DATA SECURITY IN EASYSOLAR APP
Applies to the mobile and browser version.
1. Data Administrator
The administrator of data processed on the website available via the website www.easysolar.app and in the Easy Solar mobile application is EasySolar Limited company, with offices in Gospodarcza 26, 20-213 Lublin, NIP 9721237323, REGON: 301991466, registered in National Court Register kept by Regional Court Poznań – Nowe Miasto and Wilda in Poznań, VIII Economical KRS Department, KRS 0000405063.
In all matters related to the issues contained in this Privacy Policy, you can contact us in person or by mail at the address indicated above, as well as by e-mail at the following e-mail address: support@easysolar-app.com.
2. What Data We Protect?
In the app, we protect and guarantee the security of all data provided to us by users, including:
Data used during registration,
Data of company and employees – these data are provided to us by the user,
User customers data – these data are provided to us by the user,
All data regarding projects created by you,
All reports generated by you,
All other data that you enter in the app, for projects, in comments, etc.
Data on the method of using the application, which will be saved or to which we will have access in connection with the use of cookie solutions,
Data that will be collected in connection with contact with us via the channels provided.
3. Some of the Security Measures Applied to Protect Confidential Data of App Users:
- The data is stored in a database located in a private network, access to which is secured with a login and an encrypted password. The database containing the data is additionally protected by a firewall that filters incoming connections. Access to this network is only available to sites located in the same private network and only having the IP address of our internal internet network in the building of our office.
- All passwords are stored in an encrypted form; we use an advanced encryption algorithm.
- Communication between users and our server uses the HTTPS protocol, which uses TLS to encrypt all communications, so all data sent and received are encrypted.
4. Who Inside EasySolar Has Access to Users Data?
- Only authorized administrators inside the EasySolar company, we do not use external administration companies.
- Data administrators within our company are obliged to keep all data strictly confidential and have been trained to manage data in accordance with the best security practices.
5. Security of Our Servers:
- We use Amazon Web Services, in short AWS in order to store the data.
- AWS is currently one of the newest and the most guarded server rooms in the world.
- Even the detailed location of the server room is a secret.
- The building is protected and closely monitored by the newest security systems.
- Buildings have alternative power sources.
- The country where the data is stored is Ireland, therefore, your data will not leave the European Economic Area due to its storage in AWS.
- AWS has one of the most important information security certificates – ISO 27001/ while meeting the Level 1 security standard in the Data Security Standards (DDS) category.
- AWS declares compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC (general regulation on data protection).
More about the security of AWS servers can be found in the following link:
6. Purposes and Legal Grounds for the Processing
We will process your personal data only if it is in accordance with the law and necessary to achieve the goals indicated in the Privacy Policy. As a rule, we process your personal data when:
a) It’s necessary to conclude or perform the contract (remember that by accepting the regulations and using our services, you conclude a contract for the provision of electronic services). If you become a user of the website, we will use your identification data and other data that we collect to identify you as a user and provide you with access to our website and the possibility of using the services (i.e. Article 6 (1) (b) of the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46 / EC – hereinafter referred to as the GDPR). b) For their processing, you have given us your consent (through your statement or clear action confirming, such as knowingly providing us with your data for a specific purpose). In such cases, at the time of obtaining your consent, we will inform you about the purpose of processing and the category of personal data being processed (i.e. pursuant to Article 6 (1) (a) of the GDPR). c) Are necessary for the purposes of the legitimate interests pursued by us (pursuant to Article 6 (1) (f) of the GDPR), that is:
- Ensuring the proper operation of the website, its security, development and continuous improvement of its operation, improving the convenience of using and implementing new functionalities,
- Investigation and defense against claims, before courts and administrative bodies and outside them (in the scope of all collected data),
- Archiving and making backup copies of the data held, in connection with the obligation imposed on us, as the data controller, to properly secure the data (with regard to all collected data),
- Direct marketing of Easy Solar’s products and services,
- Contact with you in matters related to the functioning of the application or in all other matters in which you contact us.
7. To Whom and What Data is Transferred
- We use external apps for efficient communication with our users, in particular for mailing.
- We use the external apps for billing and invoice.
- We use the following softwares: fakturowania.pl, SendGrid.com, and Stripe.com – all of them guarantee a very high quality of database security at the same level as the standards in our company.
- The company we work with in the field of secure logging into our systems is AuthO Inc. which is based in the United States.
- In-app, we only store contact details of our users, such as: company names, usernames, telephone numbers, e-mail addresses, addresses, payment details for our company.
- We also use an external accounting office that meets the data protection requirements. We share with this company only the invoice data of the purchase of our app.
- In external apps, we do not store data about clients or projects of our users.
- The use of external applications involves the transfer of data beyond the borders of the European Economic Area, therefore we have implemented appropriate additional security measures, including concluded agreements in accordance with the Standard Contractual Clauses approved by the European Commission.
- We may also disclose personal data in connection with the obligations imposed on us by law or imposed by other legal acts (orders, decisions or judgments).
We may also disclose personal data to other recipients, if you give your consent to them (e.g. in the field of marketing) or if the transfer of data is necessary to protect your vital interests or vital interests of other natural persons or for the general good, or the transfer of data to them is necessary for the performance of the services (such as entities providing payment services).
8. What Other Data We Use and For What?
We use, anonymously for statistical purposes, average data regarding the power and quantity of generated offers, by summing up these data from specific regions or countries. The data we use are data on the percentage share of offers generated, average power values, or average prices in projects. All data is averaged and they are completely anonymous, without providing specific values for individual clients or locations. The data are published in the form of reports showing the trend of development of photovoltaic sources in given regions.
9. Your Rights
In terms of each of the rights indicated below, you can contact us, in particular, using the contact details provided in point 1 of the Privacy Policy.
- The right to obtain information, access data and to obtain a copy of the data. You have the right at any time to request information about your personal data that we store or to which we have access. Upon your request, you will receive a copy of your personal data subject to processing free of charge. For each subsequent copy of the data, we have the right to request a fee that will cover the reasonable costs of handling such request.
- Right to withdraw consent. Each time your data is processed on the basis of your consent, you have the right to withdraw this consent at any time, but the withdrawal of consent will not affect the lawfulness of data processing before you withdraw your consent.
- The right to rectify personal data. We take reasonable steps to ensure that your personal information is correct, complete and up to date. If it is necessary to change this data, please notify us.
- Right to data portability. You have the right to request the transfer of personal data in a structured, commonly used machine-readable format, as well as to request that the data be sent to another administrator, if the basis for the