Privacy policy

1. Provision of the website
2. Cookies
3. Communication
   1. Telephone
   2. E-Mail
4. Analysis – tools
   1. Google Analytics
5. HubSpot
   1. Analytics
   2. AI Chatbot
   3. Online contact form
   4. CDN
   5. Tracking pixels and cookies
   6. Newsletter distribution
   7. General
6. Newsletter
7. OpenStreetMap
8. Mynewsdesk
9. What rights do you have in relation to the processing of your data?
10. Is there an obligation to provide your personal data?

Processing applicant data
Business partner data processing
Data protection notices for social media pages
Whistleblowers
Data controller and contact details of the data protection officer

Access logs and error logs are enabled by default on our server. Access log files record website visitors’ activities on the web pages. As the website operators, we collect such data to ensure the website functions properly, identify attacks and protect ourselves against them. Error logs record failed page requests for this purpose. Where possible and appropriate, the IP address is pseudonymised by way of truncation (TYPO3).

If we suspect an attack on our system, data relating to the visitor’s computer system is automatically logged and stored in firewall logs for the purposes of forensic analysis.

Data type

• IP address of the requesting computer,
• Date and time of access,
• Name and URL of the file accessed,
• The website from which the access originates (referrer URL),
• The browser you are using and, where applicable, your computer’s operating system, as well as the name of your internet service provider.

Purpose of processing

• Ensure that the website connects smoothly,
• Ensure a comfortable user experience on our website,
• System security and stability assessment
• Investigating any instances of malicious website access (DoS/DDoS attacks etc.) as well as
• for other administrative purposes.

Legal basis
The legal basis is Article 6 (1) sentence 1 letter f) GDPR (General Data Protection Act); where access to information stored on the user’s terminal equipment is strictly necessary, the legal basis is also Section 25 (2) No. 2 TDDDG (German Telecommunications, Digital Services and Data Protection Act).

Legitimate interests
The purposes set out above also constitute a legitimate interest in data processing within the meaning of Article 6 (1) letter f) GDPR.

Duration of data storage
When you visit our website www.aquatherm.de, the browser used on your device automatically sends information to our website’s server. This information is temporarily stored in a log file. This information is collected automatically and stored until it is automatically erased, usually after one week.

Right to object
Where data is processed to the extent described, this is strictly necessary for the security and operation of the website. You, therefore, have no right to object.

We use cookies on our website. These are small files that your browser creates automatically and which are stored on your device (laptop, tablet or smartphone etc.) when you visit our website. Cookies store information relating to the specific device being used. However, this does not mean that as a result we gain direct knowledge of your identity. On the one hand, using cookies is aimed at making your experience of our website more enjoyable. We use what are known as session cookies to recognise that you have already visited individual pages on our website. These are automatically erased once you leave our website.

Furthermore, we also use temporary cookies to improve user experience. These are stored on your device for a specific, predefined period of time. If you visit our website again to use our services, the system shall automatically recognise that you have visited us before and remember the details and settings you entered, so you won’t need to enter them again.

We also use cookies to collect statistical data on how our website is used and to analyse such data to optimise the service we offer you (see Analysis Tools). These cookies enable us to automatically recognise when you return that you have visited our site before. These cookies are automatically erased after a specified period. This specified period is 12 months!

Legal basis
The legal basis for using cookies is your consent in accordance with Section 25 (1) TDDDG and Article 6 (1) sentence 1 letter a) GDPR. Where the use of cookies is strictly necessary, this is based on Section 25 (2) TDDDG, and any further data processing is performed in accordance with Article 6 (1) c) or (f) GDPR.

When you contact us (e.g. by telephone, e-mail or via our online contact form), we process your data to handle and process your enquiry and the associated business transaction.

3.1 Telephone

When you call us, the call data is stored in pseudonymised form on the relevant device and with the used telecommunications provider. In addition, details such as your name and telephone number can then be sent by e-mail and stored for the purpose of responding to your enquiry. The data shall be erased as soon as the transaction has been completed and legal requirements permit.

• Contract (Article 6 (1) letter b) GDPR)

We need to process your data to execute a contract with you. This also applies to pre-contractual activities (such as preparing a quotation).

• Legitimate interests (Article 6 (1) letter f) GDPR)

We aim to handle customer enquiries and business communications professionally. This requires certain technical systems (such as e-mail programmes, exchange servers and mobile network operators) to ensure efficient communication.

Disclosure of data

Your personal data shall not be disclosed to third parties for any purposes other than those listed below. We shall only pass on your personal data to third parties if:

The disclosure is necessary in accordance with Article 6 (1) sentence 1 letter f) GDPR for the establishment, exercise or defence of legal claims, and there is no reason to believe you have an overriding legitimate interest in preventing the disclosure of your data,

It is permitted by law and is necessary to process contractual relationships with you in accordance with Article 6 (1) sentence 1 b) GDPR.

3.2 E-mail

When you communicate with us via e-mail, data may be stored on the relevant device (computer, laptop or smartphone etc.) and shall also be stored on the e-mail server. The data shall be erased as soon as the transaction has been completed and legal requirements permit.

• Consent (Article 6 (1) letter a) GDPR)

You grant us your consent to store your data and to use it for purposes relating to the transaction;

• Contract (Article 6 (1) letter b) GDPR)

We need to process your data to execute a contract with you. This also applies to pre-contractual activities (such as preparing a quotation).

• Legitimate interests (Article 6 (1) letter f) GDPR)

We aim to handle customer enquiries and business communications professionally. This requires certain technical systems (such as e-mail programmes, exchange servers and mobile network operators) to ensure efficient communication.

Disclosure of data

Your personal data shall not be disclosed to third parties for any purposes other than those listed below. We shall only pass on your personal data to third parties if:

You have granted your explicit consent to this in accordance with Article 6 (1) sentence 1 letter a) GDPR,

The disclosure is necessary in accordance with Article 6 (1) sentence 1 letter f) GDPR for the establishment, exercise or defence of legal claims, and there is no reason to believe you have an overriding legitimate interest in preventing the disclosure of your data,

It is permitted by law and is necessary to process contractual relationships with you in accordance with Article 6 (1) sentence 1 b) GDPR.

The tracking measures listed below and used by us are performed exclusively based on your consent, in accordance with Article 6 (1) sentence 1 letter a) GDPR. We use these tracking measures to ensure that our website is tailored to users’ needs and is continually optimised. We also use tracking tools to collect statistical data on the use of our website and analyse this data with a view to optimising our service for you. The specific purposes of data processing and categories of data can be found in the information provided for the relevant tracking tools.

4.1 Google Analytics

To tailor our website to users’ needs and continually optimise it, we use Google Analytics, a web analytics service provided by Google Inc. (https://www.google.de/intl/de/about/) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; hereinafter “Google”). We also use tracking tools to collect statistical data on the use of our website and analyse this data with a view to optimising our service for you. We process your data solely based on the consent you have previously granted us (see above under “Cookies”)

Google Analytics creates pseudonymised user profiles for us. The information generated by the Google Analytics cookie regarding your use of this website, such as

• Viewed ages
• Orders, including the total amount and the products ordered
• The achievement of “website goals” (e.g. contact enquiries and newsletter subscriptions)
• Your behaviour on the pages (e.g. time spent on the page, clicks and scroll depth)
• Your approximate location (country and town)
• Your IP address
• Technical information such as browser, internet service provider, device and screen resolution
• The source of your visit (i.e. which website or advertising material led you to us)
• A randomly generated user ID

No personal data, such as your name, address or contact details, is transmitted to Google Analytics.

Google Analytics is used solely based on the consent you have granted for this purpose, in accordance with Article 6 (1) sentence 1 letter a) GDPR.

This data is transferred to Google’s servers in the USA. Please note that data protection laws in the USA do not guarantee the same level of protection as those in the EU. 

Google Analytics stores cookies in your web browser for a period of two years from your last visit. These cookies contain a randomly generated user ID, which allows you to be recognised during future visits to the website.

You can also prevent the collection of data generated by the cookie and relating to your use of the website (including your IP address), as well as the processing of this data by Google, by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, particularly for browsers on mobile devices, you can also prevent data collection by Google Analytics by clicking on this link. An opt-out cookie shall be set to prevent your data from being collected in future when you visit this website. The opt-out cookie applies only to this browser and only to our website, and is stored on your device. If you clear the cookies in this browser, you shall need to set the opt-out cookie again.

Further information about data protection in conjunction with Google Analytics can be found, for example, in Google Analytics Help.

We use various HubSpot tools, each of which has different requirements and legal considerations. These are listed below, and the requirements and legal aspects are set out individually.

5.1 Analytics

We use HubSpot Analytics, provided by HubSpot Germany GmbH, Am Postbahnhof 17, D-10243 Berlin, as an analytics service for the statistical analysis of our website. This includes, for example, the number of visits to our website, the sub-pages visited and the dwell-time visitors spend on the site. HubSpot Analytics uses cookies and other browser technologies to analyse user behaviour and recognise users.

This information is used, inter alia, to compile reports on website activity.

Purpose and legal basis

We process data using HubSpot Analytics for the purpose of optimising our website and for marketing purposes, based on your consent in accordance with Article 6 (1) letter a) GDPR.

Retention period

We have no control over the specific retention period for the processed data. This is determined by HubSpot Germany GmbH. Further information can be found in the HubSpot Data Protection Policy

Analytics: https://www.hubspot.de/data-privacy/gdpr

5.2 AI Chatbot

Nature and scope of processing

We have integrated features from the HubSpot Chat customer communication platform in our website. The HubSpot AI chatbot is a service rendered by HubSpot Germany GmbH, which enables us to answer questions from visitors to our website and provide targeted assistance where needed. The HubSpot AI chatbot uses cookies and other browser technologies to analyse user behaviour and recognise users. In addition, HubSpot’s AI chatbot is used to store and transmit data entered in chats via cookies, including your IP address. In this case, your data shall be passed on to the operator of HubSpot Chat, HubSpot Germany GmbH, Berlin.

Purpose and legal basis

Use of HubSpot Chat is based on our legitimate interests, i.e. our interest in optimising our online offering in accordance with Article 6 (1) letter f) GDPR.

Retention period

We have no control over the specific retention period for the processed data. This is determined by HubSpot Germany GmbH. Further information can be found in the HubSpot Data Protection Policy

Chat: https://www.hubspot.de/data-privacy/gdpr

5.3 Online contact form

When you contact us via the online form, your data shall be stored on our web server and, where necessary, forwarded to one of our e-mail addresses. We shall retain your data until you ask us to erase it, you withdraw your consent to its storage or the purpose for storing the data no longer applies (e.g. once your enquiry has been dealt with) and provided that this is permitted by law.

• Consent (Article 6 (1) letter a) GDPR)

You grant us your consent to store your data and to use it for purposes relating to the transaction;

• Contract (Article 6 (1) letter b) GDPR)

We need to process your data to execute a contract with you. This also applies to pre-contractual activities (such as preparing a quotation).

• Legitimate interests (Article 6 (1) letter f) GDPR)

We aim to handle customer enquiries and business communications professionally. This requires certain technical systems (such as e-mail programmes, exchange servers and mobile network operators) to ensure efficient communication.

Disclosure of data

Your personal data shall not be disclosed to third parties for any purposes other than those listed below. We shall only pass on your personal data to third parties if:

You have granted your explicit consent to this in accordance with Article 6 (1) sentence 1 letter a) GDPR,

The disclosure is necessary in accordance with Article 6 (1) sentence 1 letter f) GDPR for the establishment, exercise or defence of legal claims, and there is no reason to believe you have an overriding legitimate interest in preventing the disclosure of your data,

It is permitted by law and is necessary to process contractual relationships with you in accordance with Article 6 (1) sentence 1 b) GDPR.

5.4 CDN

Nature and scope of processing

We use HubSpot CDN to ensure the proper delivery of our website’s content. HubSpot CDN is a service provided by HubSpot Germany GmbH, which acts as a content delivery network (CDN) on our website to ensure the functionality of other services provided by HubSpot Germany GmbH. A separate section in this Data Protection Policy covers these services. This section deals solely with use of the CDN.

A CDN helps deliver content from our website – in particular files such as graphics or scripts – more quickly by using servers located across different regions or countries. When you access this content, you establish a connection to servers operated by HubSpot Germany GmbH, during which your IP address and, where applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the aforementioned purposes and to maintain the security and functionality of HubSpot CDN.

Purpose and legal basis

Use of the content delivery network is based on our legitimate interests, namely our interest in the secure and efficient provision and optimisation of our online services, in accordance with Article 6 (1) letter f) GDPR.

Retention period

We have no control over the specific retention period for the processed data. This is determined by HubSpot Germany GmbH. Further information can be found in the HubSpot Data Protection Policy

CDN: https://www.hubspot.de/data-privacy/gdpr

5.5 Tracking pixels and cookies

We use services rendered by HubSpot, 25 First Street, Cambridge, MA 02141, USA, on our website. HubSpot is an integrated software solution for marketing, sales and customer service.

Nature and scope of processing

We use tracking pixels and cookies when using HubSpot. These are small text files or invisible images that are stored on your device or downloaded when you visit our website.

The following personal data may, in particular, be processed:

• IP address
• Device and browser information
• Referrer URL
• Date and time of access
• Viewed pages and interactions (e.g. clicks, downloads, form submissions)
• Where applicable, contact details, provided these are actively entered via forms
• Usage behaviour relating to marketing e-mails (e.g. open and click-through rates)

The information collected is stored on HubSpot servers and processed on our behalf. This data is only combined with other data as part of our use of the CRM system.

Purpose of processing

The data is processed for the following purposes:

• Analysis of user behaviour on our website
• Optimising our online offering
• Marketing automation and personalised communication
• Managing contact enquiries
• Measuring the success of marketing campaigns

Legal basis

Use of non-strictly necessary cookies and tracking technologies is based on your consent in accordance with Article 6 (1) letter a) GDPR in conjunction with Section 25 (1) TTDSG.

Where personal data is processed in conjunction with the initiation or performance of a contract, the legal basis is Article 6 (1) letter b) GDPR.

Processing data for the purposes of analysing and optimising our website may be performed based on our legitimate interest in accordance with Article 6 (1) letter f) GDPR – provided that consent is not required.

You can use our consent management tool to withdraw your consent at any time with effect for the future.

Retention period

Cookies are either:

• Retained as session cookies and automatically erased at the end of your visit, or
• Retained as persistent cookies for a specified period (usually between 6 and 24 months), unless you erase them beforehand.

Tracking pixels and cookies: https://www.hubspot.de/data-privacy/gdpr.

5.6 Newsletter distribution

We also send out our newsletter via HubSpot. The following information explains our newsletter, including the procedures for subscribing, sending and analysing it, as well as your right to withdraw your consent. By subscribing to our newsletter, you are also granting your consent to receive it and consenting to the procedures outlined therein.

Nature and scope of processing

Contents of the newsletter: a prerequisite for sending newsletters, e-mails and other electronic messages containing promotional information (hereinafter referred to as “Newsletter”), such as white papers, is the recipient’s consent or a statutory authorisation (in particular Section 7 (3) of the German Unfair Competition Act). Where individual newsletters are described in detail in relation to the subscription process, this description is authoritative for the consent of the person subscribing to the Newsletter. Unless otherwise stated, our Newsletters contain useful information about our product range, special offers and campaigns as well as company news.

Double opt-in: The sign-up process for our newsletter is known as a double opt-in. This means that immediately after you sign up for our newsletter, you shall receive an e-mail from us asking you to confirm your subscription. This ensures that only people who actually have access to the stated e-mail address sign up for the newsletter. We log newsletter subscriptions, including the time of registration and confirmation, along with your IP address, as proof that the registration process complies with legal requirements. Any changes made to your stored data by the Newsletter provider are also recorded in the log.

According to information provided by the Newsletter provider, it uses the data in a pseudonymous form, without linking it to individual users, to improve its services. The Newsletter service provider is not permitted to use the newsletter recipients’ data for its own purposes or to pass it on to third parties.

To subscribe to the Newsletter, simply enter your e-mail address. Additional details such as your first name, surname, company name and telephone number are optional and are used solely to address you personally in the Newsletter.

The so-called web beacon, which is included in all newsletters, is a pixel-sized file that the HubSpot server automatically retrieves when the Newsletter is opened. In doing so, technical information is collected, such as details about your browser and operating system, your IP address and the time of your visit. They are used to optimise technical services and are based on technical data or information about your target groups and reading behaviour, taking into account the locations from which the data is accessed (which can be determined using your IP address) or the times at which the data is accessed. The data on whether or not and when Newsletters are opened and which links are clicked is also included in the statistical analysis. This makes it possible to link the data to individual newsletter subscribers. However, monitoring individual users in this way is neither our intention nor that of the service provider. Our sole aim is to learn more about our users’ reading habits and tailor our content accordingly, or publish different content based on their interests.

Purpose and legal basis

Recipients’ consent in accordance with Article 6 (1), sentence 1, letter a) GDPR, Article 49 (1), sentence 1, letter a) GDPR, Article 7 GDPR in conjunction with Section 7 (2) No. 3 UWG or based on the statutory authorisation in accordance with Section 7 (3) UWG is a fundamental prerequisite for the distribution of our Newsletter and measurement of its success.

The Newsletter subscription process is recorded based on our legitimate interests in accordance with Article 6 (1) sentence 1 letter f) GDPR, and also serves as proof of consent to receive the Newsletter. You are free to unsubscribe from our Newsletter at any time by withdrawing your consent. You will find a link to unsubscribe at the bottom of each Newsletter. Once you have unsubscribed from the Newsletter, your personal data shall be automatically erased.

5.7 General:

The data is stored in an EU data centre operated by HubSpot Germany GmbH. For further information, please visit: https://www.hubspot.de/eu-data-centre.

Provided that you have granted your explicit consent in accordance with Article 6 (1) sentence 1 letter (a) GDPR, we shall use your e-mail address to send you our Newsletter on a regular basis. All you need to do to receive the newsletter is provide your e-mail address. You may also voluntarily provide us with your title, surname and first name (Article 6 (1) letter a) GDPR). We may process this additional data, subject to your consent, to personalise our Newsletters for you, so that we can address you personally as the recipient.

You subscribe to our Newsletter via a double opt-in process, which means that after signing up, you shall receive an e-mail asking you to confirm your subscription. We shall record the subsequent confirmation for our records. The time of registration and confirmation shall be retained with your e-mail address. 

You are welcome to send an e-mail at any time to info(at)aquatherm.de to withdraw your consent regarding the use of your title, surname and first name, or to unsubscribe from the Newsletter altogether. If you unsubscribe from the newsletter, any data you have made available to us other than your e-mail address shall also be erased from the mailing list.

What is OpenStreetMap?
We have incorporated map sections in our website from the online mapping service “OpenStreetMap.” This is an open-source mapping application that we can access via an API (application programming interface). This service is rendered by the OpenStreetMap Foundation, based at St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom. If you use these map features, your IP address shall be sent to OpenStreetMap. In this Data Protection Policy, we explain why we use OpenStreetMap, that data that is stored in the process, and how you can prevent this data from being stored if you wish.

Background to OpenStreetMap
The OpenStreetMap project was launched in 2004. Creating a free and open world map was the aim from the beginning. Users around the world contribute data on geographical features such as buildings, roads, forests and rivers. Over the years, this has resulted in the creation of such an extensive, user-generated digital world map. Although the map is not complete in all areas, it contains very detailed information for many regions.

Why do we use OpenStreetMap on our website?
Our website is designed to provide you with quick and easy access to information. To that end, we not only provide information about our products and services, but also aim to help you find your way around. With the help of OpenStreetMap, we can show you exactly how to find us. This makes getting here a breeze.

What data does OpenStreetMap collect?
When you visit a page on our website that uses OpenStreetMap, certain user data is transmitted to OpenStreetMap and stored there. This includes data such as your IP address, information about your browser, device type and operating system, as well as details of the date and time of use. In addition, interactions with the map are tracked using tracking software, whereby the company uses the “Piwik” analytics tool.

This collected data is accessible to the relevant working groups of the OpenStreetMap Foundation. Personal data shall not be disclosed to third parties unless required by law. However, the third party tool Piwik stores your IP address in anonymised form.

OpenStreetMap cookies
When you interact with the map on our website, the following cookie may be set in your browser:

• Name: _osm_location
• Value: 9.63312%7C52.41500%7C17%7CM
• Purpose: this cookie enables access to OpenStreetMap content.
• Expiry date: 10 years after the cookie is set.

If you view the map in full-screen mode, you shall be redirected to the OpenStreetMap website, where further cookies may be set:

• Name: _osm_totp_token
  Value: 148253331767837571-2
  Purpose: This cookie ensures that the map works correctly.
  Expiry date: 1 hour after the cookie is set.
• Name: _osm_session
  Value: 1d9bfa122e0259d5f6db4cb8ef653a1c
  Purpose: this cookie stores session information and your user behaviour.
  Expiry date: at the end of the session.
• Name: _pk_id.1.cf09
  Value: 4a5.1593684142.2.1593688396.1593688396331767837571-9
  Purpose: this cookie is set by Piwik to analyse your click behaviour.
  Expiry date: 1 year after the cookie is set.

Data retention period
OpenStreetMap’s servers, databases and supporting services are mainly located in the UK and the Netherlands. The user data collected, such as your IP address, is deleted 180 days after being stored in anonymised form by the Piwik analytics tool.

Erasure of data or objection
You have the right to access your personal data and object to its use at any time. You can manage, erase or disable the cookies set by OpenStreetMap in your browser. Please note that this may mean that some features of the website will no longer be fully available. Every browser has a slightly different method for managing cookies. You can find instructions for the most common browsers under the “Cookies” section.

Legal basis for data processing
If you have consented to the use of OpenStreetMap on our website, this consent constitutes the legal basis for the processing of your personal data in accordance with Article 6 (1) letter a) GDPR. Furthermore, we believe there is a legitimate interest in using OpenStreetMap to optimise our online services. The legal basis for this is Article 6 (1) letter f) GDPR (Legitimate interests).

Further information about data processing by OpenStreetMap can be found in the company’s privacy policy.

We use services provided by Mynewsdesk AB, Rosenlundsgatan 40, 118 53 Stockholm, Sweden, on our website. Mynewsdesk is a platform for publishing and distributing press releases and corporate news.

Nature and scope of processing

When integrating Mynewsdesk content (e.g. press portals, news feeds or embedded press releases), personal data may be processed when accessing the relevant pages.

The following data may, in particular, be processed:

• IP address
• Date and time of access
• Browser and device information
• Referrer URL
• Viewed content and interactions
• Any additional technical log data

If you use features provided via Mynewsdesk (e.g. contact forms, download functions or social sharing), the data you enter (e.g. name, e-mail address or company details) may also be processed.

Data is processed, in part, by Mynewsdesk as the sole data controller and – depending on the context – may also apply under joint responsibility or as part of order data processing.

Purpose of processing

The data is processed for the following purposes:

• Provision and publication of press releases and company news
• Public relations and corporate communications
• Analysis of the reach and usage of published content
• Handling media and contact enquiries

Legal basis

The integration of Mynewsdesk content is based on:

• Your consent in accordance with Article 6 (1) letter a) GDPR in conjunction with Section 25 (1) TTDSG, where tracking or marketing technologies are used, or
• Our legitimate interest, in accordance with Article 6 (1) letter f) GDPR, in conducting effective press and public relations work and in providing up-to-date corporate information.

Where data is processed in conjunction with specific enquiries or contractual relationships, the legal basis is Article 6 (1) letter b) GDPR.

You may withdraw your consent at any time with effect for the future.

Retention period

Personal data is only stored for as long as is necessary for the relevant purposes or as required by statutory retention obligations.

Log and usage data are stored by Mynewsdesk in accordance with its own retention periods. If you contact us directly, we shall retain your data for as long as is necessary to process your enquiry.

Mynewsdesk acts as the data controller for your personal data and its processing in accordance with the following Data Protection Policy: https://www.mynewsdesk.com/de/about/terms-and-conditions/privacy_policy

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions set out in Sections 34 and 35 BDSG apply to the right of access and the right to erasure.

We shall be happy to inform you whether or not we are processing any personal data relating to you. If this is the case, you have the right to access such personal data and receive the information specified in detail in Article 15 GDPR. In addition, subject to the relevant legal requirements, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR).

What rights do you have in the event that your data is processed based on your legitimate or public interest?

In accordance with Article 21 (1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which occurs based on Article 6 (1) sentence 1 letter e) GDPR (Data processing in the public interest) or on based on Article 6 (1) sentence 1 letter f) GDPR (Data processing to safeguard a legitimate interest).

If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

You may withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only applies to the future.

Irrespective of these rights and the possibility of seeking other administrative or judicial remedies, you have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you infringes data protection regulations (Article 77 GDPR).

Providing personal data is not required by law or contract. You are not required to provide such personal data either. However, providing personal data is required to implement the application process. This means that unless you make personal data available to us as part of your application, we shall not be able to proceed with the application process.

Which personal data of yours do we use?

We process your personal data to the extent necessary for processes involving the recruitment process. These include the following data categories:

Standard information

• Applicant details (first name, surname, address and job title)
• Qualification details (cover letter, CV, previous work experience a professional qualifications)
• (Employment) references and certificates (performance records, assessment records etc.)

Other information

• Voluntary information, such as a photograph for your application, details regarding your status as a person with a severe disability, or any other information that you choose to make available in your application.

We only process the personal data that we receive from you as part of the application process.

In some cases, we receive personal data from the following sources

• Recruitment agency
• Temporary employment agency 

Application platform and order processing 

To perform this task, your data shall be shared with GuideCom AG, An der Kleimannbrücke 4, D-48157 Münster, Germany. This is an external application that is integrated in the system. Data is entered directly in GuideCom AG’s servers. This means that your personal data is transmitted directly to GuideCom. As the operator of this website, we only process data indirectly. 

Your personal data is processed for the purpose of conducting the recruitment process in accordance with Article 6 (1) letter a) or b) GDPR. The legal basis for the integration in our website is Article 6 (1) letter f) GDPR, i.e. our legitimate interest in ensuring an efficient and user-friendly application process. 

GuideCom processes your data on our behalf as part of a data processing arrangement in accordance with Article 28 GDPR. An order data processing agreement has been entered into. No data is transferred to third countries.

Further information about data processing by GuideCom AG can be found in GuideCom’s Data Protection Policy, which can be viewed at: https://www.guidecom.de/datenschutz.

Furthermore, we shall not disclose your personal data to third parties in this context, unless we are required to do so by law or you give your consent.

For what purposes and on what legal basis do we process your data?

We process your personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), as well as all other relevant legislation.

Data processing for the purposes of the recruitment process (Article 6 (1) sentence 1 letter b) GDPR)

Personal data relating to applicants may be processed for recruitment process purposes if this is necessary for the decision on whether or not to enter into an employment relationship with us.

The necessity and scope of data collection are determined, inter alia, by the position to be filled. Depending on your role within our organisation, you may also be required to undergo a medical examination by the company physician to rule out any infectious diseases. As you work with patients, we must protect them in that regard. To ensure data protection, such data are processed either once the recruitment process has been completed, immediately prior to your appointment or after you have been appointed.

Data processing based on your consent (Article 6 (1) sentence 1 letter a) GDPR)

If you have voluntarily granted us your consent to the collection, processing or transfer of certain personal data, this consent forms the legal basis for processing such data.

We process your personal data based on your consent in the following cases:

• Inclusion in the candidate pool, i.e. we shall retain your application documents beyond the current recruitment process for consideration in future recruitment processes.

Based on the controller’s legitimate interests (Article 6 (1) sentence 1 letter c) GDPR)

In certain cases, we process your data for legal reasons:

• To defend legal claims in proceedings under the German General Equal Treatment Act (AGG). In the event of a legal dispute, we have a legitimate interest in processing the data for evidential purposes.

With whom shall your data be shared?

Your data shall largely be processed by our HR department and the department head responsible for filling your role. However, in some cases other internal and external departments may also be involved in the processing of your data.

Internal vacancies, depending on the job advertisement

• Human Resources Department
• Head of Department
• Management

External service providers

• IT service providers (e.g. maintenance providers, hosting providers)
• Document and data destruction service provider
• GuideCom

If you have any further questions about the individual recipients, please contact us at: datenschutz(at)doku.works

Is your data transferred to countries outside the European Union (so-called third countries)?

We are committed to processing your data within the EU / EEA. However, there may be occasions when we use service providers that process data outside the EU or the EEA. In such cases, we ensure that, prior to the transfer of your personal data, the recipient has established an adequate level of data protection comparable to the standards within the EU. This can be achieved, for example, by way of EU standard contractual clauses, binding corporate rules or specific agreements to which the company may submit.

For how long shall your data be retained?

We shall retain your personal data for as long as is necessary to make a decision regarding your application. If an employment relationship between you and us is not established, we may continue to retain your data to the extent necessary to defend against any potential legal claims. Your data shall normally be erased within 6 months of completion of the application process. Once you have been added to the candidate pool, your data shall be erased after two years.

What rights do you have in relation to the processing of your data?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. The restrictions set out in Sections 34 and 35 BDSG apply to the right of access and the right to erasure.

We shall be happy to inform you whether or not we are processing any personal data relating to you. If this is the case, you have the right to access such personal data and receive the information specified in detail in Article 15 GDPR. In addition, subject to the relevant legal requirements, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR).

What rights do you have in the event that your data is processed based on your legitimate or public interest?

In accordance with Article 21 (1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which occurs based on Article 6 (1) sentence 1 letter e) GDPR (Data processing in the public interest) or on based on Article 6 (1) sentence 1 letter f) GDPR (Data processing to safeguard a legitimate interest).

If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

You may withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only applies to the future.

Irrespective of these rights and the possibility of seeking other administrative or judicial remedies, you have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you infringes data protection regulations (Article 77 GDPR).

Is there an obligation to provide your personal data?

Providing personal data is not required by law or contract. You are not required to provide such personal data either. However, providing personal data is required to implement the application process. This means that unless you make personal data available to us as part of your application, we shall not be able to proceed with the application process.

Which personal data of yours do we use?

When you contact us, request a quote from us or enter into a contract with us, we process your personal data. In addition, we process your personal data for purposes such as complying with legal obligations, safeguarding a legitimate interest or based on the consent you have granted. We only process personal data that we receive from you.

The following categories of personal data are involved depending on the legal basis and the contractual relationship with us:

• First name, surname
• Company
• Work and home addresses
• Work and personal contact details (telephone number, e-mail address)

For what purposes and on what legal basis do we process your data?

Consent (Article 6 (1) sentence 1 letter a) GDPR)

We shall seek consent if we wish to send out Newsletters or, depending on the project, if we need the GAP Year, for example.

To execute a contract (Article 6 (1) sentence 1 letter b) GDPR)
We use your personal data to execute contracts, and for pre-contractual communication.

To comply with legal obligations (Article 6 (1) sentence 1 letter c) GDPR)
As a company, we are subject to various legal obligations. It may be necessary to process personal data to meet these obligations:

• Prevention/combating of criminal offences (on an ad hoc basis only).
• Record-keeping and retention obligations (Section 257 HGB; Section 147 AO).
• Obligations relating to the processing of customer data (e.g. due to tax law requirements).

Based on a legitimate interest (Article 6 (1) sentence 1 letter f) GDPR)
In certain cases, we process your data to safeguard our legitimate interests:

• Communication with the relevant contacts at our business partners’ premises.
• Ensuring IT security and IT operations.
• CCTV surveillance to enforce the right of access.
• Event-driven comparison of business contacts’ first names and surnames against the lists set out in the EU anti-terrorism regulations (Regulation (EC) No 881/2002, Regulation (EC) No 2580/2001, the so-called Anti-Terrorism Lists) in accordance with the prohibition on making information available under the EU anti-terrorism regulation.

With whom shall your data be shared?

To fulfil our contractual and legal obligations, your personal data shall be disclosed to various public or internal bodies, as well as to external service providers:

• IT service providers (e.g. maintenance providers, hosting providers)
• Web hosting provider
• Auditor, tax adviser, solicitor

Is your data transferred to countries outside the European Union (so-called third countries)?

We are committed to processing your data within the EU / EEA. However, there may be occasions when we use service providers that process data outside the EU or the EEA. In such cases, we ensure that, prior to the transfer of your personal data, the recipient has established an adequate level of data protection comparable to the standards within the EU. This can be achieved, for example, by way of EU standard contractual clauses, binding corporate rules or specific agreements to which the company may submit.

For how long shall your data be retained?

We shall retain your personal data for as long as is necessary to fulfil our legal and contractual obligations, including:

• Compliance with, for example, commercial and tax law retention obligations. These include, for example, retention periods set out in the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods run for up to 10 years.
• Preservation of evidence in accordance with the statutory limitation periods. Under the limitation provisions of the German Civil Code (BGB), these limitation periods may, in some cases, be as long as 30 years. The standard limitation period is three years.

What rights do you have regarding the processing of your data?

We shall be happy to inform you whether or not we are processing any personal data relating to you. If this is the case, you have the right to access such personal data and receive the information specified in detail in Article 15 GDPR. In addition, subject to the relevant legal requirements, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR).

What rights do you have in the event that your data is processed based on your legitimate or public interest?
In accordance with Article 21 (1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which occurs based on Article 6 (1) sentence 1 letter e) GDPR (Data processing in the public interest) or on based on Article 6 (1) sentence 1 letter f) GDPR (Data processing to safeguard a legitimate interest).

You may object at any time to the use of your data for advertising purposes via e-mail, without incurring any costs other than the standard transmission charges.

If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

You may withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only applies to the future.

Irrespective of these rights and the possibility of seeking other administrative or judicial remedies, you have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you infringes data protection regulations (Article 77 GDPR).

Is there an obligation to provide your personal data?

To enter into a business relationship, you must make the personal data available to us that is necessary to perform the contractual relationship. If you fail to make this information available to us, we shall be unable to enter into and fulfil the contractual relationship.

General information

aquatherm has a company page on several social media platforms:

• Instagram, Meta Platforms Technologies Ireland Limited (Merrion Road, Dublin 4 D04 X2K5, Ireland), hereinafter referred to as Instagram
• Facebook, Meta Platforms Technologies Ireland Limited (Merrion Road, Dublin 4 D04 X2K5, Ireland), hereinafter referred to as Facebook
• LinkedIn, owned by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland), hereinafter referred to as “LinkedIn”
• YouTube, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter “YouTube”
• Xing,  XING SE, Dammtorstraße 30, D-20354 Hamburg, Germany, hereinafter referred to as Xing

We run our social media pages to provide information and communicate with people who are interested in the content we post. In accordance with the Terms of Service of Facebook and Instagram, to which every user agrees when creating an Instagram or Facebook profile, we can identify the page’s followers and view their profiles as well as other information shared by users. For example, your name and profile picture shall be visible to us (and other users) when you visit our social media page or comment on our posts. Therefore, we only collect personal data that has clearly become part of our Instagram and Facebook pages as a result of your active participation. We have no interest in collecting and using your personal data for marketing purposes. Your data remains on the relevant social media platform.

Statistics or page insights

When you visit our social media pages, certain information about you is processed. The operators of the social media platforms are solely responsible for processing personal data. You can find detailed information about how the respective providers process personal data in their Data Protection Policies:

• Instagram (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect)
• Facebook (https://www.facebook.com/privacy/policy/)
• LinkedIn (https://de.linkedin.com/legal/privacy-policy)
• Youtube (https://policies.google.com/privacy)
• Xing (https://privacy.xing.com/de/datenschutzerklaerung) 

Social media platforms collect various types of data to make statistics and insights about our pages available to us in an anonymised form. Using these statistics and page insights, we can gain an understanding of the types of actions that social media users take on our site. We are unable to link the information obtained via page insights to individual user profiles that interact with our pages. This personal data is processed by the providers of the social media sites and by us as joint controllers. The processing serves our legitimate interest in analysing interactions on our website and using these insights to improve it. The legal basis for this processing is Article 6 (1) sentence 1 letter f) GDPR.

We have entered into an agreement with both Xing and LinkedIn in accordance with Article 26 GDPR. You can find details about the processing of personal data for the purpose of generating page insights and the agreement entered into by us and the social media platform providers via the following links:

• LinkedIn (https://legal.linkedin.com/pages-joint-controller-addendum);
• Xing (https://www.xing.com/terms/onlyfy-one#h2-anlage-1-zur-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit) 

Legal basis for processing

Our Instagram and Facebook pages are operated, and the associated personal data is processed, based on the basis of Article 6 (1) sentence 1 letter f) GDPR to pursue our legitimate interests in providing a platform for information and interaction via social media for and with our users and visitors. In specific cases, further legal bases for data processing may arise from Article 6 (1) letter a), b) and c) GDPR.

We shall erase personal data – insofar as we collect any at all – once the purpose of the data processing has been fulfilled and there are no other legal grounds preventing the erasure of the data. As a matter of principle, we erase posts on our Instagram and Facebook accounts manually after 3 years.

Exercising your rights

You also have the option of exercising your rights against the social media platform providers. You can find further information about this via the following links:

• Instagram (https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect)
• Facebook (https://www.facebook.com/privacy/policy/)
• LinkedIn (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de)
• Youtube (https://policies.google.com/privacy)
• Xing (https://privacy.xing.com/de/datenschutzerklaerung)

Which personal data of yours do we use?

If you contact us to report misconduct or a breach, we shall also process your personal data. 

The following categories of personal data are involved depending on the legal basis and the contractual relationship with us:

• First name, surname
• Address
• Contact details (telephone number, e-mail address)

You can contact our external whistleblower at the following e-mail address:

• Hinweisgeber-aquatherm@doku.works

For what purposes and on what legal basis do we process your data?

To comply with legal obligations (Article 6 (1) sentence 1 letter c) GDPR)
As a company, we are subject to various legal obligations. It may be necessary to process personal data to meet these obligations:

• Prevention/combating of criminal offences (on an ad hoc basis only).
• Obligation under the Whistleblower Directive (EU) 2019/1937 and the German Whistleblower Protection Act (HinSchG)
• Compulsory communications (acknowledgement of receipt, completion notification)

Based on a legitimate interest (Article 6 (1) sentence 1 letter f) GDPR)
In certain cases, we process your data to safeguard our legitimate interests:

• Communication with the whistleblower in the event of any queries.

With whom shall your data be shared?

To fulfil our contractual and legal obligations, your personal data shall be disclosed to various public or internal bodies, as well as to external service providers:

• IT service providers (e.g. maintenance providers, hosting providers)
• To the Whistleblowing Officer, in the case of external Whistleblowing Officers

Is your data transferred to countries outside the European Union (so-called third countries)?

We are committed to processing your data within the EU / EEA. However, there may be occasions when we use service providers that process data outside the EU or the EEA. In such cases, we ensure that, prior to the transfer of your personal data, the recipient has established an adequate level of data protection comparable to the standards within the EU. This can be achieved, for example, by way of EU standard contractual clauses, binding corporate rules or specific agreements to which the company may submit.

For how long shall your data be retained?

We shall retain your personal data for as long as is necessary to fulfil our legal and contractual obligations, including:

• Compliance with, for example, commercial and tax law retention obligations. These include, for example, retention periods set out in the German Commercial Code (HGB) or the German Fiscal Code (AO). The retention periods run for up to 10 years.
• Preservation of evidence in accordance with the statutory limitation periods. Under the limitation provisions of the German Civil Code (BGB) and the German Criminal Code (StGB), these limitation periods may, in some cases, be as long as 30 years. The standard limitation period is three years.

What rights do you have regarding the processing of your data?

We shall be happy to inform you whether or not we are processing any personal data relating to you. If this is the case, you have the right to access such personal data and receive the information specified in detail in Article 15 GDPR. In addition, subject to the relevant legal requirements, you have the right to rectification (Article 16 GDPR), the right to restriction of processing (Article 18 GDPR), the right to erasure (Article 17 GDPR) and the right to data portability (Article 20 GDPR).

What rights do you have in the event that your data is processed based on your legitimate or public interest?
In accordance with Article 21 (1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which occurs based on Article 6 (1) sentence 1 letter e) GDPR (Data processing in the public interest) or on based on Article 6 (1) sentence 1 letter f) GDPR (Data processing to safeguard a legitimate interest).

You may object at any time to the use of your data for advertising purposes via e-mail, without incurring any costs other than the standard transmission charges.

If you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is necessary for the establishment, exercise or defence of legal claims.

You may withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only applies to the future.

Irrespective of these rights and the possibility of seeking other administrative or judicial remedies, you have the right at any time to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or the place where the alleged infringement occurred, if you consider that the processing of personal data relating to you infringes data protection regulations (Article 77 GDPR).

Is there an obligation to provide your personal data?

To enter into a business relationship, you must make the personal data available to us that is necessary to perform the contractual relationship. If you fail to make this information available to us, we shall be unable to enter into and fulfil the contractual relationship.

The controller within the meaning of the General Data Protection Regulation (GDPR) is

aquatherm GmbH
Biggen 5
57439 Attendorn
Germany

Tel.: +49 2722 950 0
Fax: +49 2722 950 100
E-mail: datenschutz@aquatherm.de 

If you have any queries regarding data protection, please do not hesitate to contact our Data Protection Officer at the address stated above or via the following e-mail address:
E-mail: datenschutz(at)doku.works

Links to third party websites
Our websites may contain links to third party websites to which this Data Protection Policy does not apply. Where the use of other providers’ websites involves the collection, processing or use of personal data, please refer to the Data Protection Policies of the respective providers.

Changes to the Data Protection Policy
We reserve the right to amend this Data Protection Policy at any time, in accordance with applicable data protection regulations. The current status is as of February 2026.