Personal Information
Personal Information
THE PRINCIPLES OF PERSONAL DATA PROTECTION
YOUR REQUESTS TO MODIFY YOUR PERSONAL DATA
• As a user of the services provided by the company Therm-ic, you can modify personal data that relate to you in your customer account.
• If you wish to delete your customer account, you can do this as well (please note that this action is irreversible and you will lose access to your order history, your loyalty points, your discount codes, etc.; you will be able to create a new customer account, however) in your customer account.
• You can export your personal data in your customer account.
• For any other requests to access, obtain, rectify, or delete your personal data, please contact our data protection team: data-protection@therm-ic.com.
INTRODUCTION
This page describes the principles according to which Therm-ic collects different types of data relating to its customers. The elements described on this page are explained in detail in Therm-ic’ data protection principles.
Moreover, this page explains Therm-ic’ commitments with regard to its data security and protection policy to respect your privacy to the fullest possible extent.
DEFINITIONS
To avoid any inaccurate interpretations, here are some elements necessary for an understanding of the terms used:
• Personal data: any information relating to a natural person identified or identifiable; is deemed to be an “identifiable natural person” any natural person who can be identified, directly or indirectly.
• Processing: any operation or set of operations performed using automated processes or not and applied to personal data or sets of personal data (collection, recording, transmission, storage, retention, extraction, consultation, use, interconnection, segmentation, etc.).
CONTROLLER
The simplified joint stock company Sidas S.A.S - Therm-ic, with registered offices located at 18, rue Léon Béridot 38516 Voiron Cedex and registered in the Grenoble Trade and Companies Register (304 577 661), is the controller of personal data that you provide directly through our website: therm-ic.com.
HOW DO WE COLLECT DATA RELATING TO YOU?
Collecting your personal data (such as your name and contact details) is most often based on your relationship as a customer or any other relevant relationship with us. For example, we collect your data when you carry out actions relating to our services by subscribing to our website as a user, by using the services offered by Therm-ic, or by providing us with other information.
When you use Therm-ic’ network and communication services, for example by making a call, creating a customer account, or sending an email, the identifying information is stored in our systems to allow for the use of our services.
When you visit the therm-ic.com website or load one of its pages, you provide us with various types of anonymous browsing information, such as your IP address and your browsing history. The functioning of the services is based on the use of cookies.
We can collect data depending on your consent.
We record calls to our customer service team to be able to verify the actual discussion if necessary.
We also collect data relating to our potential customers when they take part in competitions, prize draws, or customer events.
WHAT DATA DO WE COLLECT?
These data include your surname, name, address, phone number, email address, date of birth, information relating to direct marketing and consent, information relating to the company’s contact person, name of the company, information provided by you, information relating to customer classification, order, delivery, agreement, and invoice. We store information that can be connected to you.
The data created and collected when you communicate with us include information on the communicating parties, the login time, routing information, the data transfer protocol, the format of the connection, and location information.
When browsing the internet, “measurement data” are collected using cookies. This information cannot be associated with a person.
The customer information we collect helps us continuously customise and improve your shopping experience on therm-ic.com. We use this information to process orders, to deliver products and services, to process payments, to communicate with you regarding your orders, the products, the services, and the discount offers, to maintain our files and keep them updated, and therefore your accounts with us as well, to make available to you content such as wish lists and customer comments, and to recommend products and services that are likely to interest you. We also use this information to improve our shops and websites, to prevent or detect fraud on our website or its misuse, and to allow third parties to provide technical, logistical, or other functions on our behalf.
LIST OF THE TYPES OF INFORMATION WE COLLECT:
INFORMATION THAT YOU SHARE WITH US
We collect and record all the information that you share with us via our website or by other means. You can choose not to share certain information with us; however, such a decision could limit the use of our services. We use the information that you share with us mainly to respond to your requests, to customise your future purchases, to improve our services, and to communicate with you.
INFORMATION COLLECTED AUTOMATICALLY
Every time you contact us, we receive and record certain types of information. In particular, as many other websites, we use “cookies” and obtain certain types of information when your browser accesses either the website therm-ic.com or advertisements or other content displayed on other websites by Therm-ic or on its behalf.
INFORMATION RELATING TO EMAILS
To help make our emails as useful and interesting as possible, if your computer allows it, we often receive a confirmation of the emails sent by Therm-ic that you have opened. If you do not wish to receive emails from us, simply let us know in your account or unsubscribe using the link in the footer of your newsletter.
HOW DO WE MANAGE YOUR INFORMATION?
Please note that the staff of Therm-ic and of its subsidiaries and their subcontractors are bound by secrecy when processing data relating to you.
We maintain the confidentiality of the data relating to you and we ensure that they are used only for purposes specified in advance.
Your data are processed to produce and deliver communication services and other agreed services, to develop the services, to invoice, to provide you with the best and most comprehensive services, and to inform you about our services.
We also use your data to communicate with customers, such as sending information about our services, and for direct marketing purposes.
We also use data to profile customers using invoicing, usage amounts, the duration of the customer relationship, and external classifications. We use both summarised usage data and data specific to individuals to create target groups for marketing.
We also use data to profile customers using invoicing, usage amounts, the duration of the customer relationship, and external classifications. We use both summarised usage data and data specific to individuals to create target groups for marketing.
We process the data of potential customers for direct marketing purposes.
We strive to ensure that customer data are up-to-date and correct.
We delete obsolete and unnecessary data whenever possible.
We protect all the data relating to you through personal access rights based on tasks and we prevent third parties from accessing the data.
WHERE DO WE SEND YOUR DATA?
We submit your data only to the extent permitted by the applicable legislation and as specified in the description of the file to the authorities and other telecommunications companies.
When we use subcontractors, we sign a security agreement with them that also covers the use of your data. We are also responsible for this type of handling for you.
THERM-IC’ PRINCIPLES OF PERSONAL DATA PROTECTION
The aim of this personal data protection policy is to describe the principles and practices that we follow at Therm-ic to ensure that privacy is protected, that communications are kept confidential, and that our customers are legally protected.
Therm-ic regularly updates this policy as operations and services change or develop. For this reason, we encourage to review this statement regularly.
Core values that are important to Therm-ic include maintaining the confidentiality of its customers’ data and of communications, as well as protecting customers’ privacy as part of all of the company’s operations. When handling our customers’ personal data, we comply with French legislation, orders and instructions from authorities, and good practices relating to data protection.
Therm-ic implements a high level of data protection. Personal and identifying data as well as location data are collected only for specific and legal purposes specified in advance and are not processed in a way that is incompatible with these purposes.
We protect the security of your personal information when it is transmitted using SSL (Secure Sockets Layer) software, which encrypts the information that you enter before it is sent to us.
We use physical and electronic security measures as well as backup procedures in relation to the collection, retention, and sharing of customers’ personal information. Our security procedures may require us to ask you for proof of identity before being able to share your personal information with you.
We continuously train our staff on the principles of data processing and we monitor the use of data using appropriate measures.
THE GENERAL PRINCIPLES OF MANAGING CUSTOMER DATA
The processing of personal data must always be justified for Therm-ic’ operations. Therm-ic has set the objective of collecting, handling, and submitting personal data in the following section.
Therm-ic processes only customer data that is necessary for its operations, as defined in the aim of use specified in the description of the file for the customer register. We strive not to process data that is incorrect, incomplete, or obsolete.
The processing of customer data is usually based on a relevant relationship, information received when using or subscribing to a service, or your consent. We can also process your personal data for other reasons, for example at your request or when required by law. Your information can be processed within Therm-ic. We encourage our customers to update their contact details regularly.
We record your conversations with our customer service team to verify a business transaction, to respond to your requests, and to monitor and develop the quality of the service.
Please note that as a customer of Therm-ic, you have the right to verify which data relating to you have been stored in our information systems or that there are no data relating to you in our file. You can also refuse the use of your data in accordance with relevant legislation. The inspection can be carried out once a year free of charge. The request to inspect data must be made by means of a signed document between Therm-ic and you.
COLLECTION, RETENTION, EXTRACTION, AND PROCESSING OF PERSONAL DATA
REGISTER OF DATA COLLECTED DIRECTLY VIA THERM-IC’ SERVICES:
Contact form
• Data collected: email and message
• Objective: Customer relationship management
• Data retention: Registration in database
• Data retention: 5 years
• Access to data: Therm-ic’ customer relationship team
• Are data stored or processed outside the EU: No
Creating a customer account
• Data collected: surname, name, address, phone number, email address, date of birth, information relating to direct marketing and consent, information relating to the company’s contact person, name of the company, information provided by you, information relating to customer classification, order, delivery, agreement, and invoice. We store information that can be connected to you.
• Objective: Order / Order tracking / Address / Returns / Credit / Loyalty management
• Data retention: Registration in database
• Duration of retention: Customer's lifetime / Customers who have been inactive for 5 years are removed
• Access to data: Logistics (partially, only data linked to the processing and dispatch of your order) / The marketing team / The customer service team
• Are data stored or processed outside the EU: No
Opt-in newsletter form
• Data collected: email
• Objective: Marketing emails
• Data retention: Opt-in into database
• Duration of retention: Duration of customer’s opt-in, except in the event of the customer’s refusal
• Access to data: The marketing team
•Are data stored or processed outside the EU: No
In accordance with the French Data Protection Act (loi informatique et libertés), you can exercise your right to access data relating to you and have them rectified by writing to the following address: data-protection@therm-ic.com
REGISTER OF DATA TRANSMITTED TO PROCESSORS VIA THERM-IC’ SERVICES:
Campaign Monitor
• Information on provider: https://www.campaignmonitor.com
• Provider’s location: United States
• Objective: Marketing emails
• Are data stored or processed outside the EU: No
• Provider’s Privacy Notice: https://www.campaignmonitor.com/policies/
Facebook
• Information on provider: https://www.facebook.com/
• Provider’s location: United States
• Objective: Logging in to your customer account on the website via your Facebook account
• Are data stored or processed outside the EU: Yes
• Provider’s Privacy Notice: https://www.facebook.com/
Google Analytics
• Information on provider: https://analytics.google.com/analytics/
• Provider’s location: United States
• Objective: Analysis of website traffic + Remarketing
• Are data stored or processed outside the EU: Yes
• Provider’s Privacy Notice: https://privacy.google.com/intl/fr_fr/businesses/compliance/
Google Adwords
• Information on provider: https://adwords.google.com
• Provider’s location: United States
• Objective: Advertisement + Remarketing
• Are data stored or processed outside the EU: Yes
•Provider’s Privacy Notice: Https://privacy.google.com/intl/fr_fr/businesses/compliance https://privacy.google.com/intl/fr_fr/businesses/compliance
Zendesk
• Information on provider: https://www.zendesk.co.uk
• Provider’s location: United States
• Objective: Customer exchanges from chat, emails, SMS or social networks.
• Are data stored or processed outside the EU: Yes
Exchanges from chat, email, SMS or social networks are recorded so that we can answer at your questions and offer you the best service.
• Provider’s Privacy Notice: https://www.zendesk.fr/company/customers-partners/privacy-policy/
SENDING AND SHARING OF DATA
Therm-ic can submit your data to third parties only in accordance with the legislation in force. We submit information upon request to authorities, for example the police and security authorities, as well as other authorities for reasons specified in the legislation.
Information relating to our customers is an important part of our activity and it is not our business to trade it. We share this information only in the cases mentioned above and for purposes described in this privacy policy, and that either are subject to this privacy policy or apply rules that are at least just as protective as those described in this privacy policy.
Furthermore, we may submit your data to subcontractors, in which case we will ensure that the confidentiality of the data is maintained, and we will also be responsible for data management in that case. If we process your data outside the EU, we will protect your data by ensuring that the processor guarantees that the data is processed appropriately.
PROCESSING OF IDENTIFYING AND LOCATION DATA LINKED TO ELECTRONIC COMMUNICATIONS
Therm-ic treats all data and messages created during the communication as confidential. Our staff are bound by an obligation of secrecy and are forbidden to use messages or other confidential information. When communication takes place through a network, it always leaves a trace. These network traces are called identifying data if they can be connected to a person. Network traces are created, for example, during telephone calls, when sending electronic messages and text messages, and while browsing the internet, and may contain information on the correspondents, the connection route or the routing, the data transfer protocol used, the event, and the terminals used or their location.
THERM-IC manages identifying and location information relating to the communication in accordance with the law in force for the purposes, for example, of performing and using services, invoicing, and technical development. Data may also be used for marketing or for invoicing other service providers where necessary.
THERM-IC can also manage identifying data in case of misuse, a data security breach, and troubleshooting.
In all the above situations, we process identifying and location data only to the extent that is necessary to carry out a specific task.
USE OF LOCATION DATA
An actual location method whereby a person can follow where another person is located requires the consent of the person to be located. The customer cannot be located at all if they reject geolocation services.
If we submit location information to geolocation service providers, we use appropriate measures to ensure that the person to be located has given their consent.
PERSONS AUTHORISED TO MANAGE IDENTIFYING AND LOCATION DATA
Only certain specific persons at Therm-ic, whose work requires access to identifying and location data, may process these data.
In practice, authorisation is granted only to persons who perform tasks linked to invoicing, the maintenance or development of networks or communication services, the prevention and investigation of misuse, customer services, and marketing. Persons who have the right to handle the data can manage them only to the extent required to perform individual tasks.
DURATION OF THE PROCESSING OF IDENTIFYING AND LOCATION DATA AND STORAGE OF DATA
We process identifying and location data as long as is necessary for the purposes of invoicing, technical development, troubleshooting, marketing, investigating misuse, or data security. However, handling takes place only to the extent required by the actions and without unduly compromising the confidentiality of a message and the protection of privacy.
We store data required for invoicing for at least one year from the invoice due date and for a period not exceeding three years from the invoice due date, unless there is a requirement to retain the data for a longer period in connection with collecting the invoice. Otherwise, data are stored to the extent permitted and required by relevant legislation.
WEBSITES, VISIT TRACKING
We also collect data relating to visits to our websites. These data include the correspondent's IP address and DNS name, the organisation that recorded the IP address, the name and address of the page visited, the time the page was loaded, and the type of browser.
Please note that the IP address is an identification required for the functioning of the internet, used to direct messages transmitted over the internet to the appropriate places. As a general rule, the IP address is not connected to the person who uses the computer, but it may be connected to the organisation that recorded the IP address. The connection with an IP address can be established upon the request of authorities.
COOKIES
As a customer of Therm-ic, you can view our websites anonymously. However, as most websites, we use cookie technology. When you view our website, the cookie assigns a random number to the browser that does not reveal your identity. Cookies help Therm-ic determine which sections of the websites are the most popular, where visitors go, and how much time they spend there. Data are used to implement and develop services and target advertisements on websites.
You can prevent the cookie from being stored by changing your browser settings. In some cases, the prevention may slow down browsing on the pages or the website or prevent browsing altogether.
DATA SECURITY
We ensure that data collected as part of our services are secure by using methods that are proportionate to how serious and sophisticated the threats are, as well as to the cost.
Therm-ic takes care to carry out measures to prevent data security breaches and eliminate disruptions that affect data security. Moreover, we take all the necessary measures to guarantee that the confidentiality of messages and the protection of privacy are not unduly compromised when the above actions are performed.
We provide information on actions linked to the data security of our services and other questions relating to data security by means of appropriate channels, such as our website and customer newsletters.
To prevent data security breaches and eliminate disruptions that affect data security, we can, among others, prevent electronic messages from being received, delete viruses and other malware from messages, and implement other comparable technical measures. These measures are necessary within the authorised and required limits specified in the relevant legislation. We use physical, administrative, and technical protection measures to keep secret all messages and identification data transmitted over the communication network. These actions decrease the risk of your data being disclosed to third parties and prevent any misuse or other unauthorised access. Some of our services also use standardised encryption methods.
Please note that as a user of the services provided by Therm-ic, you must also use the most appropriate methods to ensure your own data security. We encourage you to store and use our services and your terminals with care and to control their use, for example by using secure codes and unique passwords, and to use sufficient antivirus and firewall services and to keep them, as well as the operating system, up-to-date.
CLIENT COMMUNICATION AND DIRECT MARKETING
Therm-ic sends customers messages regarding its products and services via the consent available in the customer account.
Therm-ic also sends direct marketing messages in electronic form. You have a right to prohibit Therm-ic from sending direct marketing messages. You can refuse marketing by following the instructions included in the direct marketing message or via your customer account available on our website.