Privacy Policy
Introduction
Introduction Welcome to Sourceful Labs AB, corporate identity number 559382-0458 (“we”, “our” and “us”), providers of the www.sourceful.energy website along with our other products and services. The privacy and security of our users are taken seriously. This Privacy Policy contains information on when and how we process your personal data and what rights you have when it comes to this data processing.
Data controller
Sourceful is the data controller for the processing of your personal data and is responsible for ensuring that all processing is carried out in accordance with applicable law.
How we process your personal data and why
To analyze how our website is used in order to make improvements
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
|
| Consent (6.1 (a) GDPR) Your personal data will be processed based on your consent. You can withdraw such consent at any time by contacting us. You can prevent Google Analytics from using your personal data by downloading and installing this browser add on. |
Storage period: We will store your personal data for a period of twenty-six (26) months after your visit to our website. Google will continue to use your personal data for their own purposes and Google will inform you separately about such processing.
To handle your notice of interest to use our services
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
|
| Legitimate interest. Your personal data will be processed based on our legitimate interest in reaching out to customers who have signed up for more information about Sourceful. |
The data is stored until your request is handled and one year thereafter.
To enter into an agreement with you and provide hardware devices
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
|
| The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. |
The data is stored for as long as necessary to provide the hardware device in accordance with the contract, and to handle any claims based on the provision of the hardware device.
To automatically find and connect to your solar inverter
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
|
| Legitimate interest in providing seamless connectivity and functionality for the user’s solar inverter |
We retain the new inverter IP after a scan, along with previously obtained information such as the inverter port, type, address, and, in some cases, the serial number
To handle refunds in accordance with consumer legislation
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
|
| Legal obligation. The processing is necessary to comply with legal obligations to which we are subject, i.e. consumer sales legislation. |
The data is stored until claims for refunds under the Swedish Consumer Sales Act or other applicable mandatory consumer legislation can no longer be enforced.
To handle damages according to the product liability legislation
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
|
| Legal obligation. The processing is necessary to comply with legal obligations to which we are subject, i.e. product liability legislation. |
The data is stored until claims for damages under the Swedish Product Liability Act or other applicable mandatory product liability legislation can no longer be enforced.
To comply with accounting legislation
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
|
| Legal obligation. The processing is necessary to comply with legal obligations to which we are subject, i.e. accounting legislation. |
We will store any document constituting accounting material and the personal data included therein according to the storage period stated in the accounting legislation.
For instance, in Sweden, this means that we will store your personal data for seven to eight years, i.e. until and including the seventh year after the end of the calendar year for the fiscal year to which the personal data relates.
To enable usage of the Sourceful Energy Gateway and the receivement of SRC tokens
What processing we perform | What personal data we process | Our legal basis for the processing |
---|---|---|
When linking your Solana wallet to the Sourceful platform, we store your data | Solana public wallet address Your Solana public wallet address may in some cases be regarded as personal data. | Legitimate interest. Your personal data will be processed based on our legitimate interest to connect you as a user to the Sourceful Platform to ensure you can use the Sourceful Energy Gateway. |
The data is stored for as long as your Solana Wallet is connected to the Scrful Platform.
Who can gain access to your personal data and why?
Sourceful will process your personal data. When a third party, such as our IT and system suppliers, processes your information on our behalf, we have signed a data processing agreement with them. This means that they are obliged to process the information securely, accurately, and confidentially.
Our data processors are:
- Google Workspace - cloud services.
- Google Analytics – cookies.
We also transfer your personal data to recipients who are not processors. The recipients are independent data controllers for their processing. Such recipients include, for example, public authorities if such disclosure is required by law, banks, and payment service providers.
Transfers of personal data to countries outside the EU or EEA (“third countries”)
As a general rule, we and our suppliers and partners process your personal data only within the EU/EEA. In cases where personal data are processed outside the EU/EEA, we base the processing either on a decision from the European Commission that the relevant third country ensures an adequate level of protection, or appropriate safeguards, e.g. standard data protection clauses, to ensure that your rights are protected.
In the following cases, we may transfer personal data to third countries:
- Personal data, such as e-mail addresses, that is provided by customers in Google Forms or in e-mail correspondence with us might be transferred by Google to the USA. The transfer is based on a decision from the European Commission that the relevant third country ensures an adequate level of protection as Google is subject to the EU-US Data Privacy Framework.
- If you use our website and have consented to us using Google Analytics, your personal data may be transferred by Google to the USA. The transfer is based on a decision from the European Commission that the relevant third country ensures an adequate level of protection as Google is subject to the EU-US Data Privacy Framework.
If you wish to receive a copy of the safeguards taken by us or information regarding where these safeguards have been made available, please contact us by using the contact details stated below.
How do we protect your personal data?
We, and in relevant cases third parties, have taken several security measures to protect the personal data that is being processed. We have firewalls and anti-virus software to protect and prevent unauthorized access to our networks and systems. Our employees have strict instructions to process all personal data in accordance with applicable laws and regulations.
Your rights
Right to withdraw a given consent (Article 7.3 GDPR)
You have the right to withdraw your consent at any time, with effect from the date of withdrawal.
Right to access (Article 15 GDPR)
You have the right to obtain confirmation as to whether we are processing personal data concerning you or not. You can make a request by contacting us. If we do process your personal data, you also have a right to obtain a copy of the personal data processed by us as well as information about our processing of your personal data.
Right to rectification of processing (Article 16 GDPR)
You have the right to obtain, without undue delay, the rectification of inaccurate personal data concerning you.
Right to erasure (“the right to be forgotten”) (Article 17 GDPR)
You have the right to obtain the erasure of your personal data if any of the following applies:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed,
- you object to the processing pursuant to Article 21.1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21.2 GDPR,
- the personal data have been unlawfully processed, or
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law that applies to us.
Please note that our obligation to erase and inform according to the above shall not apply to the extent processing is necessary:
- for exercising the right of freedom of expression and information,
- for compliance with a legal obligation which requires processing by Union or Member State law which applies to us, or
- for the establishment, exercise, or defense of legal claims.
Right to restriction of processing (Article 18 GDPR)
You have the right to obtain from us restriction of the processing of your personal data if:
- the accuracy of the personal data is contested by you, during a period enabling us to verify the accuracy of the personal data,
- you have objected to processing pursuant to Article 21.1 GDPR pending the verification of whether our legitimate grounds override yours,
- the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of their use, and
- you need the personal data for the establishment, exercise, or defense of legal claims even though we no longer need the personal data for the purposes of the processing.
Right to data portability (Article 20)
If you have given your consent, or if we base the processing on a contract with you, you have the right to obtain the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format and to transmit it to another controller or to obtain our assistance in transmitting it to another controller where technically feasible.
Right to object (Article 21 GDPR)
You have the right to object, on grounds relating to your situation, at any time to the processing of your data which is based on Article 6.1 e (public interest) or 6.1 f (legitimate interest) GDPR, including profiling based on those provisions. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.
Right to complain to a supervisory authority (Article 77 GDPR)
You have the right to lodge a complaint with a supervisory authority. The supervisory authority in Sweden is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY).
Contact us
If you have any questions or if you wish to exercise any of your rights, do not hesitate to contact us at sales@sourceful-labs.com.