Sonnedix Privacy Policy (“Privacy Policy”)

Sonnedix Power Holdings Limited (collectively with its subsidiaries, “Sonnedix“) takes its obligations with regard to data protection seriously and protecting your privacy is a top priority. This Privacy Policy provides you with information about how Sonnedix collects and processes your personal data including, for example, when we are considering potential business opportunities with you. It also describes the privacy practices for when you use our website www.sonnedix.com (collectively referred to as “Service”). Please read this Privacy Policy, as it contains important information which you should be aware of.

For the purposes of data protection laws, Sonnedix is data controller (i.e., the company who is responsible for, and controls the processing of, your personal data).

Sonnedix will notify you of the following:

1. What personally identifiable information is collected from you as part of any Service, how it is used and with whom it may be shared.
2. The purposes of the processing and the legal basis we rely on for that processing.
3. If we intend to transfer your personal data to other countries, how this is done lawfully under data protection laws.
4. What choices are available to you and your rights (including how to exercise them).
5. How long we will store your information.
6. The security procedures in place to protect the misuse of your information.
7. How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We only have access to collect information that you voluntarily give us via email or which we otherwise collect by contact with you.

The categories of information we collect can include:

1. Information you provide to us directly. We may collect personal information such as your contact information including your full name and e-mail address. We may also collect information when you sign up for our mailing list, speak with us over the telephone, fill out a contact form on our website, or otherwise communicate with us. We may also collect any communications between you and Sonnedix and any other information you provide to Sonnedix.
2. Information we receive from third parties. From time to time, we may receive information about you from third parties and other users, such as our business partners, brokers and intermediaries. We may also collect information about you that is publicly available.

Sonnedix will use your information to respond to you, regarding the reason you contacted us. Sonnedix will not sell or rent this information to anyone (except if we sell our business or assets). We will also use this information to consider potential business opportunities with you, as well as do business with you.

We will also use your information to operate, maintain, and provide to you the features and functionality of our website, to prevent fraud or other unauthorized or illegal activity and to diagnose or fix technology problems on our website.

Sonnedix monitors and records calls for compliance with self-regulatory practices and internal governance procedures relevant to our business, to establish the existence of facts relevant to our business, in the interests of protecting the security of our communications systems and procedures, and for quality control purposes.

The legal basis we rely on to process personal data as part of our call recording activities is that it is in our legitimate interest.

Your name, telephone number, and information about you revealed on the call (such as your job title) will be recorded and processed by us for the purposes above. The details you provide on the call are recorded on a secure and restricted database and may be shared with other Sonnedix Group entities as described below.

Unless you ask us not to, we may contact you via email in the future to tell you about ourselves, or changes to this Privacy Policy. Sonnedix uses “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our website.

In addition, Sonnedix performs routine background checks on our potential business partners to comply with bribery, anti-corruption and anti-money laundering laws and regulations. To do this, we may collect your date of birth, place of birth, tax id, passport number, any other government identification number(s), address, phone number, employment and educational background as well as your criminal history.

We may share your personal information with:

• Third party service providers that perform services on our behalf, as needed to carry out their work for us, which may include preventing fraud or other illegal activity, such as anti-money laundering services, verifying your identity and status as an accredited investor, identifying and serving targeted advertisements, providing mailing services, providing tax and accounting services, web hosting, or providing analytic services;
• Other companies and brands owned or controlled by Sonnedix and other companies owned by or under common ownership as Sonnedix, which also includes our subsidiaries (i.e., any organization we own or control) or our ultimate holding company (i.e., any organization that owns or controls us) and any subsidiaries it owns. These companies will use your personal information in the same way as we can under this Policy;
• Other parties in connection with a company transaction, such as a merger, sale of company assets or shares, reorganization, financing, change of control or acquisition of all or a portion of our business by another company or third party, or in the event of a bankruptcy or related or similar proceedings; and
• Third parties as required by law or subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of law enforcement; (b) to enforce our Terms of Service or to protect the security or integrity of our services; and/or (c) to exercise or protect the rights, property, or personal safety of Sonnedix, our visitors, or others.
• We may also share your personal data if we are under a duty to disclose or share phone recordings in order to comply with any legal obligation (including lawful requests by public authorities such as to meet national security or law enforcement requirements) or to enforce Sonnedix’s agreements and corporate policies or to protect the rights, property or safety of Sonnedix, its employees, agents and / or others.

We may also share information with others in an aggregated or otherwise anonymized form that does not reasonably identify you directly as an individual.

Legal basis for processing

The purposes for which we process your personal data are:

1. because it is necessary for the performance of any contractual relationship we have with you;
2. where it is necessary for compliance with our legal obligations laid down by law;
3. where in our legitimate interests (provided these are not overridden by your interests and fundamental rights and freedoms – this includes our own legitimate interests and those of other entities and branches in our group of companies) such as:
   1. to contact you and respond to your requests and enquiries;
   2. for business administration, including statistical analysis or establishing the existence of facts relevant to our business;
   3. to ascertain compliance with self-regulatory practices or procedures relevant to our business;
   4. in the interests of protecting the security of our communications systems and procedures;
   5. to provide your with our services;
   6. for quality control purposes;
   7. for fraud prevention and detection; and
   8. to comply with applicable laws, regulations or codes of practices such as the Foreign Corrupt Practices Act 1977.

When we record telephone calls, and process your personal information in relation to that, we will do this for the legitimate interests mentioned in b), c), d) and f) above. These are not overridden by your interests, rights and freedoms because we do not retain the recordings for longer than necessary and we make sure only those persons in our business who need to access them to perform their roles are able to do that.

Storing and transferring your personal information

• International Transfers of your personal information. As we have subsidiaries located in the USA, any information you provide may be processed and stored in the USA. If you are in the UK, EU or EEA, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.
• Privacy Shield. Sonnedix USA Services Limited (“SUSASL”), a US service providing subsidiary of Sonnedix, complies with the EU-U.S. Privacy Shield framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information received from European Union countries (the “Privacy Shield”). SUSASL has certified that it adheres to the Privacy Principles of notice, choice and accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse, enforcement and liability (“Principles”). If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Principles shall govern. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please see: https://www.privacyshield.gov/list. In the context of an onward transfer, SUSASL has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. SUSASL shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless SUSASL proves that it is not responsible for the event giving rise to the damage.
• If you wish to enquire further about the safeguards we use, please contact us using the details set out at the end of this Privacy Policy.
• We will take reasonable steps to ensure that your personal information is treated securely and in accordance with applicable law and this Privacy Policy.

Jurisdiction and Enforcement

• As part of our participation in the Privacy Shield, SUSASL is subject to the investigatory and enforcement powers of the US Federal Trade Commission (“FTC”).
• You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
• In compliance with the EU-US Privacy Shield Principles, SUSASL commits to resolve complaints about your privacy and its collection or use of your personal information. For inquiries or complaints regarding this Privacy Policy please contact Sonnedix using the contact information listed below.
• We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to JAMS, an alternative dispute resolution provider located in the United States. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information and to file a complaint. The services of JAMS are provided at no cost to you.

Your Access to and Control Over Information

You may contact us to discuss how to exercise those rights by sending an email to privacy@sonnedix.com.

You have the following rights in respect of your personal data that we hold:

• See what data we have about you, if any.
• Change/correct any data we have about you.
• Have us delete any data we have about you.
• Express any concern you have about our use of your data.

Your rights under data protection laws

You are entitled to certain rights over how we use personal information, including right of access, right to rectification, right to erasure, right to restriction and right to make a complaint to the relevant supervisory authority. In some cases our ability to uphold these rights for you may depend upon our obligations to process personal information for security, safety, fraud prevention reasons, compliance with regulatory or legal requirements, or because processing is necessary to deliver the services you have requested. Where this is the case, we will inform you of specific details in response to your request.

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website or by contacting: privacy@sonnedix.com

1. Right of access. The right to obtain access to your personal data.
2. Right to rectification. The right to obtain rectification of your personal data without undue delay where that personal data is inaccurate or incomplete.
3. Right to erasure. The right to obtain the erasure of your personal data without undue delay in certain circumstances, such as where the personal data is no longer necessary in relation to the purposes for which it was collected or processed.
4. Right to restriction. The right to obtain the restriction of the processing undertaken by us on your personal data in certain circumstances, such as where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data.
5. Right to portability. The right to portability allows you to move, copy or transfer personal data easily from one organization to another.
6. Right to object. You have a right to object to processing based on legitimate interests and direct marketing.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy.

You also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. In the UK, this is the Information Commissioner’s Office.

Security

Sonnedix take precautions to protect your information. The computers on which we store personally identifiable information you may have provided to us are kept in a secure environment. For example, we use Security Sockets Layer (SSL) encryption technology to encrypt sensitive personal information we collect through this website. However, no security system is impenetrable, and we cannot guarantee the security of our systems 100%. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and, where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.

We store personal data for as long as necessary to fulfil the purposes for which we collect the data (see above under “Information Collection, Use, and Sharing”), except if required otherwise by law. We retain call recordings for one year.

If you feel that we are not abiding by this Privacy Policy, you should contact us immediately at privacy@sonnedix.com.

Changes to our Policy

We may modify or update this Privacy Policy from time to time to reflect the changes in our business and practices, so you should review this page periodically. When we change the policy in a material manner, we will let you know and update the ‘last modified’ date at the bottom of this page.

This Privacy Policy was last modified in March 2020