Dyness Privacy Policy
Update Date: June 09, 2026
Effective Date: June 09, 2026
Introduction
Dyness (Daqin Digital Energy Technology Joint Stock Company, hereinafter referred to as "we" or "Dyness") attaches great importance to your personal information and privacy security. This Privacy Policy is intended to explain to you how we collect, use, store, share, and protect your personal information, as well as the rights you enjoy.
This Privacy Policy and the supporting <Dyness Service Agreement> are simultaneously announced at:
- 1. <Privacy Policy> on the Login Page of Dyness Official Website;
- 2. APP - My - Privacy Policy;
- 3. The pop-up window for checking the agreement in the new user registration process supports full viewing and downloading.
Before you actively register, log in, or use specific functions that require us to process your personal information, we will ask you to confirm this Privacy Policy through pop-ups, checkboxes, etc. Only after you actively check and agree will we process your personal information in the manner described in this policy. If you do not agree to this policy, you may not be able to use our services or some of their functions properly.
Withdrawal of Consent: You may withdraw your consent at any time by contacting us through the contact information provided at the end of this Policy. Withdrawing your consent will not affect the legality of personal information processing that has already been carried out based on your consent prior to the withdrawal, but after you withdraw your consent, we will stop further processing your personal information, which may result in the unavailability of some services.
If you are under 16 years old, please make sure to obtain the consent of your legal guardian in advance before using our services and providing us with personal information.
This policy will help you understand the following:
- 1. Complete identity and contact information of the data controller
- 2. How we collect and use your personal information, processing purposes, and legal basis under GDPR
- 3. Special Explanation on Legitimate Interests
- 4. How to share, transfer, and publicly disclose your personal information
- 5. Complete Management Rules for Cookies and Similar Technologies
- 6. Information we may send to you
- 7. Your complete data subject rights
- 8. Retention Period and Determination Criteria for Categorized Data
- 9. How We Protect Your Personal Information
- 10. Regional supplementary notes (GDPR / Dutch APPI / China / US, etc.)
- 11. Scope of Application of this Policy
- 12. How this policy is updated
- 13. Contact Us
1. Complete identity and contact information of the data controller
1.1 Global Total Control Entity
Daqin Digital Energy Technology Joint Stock Company
Registered Address: 7th and 8th Floors, Building 3, No. 58 Nanhu Road, Chengnan Sub-district, Wuzhong District, Suzhou City, Jiangsu Province
General Customer Service Email: sales@dyness-tech.com
Customer Service Hotline: +86 400 666 0655
1.2 EU/Netherlands Regional Independent Data Control Entity
Dyness EU B.V.
注册地址:Lisbaan 4A, 2908 LN, Capelle aan den IJssel, The Netherlands
EU Regional Contact Email: sales@dyness-tech.com
EU Consultation Hotline: +49 611 7603 4047
2. How Dyness Collects and Uses Your Personal Information
Dyness will collect information that you actively provide during the use of the service, as well as information generated during your use of functions or receipt of services collected through automated means, in the following manner. The rules in this section apply equally to personal information and operational data of energy storage devices, and relevant data processing activities strictly comply with globally applicable rules and meet the requirements of Japan's JC-STAR, the EU Data Act, and Dutch regulations.
2.1 Account Registration and Login
When you register, log in, and use our services, the personal information you provide to us that can be used to identify the user's personal identity, such as username, user password, name, company name, email address, location, etc., or other data through which we can legitimately find such information via links. For the account system targeting the Japanese region, password security verification rules are set in accordance with the JC-STAR standard.
2.2 Your platform operations such as addition, deletion, editing, and querying
For service security and operational quality, when you perform relevant operations on the Dyness platform, Dyness will collect relevant information such as your username and user IP address, and display information such as username and operation content in relevant locations or operation logs. Platform operation logs and energy storage device operation logs generated in the Japanese region will be retained for no less than 90 days in accordance with the JC-STAR standard.
2.3 Personal information collected and used with legal exemption from obtaining consent
Please understand that Dyness will collect and process your personal information in accordance with the laws and regulations of the jurisdiction to which you belong without obtaining your consent. Taking the European Union region (where GDPR applies) as an example, Dyness collects and processes your personal information in the following situations:
- (a) Processing that is necessary for the performance of a contract to which the data subject is a party or in order to take steps at the request of the data subject prior to entering into a contract;
- (b) the processing is necessary for the performance of a legal obligation to which the controller is subject;
- (c) Processing is necessary for the protection of the vital interests of the data subject or another natural person;
- (d) the processing is carried out by the data controller for the performance of a task in the public interest or in the exercise of official authority vested in the data controller;
- (e) Other circumstances provided by law.
3. Special Compliance Statement on Legitimate Interests
Pursuant to Article 6(1)(f) of the GDPR, we conduct partial data processing based on legitimate interests, and the full balance assessment is as follows:
- 1. Content of Our Legitimate Interests Ensure the login security of Dyness platform accounts, identify malicious logins and account theft; troubleshoot system crashes and device offline failures; optimize the product functions of the Energy Storage Cloud Computing Platform and iterate the operation and maintenance service capabilities; prevent network attacks, false registrations and other violations.
- 2. Privacy Rights and Interests Balance Assessment Only the minimum necessary data required to achieve the above objectives will be collected. There will be no construction of refined user profiles based on legitimate interests, and no indiscriminate targeted advertising tracking will be conducted. Processing activities will not cause excessive infringement of users' basic privacy rights and interests.
- 3. Rules for the Exercise of User's Right to Object You may submit a written objection application to the official customer service email address at any time, specifying the processing actions you wish to stop. After receiving the application, we will complete the verification and suspend the corresponding data processing within 7 working days, and shall not use this to restrict your use of basic cloud service functions.
4. How Dyness Shares, Transfers, and Publicly Discloses Your Personal Information
4.1 Sharing
4.1.1 Sharing Principle
- a. Authorization and Consent Principle: Sharing your personal information with third parties requires your authorization and consent, unless the shared personal information has been de-identified and the third party cannot re-identify the natural person subject of such information. If the purpose of the third party's use of the information exceeds the scope of the original authorization and consent, they need to obtain your consent again.
- b. Principle of Legality, Justification, and Minimum Necessity: Data shared with third parties must have a legitimate and justifiable purpose, and the shared data shall be limited to what is necessary to achieve that purpose.
- c. Principle of Safety and Prudence: Dyness will carefully assess the purpose of third parties using shared information, comprehensively evaluate the security capabilities of these partners, and require them to comply with the cooperation legal agreements. Dyness will conduct strict security monitoring on the software development kits (SDKs) and application programming interfaces (APIs) through which partners access information to protect data security.
Regarding the external sharing of energy storage-related data, we comply with the laws of the corresponding jurisdiction based on your location, such as strictly adhering to the restrictions of Japan's JC-STAR, the EU Data Act, and Dutch regulations according to your location.
4.1.2 Shared information for implementing functions or services
- a. Logging in with other third-party accounts: When you use third-party products, with your consent, Dyness will share your name and other information you have authorized with the third-party products you log in to.
- b. After you choose to allow data content to be synchronized to third-party products, Dyness may use SDKs or related technologies to share your data content with providers of these products or services, and may also share your personal information such as your username. In accordance with the EU Data Act and Dutch regulations, the platform provides standardized interfaces and does not set technical barriers to restrict data synchronization and migration.
- c. Geolocation Services: When you use geolocation-related services, we will share GPS information with location service providers (Google Maps) via SDK or related technologies to return location results to you. GPS information is sensitive information. Refusing to provide it will only affect the geolocation service function, but will not affect the normal use of other functions.
4.1.3 Implement advertising-related shared information
- a. Advertising Push: Dyness may share information with partners who have commissioned Dyness for promotion and advertising, but Dyness will not share information used to identify your personal identity (name, ID number). Instead, it will only provide these partners with indirect portrait labels that cannot identify your personal identity, de-identified device information, or anonymized information to help them improve the effective reach of advertising without identifying your personal identity.
- b. Advertising Statistics: Dyness may share anonymized device information or statistical information with business service providers, suppliers, and other partners. This information is difficult to associate with your personal identity information, and it will help Dyness analyze and measure the effectiveness of advertising and related services.
4.1.4 Implement shared information for security and analytics statistics
- a. Ensuring Usage Safety: Dyness attaches great importance to account and service security. To safeguard your account and property security and protect the legitimate rights and interests of you and Dyness from illegal infringement, Dyness and its affiliates or service providers may share necessary device, account, and log information.
- b. Analyze product usage: To analyze the usage of Dyness services and enhance your user experience, de-identified data on product usage (such as crashes, sudden exits, usage duration, etc.) may be shared with affiliated parties or third parties. This data is difficult to combine with other information to identify your personal identity.
4.1.5 Assist you in participating in marketing promotion activities
When you choose to participate in marketing activities organized by Dyness, its affiliates, or third parties, you may be required to provide your name, mailing address, contact information, and bank account information. These are personal sensitive information. Refusing to provide such information may affect your participation in relevant activities, but will not affect other functions. Dyness will only share this information with affiliates or third parties with your consent, to ensure you receive consistent services in joint activities or to authorize third parties to promptly redeem rewards for you.
4.2 Transfer
- a. Except as otherwise provided in this <Dyness Privacy Policy>, Dyness will not transfer your personal information to any other third party unless it has obtained your explicit consent.
- b. As Dyness's business continues to develop, Dyness may conduct mergers, acquisitions, or asset transfers, and your personal information may be transferred as a result. In the event of the aforementioned changes, Dyness will require the successor to protect your personal information in accordance with laws and regulations and at a security standard no lower than that specified in this Privacy Policy; otherwise, Dyness will require the successor to obtain your authorization and consent again.
4.3 Public Display
- a. Dyness will not publicly disclose your personal information, unless required by national laws and regulations or with your consent. When Dyness publicly discloses your personal information, it will adopt security protection measures that comply with industry standards.
- b. When issuing penalty announcements for violating accounts and fraudulent activities, Dyness will disclose information about the relevant accounts.
- c. After you authorize third-party features or services, your personal information such as your name may be displayed to others in the relevant features.
- d. Files you publicly upload will be displayed on the Dyness platform.
4.4 Personal information that is legally exempted from obtaining consent for sharing, transfer, and public disclosure
Please understand that in the following circumstances, in accordance with laws, regulations, and national standards, Dyness may share, transfer, or publicly disclose your personal information without obtaining your prior authorization and consent:
- a. Directly related to national security or national defense security;
- b. Directly related to public safety, public health, or major public interests;
- c. Directly related to criminal investigation, prosecution, trial, and execution of judgment, etc.;
- d. When it is necessary to protect your or other individuals' major legitimate rights and interests such as life and property, but it is difficult to obtain the individual's consent;
- e. Personal information that you voluntarily disclose to the general public;
- f. When collecting personal information from legally publicly disclosed information, such as through channels like legitimate news reports and government information disclosure.
5. Complete Management Rules for Cookies and Similar Technologies
This section fully explains the types of Cookie usage, pop-up window mechanism, authorization management, and retention period of the platform. This platform does not have an independent Cookie policy, and all rules are subject to the content of this chapter.
5.1 What is a Cookie?
Cookies are small text files stored locally on your phone or computer by the platform, used to identify devices, record session status, and optimize browsing experience. We strictly distinguish between necessary functional cookies and non-necessary cookies (Data Analysis/Marketing), and the Netherlands strictly prohibits pre-checking non-necessary cookies by default.
5.2 Cookie Classification, Purpose, and Storage Period
5.2.1 Necessary Functional Cookies (cannot be turned off without user consent)
- 1. Session Login Cookie: Maintains the account login status and performs permission verification; cleared after closing the browser or logging out (session-level cookie); in the APP environment, clearing is triggered by session timeout or active logout.
- 2. Basic Settings Cookie: Saves preferences for language, time zone, and interface layout; stored for up to 12 months; Function: Ensures the normal operation of core functions such as platform device monitoring and account login, and does not collect behavioral data for statistics or advertising.
5.2.2 Data Analysis Cookies (must be enabled only after the user actively checks and agrees)
Purpose: To count page access frequency, function clicks, and APP crash logs, solely for optimizing product features and not for generating user profiles;
Retention Period: 12 months;
In the case of non - consent: The platform does not collect any statistical data on access behavior.
5.2.3 Marketing and Advertising Cookies (individually ticked for authorization, can be independently disabled)
Purpose: To push product information and after-sales activity notifications in the energy storage industry, without sharing user behavior with third-party advertisers;
Retention Period: 6 months;
When not consented: Stop all personalized marketing push.
5.3 Unified Management of Cookies and Similar Technologies
When you first visit our website or use our application, a compliance Cookie banner will pop up. For non-essential cookies (such as those for analysis and marketing), we will only enable them after you actively check and consent. You can modify or revoke all non-essential cookie authorizations at any time through the "Cookie Preference Center" at the bottom of the website. Refusing non-essential cookies will not affect the core device monitoring functionality of the website.
5.4 Basic Purpose of Using Cookies
Security Assurance: Authenticate login sessions to prevent account theft;
Function optimization: Eliminate the need to repeatedly fill in information and improve page loading speed.
5.5 Cookie Clearance
You can delete local Cookie files through browser settings. After deletion, the login session will expire, and some personalized settings will be reset.
6. Information that Dyness may send to you
6.1 Information Push
When you use Dyness's products and services, Dyness may send you warnings or other information through channels such as email, SMS, and App. You can apply to relevant authorized personnel to turn off information sending.
6.2 Announcements Related to Products and Services
Announcements regarding system maintenance, feature upgrades, and compliance clause updates are not advertisements, and you cannot opt out of receiving them.
7 Your complete data subject rights
Depending on the jurisdiction to which you belong, you have the rights granted to you by the laws of that jurisdiction. For example, if you are a user in the EU, you have the rights granted to you by the GDPR and the EU Data Act:
- 1. Right of Access: Obtain a copy of all your personal information stored on the platform;
- 2. Right of Correction: Correct inaccurate or incomplete account and device-related information;
- 3. Right to Erasure (Right to be Forgotten): When the service is cancelled, consent is withdrawn, or there is no legal basis for data processing, the individual may apply for the complete deletion of personal data, subject to applicable legal data retention obligations (such as financial and audit compliance requirements);
- 4. Right to restrict processing: When there are doubts about the accuracy of data or disputes regarding data processing activities, apply for temporary suspension of data processing;
- 5. Data portability right: Export all data in standardized machine-readable formats such as CSV/JSON/XML, or authorize migration to a third-party service provider. For detailed rules, refer to Chapter 4 of the <Dyness Service Agreement>;
- 6. Right of Objection: Object to data processing for legitimate interests and direct marketing purposes;
- 7. Right to withdraw consent: Withdraw previous authorization for location, marketing, and Cookie analysis at any time, without affecting legal processing prior to withdrawal;
- 8. Right to lodge a complaint: You may submit a complaint to the data protection supervisory authority in your jurisdiction (EU users may contact their local DPA).
Rules for the Exercise of Rights
- 1. Application Channel: Customer Service Email sales@dyness-tech.com
- 2. Response Time Limit: Regular applications will be responded to within 30 days; complex batch applications may be extended up to 3 months at most and notified in advance; data migration applications will be responded to within 7 working days;
- 3. Fee Rules: Normal applications are free; in cases of baseless, repeated, or excessive applications, we reserve the right to charge reasonable administrative costs or reject the application;
- 4. Identity verification: When submitting an application, materials such as the account-bound email and enterprise qualifications need to be provided to complete identity verification, ensuring data security.
Retention Period and Determination Criteria for 8-Segment Categorical Data
The data storage period is determined by the dual criteria of "business continuation + statutory minimum retention requirement", and upon expiration, it will be automatically anonymized or completely deleted:
- 1. Account principal information (name, email, enterprise qualification): Continuously stored during the effective period of the service; after the account is cancelled, EU user data will be retained for 12 months (for auditing and after-sales traceability), and anonymized upon expiration;
- 2. Device operation, charge and discharge monitoring data: uniformly retained for 3 years, and batch deleted upon expiration;
- 3. Login, operation, and security audit logs: Retained for 5 years, meeting the EU regulatory audit compliance requirements;
- 4. Marketing user tags and push records: Immediately deleted after the user withdraws marketing consent;
- 5. Cookie-related local records: Retained in accordance with the period specified in Item 5 of this Policy;
- 6. Judicial and compliance retained data: Extend the retention period in accordance with regulatory requirements.
9. How does Dyness protect your personal information?
9.1 Security Technical Measures
We use various security protection measures within a reasonable security level, including encryption technologies (SSL/TLS, AES-256 encryption with keys periodically rotated and stored in a hierarchical manner), anonymization, hierarchical access control, firewalls, etc., to prevent unauthorized access, tampering, and loss of data. EU user data is stored by default on servers within the EU.
9.2 Employee Management and Training
We regularly conduct information security training for employees and sign non-disclosure agreements with employees involved in personal information processing. Only employees who are authorized through a hierarchical system and whose work requires access can access user data.
9.3 Response to Personal Information Leakage
Once a security incident occurs or is suspected to occur, such as the leakage, loss, or tampering of personal information, we will:
- Immediately initiate the internal emergency response plan and take measures to control the damage;
- Report to regulators by region and within the specified time limit: The EU GDPR requires notification to regulators within 72 hours; when a data breach may pose a high risk to the rights and freedoms of data subjects, affected users shall also be notified; Japan requires immediate reporting to the PPC upon confirmation of a breach and submission of a final report within 30-60 days; China requires reporting in accordance with the requirements of the Personal Information Protection Law;
- Inform users of the fact of the leak, risks, and self-help solutions through email, APP push notifications, and official website announcements;
- Fully cooperate with regulatory investigations and complete rectifications throughout the process.
9.4 Liability Waiver
Despite the measures we have taken, the Internet environment is not 100% secure. In the following situations, we shall not be liable (except as otherwise provided by laws and regulations):
- Leakage caused by force majeure such as hacker attacks, computer virus intrusions, government regulations, etc.;
- Data breaches resulting from your voluntary navigation to third-party websites or use of third-party services;
- Information leakage caused entirely by improper management of your own account.
10. Regional Supplementary Notes
We hereby remind you that you can refer to the following information to understand the laws and rights applicable to your jurisdiction:
10.1 Japanese residents
- Governing Law: Japan's Act on the Protection of Personal Information (APPI) and its related guidelines.
- Regulatory Authority: Personal Information Protection Commission (PPC), Address: 3-1-1 Kasumigaseki, Chiyoda-ku, Tokyo 100-0013, Japan, Tel: +81-3-6457-9680.
- Special rights: right to cease utilization, right to cease providing to third parties.
- Cross-border transfer: Transferring personal information overseas requires obtaining your written consent or explicit consent through platform selection, and disclosing the security protection measures of the receiving country.
- Juvenile: Those under 16 years of age require guardian consent.
- Complaint Channel: Complaints can be directly submitted to PPC.
APPI is currently under revision, and the final compliance requirements shall be subject to the version after the formal entry into force of the amendment.
10.2 EU/Dutch Residents (GDPR + EU Data Act + Dutch Electronic Communications Act)
- Governing Law: GDPR, UK GDPR, EU Data Act (Regulation (EU) 2023/2854, OJ L, 2023/2854, 22.12.2023), Dutch Cookie-related Regulations.
- Legal basis: performance of contract, user consent, legal obligation, legitimate interest.
- Regulatory authorities: Complaints can be filed with the Dutch local data protection authority or the DPA of the member state where the complainant is located.
- Data Storage: Data is stored on EU servers by default, encrypted with AES-256 throughout the process. For details on measures to prevent illegal retrieval by foreign governments, please refer to Chapter 4 of the <Dyness Service Agreement>.
- Cookie Restrictions: Strictly adhere to local Dutch regulations. The Cookie banner prohibits pre - checking non - essential cookies. For the full rules, please refer to Chapter 4 of this policy.
10.3 US Residents (if applicable)
- Governing Law: Privacy Acts such as CCPA/CPRA in each state;
- Legal rights: Right to be informed, Right to deletion, Right to opt out of data sharing/sale.
10.4 Chinese Residents
- Governing Law: Personal Information Protection Law of the People's Republic of China;
- Special rights: the right to request our written explanation of data processing rules;
- Cross-border transfer: The cross-border transfer of personal information strictly adheres to compliance paths such as security assessments and standard contracts.
11. Scope of Application of this <Dyness Privacy Policy>
This "Dyness Privacy Policy" is a globally applicable document that applies to the Dyness platform and related services, and has been adapted to Japan's JC-STAR, EU data regulations, and relevant Dutch regulations; this policy does not apply to products or services provided by other companies or individuals. If you use third-party products or services, you will be subject to the third party's privacy policy rather than this "Dyness Privacy Policy", and you need to carefully read its policy content.
When this policy conflicts with the content of the <Dyness Service Agreement>, the Japanese JC-STAR, EU Data Act, Dutch and other regional mandatory laws and regulations shall prevail.
12. How this <Dyness Privacy Policy> is updated
As Dyness expands its service scope, Dyness may update the terms of this "Dyness Privacy Policy" as appropriate. If the updated "Dyness Privacy Policy" results in a substantial change to your rights, Dyness will notify all users through prominent website locations, pop-up windows, emails, etc. before the update. When there are significant changes to server location, cross-border rules, or security measures, we will issue an update notice 7 days in advance; if the changes involve new cross-border scenarios or changes to the storage location, we will re-obtain user consent. Regardless of the method, you may choose to terminate using Dyness's services. If you continue to use Dyness's services, it means you consent to and accept the updated <Dyness Privacy Policy>.
The updated <Dyness Privacy Policy> will take effect as of the update date and supersede the previous <Dyness Privacy Policy>.
13. Contact Us
- 1. Global Customer Service Email: sales@dyness-tech.com
- 2. Customer Service Hotline: +86 400 666 0655
- 3. Work Address: 7th and 8th Floors, Building 3, No. 58 Nanhu Road, Chengnan Sub-district, Wuzhong District, Suzhou City, Jiangsu Province
Daqin Digital Energy Technology Joint Stock Company