BDR Thermea Group respects that the privacy of your personal information is important to you. We have developed this privacy notice to let you know about the types of Personal Data (as defined below) we may collect from you as a “Data Subject” and how your personal information will be maintained and used.
This privacy notice (the “Notice”) applies to each BDR Thermea Group company which has adopted this policy by placing it on its website. The details of the controller and the privacy contact person are mentioned on the website of such company.
Date of issue of this notice: 1 May 2018.
If you need to register to use this website, or complete an online form (e.g. to obtain or ask us to send you further information), or contact us otherwise, then we may collect Personal Data about you such as: name, email address, country of residence and occupation.
This information is used by us (i) to administer the website, (ii) to provide you with any services you have signed up to, (iii) for research purposes to improve our products and services, (iv) for direct marketing, (v) to respond to any queries or requests for information you may have and (vi) to fulfil our legal obligations.
Occasionally we may obtain Special Categories of Personal Data about you as part of a request for information. When providing us with your Special Categories of Personal Data, you will be asked to give your consent to us processing this data for specific mentioned purposes.
This Notice aligns with the requirements of applicable EU data protection laws and regulations.*
In some cases, local laws and regulations may be more restrictive; where that is the case, the more restrictive rules must be followed when Processing Personal Data in that jurisdiction.
*In particular the EU data protection directives (e.g. Directive 95/46/EC and Directive 2002/58/EC) and any national laws implementing these and the General Data Protection Regulation 2016/679 (“GDPR”) becoming effective 25 May 2018 (replacing Directive 95/46/EC and respective national laws).
All BDR Thermea Group companies will Process some Personal Data for their purposes locally. However, as an international organization, many of our business activities can also be carried out (and business efficiencies achieved) by Processing or consolidating information about Data Subjects in specific or centralized databases and systems located at specific worldwide facilities. Such Personal Data is sometimes also shared with other systems and databases hosted by or on behalf of other BDR Thermea Group companies. However, these BDR Thermea Group companies and those other systems and databases will only collect, receive, use, share or otherwise Process such Personal Data in accordance with applicable laws, this Notice, additional notices (to the extent applicable) and any applicable specific local notice, in connection with employment-related purposes or to support business purposes. See also under 8 for the restrictions on international transfers.
To oversee data protection matters, BDR Thermea Group has appointed privacy contact persons (“Privacy Contact Persons”). If you have any queries regarding this Notice, please consult with the Privacy Contact Person mentioned on the relevant BDR Thermea Group company’s website.
BDR Thermea Group shall provide you with appropriate access to Personal Data about yourself, and shall facilitate you to exercise your rights to correct, to erase, to restrict the Processing of, to port or to object to (further) using your Personal Data. BDR Thermea Group will provide you with sufficient information on these rights.
If you have any questions, complaints or want to exercise your rights, you may contact the Privacy Contact Person in your country or region. BDR Thermea Group will use good faith efforts to answer each question, investigate each complaint and to respond within 30 days. BDR Thermea Group will deal with each complaint in a fair, impartial and unbiased manner. You will not be victimized or prejudiced directly or indirectly as a result of lodging a complaint.You can also contact us at if you have any questions, remarks or complaints in relation to this Notice. If you have any unresolved concerns you also have the right to lodge a complaint with your Data Protection Authority.
BDR Thermea Group will ensure appropriate security of the Personal Data.
BDR Thermea Group will notify any Personal Data Breach to the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. In addition, in case your Personal Data may have been compromised you may also need to be notified if the breach is likely to result in a high risk to your privacy.
BDR Thermea Group will retain Personal Data in a form which permits your identification only for so long as necessary for the purposes for which it is processed. BDR Thermea Group will dispose of (or retain only in an anonymous or de-identified form to the fullest extent possible) Personal Data that is no longer required in a secure manner and in accordance with applicable law, unless
(i)to defend itself against legal claims,
(ii)there are mandatory (statutory or contractual) retention or archiving obligations that require longer storage or
(iii)Personal Data will be Processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures.
BDR Thermea Group will only make Personal Data available to third parties in appropriate circumstances and will put measures in place to safeguard the Personal Data.
BDR Thermea Group will only use Processors that will have appropriate technical and organizational measures in place to ensure that your rights are protected.
BDR Thermea Group may carry out international transfers of Personal Data (whether intercompany or not) outside the EU, EEA or Switzerland in which case it will do so only (a) where: the transfer is in accordance with the laws of the transferor's jurisdiction; and (b) having ensured that there is an adequate level of protection in the recipient’s jurisdiction or adequate safeguards have been put in place to protect the Personal Data. The transferor is responsible for assessing such adequacy and may request the recipient to adopt protections similar to those under the transferor’s notice and jurisdiction.
Subject to applicable law, BDR Thermea Group may revise, amend or supplement this Notice at its discretion at any time or from time to time. In any case, this will be done annually as a routine. Such changes will be published on the intranet and our website. You are advised to check periodically to ensure that they are aware of any change, and to the fullest extent permissible under applicable laws, if you deal with BDR Thermea Group you agree to be bound by the latest online version of this Notice.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Data Subject” means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of Data Subjects may include our (i) employees and their family members, (ii) temporary workers; (iii) potential candidates seeking employment with BDR Thermea Group, (iv) the staff of our suppliers and business customers, (v) our private customers; (vi) visitors to our buildings and locations; and (vii) website and app users.
“Personal Data” means any information relating to a Data Subject.
“Personal Data Breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
“Processing” means the carrying out of any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.
“Special Categories of Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the Processing of genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Similar or even stricter rules may apply to Personal Data relating to criminal convictions and offences and to identification numbers. These are numbers that are required by law for the purposes of identifying a person and such number may only be used when processing personal data in order to comply with the law concerned or for purposes stipulated by the law.
“BDR Thermea Group” means BDR Thermea Group B.V. and each of its group companies being subject to the GDPR.
“BDR Thermea Group company” means BDR Thermea Group B.V. or a group company being subject to the GDPR.
If you have any questions regarding this Notice, please contact the BDR Thermea Group privacy contact person by sending an e-mail to email@example.com.