Sončni sistemi / CNTE logo
The best energy storage systems in the world
Facebook-f Youtube Linkedin
Facebook-f Youtube Linkedin
Sončni sistemi / CNTE logo
Facebook-f Youtube Linkedin

The best energy storage systems in the world

Privacy Policy

REGULATION ON THE PROTECTION OF PERSONAL AND CONFIDENTIAL DATA
of the company SONČNI SISTEMI d.o.o.

Article 1 – Purpose and Scope

This regulation governs the collection, processing, storage, and protection of personal and confidential data in the company SONČNI SISTEMI d.o.o., which supplies and installs solar power plants. Its purpose is to ensure compliance with the General Data Protection Regulation (GDPR) and ZVOP-2, and to protect the rights of individuals whose data is processed.

Article 2 – Data Controller

The data controller is:
SONČNI SISTEMI d.o.o., Cankarjeva ulica 8, 8210 Trebnje
Registration number: 6417558000
Email: info@soncni-sistemi.si

Article 3 – Types of Personal Data

The company processes the following categories of personal data:

  • customer data (name, surname, address, phone number, email, plant location, contractual data),
  • employee data (employment-related data, attendance records, salary information, etc.),
  • data of contractual partners (contact persons, business addresses),
  • technical data related to the operation of solar power plants (location, technical parameters, operational status).

Article 4 – Purposes of Processing

Personal data is processed for the following purposes:

  • preparation and conclusion of contracts for solar power plant installation,
  • installation, maintenance, and servicing activities,
  • monitoring the operation of solar power plants through the Austa Solar application,
  • compliance with legal obligations (accounting, tax legislation, construction regulations),
  • managing HR and legal records,
  • sending notifications and service information to customers.

Article 5 – Legal Basis

Processing of personal data is based on:

  • Article 6(1)(b) GDPR – performance of a contract,
  • Article 6(1)(c) GDPR – compliance with legal obligations,
  • Article 6(1)(a) GDPR – consent of the individual (e.g., data entry in the Austa Solar app),
  • Article 6(1)(f) GDPR – legitimate interest (e.g., protection of property and business data).

Article 6 – Transfer to Third Countries

To monitor the operation of solar power plants, the Austa Solar application is used, operated by Ningbo Osda Solar Co., Ltd. (China). Entering data into the application involves transferring personal data to a third country.

The company ensures data protection by using Standard Contractual Clauses (SCC) in accordance with Article 46 of the GDPR. The customer is informed of this transfer and consents to it when signing the contract.

Article 7 – Data Retention

Data is retained as follows:

  • contracts and accounting documents: 10 years (in accordance with ZDavP-2),
  • employee data: until employment termination and in accordance with labor legislation,
  • technical data relating to power plants: for the duration of the contractual relationship,
  • data processed based on consent: until consent is withdrawn.

Article 8 – Rights of Individuals

Individuals have the right to:

  • access personal data,
  • rectification of inaccurate data,
  • erasure of personal data,
  • restriction of processing,
  • data portability,
  • objection to processing,
  • withdrawal of consent (if processing is based on consent).

Complaints may be submitted to the Information Commissioner of the Republic of Slovenia.

Article 9 – Processors

The company may entrust personal data to processors (e.g., accounting service providers, IT maintenance companies, app providers) under contracts compliant with Article 28 GDPR.

Article 10 – Organisational and Technical Measures

The company ensures the security of personal data using the following measures:

  • restricted access (only authorised personnel),
  • use of passwords, antivirus programs, and firewalls,
  • regular backups,
  • physical protection of business premises,
  • employee training on data protection.

Article 11 – Data Protection Officer

The company appoints a Data Protection Officer (DPO) responsible for compliance with legislation and serving as a contact point for individuals and authorities.
Contact: Katja Jarc, info@soncni-sistemi.si

Article 12 – Personal Data Breaches

In the event of a personal data breach, the company acts in accordance with Articles 33 and 34 GDPR:

  • notification to the Information Commissioner within 72 hours,
  • notification of affected individuals if the breach is likely to pose a high risk to their rights.

Article 13 – Final Provisions

This regulation enters into force on the day of adoption and applies to all employees and external contractors.
The regulation is published on the company’s website and available to all customers.

Trebnje, 26 January 2023
SONČNI SISTEMI d.o.o.
FRANCI JARC, Director