Thermowatt Version (2022-03-31)
PRIVACY NOTICE ON PERSONAL DATA PROCESSING PURSUANT TO
EU REGULATION 2016/679 (“GDPR”)
Thermowatt S.p.A. (hereinafter also “Thermowatt”), with registered offices in Via San Giovanni Battista, 21,
60011 Arcevia (AN), Italy, as Data Controller (hereinafter also the "Company"), in the person of the Legal
Representative, provides you with the following information regarding the processing of your personal
data.
Categories of personal data
The Data Controller will process your personal data. Below is an exemplifying and non-exhaustive list of
the categories of data that will be subject to such processing:
- name, surname;
- e-mail address, country, telephone number;
- gateway serial number and other information related to the product associated with you;
- data relating to and/or derived from the operation of the equipment;
- characteristics of the inhabited building (size of the house, number of rooms type of heating) and
the family unit;
- data of your choice transmitted by social platforms in case you make use of the social log-in
function.
In particular, through the Thermowatt Apps (hereinafter “App”) and/or web Apps (hereinafter “web App”)
the following information will be processed by the Data Controller:
- the IP address or ID of your device;
- the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the
request, the method used to submit the request to the server, the size of the file obtained in
response, the numerical code indicating the status of the response given by the server
(successful, error, etc.) and other parameters relating to the operating system and the computer
environment of your device;
- the model and brand of the appliance managed through the App/web App, as well as how the
system is managed;
- data relative to the physical quantities (for example, temperature) measured by the sensors of the
appliance;
- consumption data;
- data related to the status and parameter settings of the functions performed by the appliance;
- information on the interactions carried out by you with the App/web App, including commands for
the activation of the appliance;
- e-mail addresses or telephone numbers used to send notifications following events;
- geolocation of the device on which the application is installed in case such function is enabled
which is further subject to Google Privacy Policy at https://www.google.com/policies/privacy/;
- location of the appliance communicated by the Internet connection device in the initial
configuration.
The Company, in fulfilment of the contract stipulated with you, will also collect information regarding the
product installed (including, but not limited to, advanced technical details, heating settings and operation,
etc.).
App Required Authorizations
Upon installation of the App, you will be asked for authorization to access to the location (based on GPS
and network).
In this moment, some authorizations are also issued to allow the operation of the app in relation to the
operating system running on the mobile device.
The details of these authorizations may change depending on system and app updates and are always
available, upon download in the section dedicated to the app information in the mobile app store.
Thermowatt Version (2022-03-31)
Purposes and legal basis of the Data Processing
The Company will process the above-mentioned personal data, according to the principles of necessity,
fairness, lawfulness and transparency as dictated by the GDPR, for the following purposes:
a) Creation of an account on the App/web App;
b) Provision of remote control and/or remote diagnosis services;
c) If necessary, in order to ascertain, exercise or defend the rights of the Data Controller in
judicial and/or extra-judicial proceedings.
The purposes listed in points a) and b) find their legal basis in the execution of the contract to which
you are a party.
Instead, the processing activities described in point c) are conducted in accordance with a legitimate
interest of the Data Controller: in particular, the interest to improve its service and to protect its rights
in judicial and/or extrajudicial proceedings.
d) Direct marketing: sending of promotional and commercial communications relating to the
Company's services/products/events (with automated contact methods such as e-mail or
sms and with traditional contact methods such as telephone calls with operator and
traditional mail), and/or carrying out market surveys, customer satisfaction activities and
statistical analysis. Furthermore, the customer accepts that such data may be transferred to
third parties, as independent owners, who may use them for direct marketing purposes.
These subjects may be, by way of example, sellers, technical assistance centres,
manufacturers of Thermo Comfort products.
e) Profiling: Analysis of your preferences, habits, interests in order to send you tailor made
commercial offers meeting your service and/or product needs. Furthermore, the customer
accepts that such data may be transferred to third parties, as independent owners, who may
use them for direct marketing purposes. These subjects may be, by way of example, sellers,
technical assistance centres, manufacturers of Thermo Comfort products.
The processing of your personal data for the abovementioned purposes (listed in points d) and e) will
be carried out only upon your specific and unambiguous consent, expressed for each purpose.
In relation to the specific authorizations requested upon installing the App, the following processing
purposes are specified:
• Position
Access to this data is necessary in order to provide the service;
• Storage space
This access is necessary for the sole purpose of installing the App on the mobile device;
• Other
Access to the described functionalities is only necessary for the proper technical functioning of
the App.
Data retention
The Data controller, in relation to the purposes of creation of an account, will process your personal data
until your unsubscription request.
With regard to the processing activities related to the provision of remote control and/or remote diagnosis
services, the Data Controller will process your personal data (related to equipment operation and personal
data derivable on the basis of the equipment operation) until the end of the contract and, thereafter, for two
years.
The data processing related to the purposes of direct marketing and profiling activities will be carried out
until your withdrawal of consent.
The data related to the direct marketing activities will be retained for 24 months; the data related to the
profiling activities, instead, will be retained for 12 months.
These retention periods shall begin to run from the time the personal data are collected.
If the Data Controller exercises or defends its rights in judicial and/or extra-judicial proceedings, your data
will be processed for the entire duration of the dispute, until the terms of the appeal have been exhausted.
Thermowatt Version (2022-03-31)
Once the abovementioned retention terms have expired, the Data will be destroyed, deleted, or made
anonymous, compatibly with the technical procedures for deletion and backup and for the accountability
needs of the Data Controller.
In particular, following your possible withdrawal of consent, the Company will continue to process your
Data in order to be able to have evidence that you will no longer want to receive marketing information and
promotional material.
Provision of Data
In order to create an account on the Platform, the provision of your personal data is optional, however
within the online registration form you will find fields marked with an asterisk: without this information it will
not be possible for the Data Controller to create such account and, therefore, to allow you to access the
remote control and/or remote diagnosis services.
In relation to the fields not marked with an asterisk, your refusal to provide the data will in no way affect the
creation of the account and the access to the service requested.
Regarding direct marketing and profiling activities, the provision of your data is fully discretional: the Data
Controller will process your personal data only upon your express and unambiguous consent.
You may withdraw the consent given at any time: such withdrawal shall not affect the lawfulness of the
processing based on consent before such withdrawal.
Data communication
Your Personal Data may be communicated to external parties operating as independent data controllers,
for example: authorities and supervisory bodies and, in general, public or private parties entitled to request
and/or access to such Data (e.g. banks, insurance companies).
Furthermore, the recipients of your personal data may be, with your express permission, third parties who
will provide their service through their own means.
These third parties would be considered as independent data controller of your personal data.
If the appliance for which you are activating the remote control and remote diagnosis service has not been
directly purchased by you, but is already present in the house because it has been installed by the owner,
your personal data may be communicated to this very owner also by means of special digital interfaces
(API).
This owner is considered to be an independent data controller and will therefore provide you with his own
privacy notice regarding the processing of your personal data, which he will carry out for his own purposes.
Your Data may also be processed by external parties designated as Data Processors (pursuant to art. 28
of the GDPR), who carry out specific processing activities on behalf of the Data Controller, such as, by way
of example:
• Technical assistance centres
• Database providers;
• Call-centre services providers;
• Domestic consulting firms;
• Companies that provide management and/or maintenance services for the Company's mobile and
desktop applications;
• Parties that provide services for the management of the information system and
telecommunications networks, including e-mail;
• Marketing and market research companies;
• Public relation companies;
• Water heater manufacturers.
For the provision of its services, Thermowatt is assisted at national and international level by individual
local entities and commercial organizations operating locally.
These local entities and commercial organizations process personal data on behalf of Thermowatt and
therefore qualify as Data Processors pursuant to art. 28 of GDPR. Your personal data will not be
disseminated.
Thermowatt Version (2022-03-31)
Transfer of personal data to countries outside the European Union
The Data might be processed by Data Processors that are based also in non-EU countries, whose level of
data protection has been considered adequate by the European Commission pursuant to art. 45 of the
GDPR.
The transfer of your personal data may also be carried out following the signing of Standard Contractual
Clauses as provided for by art. 46(2)(c) of the GDPR.
A copy of the guarantees may be requested by contacting the Data Controller at the e-mail address
info.connectivity@thermowatt.com.
Personnel authorized to process personal data
The data may be processed by employees and/or collaborators of the Data Controller and/or the Data
Processor assigned to the fulfilment of the above mentioned purposes, who have been expressly
authorised to the processing and have received adequate operating instructions.
Processing Methods
The Processing activities may include, besides data collection, also data registration, storage, amendment,
communication, cancellation, circulation, etc. and will be carried out both through hardcopies and through
digital, informatic and telematic tools, and with suitable tools in order to guarantee the security and
confidentiality of the data.
Within the limits of the abovementioned specific purposes, data processing is carried out through manual,
digital and telematic tools.
The Data Controller adopts organization and technical procedures to guarantee personal data security and
confidentiality.
Rights of the data subjects
Contacting the Privacy Office by ordinary mail sent to the address Via San Giovanni Battista, 21, 60011
Arcevia (AN), Italy or by e-mail at info.connectivity@thermowatt.com, you can ask the Company, as Data
Controller, for access to your data, their rectification, their cancellation, the limitation of the processing in
the cases provided for by art. 18 GDPR, as well as the opposition to the processing, for reasons related to
their particular situation, in the hypothesis of legitimate interest of the Data Controller.
Furthermore, the data subjects, in the event that the processing is based on consent or contract and is
carried out by automated means, have the right to receive the data in a structured, commonly used and
machine-readable format and, if technically feasible, to transmit them to another data controller without
hindrance.
Data subjects have the right to withdraw at any time the consent given for marketing and/or profiling
purposes. This is without prejudice to the possibility for the data subject who prefers to be contacted
exclusively through traditional methods, to oppose the processing for marketing purposes only in relation
to the receipt of communications through automated means.
Data subjects shall have the right to lodge a complaint with the competent supervisory authority in the
Member State where they habitually reside or work or in the State where the alleged breach has occurred.
Data subjects may also modify the consent given through the "user profile" section available within the
App/web App.
Please note that the cancellation of the user account can be done by sending an e-mail at
info.connectivity@thermowatt.com.
For further information regarding the details of the service, please refer to the Terms&Conditions.
Data Controller
The Data Controller is Thermowatt S.p.A., with registered offices in Via San Giovanni Battista, 21, 60011
Arcevia (AN), Italy.
Data Protection Officer
The Data Controller has appointed a Data Protection Officer, who can be contacted at the following e-mail
address: DPO.Thermowatt@thermowatt.com.
