Welcome to use the products and/or services provided by BYD Smart Device Hungary Kft. on BYD Digital Energy Service Support System ("System"). Our registered address is [H-2071 Páty, Szent József út 4.], and the BYD Digital Energy Service Support System Privacy Policy ("Policy") applies to the products and services we provide on BYD Digital Energy Service Support System.

We attach great importance to the protection of the personal data of our users (hereinafter referred to as "you"). We understand the importance of personal data to you and will take appropriate security measures to protect your personal data by legal and regulatory requirements and proven industry security standards.

By “personal data”, we refer to data that relates to you as an identified or identifiable natural person. Personal data includes, but is not limited to your name, your address, your telephone number including mobile telephone numbers, network address identifier, IP address, and your email address. Anonymous information, which we are not able to relate to an identifiable natural person is not personal data.

This policy describes the purpose, manner, scope, and data security protection measures for collecting, using, storing sharing, and transferring your personal data in the products or services we provide to you on the system, as well as the rights and methods we offer you to access, update, delete and other control of your personal data.

This policy will help you understand the followings:

1.How we collect your personal data.

2.How we use your personal data.

3.How we share, disclose and transfer your personal data.

4.How we store your personal data.

5.How we protect your personal data.

6.Your rights.

7.How we process the personal data of children.

8.How we transfer your personal data globally.

9.Updates to this policy.

10.How to contact us

Notes: You acknowledge and confirm that you have read and fully understood all the content of this policy at the registration time. Before providing us with any of your personal data, please confirm that this provision is appropriate and agree that we may process your personal data for the purposes and in the manner described in this Policy. We may collect and use your personal data with your consent to perform the relevant functions provided to you on the system. You may choose not to consent to the collection and use of your personal data, but without such data will affect the relevant functions on the System. We will also use black bold font to draw your attention to the terms of this policy that have a significant relationship with your rights and interests. If you have any questions, comments, or suggestions about this policy or our products and services, you may contact us at any time according to 12. How to Contact Us and we will examine your request and respond to you as quickly as possible. In particular, this policy does not apply to services provided to you by other third parties on BYD Digital Energy Service Support System nor to products or services for which separate legal notices and privacy policies have been established.

1.How We Collect your Personal Data

We will only collect your personal data to manage and meet service and information requests, and to make our products and services as effective as possible.

BYD Digital Energy Service Support System collects and processes the following data:

• When you register and create an account on BYD Digital Energy Service Support System, we will collect your account name, email address, account password;
• When you click on "User Information" in the list or create a case, we will collect your phone number, contact address, company name, continent, country;
• When you use “create a new case” function, We will collect the following data of device users through the installer: product brand, product model, serial number, number of parallel towers, number of modules, number of parallel modules, grid or off grid, firmware version, BMS serial number, inverter brand, inverter model, inverter serial number, error type, equipment installation date, error date, continent, country, Address(optional);
• To verify the buyer information and warranty date of the device, we may collect photos of the product, purchase channel, and invoice number information from product users;
• To provide network services, we will collect your IP address;

Necessary to comply with a legal obligation Please note that it is unable to identify a specific natural person just with information of individual equipment and operating system, etc. To optimize products, we may analyze non-personal information. If we combine such non-personal information with other non-personal information or personal information to identify a specific natural person, then the non-personal information will be regarded as personal information. Please understand that the services we provide to you are constantly being updated and developed. If you choose to use other services not covered by the preceding, we will take reasonable steps (e.g., page reminders, agreements) to explain the scope and purpose of collection and obtain your consent if we need to collect data based on that service. We will use, store, provide and protect your data strictly with this policy and the corresponding user agreement.

2.How We Use Your Personal Data

The data we collect in the course of providing our services to you may be used in the following ways:

• Your personal data will be used for the purposes listed in the "How we collect your personal data" section.
• Providing you with security To improve the security of your use of the services provided by us and our affiliates and partners, to protect your personal and property safety or that of other users or the public from infringement, to better prevent phishing apps, fraud, network vulnerabilities, computer viruses, network attacks, network intrusion, and other security risks, and to more accurately identify violations of laws and regulations or the rules of BYD's relevant agreements, we may use or integrate your registration data, device data, relevant network logs, and the data authorized by you or shared in accordance with the law to our affiliates and partners, to make comprehensive judgement of your account, identity verification, detection and prevention of security incidents, and take the necessary records, audit, analysis, disposal measures by the law.
• To improve our services or to provide more accurate services.
• Reporting to relevant authorities by laws and regulations or regulatory requirements.
• Other uses We will seek your prior consent to use the data for purposes other than those described in this policy or to use data collected for a specific purpose for other purposes.

3.How We Share, Disclose and Transfer Your Personal Data

We do not sell your personal data to anyone for any purpose, period except in the following circumstances. The following paragraph illustrates who we may share your personal data with:

Categories of Recipients Description Reason for Sharing Affiliates and subsidiaries Companies that are owned or controlled by BYD, or where we have a substantial ownership interest To assist, operate, enhance, and fulfil services on our behalf Cloud Services Provider in Germany-Microsoft Azure Cloud Companies we’ve hired to provide cloud data hosting service To assist, operate, enhance, and fulfil services on our behalf Law enforcement and government authorities Disclosure of data as required by law, or when otherwise appropriate To comply with applicable laws When third parties are given access to your personal data, we will take the required contractual, technical and organizational measures to ensure that your personal data are only processed to the extent that such processing is necessary.

4.How We Store Your Personal Data

Your personal data will be transferred and stored on the server in Germany Frankfurt. We retain the information we collect from or about you for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. When the information is no longer necessary for these purposes, we delete it or keep it in a form that does not identify you. When determining this retention period, we take into account various criteria, including the type of services requested by or provided to you, the nature of our relationship with you, the impact on the services we provide to you if we delete some information from or about you, and retention periods required by law. Please note that when your application to delete your BYD Digital Energy Service Support System account succeeds, we will complete the review of your account deletion as quickly as possible. After the application is approved, we will delete or anonymize your personal data. If we discontinue the operation of products or services, we will notify you of the discontinuation in the form of one-by-one delivery or announcement and delete or anonymize your personal data after discontinuing the operation of products or services.

5.How We Protect Your Personal Data

Security Measures We have Taken We have used security measures by industry standards to protect the personal data you provide against unauthorized access, public disclosure, use, modification, damage, or loss of data. We will take all reasonably practicable measures to protect your personal data. We use encryption technology to ensure the confidentiality of data; we use trusted protection mechanisms to prevent malicious attacks on data; we deploy access control mechanisms to ensure that only authorized personnel has access to personal data, and we conduct security and privacy training courses to enhance employee awareness of the importance of protecting personal data. We will use secure encryption technology to protect your personal data during transmission. Take all appropriate organizational, management, and technical measures to protect the security of the personal data you provide in our internal organization. The Internet is not an absolutely secure environment. Since e-mail, instant messaging, and communication with other users are not encrypted, we strongly recommend that you do not send personal data through such means. Please use complex passwords to help us ensure the security of your account. We will update and disclose the security risk, personal data security impact assessment report, and other related contents from time to time, which you can obtain through BYD Digital Energy Service Support System announcements. Our Incident Response Process The Internet environment is not 100% secure, and we will endeavor to ensure or warrant the security of any data you send us. If our physical, technical, or managerial safeguards are breached, resulting in unauthorized access, public disclosure, alteration, or destruction of data, resulting in damage to your legal rights, we will be liable. After the unfortunate occurrence of a personal data security incident, we will inform you promptly of the requirements of laws and regulations: the basic situation of the security incident and the possible impact, the disposal measures we have taken or will take, and the suggestions you can independently prevent and reduce the risk, the remedial measures for you, etc. We will promptly inform you of the event-related situation by email, letter, telephone, push notification, etc. When it is challenging to individually notify the subject of personal data, we will take a reasonable and effective way to issue an announcement. Meanwhile, we will also take the initiative to report data related to personal data security incidents to the requirements of the regulatory authorities.

6.Your Rights

Following the requirements of the GDPR, relevant laws, regulations, and standards of the EU member states and the prevailing practices of other countries and regions, we guarantee that you exercise the following rights concerning your personal data. You generally have the right to ask us:

• to access to and a copy of your personal data that we hold that some of your personal data is provided to you or sent to another data controller in a commonly used, machine readable format
• to update or correct your personal data in order to make it accurate to delete your personal data from our records in certain circumstances
• to restrict the processing of your personal data in certain circumstances And you may also have a right:
• to object to us processing your personal data in certain circumstances (e.g. in case we process your data for direct marketing purposes ).

These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data or if making the information available to you would reveal personal data about another person or if we are legally prevented from disclosing such information. In some instances, this may mean that we are able to retain data even if you withdraw your consent. We hope that we can satisfy any queries you may have about the way we process your data. If you have any concerns about how we process your data, you can contact us as described below in the section “How to contact us”. Responding to Your Request You may be required to provide a written request or otherwise prove your identity for security purposes. We may ask you to verify your identity before processing your request. We will respond to your request as quickly as possible after receiving it. If you are unsatisfied, you can also complain in the following ways. For your reasonable request, we will not charge a fee in principle, but for multiple repetitions and requests that exceed reasonable limits, we will charge a certain cost fee as appropriate. We may reject requests that are unwarrantedly repetitive, require excessive technical means (e.g., requiring the development of new systems or fundamental changes to existing practices), pose a risk to the legitimate rights and interests of others, or are highly impractical (e.g., involving data stored on backup servers). In the following circumstances, we will not be able to respond to your request in accordance with the requirements of laws and regulations:
a)directly related to national security and national defense security.
b)directly related to public safety, public health, and significant public interest.
c)related to crime investigation, prosecution, trial, and sentence enforcement.
d)there is sufficient evidence that you have subjective malice or rights abuse.
e)response to your request will seriously damage the legitimate rights and interests of you or other individuals or organizations.

7.How We Process Personal Data of Children

Minors may not create their user accounts without the consent of a parent or guardian. If you are a minor, we recommend that you ask your parent or guardian to read this policy carefully and to use our services or provide us with data with the consent of your parent or guardian. In cases where minor personal data is collected with parental consent, we will only use or disclose this data as permitted by law, with the express consent of the parent or guardian, or as necessary to protect the child as a minor. Although local laws and customs define children differently, we consider anyone under 14 to be a child. If we find that we have collected personal data from a child without prior verifiable parental consent, we will attempt to delete the data as soon as possible.

8.How We Transfer Your Personal Data Globally

Your personal data will be transfer and stored on the server in Germany Frankfurt. BYD staff located in China may have remote access to your data to perform operation and maintenance. We will take measures to ensure that data is processed as required by this Policy and applicable laws, which includes when transferring the data subject's personal data from the EU to a country or region which has not yet been acknowledged by the EU Commission as having an adequate level of data protection, we may use a variety of legal mechanisms, such as signing standard contractual clauses approved by the EU Commission, obtaining the consent to the cross-border transfer of a data subject in the EU, or implementing security measures like anonymizing personal data before cross-border data transfer.

9.Updates to this Policy

We may revise this policy in a given certain period. When the terms of this policy are changed, we will show you the changed guidelines in the form of a push notification when you log in again and when the version is updated. Please note that we will only collect, use, and store your personal data by the revised guidelines if you click the consent button. We will not reduce your rights under this policy without your express consent. We will post any changes made to this policy on this page. We will also provide more prominent notice of material changes (including, for certain services, email notification of specific changes to this policy). Material changes within the meaning of this policy include, but are not limited to:
a)Significant changes in our service model. Such as the purpose of handling personal data, the type of personal data processed, and the way personal data is used.
b)We have significant changes in ownership structure, organizational structure, etc., such as changes of ownership caused by business restructuring, bankruptcy, merger, etc.
c)A change in the main target of personal data sharing, transfer, or public disclosure.
d)Significant changes in your rights to participate in processing personal data and how it is exercised.
e)We are responsible for handling personal data security when the accountable department, contact data, and complaint channels change.
f)The personal data security impact assessment report indicates a high risk. We will also keep an older version of this policy on file for your review. 11.Dispute Resolution to this Policy If you are not satisfied with our response, significantly if our personal data processing practices have harmed your legitimate rights and interests, you also have the right to lodge a complaint with a supervisory authority, in particular the data protection authority in the Member State of your habitual residence or place of work. You may also seek a solution from the court with jurisdiction in the place where this Privacy Policy is signed.d with our response, significantly if our personal data processing practices have harmed your legitimate rights and interests, you also have the right to lodge a complaint with a supervisory authority, in particular the data protection authority in the Member State of your habitual residence or place of work. You may also seek a solution from the court with jurisdiction in the place where this Privacy Policy is signed.

12.How to Contact Us

If you have any privacy complaints or issues, and want to contact BYD, please contact:
Contact person: Xu Jiu
Address: Prologis Park Budapest M1, Szent József út 4., 2071 Páty, Hungary
E-Mail: xu.Jiu@byd.com
Phone: +36 30 870 5396
Where your personal data is processed by BYD in accordance with this Privacy Policy, the BYD entity that responds to your request, contacts you, provides you with products or services, or has signed or is about to sign a contract with you is the controller of the related personal data.