the best product experience. At Alpha ESS, we collect the data you provide, data about your interaction with Alpha ESS, and data regarding product usage. Users provide data directly, such as when they create an Alpha ESS account. Other types of data are collected through the interaction process with our products, your use of and experience with our products, and related communications.
We also obtain data from third parties. We protect any data obtained from third parties in accordance with the purposes described hereinafter, as well as any other restrictions posed by the data sources.
Google Analytics is a web-based analytics service. Web analytics is the process of gathering and analyzing the data related to visitors to a website. The information collected by this function includes the website a user came from (also known as the source of referral), the subpages a user has visited, the visit frequency and duration of subpages, etc. No personal data of users are collected or used throughout this process. Web analytics is mainly used for website optimization and cost-benefit analysis of Internet advertisements. The components of Google Analytics are operated by Google Inc. at 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
We locate the neighborhood blocks where the devices are by calling Google Maps' positioning plug-in and referring to the national address and postal codes. Then, we call Weatherbit's official APIs to obtain the latest local weather information and display it in the platform's user interface.
You may reject our request for your personal data. You may have to provide your personal data to keep our products operational or to enjoy our services. If you choose not to provide such data, you will not be able to use our products or some services.
Types of data that we collect include:
Contact data: email address, contact address, contact person and phone number.
Credentials: password and check code used to authenticate and access accounts.
Statistics: data related to you, such as country, country, city, zip code, time zone and your preferred language.
Interaction: data regarding your usage of the Alpha ESS platform. This is provided by you when you submit search inquiries to use our products and is provided by us when errors are reported. Interaction data includes:
Device and usage data: data about your device, the products and the functions that you use, including information about your hardware and software, the performance of our products, and your settings. For example:
Device and configuration data: data about your device, device configuration, and neighboring networks. For example, the IP address, SN, device identifiers, location and language settings, and neighboring WLAN access points of the device. Such data are used for device interaction only and not for any other purposes.
Troubleshooting and help data: data submitted when you contact Alpha ESS for help, such as authentication information and data related to your device and its corresponding products.
Location data: data related to your device's location (the neighborhood block where it is located). We deduce the location via national addresses and postal codes.
WIFI configuration: data about your WIFI configuration. We need to access your geographic location authorization and current WIFI SSID while you use AlphaESS mobile application to configure WIFI. Refuse to access will limit the WIFI configuration related functions.
Ⅲ. Purposes of using personal data
We have outlined the purposes of using personal data in the following section.
As per Alpha's request, when helping end-users file customer complaints, installers/distributors/service providers must obtain the User's consent before using the email address, phone number and user names. Please confirm that the above three vendors have obtained your consent before helping you file customer complaints. During this process, those installers/distributors/service providers become the controller of part of your private personal data. The safety of your private personal data will then be protected by them.
Ⅳ. Cookies and tokens
Tokens are used for account system authentication of the currently logged-in User to allow cloud data interchange and to store user accounts and passwords for authentication so that you will not be required to log in every time you open the app. Tokens will be stored in the system for two hours. They will be automatically deleted once the User has logged out.
Setting your browser to stop cookies:
Ⅴ. Rights of the data subject
a) Right to confirm
As authorized by European legislators, each data subject shall have the right to confirm whether their data are being processed by data controllers. Data subjects may contact our Data Protection Officer or other controller employees at any time to exercise their right of confirmation.
b) Right to access
As authorized by European legislators, each data subject shall have the right to obtain information about their personal data, regardless of the time of storage, and to obtain copies of such information free of charge. European directives and regulations have also entitled data subjects with the rights to obtain the following information: purposes of the process; types of such personal information; receivers or types of receivers whose personal data have been or are going to be disclosed, especially receivers in other countries or receivers of international organizations; the expected storage period of personal data (if possible), or when such period is impossible to obtain, the criteria to determine such a period; whether data subjects have the right to request controllers to modify or delete their personal data, or to restrict the processing of any personal data of data subjects, or to object to such processing; the right to file a complaint to the regulating authorities; and if personal data were not collected from data subjects themselves, any useful information about the data sources.
c) Right to rectify
As authorized by European legislators, each data subject shall have the right to rectify any of their incorrect personal data held by data controllers in a timely manner. Considering the purposes of the processing, data subjects have the right to complete any incomplete personal data, including by providing supplemental statements. If data subjects wish to exercise this right of rectification, they may contact our Data Protection Officer or other controller employees at any time.
d) Right to delete (Right to be forgotten)
As authorized by European legislators, each data subject shall have the right to ask their data controllers to delete any personal data about them in a timely manner. Data subjects shall withdraw their consent on which the processing is based in accordance with Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there shall be no other legal basis for the processing. Data subjects object to the processing in accordance with Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or data subjects object to the processing in accordance with Article 21(2). Personal data have been processed illegally. Personal data must be deleted to ensure that controllers comply with their legal obligations as stated by the laws of the alliance or any member states. Personal data collected must be related to the provision of informational social services as described in Article 8(1) of the GDPR.
If any of the above apply, and data subjects wish to delete their personal data stored by Alpha ESS Co., Ltd, they may contact our Data Protection Officer or other controller employees at any time. The Data Protection Officer or other employees at Alpha ESS Co., Ltd must comply with the request for deletion without delay and shall notify all positions that are engaged in the processing of personal data of the request. If users wish to delete data on their own, they may do so by canceling their account by going to [Basic settings] - [User's information settings] - [Cancel account].
If controllers have already made the personal data public and are required to delete such personal data in accordance with Article 17(1), they shall consider available technologies and the costs of implementation and take reasonable measures, including technical measures, to notify other controllers who process personal data requested by data subjects that such controllers delete any links, reproductions or copies of such personal data where such processing is not required. Under specific circumstances, the Data Protection Officer or other employees at Alpha ESS Co., Ltd may arrange necessary measures.
When end-users submit their request to delete their personal data to Alpha or delete personal data on their own, any private personal data held by Alpha at its installers/distributors/service providers shall also be deleted. For cases in which Alpha acts as the processor only and not the data controller, Alpha will notify the data controllers of the User's request to delete data by email and phone.
e) Right to restrict data processing
Each data subject shall possess the right, as granted by the European legislators, to restrict the data controller from processing his/her personal data, in any one of the following cases:
The data subject questions the accuracy of their personal data; the data controller can verify the accuracy of personal data within a certain time limit. The data processing is illegal, and the data subject requests that the use of personal data be restricted, rather than deletion.
Personal data for processing purposes are no longer required by the data controller, but continue to be required by the data subject, in order to establish, exercise, or defend a legal claim. The data subject has objected to processing data under Article 21(1) of the GDPR, and is awaiting confirmation of whether the legal grounds of the data controller will take precedence over his/her own.
A data subject who requests restrictions upon the processing of personal data stored by Alpha ESS Co., Ltd in any one of the above cases may contact our Data Protection Officer or another employee. One of these will make arrangements to restrict data processing.
f) Right to data portability
Each data subject shall possess the right, as granted by European legislators, to receive their personal data in a structured, commonly used and machine-readable format from the data controller. The data subject shall have the right to transfer such data to another data controller without hindrance by the data controller providing the data, provided that such data are processed based on consent given under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or under a contract entered into pursuant to Article 6(1)(b) of the GDPR, and the data are automatically processed, unless the processing is necessary for tasks performed in the public interest or the exercise of the data controller’s official authority. In addition, in exercising his/her right to data portability under Article 20(1) of the GDPR, each data subject shall possess the right to have his/her personal data directly transferred from one controller to another, provided that doing so is technically feasible and will not adversely affect the rights and freedoms of others. In order to safeguard their right to data portability, data subjects may contact the Data Protection Officer or another employee designated by Alpha ESS Co., Ltd.
g) Right to object
Each data subject shall possess the right, as granted by European legislators, to object at any time to the processing of their personal data on grounds related to their particular circumstances in accordance with Article 6(1)(e) or (f) of the GDPR. This also applies to analyses made based on these provisions. In case of objection by a data subject, Alpha ESS Co., Ltd will cease to process his/her personal data, unless we can establish persuasive legal grounds for the processing of such data that take precedence over the interests, rights and freedoms of the data subject, or for the purpose of establishing, exercising or defending legitimate claims.
In addition, each data subject shall have the right to object, on grounds related to their particular circumstances, to the processing of their personal data by Alpha ESS Co., Ltd for scientific, historical research or statistical purposes, under Article 89 (1) of the GDPR, unless this processing is necessary for tasks performed in the public interest.
In order to exercise the right to object, a data subject may contact the Data Protection Officer or other employees of Alpha ESS Co., Ltd directly. In addition, notwithstanding Directive 2002/58/EC, the data subject can freely exercise the right to object using automatic means, in accordance with appropriate technical standards when using socialized services for the data.
h) Automatic personal decision-making, including analysis
All data subjects shall have the right, as granted by European legislators, not to be subject to a decision based solely on automatic data processing (including analysis), which produces legal effects concerning him or her, or similarly significantly affects him or her, provided that the decision is necessary for the conclusion or performance of a contract between the data subject and the data controller, or authorized by the laws of the Union or Member State to which the controller is subject, which also stipulates that appropriate measures should be taken to safeguard the rights, freedoms and legitimate interests of data subjects, or the explicit consent of data subjects is obtained.
Alpha ESS Co., Ltd shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject where a decision is made as required for the conclusion or performance of a contract between the data subject and the data controller, or with the explicit consent of the data subject.
i) Right to withdraw consent for data protection
All data subjects shall possess, as granted by European legislators, the right to withdraw their consent to the processing of their personal data at any time. Any data subject who intends to exercise this right to withdraw consent may contact the Data Protection Officer or other employees of Alpha ESS Co., Ltd directly.
Ⅵ. How We Use Your Personal Data
Alpha ESS Co., Ltd will only share/disclose your personal data to relevant parties, and in a way that you are aware of, or in the circumstances mentioned below:
1. We will share your user data with your explicit consent. After obtaining your express consent, we will transfer your user information to other parties, with the list of specific permissions as follows:
2. We will disclose your personal data to third-party service providers who provide us with certain business-related services, such as network hosting, data analysis, infrastructure provision, customer support services, email sending services and other similar services, so as to ensure that such third parties can provide services for us. See the purposes of use of personal data, above, for details.
Ⅶ. How We Process Children’s Personal Data
We do not provide service to minor who is under 18 years old or collect their personal data. And we require users to not provide any personal data from minors. If we are awarded that a child’s personal data was collected accidentally, it will be deleted as soon as possible.
Ⅷ. Security Measures
We will maintain the integrity and security of your personal data by taking commercially reasonable physical, administrative and technical safeguards. Alpha ESS Co., Ltd employs a variety of security measures to guarantee the data security of users and devices.
1. Security algorithms and transmission encryption protocols are adopted for data communications.
2. Strict data filtering and verification and a complete data review process are adopted for data processing.
3. Concerning data storage, all users' data are securely encrypted and stored on Microsoft Azure servers. These are currently located in Singapore and continuously monitored by the Azure Data Center’s operation and maintenance team on a 24/7 basis in order to prevent unauthorized access to data, unauthorized actions and guard against environmental risks, and to guarantee the security of the transmission process and the completeness and accuracy of data transmitted.
4. In addition to the above technical security measures, Alpha ESS Co., Ltd has also developed a series of security measures at the institutional and control levels, such as defining job descriptions and roles, offering training on security and privacy, raising employees' level of data protection awareness, and controlling access permissions, in order to prevent the loss, illegal usage, unauthorized access to, disclosure of, tampering with or destruction of data.
If, for any reason, you believe that data transmission to or from Alpha ESS Co., Ltd is no longer secure, please inform us immediately by sending an email to firstname.lastname@example.org.
We will inform you of any security incident that affects the security of your personal data via email, telephone, or push message as soon as possible, along with suggested measures to reduce or avoid related risks, and other information. When necessary, we will adopt timely remedial measures in accordance with our internal emergency plan for security incidents, and report to the relevant competent authorities in accordance with regulations.
Ⅸ. Methods for Exercising Your Rights to Privacy
We respect your rights and protect your personal data. You may exercise any of the following rights in the following ways:
You can exercise your personal rights free of charge. According to the relevant requirements of local data protection laws, we will reply to your request within 15 business days if your account service is provided within the Chinese mainland, and within 30 days if your account service is provided outside mainland China.
In your request, you should state what data you intend to change and whether you wish to have your personal data deleted from our database, or specify any restrictions you wish to place on our use of your personal data. Please note that we may require verification of your identity for security reasons.
1. Request access to personal data of yours which we process
2. Request correction of your personal data where it is inaccurate or incomplete
3. Request the deletion of your personal data
4. Request temporary or permanent restrictions upon the processing of part or all of your personal data
5. Request the processing of your personal data with your consent or under a contract entered into by and between us, or that your personal data is transmitted to you or a third party when we automatically process it
6. When we are using your personal data on the basis of your consent or our legitimate interests, you may express your objection or refusal to permit this by sending an email to email@example.com. We will comply with your requests as far as is reasonably practicable.
Ⅹ. Data Retention Period
We will process your personal data for the purposes stated in this Policy as quickly as possible, unless specific legal requirements exist demanding its retention for a longer period of time. We will determine an appropriate retention period based on the amount, nature and sensitivity of personal data, and destroy your personal data after the retention period ends. Where you explicitly request deletion of your personal data, we will delete it and cease to retain it. In case of inability to destroy the data for technical reasons, we will take appropriate measures to prevent its further use.
Ⅺ. Third-Party SDK Data Collection and Usage Instructions
We may access software development kits (SDKs) provided by third parties in order to ensure the stable operation of Alpha.ESS services or implement related functions. We will strictly test the security of the application programming interfaces (APIs) and SDKs used by authorized partners for the acquisition of relevant information, and conclude agreements with them concerning strict data protection measures, in order to ensure that they process personal data in accordance with this Policy and other relevant confidentiality and security measures.
The third-party SDKs we access mainly provide services to meet your and other users' needs, so we may change them to fulfill new service needs, or due to changes in our service functions. We will provide you with information on our access to third party SDKs by keeping the relevant information in this Policy up to date.
Alpha.ESS accesses the following third-party SDK(s) (the personal data collected is dependent on whether you use the following third-party services):