EN-Privacy Policy

Privacy Policy

Update Date: 15 Dec, 2025

Effective Date: 15 Dec, 2025

TommaTech GmbH has developed this Privacy Policy to explain how we may collect, retain, process, share and transfer your personal information when you use our Services as a registered user (Each a “User” and referred to together in this Policy as, the “Users”, “you” or “your”). TommaTech Connect Mobile Application (“TommaTech Connect Services”), as defined in TommaTech Connect Terms and Conditions, are provided by TommaTech GmbH, a company incorporated in Germany (referred to in this Policy as “TommaTech GmbH”, “we”, “us” or “our”). TommaTech GmbH acts as the “Data Controller” of your personal information under the General Data Protection Regulation (the “GDPR”) and other applicable laws for the activities described in this Policy.

Information We Collect

We collect, process and use personal information from and about you, including when you create an account and interact with us to make use of our Cloud Services.

We collect the following necessary information from Users:

1.1 Information you provide us

To use TommaTech Connect Services and Products, you need to have an account, and when you create an account, register your plant and device, use our other services, you need to provide us the necessary information.

Personal Account. If you create an account, you should provide us the necessary information so that we could provide the services to you. This includes your username, your email address or your mobile phone number; your password; your display language; and third-party single sign-in information (if you choose this sign-in method). If you do not provide the necessary account information to us, you should not be able to use our TommaTech Connect Services. In addition to the necessary account information, you can also provide the avatar and nickname associated with your account, that is optional and can be customized based on your preferences and needs.

Photovoltaic (PV) Plant Information. In order to use the PV plant management and monitoring service of TommaTech Connect Services, you will need to provide us the Plant Name, Region, Address, Plant GPS Coordinates, Serial Number of Logger Device and Serial Number of Sub-devices including Inverters and Meters.
Wi-Fi Setup Information. You can use our "Save Wi-Fi Password" feature to allow your Devices to connect automatically to your Wi-Fi network. If you use this feature, we will store your Wi-Fi network name (SSID) and password. This information is encrypted using industry-standard algorithms and will not be used for any other purpose. If you choose not to use this feature, your Devices will need to reselect the Wi-Fi network and re-enter the password each time they connect.
Customer Service Information. In order to inquire about our Services or file a complaint, you will need to provide your contact information, including email address or mobile phone number, and the detailed information regarding your inquiry or complaint. If you do not provide the necessary contact information, we may not respond and provide you with appropriate feedback.

1.2 Information we collect when you use our Services

When you use our Services, we collect information about how you use our Services and what data the PV Plant generated.

Device Information. We collect information about and from the devices you use to access TommaTech Connect Services, that includes: (1) Information about your devices, such as device model, operating system, browser information, Unique Device Identifier (a string that the manufacturer assigns to your device to uniquely identify the device), and other information about your device. (2) Information about your connection to TommaTech Connect Services, such as your IP address, network connection status and type, network condition and related information.
PV Plant Data. We collect PV Plant data in order to allow you to manage and monitor the PV Plant. The PV Plant data includes Serial Number of data logger devices and sub-devices (such as inverters, meters and other similar devices), and their continuous device data flow. We may use the PV Plant data to analyze and diagnose the PV Plant situation in order to help you to maintain and improve the plant.
Log Information. When you use TommaTech Connect Services, we collect the operation logs, service logs, service failure information and other activity logs, even if you have not created an account or are signed out, that includes: IP address and related information; device IDs and operation system information; browser information; pages visited; and identifiers associated with cookies. We also collect the Mobile/Web application performance data, crash data and the source of Mobile Application in order to ensure the information security and improve the system performance.
Cookies and similar technologies. We use cookies and similar technology to operate our Services, discover how users use our Services and improve the service performance. Cookies and similar technology could help you stay logged in to TommaTech Connect Services and protect your account security, and help us to improve and understand how users use our Services in order to improve the user experience. You can manage or delete the cookies according to your preferences by browser settings or mobile phone system settings. For additional information, you can find in our Cookies Policy.
Interactions with third-parties. When you authorize the Maintenance Service Provider to access, manage and monitor your PV Plant, we collect the interaction information in order to provide Maintenance Service Provider with the necessary data to fulfil their obligations.

1.3 Information we receive from third parties

We may receive information about you from third-parties whom are authorized by you to provide your PV Plant information to us on behalf of you. These third-parties include your Maintenance Service Provider, Plant System integrator, Equipment Dealer and other agents you designated. We may also receive information about you from our Users, Partners and corporate affiliates who could help us to evaluate the security and quality of TommaTech Connect Services.

How We Use the Information

2.1 Operate and improve our Services

We use the information we collect to provide you the TommaTech Connect Services. In order to use our TommaTech Connect Services, you should create an account and provide the Personal Account information. In order to use the PV Plant management and monitoring services of TommaTech Connect Services, you should create a PV Plant instance and provide the necessary PV Plant Information. We use your device information and cookies information to provide you the better user experience when you use mobile or web application to access our TommaTech Connect Services.

2.2 Ensure security

We use information we collect to ensure the security of our users, services, and your account. This includes verifying your identity, ensuring secure login, preventing unauthorized use, and detecting illegal activities. In the event of a security incident, we may utilize your information to assess the situation and conduct thorough investigations.

2.3 Analyze and improve inverter and other devices

We use information we collect to measure and analyze data generated by inverter and other devices to diagnose the related device situation. We will alert when there are unusual and error device situation, so that you could assess and investigate your PV Plant.

We also use PV Plant data we collect to help us and our partners to improve the design and implementation of devices. When we conduct the research and development to improve the inverter and other devices, we use the anonymized plant and device data.

2.4 Communicate with you about our Services

We use information we collect to communicate with you about TommaTech Connect Services, including our service updates, term of service updates, privacy policy updates, and other inverter module and firmware updates.

We use information about you and your use of the Services for marketing, promotional activities, and business development. We may use your contact details and usage information to send promotional emails we believe are relevant to you. You can opt out of marketing communications at any time by following the unsubscribe instructions included in our emails.

2.5 Research

We use the information you provide to us including survey, service testing and troubleshooting information that could help us to improve the TommaTech Connect Services.

2.6 Protect our business interests and legal rights

To provide you with better local warranty and support, we infer the country or region of your device's actual installation based on the IP address used when it first connects to the TommaTech Connect Services. We use this location information to manage our authorized dealers and enhance their ability to provide after-sales support to local customers. Please note that information about the device's actual country or region of installation is not considered personal information.

What is Purpose and Legal Basis

The purposes and legal basis upon which we process your personal information include:

Processing Purpose	Personal Data	Lawful basis of Processing
Operate our Services and Ensure safety and security.	All personal information listed in “1. Information We Collect”.	Contractual necessity, Your Consent and Legitimate interests
Analyze and improve the Inverter and other devices, in order to diagnose the issues and improve device design.	PV Plant Data	Contractual necessity, Your Consent and Legitimate interests
Communicate with you about our Services	Personal Account, PV Plant Information, PV Plant Data, Interactions with third-parties and Customer Service Information.	Contractual necessity and Your Consent
Research, protect our business interests and legal rights and make your experience of our Services and Products more efficient and effective.	PV Plant Information, PV Plant Data, Device Information, Log information and Cookies and similar technologies	Your Consent and Legitimate interests

We may process your personal information based on our legitimate interests, but we will always carefully consider your rights and interests. We will not proceed with such processing if we believe that your interests or fundamental rights and freedoms related to your personal information would be prejudiced.

You have the right to object to the processing of your personal information when it is carried out for our legitimate interests. If you object, we will assess the situation and cease processing your personal information unless there are compelling legitimate grounds that override your rights.

How We Share Information

4.1 Share upon your decision

You can share your Personal Account information, PV Plant Information and PV Plant Data with your designated Maintenance Service Provider, in order to authorize the Maintenance Service Provider to help you manage and monitor your PV Plant.

4.2 Share with third parties

We may share your information with our service providers that perform functions and provide services on our behalf, including Amazon Web Services who provide the infrastructure cloud service to us. Before engaging third parties to assist us in performing functions and providing services, we have established pre-assessment procedures to verify the quality and suitability of these third parties. We carefully evaluate their data protection practices and compliance with applicable privacy laws.

4.3 Integrations with third-party

We integrate third-party Software Development Kit (SDK) in our mobile application to enhance the functionality, provide the better experiences and collect analytics data. These third-party SDK service providers act as the data controller or data processor in the respective scenarios:

SDK and Service Provider	Data Processing	Purpose and Privacy Policy
AutoNavi positioning SDK AutoNavi Software Co., Ltd.	Geographic location (approximate location source, precise location source), WIFI information, list of running applications, sensor information, network operator, SIM information, MAC address	When the user edits the plant location https://lbs.amap.com/pages/privacy/
MapBox SDK Mapbox, Inc.	Geographic location Such as latitude and longitude, altitude, horizontal and vertical accuracy (the session ID association is broken within 24 hours.)	When the user edits the plant location https://www.mapbox.com/legal/privacy#product-privacy-policy
Google Play Services Google LLC	GPS location, Wi-Fi access point information, mobile network information, and device sensor data	When the user creates or edits the plant location https://policies.google.com/privacy
JPush SDK Shenzhen Hexunhuagu Information Technology Co., Ltd.	Device information, geographic location, network information	Use when pushing notifications or messages to users https://docs.jiguang.cn/jpush/client/jghgzy_a_i_h
FCM SDK Google LLC	Device information, geographic location, network information	Use when pushing notifications or messages to users https://developers.google.com/terms/api-services-user-data-policy
CAPTCHA SDK Wuhan Jiyi Network Technology Co., Ltd.	Device Information: Device Brand, Device Model, Operating System, System version, System Language, Device Name, Memory Size, Carrier Name, Screen Height, Screen Width, Tablet Indicator (Yes/No), OAID; Network Information: IP Address, Wi-FiIndicator (Yes/No), Network Type.	Use when security verification features, such as password recovery. https://docs.geetest.com/BehaviorVerification/support/ComplianceGuidelines

4.4 When required by law

We may preserve, use, disclose, or share your information if we believe it is reasonably necessary to: comply with applicable law, protect the safety and integrity of our Services, protect your and our rights or property.

4.5 With our Affiliates

We may share information amongst our affiliates to provide our Services.

How and How Long We Store Information

For users in North and South America, your personal information is stored on our servers in the United States. For those in the European Economic Area (EEA) and other regions outside of China, your personal information is stored on our servers within EEA. When we share data with our affiliates and our service providers, we implement appropriate security measures, including EU-Commission approved standard contractual clauses (SCCs) and other relevant agreements to ensure the protection of your personal information.

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.

We retain your account information and other information for the duration of your account until you choose to deregister or until your account is terminated for any other reasons.
We may retain certain information for longer periods than stated in our policies to comply with legal requirements and ensure safety and security.
Once the specified retention periods expire, we will delete or anonymize your personal information, unless otherwise mandated by laws and regulations.

Security Measures and Device Permissions

We recognize the importance of protecting and managing your personal information and take all necessary steps to safeguard your personal information. We use a variety of security, organizational and technical measures designed to help protect your personal information from unauthorized access, use, disclosure, alteration or destruction consistent with applicable data protection and privacy laws and regulations.

However, you are also responsible for maintaining the security of your account for the TommaTech Connect Services in your possession or control. We recommend that you do not divulge your password to anyone. Our staff will never ask you for your password in an unsolicited phone call or in an unsolicited email. If you share a computer with others, you should not choose to save your account information on that shared computer.

When you use our mobile application of TommaTech Connect Services, we may need to activate some device permissions, including Storage/Photo, Camera, Location, Bluetooth, WIFI and MicroPhone.

Device Permission	Purpose
STORAGE/PHOTO	Used to set the cover of the PV plant and set the personal avatar.
CAMERA	Used to set the cover of the PV plant, set the personal avatar, scan the device SN
LOCATION	Used to set the PV plant location, device distribution network, device local mode
BLUETOOTH	Used to set the device distribution network, device local mode
WIFI	Used to set the device distribution network, device local mode

You have the option to disable these permissions within the mobile application's System Settings or the device's Settings, thereby preventing us from collecting the corresponding personal information. Please note that the process for displaying and disabling permissions may vary depending on your specific device. We recommend referring to your device's system description or instructions for guidance on managing permissions.

Your Rights and Options

You have the following data subject rights and options regarding your personal data:

Right to Access: You have the right to request a copy of your personal information. We will need to verify your identity before taking any action.
Right to Rectification: If the personal information we hold is incorrect, you have the right to request its amendment.
Right to Erasure: You have the right to request the deletion of your personal information that we hold. However, there may be legal and regulatory reasons that prevent us from deleting your data.
Right to Withdraw Consent: You can withdraw your consent to the processing of your personal information at any time (if we process your personal information based on your consent). Please note that withdrawing consent may impact our ability to provide certain services to you, but it does not affect the lawfulness of our processing prior to the withdrawal.
Right to Data Portability: You have the right to receive certain personal information you have provided to us in a machine-readable format, or to have it transmitted to a third party with your explicit authorization.
Right to Restrict Processing: Under certain conditions listed in our policies, you can restrict the processing of your personal information.
Right to Object: You have the right to object, on grounds relating to your particular situation, at any time to processing of Personal Data concerning you which is based on a task carried out in the public interest or on a legitimate interest.
Right to Lodge a Complaint: If your privacy rights are violated or you have suffered as a result of unlawful processing of your personal information, you have the right to lodge a complaint with the relevant supervisory authority.

To exercise your rights, we may need to request specific information to confirm your identity and ensure your right to access your personal information or exercise any other rights. This is a security measure to protect your information. We may also contact you for further details related to your request. To exercise your rights, please contact us using the details provided in the "Contact Us" section below. Please note that we may need to verify your identity before proceeding with your request. We aim to respond to your request within 30 days, and if more time is required, we will inform you and keep you updated.

Children Policy

Our TommaTech Connect Services are not directed toward individuals under the age of 18 (“Minors”). TommaTech GmbH does not knowingly collect personal information from Minors. If we become aware that Minors have provided personal information through our Services, we will take immediate steps to remove such information from our systems. Parents or legal guardians are responsible for ensuring that Minors under their supervision do not use our Services or submit any personal information.

Policy Update

We reserve the right to change, amend, or revise this Privacy Policy periodically. We will make efforts to notify you of any significant or material changes. You can access the latest version of this Privacy Policy on our website and mobile application at any time. We encourage you to regularly review the Privacy Policy to stay informed about any updates before using the Cloud Services mentioned in this Policy.

If you do not agree with any of the changes and no longer wish to use our Services, you have the option to close your Account. By continuing to use our Services after receiving notice of changes or when changes are published on our Services, you indicate your acceptance of the changes and consent to the modified version of this Privacy Policy.

Contact Us

If you have questions or requests about the privacy issues relating to the processing of your personal information, Please contact us at:

TommaTech GmbH

Attn: Data Protection Officer (DPO)

Email: haberlesme1@cw-enerji.com

Address: Zeppelinstrasse 14 – 85748 Garching Munich/Germany

[END]