DATA SECURITY IN EASYSOLAR APP
Applies to the mobile and browser version.
- Data administrator
The administrator of data processed on the website available via the website www.easysolar-app.com and in the Easy Solar mobile application is EasySolar Limited company, with offices in Poznań, Królowej Jadwigi 43, 61-871 Poznań, NIP 972237323, REGON: 301991466, registered in National Court Register kept by Regional Court Poznań – Nowe Miasto and Wilda in Poznań, VIII Economical KRS Department, KRS 0000405063
- What data we protect?
In the app, we protect and guarantee the security of all data provided to us by users, including:
- data used during registration,
- data of company and employees – these data are provided to us by the user,
- User customers data – these data are provided to us by the user,
- all data regarding projects created by You,
- all reports generated by You,
- all other data that you enter in the app, for projects, in comments, etc.
- data on the method of using the application, which will be saved or to which we will have access in connection with the use of cookie solutions,
- data that will be collected in connection with contact with us via the channels provided.
- Some of the security measures applied to protect confidential data of app Users:
- The data is stored in a database located in a private network, access to which is secured with a login and an encrypted password. The database containing the data is additionally protected by a firewall that filters incoming connections. Access to this network is only available to sites located in the same private network and only having the IP address of our internal internet network in the building of our office.
- All passwords are stored in an encrypted form; we use an advanced encryption algorithm.
- Communication between users and our server Uses the HTTPS protocol, which Uses TLS to encrypt all communications, so all data sent and received are encrypted.
- Who inside EasySolar has access to Users data?
- Only authorized administrators inside the EasySolar company, we do not use external administration companies.
- Data administrators within our company are obliged to keep all data strictly confidential and have been trained to manage data in accordance with the best security practices.
- Security of our servers:
- We use Amazon Web Services, in short AWS in order to store the data.
- AWS is currently one of the newest and the most guarded server rooms in the world.
- Even the detailed location of the server room is a secret.
- The building is protected and closely monitored by the newest security systems.
- Buildings have alternative power sources.
- The country where the data is stored is Ireland, therefore, your data will not leave the European Economic Area due to its storage in AWS.
- AWS has one of the most important information security certificates – ISO 27001/ while meeting the Level 1 security standard in the Data Security Standards (DDS) category.
- AWS declares compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection).
- More about the security of AWS servers can be found in the following link:
- Purposes and legal grounds for the processing
- it’s necessary to conclude or perform the contract (remember that by accepting the regulations and using our services, you conclude a contract for the provision of electronic services). If you become a user of the website, we will use your identification data and other data that we collect to identify you as a user and provide you with access to our website and the possibility of using the services (i.e. Article 6 (1) (b) of the Regulation of the European Parliament and of the Council ( EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC – hereinafter referred to as the GDPR).
- for their processing, you have given us your consent (through your statement or clear action confirming, such as knowingly providing us with your data for a specific purpose). In such cases, at the time of obtaining your consent, we will inform you about the purpose of processing and the category of personal data being processed (i.e. pursuant to Article 6 (1) (a) of the GDPR,
- are necessary for the purposes of the legitimate interests pursued by us (pursuant to Article 6 (1) (f) of the GDPR), that is:
- ensuring the proper operation of the website, its security, development and continuous improvement of its operation, improving the convenience of using and implementing new functionalities,
- investigation and defense against claims, before courts and administrative bodies and outside them (in the scope of all collected data),
- archiving and making backup copies of the data held, in connection with the obligation imposed on us, as the data controller, to properly secure the data (with regard to all collected data),
- direct marketing of Easy Solar’s products and services,
- contact with you in matters related to the functioning of the application or in all other matters in which you contact us.
- To whom and what data is transferred.
- We use external apps for efficient communication with our Users, in particular for mailing.
- We use the external apps for billing and invoice.
- We use the following softwares: fakturowania.pl/ SendGrid.com and User.com – all of them guarantee a very high quality of database security at the same level as the standards in our company.
- The company we work with in the field of secure logging into our Systems is AuthO Inc. which is based in the United States.
- In app, we only store contact details of our users, such as: Company names, usernames, telephone numbers, e-mail addresses, addresses, payment details for our company.
- We also use an external accounting office that meets the data protection requirements. We share with this company only the invoices data of the purchase of our app.
- In external apps, we do not store data about clients or projects of OUr users
- The use of external applications involves the transfer of data beyond the borders of the European Economic Area, therefore we have implemented appropriate additional security measures, including concluded agreements in accordance with the Standard Contractual Clauses approved by the European Commission.
- We may also disclose personal data in connection with the obligations imposed on us by law or imposed by other legal acts (orders, decisions or judgments).
We may also disclose personal data to other recipients, if you give your consent to them (e.g. in the field of marketing) or if the transfer of data is necessary to protect your vital interests or vital interests of other natural persons or for the general good, or the transfer of data to them is necessary. necessary for the performance of the Services (such as entities providing payment services).
- What other data we use and for what?
We use, anonymously for statistical purposes, average data regarding the power and quantity of generated offers, by sum up these data from specific regions or countries. The data we use are data on the percentage share of offers generated/ average power values or average prices in projects. All data is averaged and they are completely anonymous, without providing specific values for individual clients or locations. The data are published in the form of reports showing the trend of development of photovoltaic sources in given regions.
- Your rights
- The right to obtain information, access data and to obtain a copy of the data. You have the right at any time to request information about your personal data that we store or to which we have access. Upon your request, you will receive a copy of your personal data subject to processing free of charge. For each subsequent copy of the data, we have the right to request a fee that will cover the reasonable costs of handling such request.
- Right to withdraw consent. Each time your data is processed on the basis of your consent, you have the right to withdraw this consent at any time, but the withdrawal of consent will not affect the lawfulness of data processing before you withdraw your consent.
- The right to rectify personal data. We take reasonable steps to ensure that your personal information is correct, complete and up to date. If it is necessary to change this data, please notify us.
- Right to data portability. You have the right to request the transfer of personal data in a structured, commonly used machine-readable format, as well as to request that the data be sent to another administrator, if the basis for the processing of your personal data is your consent.
- The right to delete data and to limit processing. In the cases indicated in the provisions on the protection of personal data, you have the right to request the deletion of your personal data. However, this right is not absolute – there may be situations where we are still entitled to process your personal data. You can also request the restriction of further processing of your data.
- The right to object to processing. In the cases indicated in the provisions, you have the right to object to the further processing of your data, where the basis for the processing of personal data is our legitimate interest.
- The right to lodge a complaint with a supervisory authority. You have the right to lodge a complaint with the supervisory body dealing with the protection of personal data – as a rule, it will be the President of the Office for Personal Data Protection with its seat in Warsaw, address: Office for Personal Data Protection, Stawki 2, 00-193 Warsaw.
The exercise of rights is, in principle, free of charge. You will not have to pay a fee, in particular for the exercise of the right to access your personal data (or for the implementation of any other rights). However, we may charge a reasonable fee if your request is manifestly unfounded or excessive, in particular due to its continuing nature. In such cases, we may also refuse to comply with your request.
We strive to respond to all legitimate requests within one month. If your request is particularly complex or you have made several requests, it may take us longer than a month to process them. In this case, we will inform you about the extension of the deadline within one month.
- For what period do we store your data?
We store your data for as long as it is necessary to achieve the purposes for which it was collected.
We store your personal data related to your account on the website as long as you have it – for the purpose of providing services. After closing your account, we may store your personal data:
- for the period that is necessary to fulfill obligations resulting from legal regulations (e.g. accounting and tax – for the period indicated in these regulations as permissible) or
- for the duration of our legitimate interests (e.g. for the purposes of combating abuse, investigating and defending against claims – for a period no longer than the limitation of these claims, and for archiving purposes – for the period specified in our internal data archiving procedures),
- for the period indicated in the consent expressed by you or until its revocation – if such consent was received.
Personal data related to cookie technology is stored for the time corresponding to the life cycle of cookies or until they are deleted by the user.
- Links to third party websites
The website uses the above-mentioned tools for various purposes, including:
- to adjust the way the website is displayed to the devices, software and users’ preferences as well as the settings they choose, including the language of the website,
- to monitor how users use the Website and to improve its functioning,
- to keep the data in the session,
- to personalize the offered marketing content,
- to personalize targeted marketing content displayed to users on other websites.
We use the following types of cookies:
- analytical cookies that investigate user behavior on the Website;
- functional cookies, allowing to remember the settings selected by the user and personalization, e.g. in terms of the selected language or cookie options;
Ways to disable cookies
By accessing our Website, you have the option of consenting to the use of marketing cookies and cookies from third parties. Even if you have already given your consent, you can still use the options described below. Each user can disable cookies in their web browser. In order to facilitate the management of cookies, below we present links to pages with instructions dedicated to individual browsers.
- Google Chrome – https://support.google.com/chrome/answer/95647?Every=GENIE.Platform%3DDesktop&hl=en
- Opera – https://help.opera.com/en/latest/web-preferences/#cookies
- Firefox – https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Apple Safari – https://support.apple.com/en-us/guide/safari/manage-cookies-and-website-data-sfri11471/mac
- Windows Internet Explorer - https://support.microsoft.com/fil-ph/help/17442/windows-internet-explorer-delete-manage-cookies
The user may also set his browser in such a way that it is necessary to accept cookies on his own each time. In this case, the browser will ask the user each time for consent to grant access to cookies. This gives the user control over what is on his device, however, it has the disadvantage of slowing down your ability to navigate on the Website and other websites.
Furthermore, any user can opt out of receiving targeted advertising through the European Interactive Advertising Digital Alliance website (https://www.youronlinechoices.com/). We follow the online advertising guidelines developed by this organization
If you choose to opt-out using the tools outlined above, please note that:
You have the option to disable the transfer of your data for analytical and statistical purposes using Google Analytics. For this purpose, you can install a web browser extension according to the instructions provided at this address: