Legal

GDPR & Data Protection

Updated 11 February 2026

Sunfield Dnipro LLC is committed to protecting the personal data of everyone who interacts with our business. This page provides detailed information about how we process personal data in compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), the Ukrainian Law on Personal Data Protection, and other applicable data protection legislation.

While Sunfield Dnipro is based in Ukraine and subject to Ukrainian law, we respect GDPR principles because our website may be accessed by individuals in the European Economic Area (EEA), and we believe strong data protection standards are in the interest of everyone we serve.

1. Data controller

The data controller responsible for your personal data is:

For data protection enquiries, you may contact us at the email address above. We aim to respond to all data protection requests within 30 days.

2. Lawful bases for processing

Under GDPR Article 6, we rely on the following lawful bases:

2.1 Consent (Article 6(1)(a))

We rely on your consent when you submit our website contact form. You signify consent by ticking the required checkbox before sending your message. Consent is specific, informed, freely given and unambiguous. You may withdraw your consent at any time by contacting us at info@sunfielddnipro.com — withdrawal does not affect the lawfulness of processing before withdrawal.

2.2 Legitimate interests (Article 6(1)(f))

We process certain technical data (server logs, anonymised analytics) on the basis of our legitimate interest in understanding how our website is used and in maintaining its security. We have assessed that this interest is not overridden by your fundamental rights and freedoms, particularly given that this data is aggregated and anonymised wherever possible.

2.3 Contract performance (Article 6(1)(b))

Where you have entered into a service agreement with us, we process the personal data necessary to fulfil that contract — for example, your contact details, property address and energy consumption data required to design and install your system.

2.4 Legal obligation (Article 6(1)(c))

We process personal data where required to comply with applicable Ukrainian law, including tax, accounting and regulatory obligations.

3. Your data subject rights

Under GDPR and Ukrainian data protection law, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us in writing at info@sunfielddnipro.com. We will respond within 30 days and will not charge a fee unless a request is manifestly unfounded or excessive.

3.1 Right of access (Article 15)

You have the right to receive a copy of the personal data we hold about you, together with information about how and why we process it, who we share it with, how long we retain it, and information about your other rights.

3.2 Right to rectification (Article 16)

If the personal data we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it without undue delay.

3.3 Right to erasure — "right to be forgotten" (Article 17)

You have the right to request deletion of your personal data where:

  • The data is no longer necessary for the purpose for which it was collected.
  • You withdraw consent and there is no other lawful basis for processing.
  • You object to processing and there are no overriding legitimate grounds.
  • The data has been unlawfully processed.
  • Erasure is required to comply with a legal obligation.

This right is not absolute — we may be required to retain certain data under Ukrainian law (for example, for accounting purposes).

3.4 Right to restriction of processing (Article 18)

You have the right to request that we restrict our processing of your personal data in certain circumstances — for example, while accuracy is contested, while an objection is being assessed, or where the processing is unlawful but you prefer restriction to erasure.

3.5 Right to data portability (Article 20)

Where we process your data by automated means on the basis of your consent or a contract, you have the right to receive a copy of that data in a structured, commonly used and machine-readable format (such as CSV or JSON), and to transmit it to another data controller.

3.6 Right to object (Article 21)

You have the right to object at any time to the processing of your personal data where we rely on legitimate interests as our lawful basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or where processing is necessary for the establishment, exercise or defence of legal claims.

3.7 Right to withdraw consent (Article 7(3))

Where processing is based on your consent, you may withdraw that consent at any time. To withdraw consent, please email us at info@sunfielddnipro.com. Withdrawal does not make any prior processing unlawful.

3.8 Rights related to automated decision-making (Article 22)

We do not carry out any automated decision-making or profiling that produces legal or similarly significant effects on you.

4. How to exercise your rights

To exercise any of the rights listed above, please send a written request to info@sunfielddnipro.com with the subject line "Data Subject Request — [Right Name]". Please include sufficient information to allow us to identify you and locate the relevant data. We may ask for reasonable verification of your identity before fulfilling the request. We will respond within 30 calendar days; if your request is complex, we may extend this by a further 60 days and will notify you accordingly.

5. Data transfers outside Ukraine

Our primary data processing activities take place within Ukraine. Where we use service providers located in the EEA, data is transferred under appropriate legal safeguards. Where any transfer to a country without an adequacy decision is unavoidable, we rely on standard contractual clauses or other appropriate safeguards recognised under GDPR Article 46.

6. Data retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Contact enquiry data: up to 36 months from the date of the enquiry, unless a service agreement results from it.
  • Service contract data: for the duration of the contract and up to 7 years thereafter, as required by Ukrainian accounting and tax law.
  • Technical log data: typically up to 12 months on a rolling basis.
  • Anonymised analytics data: retained indefinitely as it cannot be used to identify individuals.

7. Data security

We implement appropriate technical and organisational measures to protect personal data, including HTTPS encryption for all website data transfers, restricted internal access to personal data, and regular security reviews. In the event of a personal data breach that is likely to result in a risk to individuals' rights and freedoms, we will notify the relevant supervisory authority and, where required, affected individuals in accordance with applicable law.

8. Supervisory authority

If you are located in Ukraine and are not satisfied with our response to a data subject request, you have the right to lodge a complaint with the Ukrainian Parliament Commissioner for Human Rights (Уповноважений Верховної Ради України з прав людини), who acts as the supervisory authority for data protection in Ukraine.

If you are located within the EEA, you also have the right to lodge a complaint with the competent data protection supervisory authority in your country of residence or place of work — for example, the Information Commissioner's Office (ICO) in the UK, the CNIL in France, or the applicable authority in your EU member state.

9. Changes to this page

We may update this GDPR & Data Protection page from time to time. The effective date at the top of the page will reflect the most recent revision. We encourage you to review it periodically. Material changes will be highlighted where possible.

10. Contact us

For any data protection enquiry, to exercise a right, or to raise a concern, please contact: