Privacy Policy of Grace Solar


1. Scope and Compliance

Grace Solar ("we," "our") adheres to global data protection laws, including:

​· EU General Data Protection Regulation (GDPR)

​· ​China’s Personal Information Protection Law (PIPL)

​· ​Regional regulations (e.g., U.S. state laws, Middle East data localization requirements).

This policy applies to:

​· Customers: Business clients in 100+ countries (e.g., Japan, U.S., EU, Middle East).

​· ​Data Types: Contact details (name, email), IoT device metrics (geolocation, energy output), and user behavior data from apps.


​2. Data Collection and Legal Basis

​Data Category​PurposeLegal Basis
Business contact informationContract fulfillment, technical supportNecessity for contractual performance
Device performance dataAI-driven system optimization (e.g., GS-Light Tracker)Legitimate interest in product functionality
User consent for marketingEmail campaignsExplicit consent under GDPR/PIPL

Special Cases:

​​· Minors: No intentional collection; parental consent required for educational projects.

​​· Sensitive Data: Biometric or health data requires additional safeguards.


​3. Cross-Border Data Transfers

To support operations in 100+ countries:

​​· ​EU Transfers: Use ​Standard Contractual Clauses (SCCs) and GDPR-compliant cloud providers (e.g., AWS).

​​· ​China Compliance: Critical data stored locally per PIPL; cross-border transfers require CAC security assessments.

​​· ​Third Parties: Partners (e.g., Fortune 500 companies) sign NDAs and comply with our Data Processing Agreements (DPAs).


​4. Security Measures

​​· ​​Technical Safeguards: AES-256 encryption, blockchain for tamper-proof audit trails.

​​· ​​Physical Security: Biometric access controls at 110,000 m² factories and 2,000 m² labs.

​​· ​​Certifications: ISO 27001, UL/TUV/CE for IoT devices.


​5. User Rights

Under GDPR/PIPL, you may:

​​· ​​​Access/Correct Data: Submit requests to sales@gracesolar.com (response within 15 days).

​​· ​​​Data Deletion: Non-essential data erased post-contract termination.

​​· ​​​Withdraw Consent: Opt out of marketing via unsubscribe links.


​6. Audit and Accountability

​​· ​​​​Internal Audits: Conducted biennially for entities processing >10 million user records.

​​· ​​​​Third-Party Audits: Mandated by CAC for critical infrastructure projects.

​​· ​​​​Penalties: Non-compliance may result in fines up to 5% of global revenue under PIPL.


​7. Updates and Contact

​​​· ​​​​Policy Revisions: Notified via email and website banners (30-day notice).

​​​· ​​​​Queries: Contact sales@gracesolar.com or +86-19859290068.