Privacy Notice

Stichting Aandelen Remeha (from here BDR Thermea Foundation), Kanaal Zuid 106, 7332 BD Apeldoorn, the Netherlands, is the controller in relation to the personal data as described in this privacy notice.

BDR Thermea Foundation respects that the privacy of your personal information is important to you. We have developed this privacy notice to let you know about the types of Personal Data (as defined below) we may collect from you as a “Data Subject” and how your personal information will be maintained and used.

This privacy notice (the “Notice”) applies to each BDR Thermea Foundation which has adopted this policy by placing it on its website. The details of the controller and the privacy contact person are mentioned on the website of such company.

1. Which Personal Data are Collected

If you need to register to use this website, or complete an online form (e.g. to obtain or ask us to send you further information), or contact us otherwise, then we may collect Personal Data about you such as: name, email address, country of residence and occupation.

This information is used by us (i) to administer the website, (ii) to provide you with any services you have signed up to, (iii) for research purposes to improve our products and services, (iv) for direct marketing, (v) to respond to any queries or requests for information you may have and (vi) to fulfil our legal obligations.

2. Compliance

This Notice aligns with the requirements of applicable EU data protection laws and regulations.*
In some cases, local laws and regulations may be more restrictive; where that is the case, the more restrictive rules must be followed when Processing Personal Data in that jurisdiction.

*In particular the EU data protection directives (e.g. Directive 2002/58/EC) and any national laws implementing these and the General Data Protection Regulation 2016/679 (“GDPR”) and respective national laws).

3. Data Subject Rights

BDR Thermea Foundation shall provide you with appropriate access to Personal Data about yourself, and shall facilitate you to exercise your rights to correct, to erase, to restrict the Processing of,  to port or to object to (further) using your Personal Data. BDR Thermea Foundation will provide you with sufficient information on these rights.

If you have any questions, complaints or want to exercise your rights, you may contact the Privacy Contact Person in your country or region. BDR Thermea Foundation will use good faith efforts to answer each question, investigate each complaint and to respond within 30 days. BDR Thermea Foundation will deal with each complaint in a fair, impartial and unbiased manner. You will not be victimized or prejudiced directly or indirectly as a result of lodging a complaint. You can also contact us at if you have any questions, remarks or complaints in relation to this Notice. If you have any unresolved concerns you also have the right to lodge a complaint with your Data Protection Authority.

4. Data Security and Breach Notification

BDR Thermea Foundation will ensure appropriate security of the Personal Data.

BDR Thermea Foundation will notify any Personal Data Breach to the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. In addition, in case your Personal Data may have been compromised you may also need to be notified if the breach is likely to result in a high risk to your privacy.

5. Data Retention

BDR Thermea Foundation will retain Personal Data in a form which permits your identification only for so long as necessary for the purposes for which it is processed. BDR Thermea Foundation will dispose of (or retain only in an anonymous or pseudonymised form to the fullest extent possible) Personal Data that is no longer required in a secure manner and in accordance with applicable law, unless

– to defend itself against legal claims,

– there are mandatory (statutory/contractual) retention or archiving obligations that require longer storage, or

– personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organizational measures.

6. Transfer of Personal Data to Third Parties, International Transfers

BDR Thermea Foundation will only make Personal Data available to third parties in appropriate circumstances and will put measures in place to safeguard the Personal Data.

BDR Thermea Foundation will only use Processors that will have appropriate technical and organizational measures in place to ensure that your rights are protected.

BDR Thermea Foundation may carry out international transfers of Personal Data (whether intercompany or not) outside the EU, EEA or Switzerland in which case it will do so only (a) where: the transfer is in accordance with the laws of the transferor’s jurisdiction; and (b) having ensured that there is an adequate level of protection in the recipient’s jurisdiction or adequate safeguards have been put in place to protect the Personal Data. The transferor is responsible for assessing such adequacy and may request the recipient to adopt protections similar to those under the transferor’s notice and jurisdiction.

7. Cookies

We may also collect information about how you use the website through the use of cookies (and other similar technologies), as part of improving the content and functionality of the website.

8. Changes

Subject to applicable law, BDR Thermea Foundation may revise, amend or supplement this Notice at its discretion at any time or from time to time. In any case, this will be done annually as a routine. Such changes will be published on the intranet and our website. You are advised to check periodically to ensure that they are aware of any change, and to the fullest extent permissible under applicable laws, if you deal with BDR Thermea Foundation you agree to be bound by the latest online version of this Notice.

9. Definitions

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

“Data Subject” means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data or an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Examples of Data Subjects may include our (i) employees and their family members, (ii) temporary workers; (iii) potential candidates seeking employment with BDR Thermea Group, (iv) the staff of our suppliers and business customers, (v) our private customers; (vi) visitors to our buildings and locations; and (vii) website and app users.

“Personal Data” means any information relating to a Data Subject.

“Personal Data Breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

“Processing” means the carrying out of any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Processor” means a natural or legal person, public authority, agency or other body which Processes Personal Data on behalf of the Controller.

“Special Categories of Personal Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, the Processing of genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation. Similar or even stricter rules may apply to Personal Data relating to criminal convictions and offences and to identification numbers. These are numbers that are required by law for the purposes of identifying a person and such number may only be used when processing personal data in order to comply with the law concerned or for purposes stipulated by the law.

“BDR Thermea Foundation” means the foundation formally registered as Stichting Aandelen Remeha.

If you have any questions regarding this Notice, please contact the BDR Thermea Foundation privacy contact person by sending an e-mail to secretariaat@sarbestuur.nl