Last updated: November 2023.
If you have any questions, comments or suggestions, please contact us using the contact information below:
◼ Rules for the Collection and Use of Personal Information on the official website of SOFAR
◼ How we protect your personal information
◼ Your Rights
◼ how we handle children's personal information
◼ How your personal information is transferred globally
◼ How this policy has been updated
◼ How to contact us
Rules for the collection and use of personal information
1、What personal information we collect about you
Personal data means any data that, either on its own or jointly with other data, can be used to identify a natural person. You directly provide us with such data when you use our websites, products, or services, or interact with us by, for example, creating a SOFAR account or contacting us for support. We may also obtain data by recording how you interact with our websites, products, or services. For example, we may use technologies like cookies to improve user experience.
The personal data we collect includes user name, email address, phone number, password, country and region, user company name, user type, user receiving/installation address etc., depending on how you interact with SOFAR, for example, the newsletter information you want to obtain that regularly sent by SOFAR, the after-sales service that we provide to you, and all other products and services that you use.
We also collect the information you provide to us and the content of messages you send us, such as the query information you provide, or the questions or information you provide for customer service support.
Before using products or services of SOFAR, you may need to provide personal data. In some cases you may be able to opt not to disclose your personal data to SOFAR. However, not providing SOFAR with certain data may mean that we cannot provide you with certain products or services or respond to an issue that you have raised.
2、How we use your personal information
We may use your personal data for the following purposes:
l Creating an account.
l Fulfilling your transaction or service requests, including fulfilling orders; delivering or repairing products or services; providing you with the requested information (such as marketing materials for products and services).
l Contacting you with your consent; sending you information about products and services that may interest you; inviting you to participate in SOFAR activities (including promotional activities), market surveys, or satisfaction surveys; or sending you marketing information. If you do not want to receive these types of information, you can opt out at any time.
l Answering your queries or provide services requested and perform bug location and data repair in the power station when bugs occur in the platform; Remotely viewing and operating the equipment to repair faults or improve product performance.
l Complying with and enforcing applicable legal requirements, industry standards and our policies.
We will process your personal data following the requirements of applicable laws on an appropriate legal basis, including:
l Processing your personal data to fulfill the contract when responding to a transaction or service request;
l Processing your personal data with your consent;
l Processing based on the legitimate interests of SOFAR when we use your personal data to contact you, conduct marketing surveys, improve our products and services and other purposes;
l Processing your personal data as necessary to comply with and fulfill legal obligations.
3、How we entrust the processing, sharing, transfer, public disclosure of your personal information
We will not share your personal information with any companies, organizations and individuals outside of our company, unless we have your express consent or based on mandatory provisions of applicable laws and regulations.
We will only share your personal information for lawful, legitimate, necessary, specific, and explicit purposes, and will only share personal information that is necessary to provide the service. The relevant third parties are not authorized to use the shared personal information for any other purpose. We will require them to take relevant confidentiality and security measures to handle the personal information, and to clarify the responsibilities and obligations of the co-operating parties for the protection of your personal information.
We may share your personal information externally in accordance with the mandatory requirements of governmental authorities or under applicable laws and regulations.
We will not transfer your personal information to any companies, organizations or individuals, except in the following circumstances:
a) Transfer with explicit consent: We will transfer your personal information to other parties with your explicit consent;
(4) Public disclosure
We will only publicly disclose your personal information in the following circumstances:
a) with your express consent;
b) Disclosure based on law: We may publicly disclose your personal information when required to do so by applicable laws and regulations.
To ensure our website works correctly, we may at times place a small piece of data known as a cookie on your computer or mobile device. A cookie is a text file stored by a web server on a computer or mobile device. The content of a cookie can be retrieved or read only by the server that creates the cookie. The text in a cookie often consists of identifiers, site names, and some numbers and characters. Cookies are unique to the browsers or mobile applications you use, and enable websites to store data such as your preferences or items in your shopping cart.
In addition to cookies, we may also use other similar technologies on our websites such as web beacons and pixel tags. For example, when you receive an email from SOFAR, it may contain a click-through URL that links to a SOFAR web page. If you click the link, we will track your visit to help us learn about your preferences for products and services and improve our customer service. A web beacon is a transparent graphic image embedded in a website or in an email. We use pixel tags in emails to find out whether an email has been opened.
How we protect your personal information
(1) We implement appropriate technical and organizational measures to protect the personal information you provide against unauthorized access, public disclosure, use, modification, damage or loss of data. We take all reasonably practicable steps to protect your personal information. For example, personal information is anonymized, access rights are controlled, SSL transmission is encrypted, personal information data is encrypted, and other security measures that comply with applicable laws, regulations and industry standards.
Anonymization: The purpose of the security measure that personal information is not identifiable is achieved by masking parts of the personal information collected, such as name, telephone number, email address and contact address.
Access Control: We adopt a series of security measures (e.g., authorization process approval, segregation of duties, security management system, etc.) to ensure that your personal information is only allowed to be viewed by authorized personnel related to the after-sales service of our products, and that unauthorized personnel do not have the right to access your personal information.
Encryption of transmission: Our after-sales service website only allows access via the encrypted protocol of https, and our SSL certificates are from DigiCert (the world's leading provider of digital trust) to keep your personal information safe during transmission over the web.
Data encryption: Your personal information will be stored in our database in the form of AES encryption to protect the security of your personal information.
(2) Our data security capabilities: we have developed an annual information security training programmed, regular training on privacy protection and information security awareness of the company's employees to ensure that our employees have adequate sense of security to better protect the personal information of customers; the Division has established an organizational structure for the management of information security, in the organizational, personnel, physical, technical and other aspects of the information security management work to continuously improve. We have established an organizational structure for information security management.
(3) We will implement appropriate technical and organizational measures to ensure that no unrelated personal information is collected. We will only retain your personal information for as long as is necessary to fulfil the purposes set out in this policy, unless we need to extend the retention period or are permitted to do so by law.
(4) The Internet environment is not 100 per cent secure and we will endeavor to ensure or warrant the security of any information you send to us. If our physical, technical, or managerial safeguards are breached, resulting in unauthorized access to, public disclosure of, alteration of, or destruction of the information, leading to damage to your legitimate rights and interests, we will be held legally liable.
(5) After the unfortunate occurrence of a personal information security incident, we will, in accordance with the requirements of laws and regulations, promptly inform you of: the basic situation and possible impact of the security incident, the disposal measures we have taken or will take, the suggestions you can independently take to prevent and reduce the risk, and the remedial measures for you. We will promptly inform you of the situation related to the incident by email, letter, phone call, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will take a reasonable and effective way to make a public announcement.
We will also proactively report on the handling of personal information security incidents as required by applicable laws and regulations.
In accordance with the relevant applicable laws and regulations, standards and common practices in other countries and regions, we guarantee that you will exercise the following rights with respect to your personal information:
(1) Access to your personal information
You have the right to access your personal information, subject to the exceptions provided for in laws and regulations.
If you are unable to access this personal information through the above link, you can always use our web form to contact. Or send email to firstname.lastname@example.org.
We will respond to your request for access within thirty days.
For other personal information generated in the course of your use of our products or services, we will provide you with it as long as we don't need too much input. If you wish to exercise your right of data access, please send email to
(2) Correction of your personal information
You have the right to ask us to correct any personal information we process about you if you discover that it is incorrect. You can make a request for correction in the ways listed under "(i) Access to your personal information".
If you are unable to correct this personal information through the link above, you can always use our web form to contact. Or send email to email@example.com.
We will respond to your request for correction within thirty days.
(3) Deletion of your personal information
In the following cases, you may make a request to us to delete your personal information:
1. If our handling of personal information violates laws and regulations;
2. If we collect or use your personal information without your consent;
3. If we process personal information in breach of our agreement with you;
4. If you no longer use our products after-sales service, or you cancelled the account;
5. If we no longer provide you with product after-sales service.
If we decide to respond to your request for deletion, we will also simultaneously notify the entities that obtained your personal information from us and ask them to delete it in a timely manner, unless otherwise required by law or regulation, or if those entities have been independently authorized by you to do so. When you delete information from our Services, we will respond to your deletion request within thirty days.
(4) change the scope of your authorized consent
You can give or withdraw your consent to the collection and use of additional personal information at any time. You can do this yourself by using the authorization information on the platform or by contacting the corresponding after-sales service.
When you withdraw your consent, we will no longer process the corresponding personal data. However, your decision to withdraw your consent will not affect the processing of personal data previously carried out on the basis of your authorization.
(5) Cancellation of accounts by subjects of personal information
You can cancel your previously registered account at any time, either by cancelling your account on the website. After cancellation of your account, we will stop providing you with related services, and delete your personal information upon your request, unless otherwise provided by laws and regulations.
(6) Acquisition of copies of personal information by the subject of personal information
You have the right to obtain a copy of your personal data, which you can do yourself by using the export function of the website or by contacting the corresponding service to deal with it for you.
Where technically feasible, we may also transfer a copy of your personal information directly to a third party nominated by you at your request.
(7) Automated decision-making in constraint information systems
In the website service, we may make decisions based solely on non-human, automated decision-making mechanisms, including information systems, algorithms, and the like. If these decisions significantly affect your legitimate interests, you have the right to ask us for an explanation and we will provide appropriate remedies.
(8) Responding to your request above
For security purposes, you may be required to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request.
We will respond within thirty days. If you are not satisfied, you can file a complaint through the following channels: firstname.lastname@example.org
In principle, we do not charge you for reasonable requests, but for requests that are repeated more than is reasonable, we will charge a fee for the cost of the request, if appropriate. We may refuse requests that are unnecessarily repetitive, require excessive technical means, pose a risk to the legitimate rights and interests of others, or are highly impractical.
We may not be able to respond to your request in the following circumstances:
1. Those directly related to national security and defense security;
2. Directly related to public safety, public health, and significant public interests;
3. Directly related to the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security;
4. For the purpose of safeguarding the life, property and other significant legitimate rights and interests of the subject of personal information or other individuals;
5. Responding to a request from a subject of personal information will result in serious damage to the legitimate rights and interests of the subject of personal information or other individuals or organizations.
How we handle children's personal information
Our websites are primarily intended for adults. Children should not create their own personal information subject accounts without parental or guardian consent.
In cases where personal information about children is collected with parental consent, we will only use or publicly disclose this information as permitted by law, with the express consent of the parent or guardian, or as necessary to protect the child.
If we become aware that personal information of children has been collected without prior verifiable parental consent, we will endeavor to delete the relevant data as soon as possible.
How your personal information is transferred globally
In principle, your personal data collected by SOFAR may be processed or accessed in the country/region where you use our products and services or in other countries/regions where SOFAR or its affiliates, subsidiaries, service providers or business partners have a presence.
These jurisdictions may have different data protection laws. In such circumstances, we will take measures to ensure that data is processed as required by this Policy and applicable laws, which includes when transferring the data subject’s personal data from the EU to a country or region which have been acknowledged by the EU commission as having an adequate level of data protection, we may use a variety of legal mechanisms, such as obtaining the consent to the cross-border transfer of a data subject in the EU, or implementing security measures like anonymizing personal data before cross-border data transfer.
If you request us to transfer your personal information collected by us to countries or regions outside of China and the European Union, you may be required to provide the relevant data protection laws or regulations of the country or region to ensure that the cross-border transfer of the information complies with the relevant local laws and regulations. If you firmly request us to carry out cross-border transfer of information without proving that the cross-border transfer of information complies with the relevant local data laws and regulations, we have the right to refuse and stop providing services to you. If you provide us with inaccurate information that causes the cross-border transfer of information to violate the relevant local data protection laws and regulations, the loss caused by this shall be borne by you, and we have the right to claim compensation from you for any loss caused by this.
How this policy will be updated
Our personal information protection policy is subject to change. We will not reduce your rights under this Personal Information Protection Policy without your express consent. We will post any changes to this policy on this page and will also archive an older version of this policy for your review.
For material changes, we will also provide more prominent notice (including, for certain services, email notices describing the specific changes to the Personal Information Protection Policy). Material changes within the meaning of this policy include, but are not limited to:
1. Significant changes in our service model. For example, the purpose of processing personal information, the type of personal information processed, and how personal information is used;
2. We experience significant changes in our ownership structure, organizational structure, etc. Such as changes in ownership caused by business restructuring, bankruptcy and mergers and acquisitions;
3. Changes in the primary recipients of personal information to be shared, transferred or publicly disclosed;
4. Significant changes in your rights to participate in the processing of personal information and the manner in which they are exercised;
5. In the event of a change in the department responsible for handling the security of personal information, our contact details and complaint channels;
6. When the personal information security impact assessment report indicates a high risk.
How to contact us
Normally, we will respond within thirty days.