GDPR

Last updated: May 2026

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that applies to organizations processing personal data of EU residents. Sunnection is fully committed to GDPR compliance and respects your data protection rights.

2. Data Controller

Sunnection acts as the data controller for personal data collected through our platform. Our contact details:

Company: Sunnection
Email: [email protected]
Data Protection Officer: [email protected]

3. Your Data Protection Rights

Under GDPR, you have the following rights:

Right of Access (Article 15)

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to the personal data and information about the purposes of processing, categories of data, recipients, and more.

Right to Rectification (Article 16)

You have the right to have inaccurate personal data rectified and incomplete personal data completed.

Right to Erasure (Article 17)

Also known as the "right to be forgotten," you have the right to have your personal data erased when certain conditions apply, such as when the data is no longer necessary for the purposes for which it was collected.

Right to Restriction of Processing (Article 18)

You have the right to restrict processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format and have the right to transmit that data to another controller.

Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or public interest, as well as direct marketing.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that significantly affect you.

4. How We Use Your Data

Legal Basis

We process your personal data based on the following legal grounds:

  • Consent: When you sign up and agree to our terms
  • Contract: To fulfill our contractual obligations to you
  • Legitimate Interest: For security, fraud prevention, and service improvement
  • Legal Obligation: To comply with applicable laws

Categories of Data

  • Account information (name, email, company)
  • Usage data and analytics
  • Technical data (device, browser, IP)
  • Solar system data (system specs, energy metrics)
  • Communication data (support tickets, emails)

5. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which we collected it:

  • Account Data: Retained while account is active + 2 years
  • Usage Data: Retained for 12 months
  • Solar System Data: Retained while account is active
  • Communication Data: Retained for 3 years after last contact

6. International Data Transfers

Your data may be transferred outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the EU Commission
  • Adequacy decisions where available
  • Additional technical measures (encryption)

7. Your Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in the EU member state where you reside, work, or where the alleged infringement occurred.

EU Supervisory Authorities: List of EU DPAs

8. Data Protection Impact Assessment

We have conducted Data Protection Impact Assessments (DPIA) for our data processing activities that are likely to result in high risk to individuals' rights and freedoms.

9. Children's Data

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children.

10. Exercising Your Rights

To exercise any of your GDPR rights, please contact us:

  • Email: [email protected]
  • Subject Line: GDPR Request - [Your Name]
  • Response Time: We will respond within 30 days

We may need to verify your identity before processing your request.

11. Changes to This Policy

We may update this GDPR information from time to time. We will notify you of any material changes.