GENERAL PRIVACY STATEMENT – Business Customers, Suppliers, End-Users, and Business Partners
WHEN DOES THIS PRIVACY STATEMENT APPLY?
This privacy statement provides information about how we handle your personal data, what personal data we process, for which purposes, with whom we share your personal data, how long we keep your data, which rights you have regarding your data and where you can go for complaints or questions.
WHO IS RESPONSIBLE FOR ANY PERSONAL DATA COLLECTED?
BDR Thermea Group B.V. (“BDRTG”), registered at Kanaal Zuid 106, 7332 BD in Apeldoorn is the data controller.
SPECIAL NOTICE
Except in those cases where we organise educational events specifically designed for children, we do not intentionally collect personal data of individuals under 16 years old.
If you are under 16 years old (or a different age to reflect local legal requirements as communicated on the website in your location) please do not send us your personal data for example, your name, address or email address. If you wish to contact BDR Thermea Group in a way which requires you to submit your personal data (such as for education or innovation events) please get your parent or guardian to do so on your behalf.
WHAT PERSONAL DATA DO WE PROCESS?
When you contact us, use our products and/or services, visit our website or use our apps, contact us, or connect your device to our cloud we collect your personal data.
Customers and service companies
- Contact details: such as name, address, phone number, email address, business contact details (company, function, phone number).
- Payment details: such as (business) bank account number, invoices, and other data necessary to make or receive payments.
- Transaction data: such as your (online) purchases, (customer) account information, order, service subscription and contract details, delivery details, billing and financial details, credit scores and transaction history.
- Customer and supplier classification details: such as sector, geographical location, and other parameters.
- Screening information: such as professional qualifications, licenses and certificates, work permits, government identification documents, government business or company registration numbers, potential conflicts of interest, and ultimate beneficial ownership, each as permitted or required by applicable law.
- Referral and business leads: such as contact details about referrals and business leads received from business partners.
- Contests or promotions: such as your name, age, and other information necessary for participation in the contest or promotion.
- Trainings: such as your participation in certain online eLearnings and your results.
- Loyalty programs: your sales, points earned in the loyalty program and your purchases from our giftshop.
End-users of the devices
Information about the installation of your product: if a service company installs your device, we receive the serial number of your device, the data of your installer, your name, address, email address and other necessary contact details.
Warranty information: the serial number of your device, your name, address, email address and other necessary contact details, your service company, date of inspection, date and other necessary information about the services and your device.
Websites and apps
- General: your mobile device will automatically share certain data with us because the device interacts with the app.
- User account: such as your name, address, hashed passwords, date of birth, email address and phone number.
- Location data: if you use our apps for mobile devices, we may collect the location data of your mobile device to determine your home address (only with consent).
- User account: such as your name, your company name, address, phone number, email address, your use of our services.
- Login details: such as your username, security logs.
- Uploaded Images: which may or may not include personal data, only when you report a bug or provide feedback to us.
- Preferences: such as your personal preferences for our products and services, language, and marketing preferences.
- Pre-sales support: the data entered by you, such as your address and household composition, the advice provided based on this information and your requests for quotations from a recognised service company.
- Device registration on our website: such as your contact and address details, phone number, email address, installation date, your selling and maintaining service company and the product data (serial number). In addition to this we register the following data from your service company: the company name, (email) address, and relevant registration numbers. Please note that your service company can register your device with us as well to provide you with the required services.
- Website, app, and service-usage information: when you visit our websites or use our apps, data is automatically collected by the technology platforms providing the experience. We collect data from you, e.g. your web browser may share certain data with us because your device interacts with our website, such as the device ID, network access, host name and IP (Internet Protocol) address, storage information, your browser type and version, your operating system, the pages you visit, the time and duration of your visit, and the website that referred you to us.
- Cookies: for more information, please read our Cookie Notice.
Direct communication
Contact: such as content, date and time of email, chats, telephone contact and helpline / infoline, or social media messages (including complaints and service requests).
Whistleblowing: all personal data you provide to use when making a complaint or the personal data we process from you due to a complaint made by another person.
Job applicants: such as the personal data on your resume and contact.
Specific cloud connected services
Our devices can be used unconnected. However, if you choose to use the below services, it is required that your device connects to our cloud.
1. Remote maintenance
Remote maintenance services include the following services:
- Errors alerts: if an error occurs in a connected device, we will receive this in the platform and communicate this to your service company;
- Remote monitoring: we make your settings and the status and sensor data (see below) visible to your service company so they can adapt your settings/parameters remotely;
- Remote management: your service will be able to remotely adapt setting/parameters in your system;
- Predictive/preventive maintenance: we process the data of your connected device overtime to detect anomalies that warn us of incidents before theyl happen; we will translate this in information to you or your service company to act in advance.
In general, this service requires the monitoring of the condition of your device to optimise the performance and maintenance of your connected device. When you use these services, we collect:
Contact details: the contact details you provided to uswhen you registered your device on our website.
Setup information and usage data: such as information about the intended use (preferences, programming schedules, use of location services, manual control, or frost protection), data about the frequency of use (e.g., button presses on the device, app connect times and screen clicks), temperature set points, current temperatures, error codes and the energy consumption of your device. These data points are stored every hour and transmitted to our servers.
Status and sensor (technical) data: such as model and serial number of your communication module and connected device, hardware and IP address, software version and other technical information from your device such as burning and pump running hours, water pressure, temperatures, fan and pump speed, valve status, energy consumption, wear and tear warnings and error codes. These data points are stored several times per minute and transmitted to our servers.
2. Energy management
If you choose to make use of our energy management services, we collect energy usage data and profile your behaviour and energy use habits during a certain period in order to provide you with advice on how to best manage your energy consumption. Furthermore, we can adapt system settings to optimise your system to be as energy efficient or cost efficient as possible. It is also possible to automatically adapt your settings based on algorithms.
We will only collect and use your name and address details, if this data is necessary for the provision of our services to you. Your information will be available in our online dashboard, to which we and – if applicable – your (third-party) service company have access. Your service company can add information to this dashboard, necessary for the required services.
FOR WHAT PURPOSES AND BASED ON WHAT LEGAL GROUND DO WE PROCESS YOUR PERSONAL DATA?
To operate our website
If you visit our website we use your personal data for the following purposes, to (1) provide pre-sales support, (2) handle your complaints and questions. For the processing we rely on the need to represent our legitimate interest.
Furthermore, we use your personal data to (3) be able to show you the website, (4) to be able to analyse which web pages are visited most often and (5) how you came to our site (via which other websites or via our newsletter). For more information on the cookies we use, please read our Cookie Notice.
Installers only: If you create a user account, we use your personal data to (6) connect you with potential customers (if requested by these potential customers), (7) assist you with your administration, (8) offer benefits through the loyalty program and (9) allow you to participate in promotions and contests. All based on the need to execute our contract with you.
To operate our business
If you use our products or services we use your personal data for the following purposes, to (1) provide our services (e.g., general service and maintenance or specific remote maintenance services, energy management services, comfort control, security updates, training etc.) and products, (2) process and deliver orders (including customer service and account management). We process your personal data for the need to execute our contract with you.
We also process your personal data to: (3) manage our relationship with you, (4) communicate with you (e.g., sending service messages or updates on new functions), (5) be able to support you or your service company with handling any potential warranty claims, so that you receive better service. (6) perform our day-to-day activities, and, (7) handle complaints, questions, and disputes (telephone conversations can be recorded for quality purposes – where needed based on prior explicit consent at the beginning of the call). In these cases, we rely on the need to represent our legitimate interest.
Furthermore, we process your personal data to: (8) maintain our records, (9) inform you of product recalls, and (10) comply with our legal and tax obligations, for the need to comply with a legal obligation.
Direct marketing
We also process your personal data (email address) to inform you about (1) new products and services, and personalised offers, (2) tips about the use and maintenance of our products, (3) (customer) satisfaction surveys or quality questions, (4) newsletters, (5) retention marketing, (6) creating and using individual profiles of direct customers in view of customer management etc. For most direct marketing activities, we rely on the legal ground legitimate interest. You are provided with the opportunity to opt-out of receiving such services at any time. However, if required under your local law, we will ask your explicit consent when processing personal data for direct marketing purposes.
Research and improvement of products and services
We process your personal data to improve our products and services. We do this by conducting research into general trends in the use of our products and services to better understand the behaviour and preferences of our customers and to better tailor our offers. In general, we only use aggregated setup and usage, and technical data that will not directly identify you. If we have a need to use identifiable data, we will inform you about this separately. Your personal data will be processed on the basis of the need to represent our legitimate interest.
Security and screening
Finally, personal data is processed to protect our interests, to (1) detect and prevent fraud, (2) secure our websites, networks, systems, employees/contractors and premises, (3) screen owners, stakeholders and directors of our corporate customers, suppliers and business partners to comply with trade regulations, anti-money laundering and/or bribery and corruption laws, and other legal requirements. We rely on the legal ground legitimate interest or on the need to comply with a legal obligation.
We may also process your personal data for secondary purposes that are closely related to the original purpose, such as:
- storing, deleting or anonymising your personal data;
- fraud prevention, audits, investigations, dispute resolution or insurance purposes, litigation, and defence of claims;
- statistical, historical, or scientific research;
- testing purposes, but only if we need this to improve the services for which we’ve collected your personal data; or
- compliance with laws and/or regulations, including compliance with legal or regulatory requirements, including litigation and defence of claims.
In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time.
This will not affect the validity of the processing prior to the withdrawal of consent. Withdrawal of consent may however impact your ability to remain employed or otherwise engaged or from participating in a programme or receiving a benefit.
In those cases where processing is based on consent, and subject to applicable local law which provides otherwise, you have the right to withdraw your consent at any time. This will not affect the validity of the processing prior to the withdrawal of consent.
WHAT ARE THE CONSEQUENCES OF NOT PROVIDING YOUR PERSONAL DATA
Failure to provide us with the information required will negatively affect our ability to communicate with you, or our ability to enter into a contract with a counter-party or continue to contract with a counter-party.
WITH WHOM WILL WE SHARE YOUR PERSONAL DATA?
We only share personal data within the BDR Thermea Group if we have a legal basis for the data sharing. We may share your personal data with third parties based on your consent or based on our legitimate interest in the following circumstances:
Other entities of the BDR Thermea Group
- Where necessary for internal administrative purposes, business strategy, auditing, monitoring, and research and development;
- If needed for research, direct marketing purposes, or the delivery of products and services.
To provide our services to you
- If you’ve subscribed to the use of a maintenance service, or if we use any other external service centre to provide you services, we could share the contact details, technical and usage data, and analytical data of your device with that company if the service requires this
To provide combined services (BDRTG + a partner) to you
Please note, that the above-mentioned third parties are considered data controller and that the terms of service and privacy statements of these third parties apply to the processing of your personal data by these parties.
Other third parties
- With trusted third parties who perform business functions or provide services on our behalf (IT suppliers, hosting parties, marketing and advertising companies or market research companies);
- With competent public authorities (e.g., investigative bodies), government agencies, regulators, or tax authorities, if this is necessary to comply with a legal obligation that applies to us;
- We can share aggregated data with third parties about, for example, trends in home energy consumption. This information cannot be associated with specific users of our products and services;
- If you’ve subscribed to the use of a maintenance service, or if we use any other external service centre to provide you services, we could share the contact details, technical and usage data, and analytical data of your device with that company if the service requires this;
- If you use our remote management or energy management services a communication module is used to send technical information data to our servers. This data is made available to your service company via an online dashboard or shared directly (i.e., for large installation companies), for example via an API;
- If you choose to use the services of third parties that we offer via our website (e.g., pre-sales services);
- If you choose to use to link your connected device to other smart devices, apps or services from third parties.
Interacting with DE DIETRICH through social media
If you choose to interact with us through social media on a BDRTG administered social media page such as Facebook, Instagram, Twitter or LinkedIn (‘BDRTG Social Media Page’), your personal data (such as your name, your profile picture and the fact that you are interested in BDRTG) will be visible to all visitors of your personal webpage depending on your privacy settings on the relevant social media platform, and will also be visible to us. You can delete any information that you share on these sites at any time through your relevant social media platform’s account. We do not track your activity across the different social media sites that you use.
Additionally and to the extent BDRTG is jointly responsible with a social media platform of a BDRTG social media page, will have access through the social media platform to aggregated data providing statistics and insights that help to understand the types of actions you take on BDRTG social media pages. For more information on how your personal data are processed on those social media platforms, including any targeted advertising that you may receive, please refer to your privacy settings accessible through your relevant social media platform’s account.
TRANSFERS OF YOUR PERSONAL DATA TO OTHER COUNTRIES
If personal data is shared with companies within the BDR Thermea Group and/or to authorised third parties located outside of your country we take technical, organisational, contractual and/or legal measures to ensure that your personal data are only processed for the above purposes and that adequate levels of protection have been implemented in order to safeguard your personal data. These measures include local approved transfer mechanisms for transfers to third parties as well as additional local requirements.
SECURITY OF YOUR PERSONAL DATA
We take the necessary technical and organisational measures to ensure that your personal data is properly secured and therefore protected against unauthorised or unlawful use, alteration, unauthorised access or disclosure, accidental or unlawful destruction and loss. More specifically, we use encryption for some of our services, apply authentication and verification processes to access our services, and regularly review and evaluate the effectiveness of our security measures.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We store your personal data in our systems for as long as this is necessary for the purposes described in this privacy statement. If we no longer need your personal data, we will take measures to delete it or keep it in a form that no longer makes it possible to identify someone.
If you ask us to delete your account, or if you have not used our services for more than three years, we will delete or anonymise the data for which we no longer have a need to keep it.
Some personal data is directly processed and stored in your connected device or app. You can delete this personal data yourself by resetting the device in the default settings or by deleting the app.
In all cases, personal data may be kept for a) a longer period where there is a legal or regulatory reason to do so (in which case it will be deleted if it is no longer required for the legal or regulatory purpose) or b) a shorter period if the processing of personal data is objected to and there is no longer a legitimate interest or legal obligation in keeping it.
YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA
We want to protect your rights and strive to keep your personal data as safe as possible. In this regard, you have the right to:
- request confirmation that we are processing certain information about you;
- request access to a copy of your personal data;
- correct or delete your personal data (deletion only if the data is no longer necessary for a legitimate business purpose. e.g., you cannot exercise this right if a payment has yet to be completed, or if you have a dispute with us);
- restrict the processing of your personal data;
- withdraw your consent and stop receiving marketing communications;
- right to data portability
To exercise your rights, you can send us an email: privacy@bdrthermea.com.
QUERY, CONCERN OR COMPLAINT ABOUT THE PROCESSING OF YOUR PERSONAL DATA
If you have any queries, concerns, or complaints regarding the processing of your personal data, please contact us at privacy@bdrthermea.com.
You can also communicate with us by post at the address below:
Attn. Privacy Contact Person
Kanaal Zuid 106
7332 BD Apeldoorn
The Netherlands
Finally, you also have the right to submit a complaint to the Autoriteit Persoonsgegevens, located at Hoge Nieuwstraat 8 (2514 EL) Den Haag; Postbus 93374 (2509 AJ) Den Haag.
CHANGES TO THIS PRIVACY STATEMENT
This privacy statement may be changed from time to time. To let you know when we make changes to this statement, we will amend the revision date. The new modified or amended privacy statement will apply from that revision date. Latest update is from April 2023.