Privacy Policy

We, WATERKOTTE GmbH (hereinafter “WATERKOTTE”), take the protection of your personal data very seriously and strictly comply with the rules of the currently applicable data protection laws. These include in particular the General Data Protection Regulation (hereinafter “GDPR”) and the German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG).

Personal data is collected on our websites and when using our services only to the extent necessary and is processed for specific purposes. Personal data is data by which you can be personally identified or other data linked to you.

Controller within the meaning of the GDPR:
WATERKOTTE GmbH
Sophie-Opel Straße 20
D-44803 Bochum, Germany

Tel.: (+49) 02323-9376-0
Fax: (+49) 02323-9376-99

Processing within WATERKOTTE GmbH

Data collection and processing takes place in accordance with the fundamental principles, lawfulness and data subject rights under the GDPR and the BDSG.

Transfers to third countries

WATERKOTTE GmbH processes and/or transfers the data you provide at locations in Germany, the European Union, and third countries (including Switzerland) that provide an adequate level of data protection pursuant to Article 45 GDPR or offer appropriate safeguards pursuant to Article 46 GDPR.

WATERKOTTE GmbH processes and/or transfers the data you provide at locations in Germany, the European Union, and third countries (including Switzerland and the USA).

Data transfers to third countries take place only if there is an adequacy decision by the European Commission for the relevant third country pursuant to Article 45 GDPR (e.g., Switzerland or the USA under the EU-U.S. Data Privacy Framework) or if appropriate safeguards pursuant to Article 46 GDPR—especially by concluding EU Standard Contractual Clauses—are in place.

Where data is transferred to the USA, this is done on the basis of the European Commission’s adequacy decision on the EU-U.S. Data Privacy Framework or—if this is not applicable—on the basis of appropriate safeguards pursuant to Article 46 GDPR.

Scope of this privacy policy

The following statement provides an overview of how we ensure data protection, what types of data are collected and processed for what purposes and on what legal basis. It generally applies to all websites for which WATERKOTTE is responsible, and also when you contact us via other communication channels.

This privacy policy consists of thirteen parts:

• Part I (provisions for private users) applies to private users of WATERKOTTE services.
• Part II (provisions for business users) applies to business users of WATERKOTTE services.
• Part III (provisions for seminar participants) applies to participants in events within the WATERKOTTE Academy.
• Part IV (provisions for users of the RemoteCare service) applies to users with a maintenance contract concluded with WATERKOTTE.
• Part V (provisions for users of the WATERKOTTE service portals) applies to users registered in the heat pump center (Wärmepumpencenter) or in ServiceFox.
• Part VI (provisions for applicants) applies to private users of WATERKOTTE services in the context of applications.
• Part VII (general information and provisions for the WATERKOTTE GmbH website) applies to all users who use WATERKOTTE services or the WATERKOTTE website.
• Part VIII (provisions for users of our online meeting tools) applies to users of our online meeting tools “LogMeIn” and “MS Teams”.
• Part IX (provisions for the WATERKOTTE Club) applies to users registered for the WATERKOTTE Club.
• Part X (provisions for newsletter subscribers and participants in customer surveys) applies to users registered to receive our newsletter or participate in customer surveys.
• Part XI (provisions for users of the EasyCon mobile app) applies to users of the WATERKOTTE EasyCon app.
• Part XII (information on data subject rights) applies to all users whose data is subject to data protection law, but not to legal entities.
• Part XIII (social media) applies to all visitors to social media channels managed by WATERKOTTE.

Our websites may also contain links to websites of other providers to which this privacy policy does not apply.

1. Provisions for private users

This part of the privacy policy applies to private users of WATERKOTTE’s services. The legal basis for processing your data is your consent to this privacy policy as a consent declaration (Article 6(1)(a) GDPR), or in order to provide requested information (Article 6(1)(f) GDPR), and to be able to sell you products and services (Article 6(1)(b) GDPR).

Use and verification of personal data

The personal data you provide may include, among other things:

• Name
• Address (postal code, city, street and house number, plus any address additions if applicable)
• Email address
• Telephone number and/or mobile phone number
• Country
• Payment information
• Heating contractor / installer (specialist company)

If you provide us with personal data, we use it in the relevant specialist departments to answer your inquiries, to process and carry out your consultation request, for technical administration, for login activities, and for the services provided within the respective website. The legal bases are Article 6(1)(b) GDPR, your consent pursuant to Article 6(1)(a) GDPR, and/or our legitimate interest pursuant to Article 6(1)(f) GDPR. You can revoke your consent to the use of your provided data at any time. Please contact us—ideally stating which service(s) you used—at:
[email protected]

Contact by WATERKOTTE

If you have agreed to our privacy policy and provided your contact details as part of a consultation request, we will contact you to discuss your project. If you do not provide your contact details when making a consultation request, we unfortunately cannot offer specialist consulting services.

Disclosure of personal data

To provide the specialist consultation service and/or to refer you to a specialist company for consultation or for the purchase, maintenance or repair of a heat pump or another product from the WATERKOTTE range, we will—upon your consent—forward the personal data you entered to external service providers who cooperate with our company and operate in your region.

This service provider is requested to contact you within a specified timeframe in order to provide the requested consultation or prepare an offer. For this purpose, the specialist company will contact you by email or telephone.

Further processing and deletion of your data

Your data will not be passed on or sold to third parties, i.e. persons or companies not belonging to WATERKOTTE. The stored personal data will be deleted if you revoke your consent to storage, if the data is no longer required for the purpose pursued by the storage, or if storage is otherwise unlawful for legal reasons.

Advertising and marketing consent

We—i.e. WATERKOTTE—will inform you by email, post, or telephone only about WATERKOTTE products and services and may ask you about them, provided you have expressly given us your consent to use your personal data for advertising purposes (opt-in).

This is done by actively ticking a checkbox in our forms next to the statement:
“Yes, WATERKOTTE may use my email address and/or telephone number so that I am informed about the latest products and services. I can revoke this consent at any time with effect for the future.”

If you have given consent but no longer wish to receive advertising or surveys from WATERKOTTE in the future, you may revoke your consent at any time with effect for the future. Your data will then be deleted or—if it is still required for billing and accounting purposes—stored with purpose limitation for those purposes. Please send an email to:
[email protected]

Use of personal data when registering for events or information visits

On some pages of our website you can enter personal data to register for information visits, training courses, or events of WATERKOTTE. We will use this data only to process your request. If you enter your email address and phone number as a participant in one of our events, you will receive a confirmation email. After the event, the data may be stored, for example for evaluation of the event. This data will be deleted no later than 6 months afterwards unless statutory retention obligations prevent this, e.g. evidence of qualifications, hospitality, costs, etc.

You can revoke your consent to the use of the data provided during registration up until the start of the event. Please contact:
[email protected]

1. Provisions for business users

This part of the privacy provisions applies only to business users such as trades, commercial and industrial companies, municipalities, planners, architects, etc., and only insofar as these provide us with personal data of contact persons for the conclusion and performance of contracts pursuant to Article 6(1)(b) GDPR, or for processing based on a balancing of interests pursuant to Article 6(1)(f) GDPR.

Purposes and legal bases

We process personal data where required for establishing, performing and fulfilling a contract and for pre-contractual measures (Article 6(1)(b) GDPR, e.g. in connection with initiating, executing and managing orders), for compliance with a legal obligation (Article 6(1)(c) GDPR, e.g. compliance with commercial and tax retention obligations pursuant to Section 257 HGB and Section 147 AO), to safeguard legitimate interests of the controller or a third party (Article 6(1)(f) GDPR, e.g. storing data for an appropriate period for acquisition efforts or for asserting legal claims and defending against legal disputes), and on the basis of consent (Article 6(1)(a) GDPR, e.g. disclosure of data to third parties, evaluation for marketing purposes, or promotional contact by email).

Sources and categories of personal data processed

We process personal data that we receive from you or from public sources (e.g. commercial registers, the internet, and directories) or from third parties such as credit agencies / business information services or business partners in the context of contact and our business relationship, e.g. to process an inquiry or order.

Relevant personal data includes in particular identity data (e.g. name, first name, address, bank details, billing address, tax number or VAT ID) and other contact details (e.g. telephone number, email address). In addition, this may include contract or order data (e.g. turnover data, order volume), information on your financial situation (e.g. creditworthiness data) and data about you (e.g. profession, position, tasks and authorizations) and other data comparable to the categories mentioned.

Recipients / categories of recipients

Within the company, those departments have access to the data that need it to fulfil contractual and legal obligations (e.g. sales). Processors pursuant to Article 28 GDPR may also process data for these purposes, e.g. IT service providers, cloud providers, and data destruction providers. All service providers are contractually obliged to treat your data confidentially.

Data will only be shared with recipients outside the company in compliance with applicable data protection provisions. Recipients of personal data may include, for example, companies in the logistics sector, service providers, suppliers, subcontractors, tax advisors, auditors, credit and financial service providers, credit agencies, debt collection companies, lawyers, and authorities. In such cases, information is passed on to enable further processing.

Transfer to a third country (outside the EU/EEA) or an international organisation

As a rule, personal data is transferred to a third country in the course of order processing on the basis of an EU adequacy decision and the signing of Standard Contractual Clauses, taking into account contractual, technical and organisational measures to ensure the EU level of protection. If data is transferred to a third country that does not meet these criteria, this occurs in exceptional cases on the basis of a legal obligation or the data subject’s consent.

Storage period and criteria

The required personal data is stored for the duration of warranty and guarantee claims. In addition, personal data is retained in accordance with statutory retention periods. Relevant obligations arise from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention/documentation periods are up to ten years. Where data is no longer required to fulfil contractual or statutory obligations, it is regularly deleted.

1. Provisions for seminar participants

This part applies only to persons participating in the WATERKOTTE Academy. In particular, participation serves as proof of qualification and authorization to perform services on our products on behalf of WATERKOTTE GmbH.

Personal data you provide may include, among other things:

• Name
• Address (postal code, city, street and house number, plus any address additions if applicable)
• Email address
• Telephone number or mobile phone number
• Employer, name and contact details

The legal basis for processing your personal data within the qualification framework of the WATERKOTTE Academy is the safeguarding of legitimate interests of the controller or a third party (Article 6(1)(f) GDPR), e.g. storing data as long as the data subject can carry out work on WATERKOTTE systems. Thereafter, processing is permissible to the extent necessary for managing qualification records.

datenschutz(at)waterkotte.de
Your data will then be deleted or—if still required for evidentiary, billing and/or accounting purposes—stored with purpose limitation for those purposes.

1. Users of the RemoteCare service

This part applies only to persons who have concluded a RemoteCare (remote maintenance) contract with us. We process the data you provided in connection with concluding the contract in order to implement the selected services under this contract and to ensure the maintenance and support services.

Personal data may include, among other things:

• Name
• Address (postal code, city, street and house number, plus any address additions if applicable)
• Email address
• Telephone number or mobile phone number
• Account information

In addition, technical system data of your WATERKOTTE systems—such as parameter settings, measured values and serial numbers—is recorded digitally and stored in databases on WATERKOTTE’s own servers.

Within the WATERKOTTE RemoteCare remote maintenance service, connection data such as the IP address ensuring access to your WATERKOTTE system is collected and stored. Changes to settings made by the user are also recorded and stored with a timestamp.

The legal basis for storing personal data is the processing necessary for the performance of a contract (Article 6(1)(b) GDPR) or for pre-contractual measures taken at the data subject’s request. In addition, processing for compliance with legal obligations applies (Article 6(1)(c) GDPR), e.g. tax law requirements.

To ensure the tasks stated in the RemoteCare contract are carried out, your personal data is forwarded within the company to the responsible departments. In addition, we may pass your contact details to Waterkotte contractual partners so they can carry out work on your system on our behalf. Specifically, this includes the plant operator’s contact details and the location of the relevant system. Furthermore, the subcontractor receives insight into previously created tickets in order to obtain information on past service activities.

During the ongoing contractual relationship, the data is retained in accordance with statutory retention periods (generally up to 10 years). If data is no longer required for contractual or statutory purposes, it is regularly deleted.

1. Provisions for users of the service portals

Heat Pump Center (Wärmepumpencenter)

This part applies only to persons registered in the WP Center. The WP Center is primarily a portal for employees of WATERKOTTE and its partners. Registered users have access to the logged data and “life cycles/history” of the heat pumps enabled for them, as well as additional service tools.

Registered end customers have access to their own system data collected within the scope of the RemoteCare contract.

For registration, the following personal data is collected:

• Name
• Email address

Providing the above data is mandatory; all further information may be provided voluntarily. When you use the WP Center, we store your data pursuant to Article 6(1)(a) GDPR and/or data required for contract performance on the basis of Article 6(1)(b) GDPR until you permanently delete your access. You can manage and change all information in the protected customer area. If you delete your account, your access will be removed from the database immediately.

Data processing agreement
(Heading as in original: “Auftragsverarbeitungsvertrag”)

1. Provisions for applicants

We are pleased that you are applying or have applied for a position in our company. The GDPR requires us to inform you at the time the data is collected about the type and scope of processing and your rights. Below we inform you pursuant to Articles 13 and 14 GDPR about the purposes for which we process the application documents (data) you voluntarily provide and what rights you have in this regard.

Contact details of the controller

WATERKOTTE GmbH, Sophie-Opel-Straße 20, 44803 Bochum, Germany
Phone: 02323/9376-0
[email protected]

Contact details of the data protection officer

DSBRuhr c/o nextindex GmbH & Co. KG, Grabenstraße 12, 44787 Bochum, Germany
Phone: 0234/81050300
[email protected]

Purpose of collection and processing

We process the data you send us in connection with your application to assess your suitability for the position (or, if applicable, other open positions within our companies) and to carry out the application process.

Legal basis

The primary legal basis for processing your personal data in this application procedure is Article 6(1)(b) GDPR. Processing is permitted insofar as it is necessary for the decision on establishing an employment relationship.

We may also process personal data about you where necessary to comply with legal obligations (Article 6(1)(c) GDPR, e.g. reimbursement of travel expenses) and to defend against asserted legal claims arising from the application procedure. The legal basis is Article 6(1)(f) GDPR; the legitimate interest is, for example, an obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG). If longer-term storage is required (e.g. inclusion in the applicant or talent pool), this is carried out on the basis of your written consent (Article 6(1)(a) GDPR). The same applies to forwarding your application data to other companies within our group.

Where, during the application procedure, special categories of personal data within the meaning of Article 9(1) GDPR are voluntarily disclosed, processing is additionally based on Article 9(2)(b) GDPR in conjunction with Section 26(3) BDSG (e.g. severe disability status). Where special categories of personal data within the meaning of Article 9(1) GDPR are requested from applicants during the application procedure, processing is additionally based on Article 9(2)(a) GDPR in conjunction with Section 26(2) and (3) sentence 2 BDSG (e.g. health data where required for the occupation).

Sources and categories of data

We process personal data that we obtain from you or recruitment agencies or through research on social media and the internet, in particular master data (name, address and other contact data, date of birth, nationality), bank details (for travel expense reimbursement), CV data and qualification documents (e.g. references, evaluations and other training certificates), IP addresses, and photographs.

Recipients / categories of recipients

Applicants can send documents by email. Please note that emails are generally not sent encrypted and applicants must arrange encryption themselves. We therefore cannot assume responsibility for the transmission route between sender and receipt on our server and recommend postal submission. Alternatively, attachments may be encrypted and the password provided to us by telephone.

After receipt, your application is reviewed by HR. Suitable applications are then made available internally to the managers responsible for the respective open position. Within the company, only those persons have access to your data who need it for proper execution of the application process.

We may transmit your personal data to affiliated companies where permissible within the scope of the purposes and legal bases described above. Otherwise, your personal data is processed on our behalf on the basis of data processing agreements pursuant to Article 28 GDPR, in particular by providers of IT and cloud services and applicant management systems/software. Recruitment agencies may also be involved. All service providers are contractually obliged to treat your data confidentially.

Data is otherwise only transferred to recipients outside the company where legal provisions permit or require it, where disclosure is necessary to comply with legal obligations, or where we have your consent.

Transfer to a third country / international organisation

No transfer to a third country takes place and none is intended.

Storage period

If your application does not result in an employment relationship, we store applicant data for a maximum of six months after notification of the rejection decision so that we can answer follow-up questions and comply with our obligations under the AGG. This does not apply where statutory provisions prevent deletion (e.g. archiving travel expense reimbursements under tax law for up to 8 years), where further storage is required for evidentiary purposes, or where you have expressly agreed to longer storage.

If you have consented to longer storage, we will add your data to our applicant pool. In the pool, data is generally deleted after one year. If you receive an offer, only the required data will be transferred from the applicant data to our HR system. The remaining data from the selection process will be deleted or returned.

Data subject rights

In addition to the information above, the following is an overview of your other data protection rights:

• right of access under Article 15 GDPR
• right to rectification under Article 16 GDPR
• right to erasure under Article 17 GDPR
• right to restriction of processing under Article 18 GDPR
• right to data portability under Article 20 GDPR
• right to withdraw consent at any time, without affecting the lawfulness of processing carried out on the basis of consent before withdrawal (Article 7(3) GDPR)
• right to lodge a complaint with a supervisory authority under Article 77 GDPR

The decision regarding your application is not based solely on automated processing. Therefore, no automated decision-making in individual cases within the meaning of Article 22 GDPR takes place.

Is there an obligation to provide data?

As part of the application process, you only need to provide the personal data necessary for the application procedure. There is no obligation to provide this data. Without it, we will generally not be able to conduct the application process and decide on establishing an employment relationship.

Objection

Under Article 21(1) GDPR, you have the right—on grounds relating to your particular situation—to object at any time to processing of personal data concerning you that is carried out on the basis of Article 6(1)(f) GDPR (processing based on a balancing of interests). If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. To exercise your right to object or other data subject rights, a text notice is sufficient. You may write to us or contact the controller or our data protection team by email at the contact details stated above.

1. General information and provisions for the WATERKOTTE website

These provisions apply in addition to the provisions for private users and for business users for the WATERKOTTE website.

Hosting of the website

Our website is hosted by NIBE Industrier AB, Hannabadsvägen 5, 285 32 Markaryd, Sweden (“host”). The personal data collected on this website is stored on the host’s servers. This may include, in particular, IP addresses, contact requests, meta and communication data, contract data, contact details, names, website access data and other data generated via a website.

The host is used on the basis of Article 6(1)(f) GDPR. We have a legitimate interest in ensuring the most reliable presentation of our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Cloudflare

We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (“Cloudflare”).

Cloudflare provides a globally distributed content delivery network with DNS. Technically, the transfer of information between your browser and our website is routed through Cloudflare’s network. This enables Cloudflare to analyse traffic between your browser and our website and to act as a filter between our servers and potentially malicious internet traffic. Cloudflare may also use cookies or other technologies to recognise internet users, but these are used solely for the purposes described here.

The use of Cloudflare is based on our legitimate interest in providing our online offering as error-free and secure as possible (Article 6(1)(f) GDPR).
Information on security and data protection at Cloudflare can be found here: https://www.cloudflare.com/privacypolicy/ External link..
Cloudflare is certified under the “EU-U.S. Data Privacy Framework” (DPF). Further information is available from the provider here: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnZKAA0&status=Active External link.

Data processing when accessing our website

WATERKOTTE automatically collects and stores information in server log files that your browser transmits to us. This includes:

• IP address of the requesting device
• Date and time of the request
• Requested URL / file requested
• HTTP status code (e.g. 200, 404)
• Referrer URL (the page the visitor came from)
• User agent (information about browser and operating system)

The IP address is the globally valid identifier of your computer assigned by your internet provider at the time of allocation and—most commonly (IPv4)—consists of four blocks of digits separated by dots, or is extended (IPv6). As a private user, you usually do not use a constant IP address, as it is assigned by your provider only temporarily (“dynamic IP address”). With a permanently assigned IP address (“static IP address”), a clear assignment of user data via this feature is technically easy. The IP address is anonymised before storage so that no personal reference can be established.

We process the above data for the following purposes:

• ensuring smooth connection setup of the website
• ensuring convenient use of the website
• evaluating system security and stability
• other administrative and statistical purposes

The personal data in server log files is processed on the basis of Article 6(1)(f) GDPR (legitimate interests). Our legitimate interest lies in easier administration and the ability to detect and track hacking. You can object to this processing at any time if reasons arising from your particular situation exist that speak against processing. An email to the data protection officer is sufficient:
[email protected]

Links to external websites

This privacy policy applies exclusively to the WATERKOTTE website. It may contain links to third-party websites. This privacy policy does not apply to them. If you leave the WATERKOTTE website to visit a third-party offer, we recommend carefully reading that provider’s privacy policy.

Cookies and analytics tools

To make visiting our website attractive and to enable certain functions, we use cookies on various pages. These are small text files stored on your device. Some cookies are deleted after the browser session ends (session cookies). Other cookies remain on your device and enable us or our partner companies (third-party cookies) to recognise your browser on your next visit (persistent cookies). When cookies are set, they collect and process certain user information to an individual extent such as browser and location data and IP address values. Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie.

If personal data is processed through cookies we implement, processing is carried out pursuant to Article 6(1)(f) GDPR to safeguard our legitimate interests in the best possible functionality of the website as well as a customer-friendly and effective design of visits. We may work with advertising partners who help make our online offer more interesting. In such cases, cookies from partner companies (third-party cookies) may also be stored on your hard drive when you visit our website. If we work with such partners, you will be informed individually and separately below about the use of such cookies and the scope of information collected.

You can set your browser so that you are informed about cookies and can decide individually whether to accept them, or exclude acceptance for certain cases or in general. Each browser manages cookie settings differently; this is described in each browser’s help menu. The following links apply (as in the original):
Internet Explorer: windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
Firefox: support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome: support.google.com/chrome/bin/answer.py
Safari: support.apple.com/kb/ph21411
Opera: help.opera.com/Windows/10.20/de/cookies.html

Please note that if cookies are not accepted, the functionality of our website may be limited.
A detailed list of all cookies can also be found on this page.

Consent management with CookieYes

Our website uses consent technology from CookieYes Limited to obtain your consent for storing certain cookies and other technologies in your browser and to document this in compliance with data protection law. The provider is CookieYes Limited, 3 Warren Yard, Warren Park, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom. When you enter our website, a CookieYes cookie is stored in your browser in which your consents or withdrawal of consent are stored.

The collected data is stored until you request deletion, delete the CookieYes cookie yourself, or the purpose for storage no longer applies. Mandatory statutory retention periods remain unaffected. Details on CookieYes cookie processing can be found in CookieYes’s privacy policy at https://www.cookieyes.com/privacy-policy/ External link..

The use of the OneTrust consent technology serves to obtain the legally required consents for the use of cookies. The legal basis is Article 6(1) sentence 1 (c) GDPR.

Analytics tools and advertising

Google Tag Manager

We use Google Tag Manager. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that helps us integrate tracking or statistics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only serves to manage and deliver the tools integrated via it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

Use is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in a fast and uncomplicated integration and management of various tools. If corresponding consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG insofar as consent includes cookie storage or access to information in the user’s device (e.g. device fingerprinting). Consent can be revoked at any time.
Google is certified under the EU-U.S. Data Privacy Framework (DPF). More information: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active External link.

Google Analytics

This website uses functions of the web analytics service Google Analytics. Provider: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. The operator receives various usage data such as page views, time spent on the site, operating systems used, and the user’s origin. These data are assigned to the user’s device. No assignment to a user ID takes place.

In addition, Google Analytics can record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement recorded datasets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that allow recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about your use of this website is generally transferred to a Google server in the USA and stored there.

Use takes place on the basis of your consent pursuant to Article 6(1)(a) GDPR and Section 25(1) TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the EU Commission’s Standard Contractual Clauses. Details: https://business.safety.google/adscontrollerterms/sccs/ External link..
Google is certified under the EU-U.S. Data Privacy Framework (DPF). More information: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active External link.

Browser plugin
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=de External link..
More information on Google Analytics and user data: https://support.google.com/analytics/answer/6004245?hl=de External link..

Visitor statistics / lead generation marketing and analytics services

To measure and optimise the effectiveness of our online marketing measures and to present you with relevant content, we use the services described below on the basis of your consent (Article 6(1)(a) GDPR). You give your consent via our consent banner (cookie banner) and can withdraw it there at any time with effect for the future.

Google Ads Conversion Tracking

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Data may be transferred to Google LLC in the USA.
Purpose: We use the online advertising programme “Google Ads” and, in this context, conversion tracking. If you click on an ad placed by Google and give your consent, a conversion tracking cookie is set. This cookie enables us and Google to recognise that you clicked on the ad and were redirected to our website, where you performed a specific action (e.g. submitting a form). We receive statistical evaluations from Google to measure the success of our advertising campaigns.
Processed data: unique cookie ID, number of ad impressions, last impression, opt-out information, IP address.
Transfers to third countries: Data may be transferred to Google servers in the USA. Transfers are based on EU Standard Contractual Clauses and the adequacy decision under the EU-U.S. Data Privacy Framework, which Google has joined.
Storage period: Google Ads cookies generally expire after 90 days.
Further information: https://policies.google.com/privacy External link.

SSL/TLS encryption

This site uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognise an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock symbol in your browser line. If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Contact form

If you send us inquiries via the contact form, your information from the inquiry form, including the contact details you provide there, will be forwarded to WATERKOTTE via encrypted email. The email with your inquiry will be forwarded internally to the relevant departments or to the regional sales representative responsible for you.

Processing of the data entered into the contact form takes place exclusively on the basis of your consent pursuant to Article 6(1) sentence 1 (a) GDPR. You may revoke this consent at any time. An informal email to us is sufficient:
[email protected]
The lawfulness of processing carried out up to withdrawal remains unaffected.

The data you enter in the contact form remains on the web server for seven days and is then automatically deleted; we retain the data until you request deletion, withdraw your consent to storage, or the purpose no longer applies (e.g. after your request has been processed). Mandatory legal provisions—especially retention periods—remain unaffected.

Use of Typeform for the subsidy analysis (Förder-Analyse)

To carry out our interactive subsidy analysis, we use services of TYPEFORM S.L., Carrer de Bac de Roda, 163, 08018 Barcelona, Spain (“Typeform”).

Purpose and legal basis: When you start our subsidy analysis and enter data into the form, Typeform collects it and makes it available to us. Processing of the personal data entered into the form (e.g. contact data, building information) is carried out for pre-contractual measures at your request pursuant to Article 6(1)(b) GDPR. Using Typeform to provide a user-friendly and interactive form also constitutes a legitimate interest pursuant to Article 6(1)(f) GDPR.
Processing agreement: We have concluded a data processing agreement (DPA) with Typeform pursuant to Article 28 GDPR. This ensures Typeform processes your data only on our instructions and in compliance with applicable data protection laws.
Processed data: In addition to the data you actively enter, Typeform collects technical data such as IP address, device type and browser to ensure the functionality of the service.
Further information: Details on Typeform’s privacy policy: https://admin.typeform.com/to/dwk6gt External link.

1. Online meeting tools

Below we inform you, on the basis of the GDPR and the BDSG, about the processing of personal data in connection with conducting online meetings using the video conferencing tool “MS Teams”.

Purpose of processing
We use “Microsoft Teams” to conduct telephone conferences, video conferences and webinars (hereinafter “online meetings”). “Microsoft Teams” is a service of Microsoft Corporation.

Controller
The controller for data processing directly related to the conduct of online meetings is:
WATERKOTTE GmbH
Sophie-Opel Straße 20
D-44803 Bochum, Germany
Tel.: (+49) 02323-9376-0
Fax: (+49) 02323-9376-99
[email protected]

Note: If you access the “Microsoft Teams” website, the provider of “Microsoft Teams” is responsible for processing. Access to the website is only necessary to download the software. If you do not want or cannot use the “Microsoft Teams” app, you can also use “Microsoft Teams” via your browser; the service is then provided via the “Microsoft Teams” website.

Legal bases
Where employee personal data of WATERKOTTE GmbH is processed, Section 26 BDSG is the legal basis. If personal data processed in connection with the use of “Microsoft Teams” is not required to establish, perform or terminate the employment relationship but is nevertheless an essential element of using “Microsoft Teams”, Article 6(1)(f) GDPR is the legal basis; our interest is effective conduct of online meetings.

Where processing is required to perform a contract to which you are party or for pre-contractual measures at your request, Article 6(1)(b) GDPR is the legal basis. If no contractual relationship exists, Article 6(1)(f) GDPR applies, again based on our interest in effective conduct of online meetings. If video or audio recordings are exceptionally required, this is done exclusively on the basis of your consent pursuant to Article 6(1)(a) GDPR.

Type and scope of processing
We use “Microsoft Teams” to conduct online meetings. If we want to record an online meeting, we will inform you transparently in advance and ask for your consent. If it is necessary for minutes of results, we will record chat content; however, this is generally not the case. No automated decision-making within the meaning of Article 22 GDPR is used.

Personal data processed when using “Microsoft Teams” may include, depending on what data you provide before or during participation:

• User data (registration information): e.g. username, activation and conference codes, email address, first and last name, company, organisation ID, participant IP, profile picture (optional)
• Configuration and communication data: e.g. device name, IP address, geo data, time zone, activity logs, hardware type
• Conference information: e.g. date, time, duration, number of participants, dial-in method, diagnostic information
• Text, audio and video data: you may use the chat function; your text entries are processed for display in the meeting. For video/audio, the microphone and camera data of your device are processed during the meeting. You can switch off the camera or mute the microphone at any time.

Recipients / disclosure
As a rule, no data is disclosed to third parties in connection with participation in online meetings unless it is intended for disclosure. Please note that meeting content is often intended to communicate information with customers, interested parties or third parties and is therefore intended for disclosure. Another recipient is the provider of “Microsoft Teams”, Microsoft Corporation.

Processing outside the EU/EEA
Microsoft Corporation processes your data, among other places, in the USA. The legal basis for this transfer is the European Commission’s adequacy decision of 10 July 2023 for the EU-U.S. Data Privacy Framework. Participation of US companies requires commitments to detailed data protection obligations; this requirement is currently met by the provider of the tool we use.

Storage period
Your personal data processed in the context of “Microsoft Teams” is generally deleted once it is no longer needed for the purposes for which it was collected. Storage may be necessary, in particular, if data is still required to fulfil contractual services and to examine and grant or defend warranty/guarantee claims. Where statutory retention obligations of 6 or 10 years under commercial and tax law apply, deletion occurs only after expiry of those periods. If processing is based on your consent, data is stored only until you withdraw consent unless another legal basis exists.

1. Provisions for the WATERKOTTE Club

This part applies only to persons registered for the WATERKOTTE Club. The Waterkotte Club is a user portal for operators of a Waterkotte system. Registered users have access to system data and exclusive operator information and tips. In connection with registering your RemoteBox, access to system data collected under the RemoteCare contract is also possible.

For registration, the following personal data is collected:

• Name
• Email address
• Telephone number (if applicable)

After registration, you may optionally provide further personal data, including:

• Address

• Street
• House number
• Postal code
• City

You may also link your WATERKOTTE Club membership to an existing RemoteCare contract; please also observe the provisions in IV. Users of the RemoteCare service.

Registration for the WATERKOTTE Club is voluntary and can be revoked at any time without giving reasons in the “My data” area or by email stating the heat pump serial number to datenschutz(at)waterkotte.de. An existing RemoteCare contract is not affected. Double opt-in is used: after registration you receive an email to confirm access to the Club, preventing unauthorised third parties from applying in your name.

Processing is based on Article 6(1)(a) GDPR (consent). Data is stored until you revoke your consent. Your data is used exclusively for marketing and advertising purposes of WATERKOTTE GmbH; your data is not passed on. Transfer to a third country is not intended.

1. Provisions for newsletter subscribers and participants in customer surveys

This part applies only to persons registered to receive the WATERKOTTE newsletter or participate in WATERKOTTE customer surveys. The newsletter is intended to allow you to receive targeted information on specific topics and to enable us to obtain targeted feedback via surveys.

For newsletter registration and willingness to participate in surveys, the following personal data is collected:

• Email address
• Customer number
• Company name

For evaluation of customer surveys, the following personal data is collected:

• Email address
• Customer number
• Company name
• Postal code

Registration and provision of data is voluntary and can be revoked at any time without giving reasons by emailing [email protected] or by clicking the unsubscribe link at the bottom of the newsletter/survey email, with effect for the future. Double opt-in is used.

After registration, processing is based on Article 6(1)(a) GDPR (consent). The newsletter information letter is based on Article 6(1)(f) GDPR (legitimate interest), in particular Recital 47 sentences 2 and 7 GDPR.

Newsletter data is stored until you withdraw consent. Personal data relating to survey responses is deleted no later than 3 months; only the postal code—shortened to the first two digits—is stored until withdrawn. This is needed to break down survey evaluations by sales territories.

Your data is used exclusively for marketing and advertising purposes of WATERKOTTE GmbH; it is not passed on. For certain parts of the newsletter we may work with our partner “Newsletter2Go”, with whom we have concluded a data processing agreement. Transfer to a third country is not intended.

1. Provisions for users of the EasyCon mobile app

This part applies to persons using the WATERKOTTE EasyCon Mobile App. With the app you can control basic functions of your WATERKOTTE heat pump in the local network and view key efficiency information.

If the app is used without logging in to the WATERKOTTE Club, no personal data is collected. In conjunction with a RemoteCare Box (see IV) and registration in the WATERKOTTE Club (see IX), the same functions can also be used via the internet.

To use internet-based control, login to the WATERKOTTE Club within the app is required. The following personal data is collected:

• Email address
• IP address

Use of the remote control function is voluntary.

1. Information on data subject rights

This part provides additional information on exercising your rights as a data subject vis-à-vis WATERKOTTE.

Your identity

To comply with data subject rights under the GDPR, it may be necessary for WATERKOTTE—where personal data was collected due to contractual relationships—to request additional information to verify your identity on a random basis or where there are justified doubts. This is especially the case if a request for information is made electronically but the sender details do not allow conclusions about a natural person concerned.

You have the right

• to request information about your personal data processed by us pursuant to Article 15 GDPR, including purposes, categories, recipients, planned storage period, rights to rectification/erasure/restriction/objection, complaint rights, origin of data, and the existence of automated decision-making including profiling;
• to request rectification or completion of your stored personal data pursuant to Article 16 GDPR;
• to request erasure pursuant to Article 17 GDPR unless processing is necessary for freedom of expression/information, legal obligation, public interest, or legal claims;
• to request restriction of processing pursuant to Article 18 GDPR under the conditions set out there;
• to object to processing pursuant to Article 21 GDPR where processing is based on Article 6(1)(f) GDPR;
• to receive your personal data in a structured, commonly used and machine-readable format or request transfer to another controller pursuant to Article 20 GDPR;
• to withdraw consent at any time pursuant to Article 7(3) GDPR without affecting the lawfulness of processing before withdrawal. You can withdraw consent via: datenschutz(at)waterkotte.de
• to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, usually at your place of residence or our company’s registered office.

Competent supervisory authority:
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2–4
40213 Düsseldorf, Germany
Phone: 0211/38424-0
Fax: 0211/38424-10
Email: [email protected]

You also have the right to information, in the case of third-party collection, about the source of the personal data and whether it comes from publicly accessible sources (e.g. SCHUFA, credit agencies, commercial registers, press, media), and whether providing the data is required by law or contract or necessary for concluding a contract, and what consequences non-provision would have. Without the data we generally must refuse to conclude the contract or may no longer be able to perform and may have to terminate an existing contract.

Separate information about your right to object under Article 21 GDPR
Under Article 21(1) GDPR you have the right, on grounds relating to your particular situation, to object at any time to processing of personal data concerning you that is based on Article 6(1)(f) GDPR. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds overriding your interests, rights and freedoms, or processing serves the establishment, exercise or defence of legal claims. To exercise these rights, a text notice is sufficient. You may write to us or contact us by email.

1. Social media

Data processing via social media platforms

We maintain company pages on various social media platforms and use them to share information about our company.

We are present on the following platforms:

• Facebook
• Instagram
• LinkedIn

Social networks such as Facebook and Instagram can generally analyse your user behaviour extensively when you visit their website or a website with integrated social media content (e.g. like buttons). This triggers numerous data-protection-relevant processing operations when you visit our social media presences.

When accessing one of our social media presences, we and the operator of the social media platform are jointly responsible for the processing operations triggered. You can generally assert your data subject rights both against us and against the operator of the respective social media portal. Please note, however, that despite joint responsibility we do not have full influence over the processing operations. Our options depend largely on the corporate policy of the respective provider.

The data we collect via the social media presence is deleted from our systems as soon as you request deletion, withdraw consent, or the purpose no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions remain unaffected.

We have no influence over the storage duration of your data stored by the social network operators for their own purposes. For details, please contact the operators directly (e.g. via their privacy policies, see below).

Facebook

Purpose: Optimising our public presentation and maintaining quick contact with users.
Legal basis: Your consent (Article 6(1)(a) GDPR) or our legitimate interest (Article 6(1)(f) GDPR).
Transfers / responsibility / exercising rights: Facebook transfers data, among other places, to the USA based on the EU-U.S. Data Privacy Framework adequacy decision of 10 July 2023. Meta Platforms currently meets these conditions for non-HR data.
What data is stored: When visiting our website and linking to Facebook, personal data may be processed, often including IP address, email addresses, user behaviour data and device information. See Facebook’s privacy policy: https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0 External link.
If you are logged in to Facebook, a cookie with your Facebook ID may be stored on your device, allowing Facebook to recognise the visit. To prevent this, log out of Facebook or deactivate “stay logged in”. Information on your rights: https://de-de.facebook.com/help/2069235856423257 External link.

Instagram

Purpose: Optimising our public presentation and efficient communication with users.
Legal basis: Your consent (Article 6(1)(a) GDPR) and our legitimate interest in comprehensive online presence (Article 6(1)(f) GDPR).
Transfers / responsibility / exercising rights: Instagram processes data, among other places, in the USA based on the EU-U.S. Data Privacy Framework adequacy decision of 10 July 2023.
What data is stored: IP address, email addresses, user behaviour data and device information may be collected and processed; data may be transferred outside the EU. See Instagram privacy policy: https://help.instagram.com/155833707900388 External link.
If logged in to Instagram, a cookie with your Instagram ID may be stored; Instagram can recognise the visit. Log out or deactivate “stay logged in” to avoid this. Further details: https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect&tid=311942099 External link.

LinkedIn

Purpose: (As in original text) Optimising our public presentation and efficient communication with users.
Legal basis: Your consent (Article 6(1)(a) GDPR) and legitimate interest (Article 6(1)(f) GDPR).
Transfers / responsibility / exercising rights: When visiting our website and linking to LinkedIn, personal data such as IP address, email addresses, user behaviour data and device information may be processed.
What data is stored: For account creation, LinkedIn requires certain data (name, email address and/or mobile number, general location, password). For premium services, payment and billing information is required. Which profile information you publish is up to you (e.g. education, work experience, skills, photo, location/region, endorsements). LinkedIn privacy policy: https://de.linkedin.com/legal/privacy-policy External link.

Contact / security notice / changes

To exercise your rights, for questions about this privacy policy, or for further information, please contact WATERKOTTE’s data protection officer:
DSB Ruhr c/o nextindex GmbH & Co. KG
Grabenstraße 12
44787 Bochum, Germany
Tel.: +49 234 81050300
[email protected]

Security notice: We endeavour to store your personal data using technical and organisational measures so it is not accessible to third parties. Complete data security cannot be guaranteed when communicating by email; therefore, for confidential information we recommend using postal mail.

Changes to this privacy policy: Due to the further development of our website and offers or due to changes in legal or official requirements, it may be necessary to amend this privacy policy. The current privacy policy can be accessed at any time on the website at:
https://www.waterkotte.de/datenschutz/ External link.