PRIVACY POLICY

SOLARGIS Americas Inc.

This Solargis Privacy Policy (hereinafter as “Privacy Policy”) is a part of General Service Terms (“GST”). Expressions used in Capital letters, unless expressly defined herein, have the meaning attributed in the GST.

The privacy of our customers is important to us. We are committed to protecting and safeguarding any personal data you give us. This Privacy Policy describes how we use and process your personal data and what are your rights and possibilities with respect to such processing. You will also find here information on how you can contact us if you have any questions about your personal data.

1. Scope and Applicable Entity

In this Privacy Policy, the applicable entity is: Solargis Americas Inc. (Canada) governed by PIPEDA/CASL.

Because Solargis s.r.o. (Slovakia) being the owner of IP rights and the technological infrastructure for all Services within the Solargis Group, certain provisions of the GDPR (as defined below) are outlined in this policy. These apply whenever Solargis s.r.o. processes data or where GDPR standards are required for cross-border data transfers within the Group.

2. Applicable Laws

For the purposes of this Privacy Policy, the following abbreviations refer to the specific data protection and electronic communication laws applicable to our operations:

PIPEDA (Personal Information Protection and Electronic Documents Act): The federal privacy law for private-sector organizations in Canada. Where applicable, substantially similar provincial private-sector privacy laws, including privacy laws in Alberta, British Columbia and Quebec, may also apply. These laws set out the ground rules for how businesses must handle personal information in the course of commercial activity and apply to operations under Solargis Americas Inc.

CASL (Canada’s Anti-Spam Legislation): The law that sets rules for the sending of commercial electronic messages in Canada.

GDPR: Refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

3. Personal Data

We receive and store information that you voluntarily provide when using our Websites and Services. Despite the fact that our Services are operated on B2B basis and can be purchased exclusively by entrepreneurs, professionals, governmental institutions, agencies and other institutions, it may happen that you may provide us also with some of your personal information including your name, email address, working position, telephone number or other basic contact information (e.g. when you establish Customer Account or User registration at our Websites or when you postulate for job openings, as the case may be). You may also happen to provide personal information to us when you voluntarily communicate with us, such as when you request information through our contact form, or when you register for our newsletter.

To summarize, we may process the following categories of information:

• Identification data (name, company name)
• Contact details (email address, telephone number, address)
• Professional information (job title, company affiliation
• Account data (login credentials, account preferences)
• Communication data (messages sent through contact forms or email)
• Technical data (IP address, browser type, device information, cookies).

You should ensure that all personal data submitted to us is complete, accurate, true and correct. Failure on your part to do so may result in our inability to provide you with the Services you have requested, or to process any requests and applications you may have made to us.

If you provide us with any personal data relating to a third party (e.g. information of your employees, colleagues or authorised representatives), by submitting such information to us, you represent and warrant that you have obtained the consent of such third party to provide us with their personal data for the respective purposes set out in this Privacy Policy.

The Websites may provide links to linked sites whose data protection and privacy practices may differ from those set forth here. We are not responsible for the content and privacy practices of these other websites and you agree to review and abide by the data protection and privacy notices of those sites.

4. Purpose of Processing and Legal Basis

i) Legal Bases for Processing Information in Canada

For interactions with Solargis Americas Inc., we collect, use and disclose personal information with consent or as otherwise permitted or required by applicable Canadian privacy laws, and only for purposes that a reasonable person would consider appropriate in the circumstances. Consent may be express or implied, depending on the sensitivity of the information, the context and reasonable expectations.

Use of Personal Information: We may use personal information for the purposes described in this Privacy Policy, including to administer accounts, provide the Websites and Services, process Orders and payments, provide support, secure and improve the Websites and Services, comply with applicable laws, manage recruitment, and send marketing communications.

Consent: You may withdraw your consent to our collection, use or disclosure of your personal information at any time by contacting us, subject to legal or contractual restrictions and reasonable notice, but doing so may affect our ability to provide certain Websites, Services or communications.

Marketing Communications in Canada: We send commercial electronic messages to Canadian recipients only with consent or as otherwise permitted by CASL. Messages will identify Solargis, include contact information and an unsubscribed mechanism, and unsubscribe requests will be processed within the legally required period.

ii) Legal Bases for Processing Information under GDRP

For interactions with Solargis s.r.o. (Slovakia, Europe), we process your personal data only when we have a valid legal basis under the General Data Protection Regulation (GDPR), as set forth below:

Contractual Necessity: We process your information where it is necessary to enter into or perform a contract with you. This includes providing our Services, responding to your inquiries prior to a purchase, and fulfilling our obligations under a contract of sale.

Consent: If you have given us clear consent to process your personal data for a specific purpose, such as receiving newsletter or the use of non-essential cookies then we process your data based on the consent. You may withdraw this consent at any time.

Compliance with a Legal Obligation: We process your information when it is necessary for compliance with a legal obligation to which we are subject, such as tax, accounting, or anti-money laundering requirements.

Legitimate Interests: We process your information when it is necessary for our legitimate interests (or those of a third party), provided these interests are not overridden by your rights and interests. This includes product development, internal analytics, user-experience analytics, internal administrative and ensuring the safety and security of our Services.

5. Cookies and Similar Technologies

We use common website management technologies called cookies and similar technologies, which have different functions. A cookie is a small data file, which often includes a unique but non-identifying code that is sent to your browser from a website's computers and stored on your computer's hard drive. Cookies allow you to be recognized as the same user across the pages of a website. Cookies also allow your choices to be remembered – choices such as the language you prefer, the currency you use and your search criteria.

We work with third-party companies authorized to place third-party cookies to help us compile anonymous site metrics and analytics. You may find more detailed information and manage cookies through our Websites cookies setting banner or through your browser settings.

Legal Basis for Cookies:

• Canada: We use strictly necessary cookies and similar technologies to operate the Websites and other cookies or similar technologies with consent or as otherwise permitted by applicable law. You may manage cookie preferences through the Websites’ cookie settings tool, where available, or your browser settings.
• Slovakia/GDPR: We ask for your consent with cookies use, unless cookies are necessary for proper operation of our Websites (essential cookies), in which case it is a legitimate interest for their use. The legal basis for non-essential cookies is your consent pursuant to Article 6 (1) a) GDPR and the Act on Electronic Communications. You may withdraw or modify your cookie consent at any time through the cookie settings tool available on our website.

6. Retention of Your Personal Data

We will only retain your personal data for as long as is necessary for the purposes described in this Privacy Policy. Retention periods vary:

Canada:

• For Canada, the retention periods above are subject to applicable Canadian laws, including any required deletion, anonymization and breach-record retention obligations.

GDPR:

• Contract-related data: Retained for the duration of the contract and 5 years after termination (legal/accounting/tax requirements) and 4 years for the purpose of legal claims.
• Cookies: Retained usually for session duration (i.e. for as long as you use our Websites) unless the cookie settings state otherwise.
• Consent-based data: Retained until consent is withdrawn.

7. Share and Transfer of Personal Data

We will never sell any of your personal data to a third party. We share personal data only to the extent necessary and may disclose your personal data to the following categories of recipients: (a) Solargis Group entities; (b) agents, contractors or third-party service providers who provide operational services to Solargis, such as for payment processing, email delivery, IT infrastructure, customer communication, analytics, storage, archival or other services required for the operation of our business, including but not limited to, Adyen, or Zoho and similar providers with whom we are in a contractual relationship; (c) vendors or any third-party business partners who offer goods and services in conjunction with us; (d) any business partner, investor, assignee or transferee (actual or prospective) to facilitate business asset transactions (which may extend to any merger, acquisition or asset sale); (e) our professional advisors such as our auditors and lawyers; (f) relevant government regulators, authorities or law enforcement agencies to comply with any applicable laws, regulations, codes of practice or guidelines, or to assist in law enforcement and investigations by relevant authorities; and (g) any other party to whom you authorise us to disclose your personal data. These entities act as data processors or, where applicable, independent data controllers and process personal data in accordance with applicable data protection laws and our contractual agreements.

Intra-Group Transfers: Solargis Group operates through several companies identified in these GST. As a result, there may be an occasion when we exceptionally share personal data within the Solargis Group where necessary, including the following instances:

• For internal administrative purposes,
• To meet customer needs/demand where we provide commercial services through various offices and locations,
• To meet our obligations with respect to reporting,
• Where our support functions are provided by other companies within the Solargis Group.

Where personal information is shared within the Solargis Group, it is permitted on a limited basis and on a “need to know” basis, by adhering to all applicable regulatory legal requirements and under these conditions:

We use appropriate safeguards designed to provide a comparable level of protection under applicable Canadian privacy laws (including PIPEDA, as applicable). Where required by applicable Canadian privacy laws, we assess and provide notice of cross-border processing or storage of personal information.

With respect to GDPR, transfers are based on appropriate safeguards, such as an adequacy decision or standard contractual clauses (Chapter V GDPR).

8. Security of Your Personal Data

We take the security of your personal data very seriously. We use appropriate procedures to protect and safeguard the personal data you give us. We have put in place security systems designed to prevent unauthorized disclosure of information you provide to us. These systems are structured to deter and prevent from accessing this information. The measures include technical and organizational safeguards such as access control, encryption where appropriate, secure data storage, and internal confidentiality obligations. We respond to security incidents in accordance with applicable law, including any required notification and recordkeeping.

9. Your Rights

1. Rights under Canadian Privacy Laws (Canada / Americas)

In addition to the principles above, and subject to applicable Canadian privacy laws, users in Canada have:

• The right to be informed of the existence, use and disclosure of your personal information, to be given access to that information, and to challenge its accuracy and completeness and have it amended as appropriate; and
• The right to withdraw consent to our collection, use, and or disclosure of your personal information at any time by contacting us, subject to legal or contractual restrictions and reasonable notice, and to challenge our compliance with applicable Canadian privacy laws.

We will respond to written access requests from Canadian users within 30 days, in accordance with applicable laws.

1. Rights under GDPR

In connection with the processing of your personal data, you have the rights of a data subject, namely:

• The right to access your personal data (providing a copy of your personal data) and the right to information on the terms of processing of personal data;
• The right to request rectification and completion of your inaccurate or incomplete personal data;
• The right to erasure your personal data in certain situations where there is no good reason for us to continue to process it;
• The right to restrict the processing of your personal data in certain circumstances;
• The right to object to processing of your personal data for direct marketing purposes;
• The right to object to our processing of your personal data if your personal data are processed on a legal basis of a public interest or a legitimate interest or if the profiling is based on the public interest or a legitimate interest;
• The right to transfer the personal data to you or another service provider in a simple, structured format provided the processing is based on contract or consent and data are processed by automated means;
• The right to withdraw consent; and
• The right not to be subject to automated individual decision-making, including profiling.

We do not carry out automated individual decision-making, including profiling, within the meaning of Article 22 GDPR. We will respond to requests concerning your rights without undue delay and at the latest within one month of receiving the request, in accordance with applicable laws.

10. Contact Details and Complaints

To exercise the rights described above, please send an email to legal@solargis.com. In addition, you have the right to file a complaint to the respective supervisory authority:

Canada: Office of the Privacy Commissioner of Canada (https://www.priv.gc.ca).

Slovakia: Personal Data Protection Office of the Slovak Republic https://dataprotection.gov.sk/uoou/en/

Contact details of the controllers:

Solargis Americas Inc., 150 King St. W, Toronto, ON M5H 1J9, Canada

Solargis s.r.o., Bottova 2A, 811 09 Bratislava, Slovakia

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time if required by an amendment of the applicable law. Please regularly check this policy to ensure you are aware of the most updated version. We will provide notice and obtain consent for material changes to our privacy practices where required by applicable law.

***

CONTACT

Service provider:

Solargis Americas Inc.

150 King St. W, Suite # 200, Toronto, ON M5H 1J9 Canada

tel.: +1 647 657 7847, email: store@solargis.com

Provincially incorporated in Ontario, Corporation No.: 002827088, Business number: 76904 3266

This Privacy Policy is effective from 9 July 2026

Revision0

The valid version of Privacy Policy is always available at: solargis.com/legal