“Trina Solar” refers to Trina Solar Co., Ltd. (hereinafter referred to as “we”/ “us”/ “our”). We highly value your trust and deeply understand the importance of your personal information. We are committed to protecting the security of your personal information in accordance with applicable laws and regulations. Through this Privacy Policy, we would like to explain to you how we will collect, use, store and share such information when you use our services and the way we provide you with access, update, control and protection of such information.

Please read this Privacy Policy thoroughly before using our relevant product or service to understand our practices regarding the protection of your personal information.

This Privacy Policy helps you understand the following:

I. How we collect and use your personal information
II. Purpose and legal basis for processing personal information
III. How we store your personal information
IV. How we entrust the processing, sharing, transfer and public disclosure of your personal information
V. How we protect your personal information
VI. Your rights
VII. How we use cookies and similar technologies
VIII. How we handle the personal information of minors
IX. Third-party service providers and their services
X. How your personal information is transferred globally
XI. How to contact us

I. How we collect and use your personal information

Personal information refers to all kinds of information recorded electronically or by other means relating to an identified or identifiable natural person, excluding information that has been anonymized.
We may collect your personal information directly or indirectly when you use our website or interact with us. In accordance with legal and regulatory requirements, we follow the principles of legality, legitimacy, necessity, and good faith. We only collect the personal information that is necessary to perform our services and will use the collected information solely for the purposes we clearly state.

We may collect the following types of personal data:

(i) Personal Data You Provide:
(a) When you inquire about our products or services via the “Contact Us” form, we collect account information such as your name, work email, mobile number, identity, company name, and job title.
(b) When you request to download product manuals or other relevant documents, we collect your name, work email, and company name.
(c) When you use the after-sales services provided through our “Trina Solar Customer Service Portal,” we collect information such as your country, city, address, company name, phone number, email, fax, tax ID, product information, and fault description. This information is used for account creation, providing after-sales services, and other purposes. For details, please refer to the Trina Solar Customer Service Portal Privacy Policy .
(d) When you subscribe to our email newsletters, we collect information such as your country and email address.
(e) When you apply for a position with us, you may need to create an account on the third-party platform LinkedIn and upload your resume. We will receive your basic information, contact details, resume information, and other relevant data from LinkedIn. For specific details regarding the collection and processing of personal information, please refer to LinkedIn's Privacy Policy.
(ii) Personal Data We Receive from Your Use of the Services:
(a) Cookies and Similar Technologies: We use cookies and similar technologies to operate and administer our services, and improve your experience. If you use our services without creating an account, we may store some of the information described in this Privacy Policy with cookies, for example to help maintain your preferences across browsing sessions. For details about our use of cookies, please refer to “VII. How we use cookies and similar technologies of this Privacy Policy.

II. Purpose and legal basis for processing personal information

(i) We process your personal information for specific purposes and only in connection with the fulfillment of that purpose. Depending on our relationship with you and the products and services we offer, we may use your personal information for the following purposes:
(a) To provide you with products and services;
(b) meet your individual needs;
(c) inviting you to participate in surveys about our services;
(d) To provide you with a better user experience and improve our services;
(e) Other uses with your consent.

(ii) In accordance with relevant laws and regulations, we may collect and use necessary personal information without obtaining your authorized consent in the following cases:
(a) Necessary for the conclusion and performance of a contract at your request;
(b) Necessary for the fulfillment of statutory duties or legal obligations;
(c) Necessary for the legitimate interests of Trinasolar or a third party. Legitimate interests include enabling us to more effectively manage and operate our business and provide our products and services; protecting the security of our businesses, systems, products, services, and customers; internal management; complying with internal policies and processes; and other legitimate interests described in this Privacy Policy;
(d) Necessary to respond to a public health emergency, or to protect the life, health and property of natural persons in the event of an emergency;
(e) To process personal information within a reasonable scope in order to perform acts of news reporting, public opinion monitoring, etc. in the public interest;
(f) Processing personal information that you have disclosed on your own, or other personal information that has been lawfully disclosed, within a reasonable scope;
(g) Other cases stipulated by laws and administrative regulations.

III. How we store your personal information

The retention period for the personal information we collect is the minimum period necessary to fulfill the purposes for which it was collected as described in this Privacy Policy, unless a longer retention period is required by law and regulation. After the above retention period, we will delete or anonymize your personal information.

When we stop operating some or all of our services due to special reasons, we will promptly notify you and stop the collection and processing of personal information of the relevant services, and delete the personal information we hold in connection with such products or services.

We determine the necessary storage period of personal information based on the following criteria: (a) maintain corresponding transaction and business records to respond to your inquiries or complaints; (b) ensure the safety and quality of our services to you; (c) whether you agree to a longer retention period.

IV. How we entrust the processing, sharing, transfer and public disclosure of your personal information

(i) Entrusted Processing
Some specific modules or functions of our business functions are provided by external providers. For example, we may engage service providers to assist us with customer support. Companies, organizations and individuals with whom we have entrusted the processing of personal information will be subject to strict confidentiality agreements requiring them to handle personal information in accordance with our requirements and any other relevant confidentiality and security measures.
(ii) Sharing
We will not share your personal information with companies, organizations, and individuals outside of Trina Solar, except in the following cases: (a) Sharing with explicit consent: We will share your personal information with other parties after obtaining your explicit consent.
(b) Sharing under legal circumstances: We may share your personal information in accordance with the provisions of laws and regulations, the need for litigation dispute resolution, or at the request of administrative or judicial authorities in accordance with the law.
(c) Sharing with Affiliated Companies: Your personal information may be shared with Trina Solar's affiliated companies. We will only share necessary personal information, and such sharing shall be subject to the purposes stated in this Privacy Policy.

“Affiliated” refers to any company, legal entity, or legal successor thereof that is now or in the future controlled by, under the control of, or under common control with a party.

(d) Sharing with Authorized Partners: Some of our services will be provided by us and authorized partners only for the purposes stated in this Privacy Policy. We may share some of your personal information with our partners to provide better customer service and user experience. For example, to arrange for a partner to provide a service. We will only share your personal information for purposes that are lawful, legitimate, necessary, specific, and unambiguous, and will only share personal information that is necessary to provide the service. Our partners are not authorized to use the personal information they share for purposes unrelated to their products or services.

Currently, our authorized partners include the following types: • Marketing promotion. We will provide your contact information to certain third-party marketing service providers to send you information, promotions and other commercial information. For companies, organizations and individuals with whom we share personal information, we enter into strict data protection agreements with them, requiring them to handle personal information in accordance with our instructions, this Privacy Policy and any other relevant confidentiality and security measures.
(iii) Transfer
We will not transfer your personal information to any companies, organizations and individuals other than our affiliates, except in the following cases:

(a) Obtaining your explicit authorization or consent in advance;
(b) To fulfill the requirements of laws and regulations, legal procedures or mandatory governmental requirements or judicial rulings;
(c) If we or our affiliates are involved in a transaction such as a merger, demerger, liquidation, acquisition or sale of assets or business, etc., and your personal information may be transferred as part of such transaction, we will ensure the confidentiality of such information at the time of the transfer and require the new company or organization that holds your personal information to continue to be bound by this personal information protection policy, or else we will require that company or organization to Re-solicit authorized consent from you.

(iv) Public disclosure
We will only publicly disclose your personal information in the following circumstances:

(a) With your explicit consent;
(b) Based on laws, regulations, legal proceedings, litigation or mandatory requirements of governmental authorities.
(v) Exceptions
In the following cases, the sharing, transfer, or public disclosure of your personal information does not require your prior authorized consent:

(a) Necessary for the conclusion and performance of a contract at your request;
(b) Necessary for the fulfillment of legal duties or legal obligations;
(c) Necessary for the legitimate interests of Trinasolar or a third party. Legitimate interests include enabling us to more effectively manage and operate our business and provide our products and services; protecting the security of our businesses, systems, products, services, and customers; internal management; complying with internal policies and processes; and other legitimate interests described in this Privacy Policy;
(d) Necessary to respond to a public health emergency, or to protect the life, health and property of natural persons in an emergency;
(e) To process personal information within a reasonable scope in order to perform acts of news reporting, public opinion monitoring, etc. in the public interest;
(f) Processing personal information that you have disclosed on your own, or other personal information that has been lawfully disclosed, within a reasonable scope;
(g) Other cases stipulated by laws and administrative regulations.

V. How we protect the security of your personal information

(i) We have taken reasonable and practicable security measures in line with common industry solutions to protect the security of the personal information you provide and to prevent unauthorized access, public disclosure, use, modification, damage or loss of personal information. For example, the exchange of data between your browser and the server is protected by the SSL (Secure Socket Layer) protocol encryption; we use encryption technology to enhance the security of personal information; we use trusted protection mechanisms to prevent malicious attacks on personal information; we deploy access control mechanisms to make every effort to ensure that personal information is accessed only by authorized personnel; and We will organize security and privacy protection training courses to enhance employees' awareness of the importance of protecting personal information.

(ii) The platform we use has obtained the following certifications: ISO 9001, ISO 20000, and ISO 27001.

(iii) We will take all reasonable and feasible measures to ensure that no irrelevant personal information is collected. We will retain your personal information only for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

(iv) Given that the internet is not an absolutely secure environment, and that email, instant messaging, and other communication methods with users cannot guarantee complete encryption, we strongly advise against sending personal information through such channels. Alternatively, use complex passwords to help us ensure the security of your account.

(v) The Internet environment is not 100% secure and we will endeavor to ensure or warrant the security of any information you send to us. If our physical, technical, or managerial safeguards are breached, resulting in unauthorized access to, public disclosure of, alteration of, or destruction of the information, resulting in damage to your legal rights and interests, we will be held liable.

(vi) In the unfortunate occurrence of personal information security incidents, we will, in accordance with the requirements of laws and regulations, promptly inform you of: the basic situation of the security incident and the possible impact, the measures we have taken or will take to deal with the situation, the suggestions that you can independently prevent and reduce the risk, and the remedial measures for you, etc. We will promptly inform you of the situation related to the incident in a timely manner, and will provide you with the relevant information in a timely manner. We will promptly inform you of the situation related to the incident by email, letter, phone call, push notification, etc. When it is difficult to inform the subject of personal information one by one, we will take a reasonable and effective way to publish the notice.

At the same time, we will also report the disposition of personal information security incidents in accordance with the requirements of the regulatory authorities.

VI. Your rights

Depending on where you live, you may have certain statutory rights in relation to your personal information. For example, you may have the right to:

• Access your personal information and information relating to how it is processed.
• Update or correct your personal information.
• Delete your personal information from our records.
• Transfer your personal information to a third party (right to data portability).
• Restrict how we process your personal information.
• Withdraw your consent—where we rely on consent as the legal basis for processing at any time.
• Object to how we process your personal information.
• Lodge a complaint with your local data protection authority.

You may submit your request by contacting us using the information provided in the “XI. How to contact us” section at the end of this Privacy Policy. For security purposes, you may be required to provide a written request or otherwise prove your identity. We may ask you to verify your identity before processing your request. We will respond within 30 days. If you are not satisfied, you may also initiate a complaint through the “XI. How to contact us” to initiate a complaint. For your reasonable requests, we do not charge fees in principle, but for requests that are repeated many times and exceed reasonable limits, we will charge a certain cost fee as appropriate. We may refuse requests that are unnecessarily repetitive, require excessive technical means (e.g., the development of a new system or a fundamental change in existing practices), pose a risk to the legal rights of others, or are highly impractical.

In the following cases, we will not be able to respond to your request as required by law or regulation:

• related to the fulfillment of the obligations of the controller of personal information under laws and regulations;
• directly related to national security or national defense;
• directly related to public safety, public health, and significant public interests;
• directly related to criminal investigation, prosecution, trial and execution of judgment;
• where the controller of the personal information has sufficient evidence that the subject of the personal information has subjective malice or has abused his/her rights;
• when it is difficult to obtain the consent of the subject of personal information or other individuals for the purpose of safeguarding their lives, property, and other significant legitimate rights and interests;
• When responding to the request of the subject of personal information will result in serious damage to the legitimate rights and interests of the subject of personal information or other individuals or organizations;
• where commercial secrets are involved.

VII. How we use cookies and similar technologies

In order to ensure the proper functioning of the Website, we may store a data file called a cookie on your computer or mobile device, which usually contains a user identifier, the name of the city, and a number of characters. The primary function of a cookie is to facilitate your use of the Website's products and services, as well as to help the Website, for example, count the number of unique visitors to the Website. By using cookie technology, we are able to provide you with a more customized service. We do not use cookies for any purpose other than those stated. You can manage or delete cookies according to your preferences, see aboutcookies.org for more information. You can clear all cookies stored on your computer and most web browsers have a function to block cookies. However, if you do so, you will need to personally change your user settings each time you visit our site, but you may not be able to log in or use services or features provided by Customer Service Portal that rely on cookies because of such changes. You can limit the Group's use of cookies by changing your browser settings. In Chrome, for example, you can change your browser settings by going to “Browser Settings” in the drop-down menu at the top right of Chrome and selecting “[Settings] - [Advanced] - [Clear Browsing Data]”- “Clear your cookies”.

Marketo

On the Website the analysis service Marketo is utilized if you consent to this. Provider of this service is Marketo Inc., 901 Mariner Island Boulevard, Suite 500, San Mateo, CA 94404, USA (“Marketo”). Using Marketo we can provide personalized content and offers on our Website, in newsletters and in other communications with users and customers. For this, Marketo analyzes the interactions of the individual users and customers on our Website, in particular specific products and personalized pages viewed, in order to gain insight into the needs of the users, relevant information for them, as well as appealing designs and communication. In order to analyze the user interactions on the Website, Marketo sets cookies that are stored for a maximum of two years. Marketo processes these cookies and information on your Website visit, such as products viewed throughout your various visits to the Website and contact and registration forms used. The data may also be processed on servers of Marketo in the United States of America.

We use Marketo as described if you agree to this service. You can withdraw your consent any time for the future, by changing your settings on cookies here. The data transmission to Marketo in the USA is based on the EU standard data protection clauses, which are incorporated in the agreement between Marketo and us. The clauses agreed on also provide for appropriate protective measures for the data, such as data encryption. These protective measures will be further supplemented in accordance with the applicable legal and technical framework for an adequate level of protection of the data. For further details on Marketo’s handling of data, please view their privacy policy under: https://documents.marketo.com/legal/privacy/.

VIII. How we handle the personal information of minors

Our services are primarily intended for enterprises/adults, and not intended for minors. Without the consent of parents or guardians, minors are not allowed to use our products and/or services. In the case that we collect personal information from minors with the consent of their parents or guardians to use our products or services, we will only use, share, transfer or disclose this information as permitted by law or regulation, with the express consent of the parents or guardians, or as necessary to protect the minors. If we find that we have collected personal information from minors without first obtaining verifiable parental consent, we will take action to delete the relevant data as soon as possible.

IX. Third-party service providers and their services

Our websites, products, applications, and services may contain links to third-party websites, products, and services. You can choose whether to access or accept websites, products, and services provided by third parties. We have no control over the privacy and data protection policies of third parties, which are not bound by this Privacy Policy. Please refer to the privacy policies of these third parties before submitting personal information to them.

X. How your personal information is transferred globally

Due to the globalization of Trina's operations, your data may need to be transferred across borders.

Regardless of where your personal information is processed, we will take additional measures to protect your data rights and interests in accordance with the privacy laws of the country in which you are located and to ensure that the recipient provides an adequate level of protection and security. Including but not limited to:

• Comply with GDPR requirements: Within the European Economic Area (EEA), cross-border data transfers will be ensured through Standard Contractual Clauses (SCCs) or other lawful mechanisms to ensure compliance;

• Compliance with U.S. federal and state regulations: In the U.S., we will only process and transfer data in a manner permitted by law.

• Technical protection: encryption and anonymization are used to minimize the risk of data exposure during cross-border transfers;

• Continuous Improvement Mechanisms: Periodic review of transfer agreements and annual data security reviews to ensure compliance with international privacy protection standards.

XI. How to contact us

(i) We have a team dedicated to personal information protection. If you have any questions about this Privacy Policy or related matters, especially if you think that our handling of personal information has harmed your legitimate rights and interests, you can contact us in the following ways, and we will review the issues involved as soon as possible;

• By mail to: datacompliance@trinasolar.com

• Send your question to: Trina Solar Co., Ltd., No. 2 Tianhe Road, Tianhe Photovoltaic Industrial Park, Xinbei District, Changzhou City, Jiangsu Province.

Generally, we will reply within thirty days.

(ii) If you are not satisfied with our response, in particular if you believe that our processing of personal data has harmed your legitimate interests, you may also seek a solution by filing a complaint with the relevant competent data protection authority or filing a lawsuit in a court of competent jurisdiction in the place where the defendant is located. You can also ask us for information on the relevant complaint avenues that may apply.

This Privacy Policy is effective as of the date of the update.