Privacy Policy of the ENCOR ESS Application

date of publication: 15.04.2024

We treat your personal data and their protection very responsibly. This Privacy Policy applies to personal data that we process in connection with your usage of the ENCOR ESS Application (hereinafter referred to as “ENCOR ESS Application”, “the Application”).

The document you are reading has been based on legal regulations on personal data such as, among others, provisions of the GDPR (the General Data Protection Regulation of 27 April 2016) and the Polish Act of 10 May 2018 on personal data protection.

Already at this point, we would like to inform you, however, that you will not be unconditionally entitled to all the rights under GDPR and with regard to all the activities related to personal data processing.

The contents of the Privacy Policy of the ENCOR ESS Application can be changed at any time. We shall always inform you on the changes and specify the version of the document. We cooperate with entities that provide a high level of protection for the data we process.
 

Who is the administrator of your data?

The Administrator i.e., the entity that decides on the manner and purposes of the processing of your data as part of the Encor ESS Application is Corab S.A. seated in Olsztyn, address: ul. Michała Kajki 4, postal code 10-547 Olsztyn, entered into the register of entrepreneurs of the National Court Register under number 0000950779, the registry records of which are kept by the District Court in Olsztyn, the 8th Commercial Division of the National Court Register, with a share capital of PLN 1,184,000.00 fully paid-up, holder of NIP (Tax ID no.): 7390207757 and REGON (National Business Registry Number): 510519084.
 

Contact us!

The Administrator appointed a Data Protection Officer – Katarzyna Krzywicka, contact e-mail: ido@corab.com.pl.

In case of any questions related to our processing of personal data, please contact our Data Protection Officer.

For matters related with the operation of the application, including removal of the account, please contact us by e-mail: serwis@corab.com.pl, by phone: +48 89 650 13 99 or by sending a letter to our correspondence address.
 

What is included in the Privacy Policy?

Here, you will find information, among others, on the rules that apply to the processing of your personal data, the purposes for which we process them along with the legal grounds that allow us to do that, on the tools we use in the ENCOR ESS Application as well as on the recipients of your data and the rights you are entitled to.
 

How do we protect your personal data?

We are perfectly aware of the fact that personal data are a precious asset. We are also aware of the risks arising from the processing of personal data through the use of the Internet. However, we make every effort to ensure the proper protection of your data and the safety of the provided data.

Wherever the data processing requires involvement of external providers, we guarantee that we choose our partners deliberately in order to ensure the proper safety standard of the data we are entrusted with.

What types of data do we process?

As part of the use of Application by the users, we process the following data:

• in order to create an account in the Application: it is mandatory to provide a login and a password, identification details of the user (name, surname, company name if the Application is used as part of economic activity), contact details (phone number - optional, e-mail address), the provision of other data (e.g. the avatar) is optional, whereby it can speed up the processes connected with the performance of the agreement and resolution of possible claims,
• for the performance of the agreement that the subject of which is a device produced by Corab S.A. and that allows the installation owner or the fitter to monitor data collected by the device, the following data are collected: identification details of the installation owner (name, surname, address of the installation of the device/locality, street address, building number, postal code, country/), contact details (e-mail address, phone number), details connected with the agreement the subject of which is a device connected with the user account in the Application (date of sales, serial number, device model), details connected with the installation and operation of the device (details on the fitter, place of installation, parameters of the device), data collected by the device for diagnostic purposes and in connection with the power consumed as part of the real property that the device was installed in (above all, battery charge level, voltage, amperage, usage history including consumed energy, information on the size of the real property, usage of the device, localization [including the address] of the real property, installation /including pictures/), information regarding usage of the Application (Application login data, details on the device that the user logs in from, information on your actions in the Application).
• when you are the installer, fitter of the device, we also process information connected with your conducted economic activity: information on the installations you assembled and added to the application, information on your co-workers within the scope in which you add data into the Application (e.g. by adding a co-worker’s account) or on your customers (e.g. when you add an installation owner’s account).

Our devices and services, including the Application, are not intended for children and minors. We do not collect data of such persons. In case of any doubts as to the user’s age in the said scope, we shall conduct a verification process. If we determine that the Application is used by a person below the age of 18, we shall take action to erase their personal data. If you suspect that our Application is used by a minor, please let us now.
 

What data do we process, for what purpose and on what grounds?

We process the data for the following purposes and under the following legal grounds:

• for the proper performance of the agreement connected with your use of the device purchased from the Administrator, including the ability to provide you with access to the data collected by your device, for diagnostic purposes according to the agreement and for the implementation of the guarantee according to its terms and conditions (pursuant to Art. 6 section 1 letter b of the GDPR);
• in order to contact you through the Application or for purposes connected with the services (pursuant to Art. 6 section 1 letter b of the GDPR or pursuant to Art. 6 section 1 letter f of the GDPR);
• for marketing purposes pursuant to Art. 6 section 1 letter a of the GDPR and Art. 6 section 1 letter f of the GDPR (your voluntary consent and/or justified interest of the administrator, namely carrying out marketing and promotional activities);
• for archiving and evidencing purposes (pursuant to Art. 6 section 1 letter f of the GDPR; collection of data to present facts constitutes a justified interest of the administrator);
• to consider complaints pursuant to Art. 6 section 1 letter b of the GDPR and Art. 6 section 1 letter c of the GDPR (consideration of complaints constitutes our statutory obligation);
• in order to ensure the correct and lawful settlement and fulfillment of legal and tax duties, performance of obligations arising from provisions of law and related to verification and removal of illegal content due to the provision of services as part of the Application, among others, hosting services pursuant to the Regulation of the European Parliament and the Council (EU) 2022/2065 of 19 October 2022 on a single market for digital services and amending Directive 2000/31/EC (Act on digital services) (pursuant to Art. 6 section 1 letter c of the GDPR);
• in order to determine, pursuit for and defend against claims pursuant to Art. 6 section 1 letter f of the GDPR (holding personal data that will allow determination, pursuit or defense against claims of the website users or third-parties constitutes the justified interest of the administrator)
   

When do we become the processing entity?

We hold the status of processing entity with regard to data on third parties that the Users independently add to the Application. Therefore, in such situations, we conclude an agreement on entrustment of personal data between you, the User (in this case, with e.g., the fitter, installer of the device as the data administrator) and us as the processing entity. The agreement is concluded through the User’s acceptance of the proper checkbox in the ENCOR ESS Application after they familiarized with the contents of the agreement on entrustment of personal data.
 

What are the rights you are entitled to due to the processing of your personal data?

The GDPR grants the following rights connected with the processing of personal data – however, they are not unconditional and, in some cases, you will be unable to exercise them.

1. Right to access to information – it means that every data subject has the right to know what happens to their personal data. Among others, this is why the privacy policy you are reading right now was created.
2. Right to access to personal data – it means that if we, as the administrator of your data, receive your request for access to your data, we are obligated to provide you with such information. We must fulfil our obligations in this scope, as the data administrator, without undue delay, not later than within a month. If fulfillment of the obligation is impossible within that deadline, we are obligated to at least inform you whether we process your data and then we can extend the deadline for the provision of a full reply to your request by two months.
3. Right to rectify personal data – it means that you can request correction of incorrect data or supplementation of incomplete by your data administrator.
4. Right to have personal data removed, right to be forgotten – it means that you can demand that we, as the administrator of your personal data, remove the data and deliver information on the removal to persons that your data were provided to. You shall also have the right to demand that your data that we disclosed are also erased by other administrators. As the administrator of your data, we are also obligated, upon your request, to inform you about the recipients that your data subject to removal were provided to.
5. Right to restrict personal data processing – it means that you can request restriction of the processing of your personal data. This happens, for instance, when you disagree with the correctness of the data processing or decide that you no longer need data for processing purposes.
6. Right to file an objection against personal data processing – it means that you can object to the processing of your data by the administrator.
7. Right to transfer the data – it means that, upon meeting specific conditions, you can request transfer of your data directly to a different administrator that you indicated.
8. Right to file a complaint – it means that if you decide that our processing of personal data is in breach with regulations of law, you can file a complaint to the President of the Personal Data Protection Office.

If you intend to exercise your rights, write a message to the following address: ido@corab.com.pl. In case of any questions related to our processing of personal data, please contact our Data Protection Officer.

Withdrawal of consent to data processing

If the processing of personal data takes place based on a consent, you can withdraw that consent at any time — in your sole discretion. If you want to withdraw the consent to personal data processing, you only need to send an e-mail message directly to the following e-mail address: iod@corab.com.pl.

If the processing of your personal data takes place under a consent, its withdrawal shall not affect the lawfulness of the processing of your data carried out to that point. In other words, until the consent is withdrawn, we shall have the right to process your personal data and the withdrawal of the consent shall not affect the lawfulness of the processing carried out prior to the withdrawal.
 

Requirement for provision of personal data

The provision of personal data is voluntary and based on your decision. However, the provision of specific personal data is necessary in order to meet your requirements within the scope of conclusion an performance of the agreement and the usage of our services as part of the Application.

The account in the Application is created independently by the user, whereby when the account is created by the installer of the device (energy storage), they have the option of requesting account creation for the installation owner or an employee and Corab S.A. holds the status of processing entity within such scope.

Provision of data in relation to the creation of the account, usage of the features of the Application and disclosure of data collected by the device is voluntary, whereby, pursuant to the agreement for the device (energy storage), in order to allow the installation owner to use the support of the servicing department of Corab S.A. or perform possible guarantee claims, the access to the a/m data is mandatory, pursuant to the provisions of the a/m agreement.

If the requirement to provide your data results from provisions of law — you are obligated to provide such data.

After connecting to the Internet and with the ENCOR ESS Application, your device (energy storage) starts the process of disclosure of collected data.
 

Automated decision-making and profiling

We do not use your data for automated decision-making that could affect your legal situation or produce other significant consequences.

The tools implemented as part of the Application can be used for the profiling of users’ behavior in order to improve the functioning of the Application and adjust the displayed contents to the user’s preferences, whereby the data analyzed for that purpose are mainly anonymous.
 

Who do we share your personal data with?

Your personal data can be transferred to third parties the services of which we use in relation to the provision and handling of the Application.

Countries outside the European Economic Area might apply different rules of personal data processing. However, we are obligated to ensure data protection that is in line with the GDPR.

That is why, in case of contractors from outside the EEA that are subject to a legal jurisdiction that does not meet the standards we must adhere to, we demand ensuring personal data protection that is in line with the obligations that me must adhere to. In such situations we apply, among others, standard contractual clauses approved by the European Commission.

Data processing entities outside the European Economic Area:

Suzhou Leapton Energy Co., LTD:

• The entity that provides IT management of the Application (whereby the data collected in the Application are stored on a server located within the territory of the EEA - servers provided by AWS).

Chengdu E-LINTER Information Technology Co., Ltd.

• The entity that provides the IT infrastructure for the Application.

 

Data processing entities in the European Economic Area:

The data delivered to us as part of the Application in relation to our provided servicing or as part of the guarantee or complaint proceedings can be disclosed to external services that act on our behalf.

We advise that we verify the entities we cooperate with not only for the quality of provided services but also within the scope of lawfulness of personal data processing. Our contractors adhere to our personal data processing standards.

In situations provided for by law, we might be obligated to disclose personal data to state authorities based on the regulations of the commonly applicable law.
 

Withdrawal of consent to data processing

If the processing of personal data takes place based on a consent, you can withdraw that consent at any time — in your sole discretion. If you want to withdraw the consent to personal data processing, you only need to send an e-mail message directly to the administrator’s e-mail address that you can find at the beginning of this Policy.

If the processing of your personal data takes place under a consent, its withdrawal shall not affect the lawfulness of the processing of your data carried out to that point. In other words, until the consent is withdrawn, we shall have the right to process your personal data and the withdrawal of the consent shall not affect the lawfulness of the processing carried out prior to the withdrawal.
 

For how long do we process your personal data?

Pursuant to the applicable regulations of law, we process your personal data only for the period necessary to achieve the set objective. After that period, your personal data shall be permanently removed or destroyed.

 

• for the period of usage of the Application (the time during which you decide to use your Account, if you are a user) or the duration of the agreement for the device: with regard to personal data processed for the purpose of use of the features of the Application (e.g. for guarantee purposes)
• for the length of the limitation period of claims: with regard to personal data processed under relevant commonly applicable regulations.
• until an effective objection is submitted or the purpose of the processing is fulfilled: until an effective objection is submitted or the purpose of the processing is fulfilled

 

User account

When creating a user account, you must provide your basic information, such as the e-mail address, name and surname/company name, phone number, address, details on the conducted business activity, if you are creating an account connected with economic activity, and a password. You can modify the data assigned to your account at any time by using the options available once you log into the account in the Application.

The processing of your personal data included in the user account is legally based on performance of the user account agreement that you conclude with us under the Terms and Conditions of the ENCOR ESS Application (encorbat.corab.pl), the subject of which includes the ENCOR ESS Application, and the agreement concluded for the device on which the data are collected as part of the Application.

Your personal data included in the user account are processed for the validity period of the account i.e., the duration of the above-mentioned user account agreement. You can decide on removal of the account at any time, pursuant to the provisions of the Terms and Conditions.
 

Final provisions

In conclusion, we would like to remind you that the contents of this Privacy Policy may change e.g., when we change the service provider or the scope of features of the Application. For your convenience, the revision date of the policy is specified at the beginning of the Policy.

The contents provided as part of the Application are our own intellectual creation. Thus, they constitute the subject of our copyrights.

We do not give any consent to replication of the contents, either as a whole or in parts, without our prior explicit approval.

You shall be obligated to use our Application in accordance with the law and principles of morality, having regard to respect for personal rights and intellectual property rights of third parties.

That shall be all that we wanted to inform you about. Should you have any questions connected with our processing of your personal data, feel free to contact our Data Protection Officer – Katarzyna Krzywicka, contact e-mail: ido@corab.com.pl. In case of any questions related to our processing of personal data, please contact our Data Protection Officer.