Data protection

Privacy statement

(As amended: November 1, 2021)

We are delighted to welcome you to our website. We place great importance on the protection and security of your personal information when using our website. With this in mind, here we describe what personal data we collect when you visit our website and what these data are used for.

This privacy statement applies to the internet offering from thermohauser GmbH available at the domain https://www.thermohauser.de/ and various subdomains ("our website"). 

Controller and data protection officer

Controller

for processing personal data as defined by the EU General Data Protection Regulation (GDPR)

thermohauser GmbH
Bleichereistraße 28
73066 Uhingen

Telephone: +49 7161 9384-0
Fax: +49 7161 9384-50
Email: info@thermohauser.de

Data protection officer

Werner Hülsmann
DaSchuWi GmbH
Münchener Str. 101 / Geb. 01
85737 Ismaning

Email: thermohauser.de@extdsb.org  

Contents

This privacy statement fulfils the statutory requirements for transparency when processing personal data. This means any information relating to an identified or identifiable natural person. For example, this includes information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information is not personal data if we cannot relate it to you personally (or where this would involve disproportionate effort) e.g. thanks to anonymisation. The processing of personal data (e.g. recording, requesting, using, storing or transmitting) must always have a legal basis and a defined purpose.

Stored personal data are deleted as soon as the processing purpose has been achieved and there is no legal basis for continuing to store the data. We provide information about the specific storage periods and the criteria for storage for each separate processing operation. Notwithstanding the above, in individual cases we store your personal data to establish, exercise or defend legal claims, and if we are subject to statutory retention obligations.

Your personal data that we process on our website will only be passed on to third parties if this is necessary to fulfil the relevant purpose and is covered by the legal basis in each specific case (e.g. consent or preserving a legitimate interest). In addition, we pass on personal data to third parties in individual cases if this serves to establish, exercise or defend legal claims. Potential recipients could include law enforcement authorities, lawyers, auditors, courts etc.

Insofar as we use service providers to operate our website (to carry out data processing on our behalf involving personal data pursuant to Art. 28 GDPR) these may be recipients of your personal data. More detailed information about the use of processers and web services can be found in the summary of the individual processing operations. 

Cookies

Cookies are small text files that we send to the browser on your terminal device when you visit our web pages and are stored on that device. Instead of using cookies, information can also be held in local storage within your browser. Some of the functionality on our website cannot be offered without using cookies or local storage (essential cookies for technical purposes). Other cookies, on the other hand, allow us to perform various analyses; for example, allowing us to recognise your browser when you revisit our website and to transmit various information to us (non-essential cookies). With the help of cookies, we can design our internet offering to be more user friendly and effective for you, for instance by tracking your use of our website and determining your preferred settings (e.g. country and language settings). Insofar as third parties process information via cookies, they collect this information directly via your browser. Cookies do not cause any harm to your computer or other terminal device. They cannot run programs and do not contain viruses.

We provide information about the relevant services used for cookies for each individual processing operation.  

Rights of the data subject

Under the legal provisions in the General Data Protection Regulation (GDPR), as the data subject, you have the following rights:

  • Right of access pursuant to Art. 15 GDPR to personal data concerning you in the form of meaningful information about the details of the processing and a copy of your data;
  • Right to rectification pursuant to Art. 16 GDPR of inaccurate or incomplete data stored by us;
  • Right to erasure pursuant to Art. 17 GDPR of data stored by us, unless the processing is necessary to exercise the right to freedom of expression or information, for compliance with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
  • Right to restriction of processing pursuant to Art. 18 GDPR, insofar as the accuracy of the data is contested, the processing is unlawful, we no longer need the data but you decline the erasure of the data because they are required to establish, exercise or defend legal claims, or you have objected to processing pursuant to Art. 21 GDPR.
  • Right to data portability pursuant to Art. 20 GDPR, insofar as you have provided the personal data based on consent pursuant to Art. 6 (1) (a) GDPR or based on a contract pursuant to Art. 6 (1) (b) GDPR and these data are being processed by us using automated means. You will receive your data in a structured, commonly used and machine-readable format, or we will transmit the data directly to another controller, insofar as this is technically feasible.
  • Right to object pursuant to Art. 21 GDPR to processing of your personal data insofar as this is based on Art. 6 (1) (e) or (f) GDPR and there are grounds relating to your particular situation or if the objection is to direct marketing. There is no right to object if compelling legitimate grounds for the processing can be demonstrated or if the processing serves to establish, exercise or defend legal claims. Insofar as the right to object does not apply for specific processing operations, this is specified in the relevant location.
  • Right to withdraw consent pursuant to Art. 7 (3) GDPR, where the previously issued consent is withdrawn with future effect.
  • Right to lodge a complaint with a supervisory body pursuant to Art. 77 GDPR, if you consider that the processing of your personal data infringes the GDPR. In general, you can contact the supervisory authority for your habitual residence or your place of work. 

Data processing 

In the following sections, we describe the separate processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data, and the relevant storage period. There is no automated individual decision-making, including profiling.

Providing the website

Nature and scope of processing

When you visit and use our website, we collect personal data that your browser automatically transfers to our servers. The following information is temporarily stored in a so-called logfile:

  • IP address of the computer issuing the request
  • Date and time of access
  • Name and URL of the requested file
  • Website from which the access is made (referrer URL)
  • Browser being used and possibly the computer operating system and name of your access provider

Our website is not hosted by us but by a service provider, who processes the aforementioned data on our behalf pursuant to Art. 28 GDPR. 

Purpose and legal basis

The processing is necessary for the purpose of our legitimate interest in displaying our website and to ensure security and stability based on Art. 6 (1) (f) GDPR. The data collection and storage in log files is essential for the website operation. There is no right to object to the processing based on the exception in Art. 21 (1) GDPR. Insofar as ongoing storage of the log file is legally required, the processing is based on Art. 6 (1) (c) GDPR. There is no legal or contractual obligation to provide the data, however, it is not technically possible to view our website without providing these data. 

Storage period

The aforementioned data are stored for as long as the website is displayed (end of session) and, for technical reasons, for a maximum period of 6 months beyond this time, insofar as cookies were accepted.

Contact form

Nature and scope of processing

We provide a contact form on our website to enable you to get in touch with us. The information collected via the mandatory fields are required to handle your query. You can voluntarily provide additional information, which you consider necessary for handling the contact query.

None of your personal details are passed on to third parties when you use the contact form. 

Purpose and legal basis

The processing of your data through use of our contact form is done for communication purposes and to handle your query based on your consent pursuant to Art. 6 (1) (a) GDPR. Insofar as your query relates to an existing contractual relationship with us, the processing serves the purpose of contract performance based on Art. 6 (1) (b) GDPR. There is no legal or contractual obligation to provide your data, however, it will not be possible to handle your query unless the information for the mandatory fields is provided. If you do not wish to provide these data, please contact us via other means.

Storage period

Insofar as you use the contact form based on your consent, we store the data collected for each query for a period of three years, starting from the point when your query is dealt with or until you withdraw your consent.

If you use the contact form within a contractual relationship, we store the data collected for each query for a period of six years from the end of the contractual relationship. 

Newsletter

Nature and scope of processing

Insofar as you register on our website to receive our newsletter, we collect your email address and possibly other details (which are evident from the relevant input form), and we store this information along with the date of your registration and your IP address. You will then receive an email asking you to confirm your newsletter subscription (double opt-in). If you do not confirm your subscription, this will automatically expire, and the data will not be processed for sending the newsletter.

To send out the newsletter, we use a service provider who processes your personal data on our behalf pursuant to Art. 28 GDPR. Your data are not passed on to third parties

Purpose and legal basis

We process your data for the purpose of sending the newsletter based on your consent pursuant to Art. 6 (1) (a) GDPR. By unsubscribing from the newsletter, you can withdraw your consent at any time with future effect pursuant to Art. 7 (3) GDPR. There is no legal or contractual obligation to provide your data, however, it will not be possible to send the newsletter unless these data are provided

Storage period

After subscribing to the newsletter, we store the data for a maximum of 14 days until the subscription is confirmed. Following successful confirmation, we store your data until you withdraw your consent (unsubscribe from the newsletter) and beyond this for a maximum of 3 years as potential evidence of the previously issued consent. No other kind of processing takes place. In the event of being obliged to permanently note an objection, we reserve the right to store the email address purely for the purpose of implementing this objection by using a blocking list.. 

Newsletter-Tracking

The thermohauser GmbH newsletter contains so-called tracking pixels. A tracking pixel is a tiny graphic, embedded in these kinds of emails sent in HTML format, which enables log file recording and log file analysis. This allows the statistical evaluation of the success or failure of an online marketing campaign. Based on the embedded tracking pixel, technical details are collected such as information about your browser and computer system, your IP address and the time the request was made.

This information is used to make technical enhancements to the newsletter by means of the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. This analysis also includes establishing whether the newsletter was opened, when it was opened, and which links were clicked. It is true that, for technical reasons, this information can be mapped to individual newsletter recipients. However, it is not our objective to monitor individual users, nor is this the case for the service provider responsible for sending the newsletter. Instead, these evaluations are aimed at recognising users' reading habits and adjusting the content accordingly or sending out different content depending on each user's interests.

Unfortunately, it is not possible to opt out separately from these performance evaluations; in this case, the user must cancel the entire newsletter subscription or object to it being sent. 

  • types of data processed: user data (e.g. name, addresses), contact data (e.g. email, telephone numbers), meta/communication data (e.g. device information, IP addresses), usage data (e.g. web pages visited, interest in content, access times).
  • data subjects: communication partner
  • purpose of processing: direct marketing (e.g. via email or post)
  • legal basis: consent (Art. 6 (1) (1) (a) GDPR), legitimate interests (Art. 6 (1) (1) (f) GDPR)
  • services and service providers used: Maileon: email marketing platform; Service provider: XQueue GmbH, Christian-Pleß-Str. 11-13, 63069 Offenbach am Main; Website: https://www.maileon.de/; Privacy statement: https://www.maileon.de/datenschutz/    

AddToAny

Nature and scope of processing

We have integrated AddToAny into our website. AddToAny is a service by AddToAny. We use AddToAny by placing share buttons on our website so visitors to the website can share content on social media networks and apps, such as Facebook, Twitter, Pinterest, LinkedIn, Google+, WhatsApp and other services.

If you access this content, you create a link to the AddToAny servers, whereupon your IP address will be transmitted in anonymised form. According to AddToAny, no personal data are processed. 

Purpose and legal basis

The use of AddToAny is based on our legitimate interest, i.e. our interest in optimising our online offering pursuant to Art. 6 (1) (f) GDPR.

Storage period

We have no influence over the precise storage duration of the processed data as this is determined by AddToAny. Additional information is available in the AddToAny privacy statement: https://www.addtoany.com/privacy.

DataTables CDN

Nature and scope of processing

We use DataTables CDN in order to ensure the correct provision of content on our website. DataTables CDN is a service from SpryMedia Ltd, which functions as a content delivery network (CDN) on our website.

By using local or internationally distributed servers, a CDN helps speed up the provision of content for our online offering, particularly files such as graphics or scripts. If you access this content, you create a link to the SpryMedia Ltd servers, whereupon your IP address and possibly browser data such as your user agent will be transmitted. These data are processed exclusively for the aforementioned purposes and to maintain the security and functionality of DataTables CDN. 

Purpose and legal basis

The use of the content delivery network is based on our legitimate interest, i.e. our interest in secure and efficient content provision and in optimising our online offering pursuant to Art. 6 (1) (f) GDPR. 

Storage period

We have no influence over the precise storage duration of the processed data as this is determined by SpryMedia Ltd. Additional information is available in the DataTables CDN privacy statement: https://cdn.datatables.net/privacy.html.

Google Fonts

Nature and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you will create a link to the Google Ireland Limited servers, whereupon your IP address will be transmitted. 

Purpose and legal basis

The use of Google Fonts is based on our legitimate interest, i.e. our interest in consistent content provision and in optimising our online offering pursuant to Art. 6 (1) (f) GDPR. 

Storage period

We have no influence over the precise storage duration of the processed data as this is determined by Google Ireland Limited. Additional information is available in the Google Fonts privacy statement: https://policies.google.com/privacy.