Let's talk

How can we help?

Privacy policy

Last updated: September 2021


Thermovault considers your privacy very important. You have the right to know which personal data we process about you and how we do this. In this privacy policy you will receive an answer to the following questions:

  • Who is responsible for the processing of personal data?
  • What do a number of important terms in this policy mean?
  • When do we collect which personal data from you, what do we do with it and why are we allowed to do this and for how long do we keep it?
  • How do we protect your personal data?
  • Who has access to your personal data?
  • What are your rights as a data subject?
  • Who do you contact in case of questions regarding this privacy policy?
  • Changes to the privacy policy

Who is responsible for the processing of your personal data

The data controller for the processing of your personal data is Thermovault BV, with registered office Hoefstadstraat 86, 3600 Genk.

Our contact details are by phone +32 486 55 53 89 or by email at contact@thermovault.com

For questions regarding the processing of your personal data, it is best to contact our DPO who can be reached at the following email address: privacy@thermovault.com

What do some important terms in this policy mean

The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data entered into force on 25 May 2018. (Also known as GDPR – General Data Protection Regulation.

Personal Data:
Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing of personal data:
Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Subject:
Any natural person like a website visitor

Data Controller:
The Organisation that is ultimately responsible for all personal data processing that is discussed within this Privacy Policy (=Thermovault BV)

Data Processor:
Means a natural or legal person, public authority, agency or other body which processes personal data on behalf of Thermovault BV

Data Processing Agreement (DPA):
A binding written agreement, which states that the processor shall only act on the controller’s instructions; and that it provides sufficient guarantees to protect the personal data that it processes.

Standard Contractual Clauses (SCC):
The Standard Contractual Clauses are standard sets of contractual terms and conditions which the sender and the receiver of personal data both sign up to, aimed at protecting personal data leaving the European Economic Area (EEA) through contractual obligations in compliance with the GDPR’s requirements in territories which are not considered to offer adequate protection to the rights and freedoms of data subjects.

Data Retention:
The policies within Thermovault to the time period for storing/processing personal data.

Cookies are small files that are stored on a user’s computer when visiting a website. Thermovault does not use cookies on its website at this time.

Fingerprinting is a sort of online tracking mechanism where a ‘digital fingerprint’ meaning a unique profile of you based on your computer hardware, software, add-ons, and even preferences is created. Thermovault does not use fingerprint mechanisms.

When do we collect which personal data of you, what we do with it, why may we keep this and how long do we store it?

When you contact us by telephone or email (retention 1 year):
We need your identification data and contact data for the performance of the agreement to know who we communicate with to answer your questions.

Application data: CV, notes during the job interview, motivation letters, … (retention 1 year):
These data are processed for the purpose of the application procedure and are necessary for a possible agreement to be concluded when you send us your application for a published job offering or when you send us your candidacy spontaneously.

All personal data that can be included in case of a complaint (retention 1 year):
In case you would contact us to file a complaint we have a legitimate interest to use all personal data involved in handling these complaints. In addition to identification data, other personal data can also be processed, depending on the complaint.

Further processing

Thermovault has no further processing with the personal data of website visitors, applicants, partners,… All the processing activities are described in the topic above.

How do we protect your personal data?

Your privacy is our top priority, which is why we do everything we can to protect your personal data. We have taken all appropriate technical and organizational measures to protect your data against a possible data breach.

Who has access to your personal data?

Within our organization, only authorized staff members and the persons we designate have access to your personal data. These are only those persons who require access for the correct performance of their function or for the needs of the service.

Personal data will never be passed on by us to third parties/processors, unless:

  • There are legal obligations
  • For certain processing within the implementation of our agreement, such as IT support, we call on other parties. We have concluded a processor agreement (DPA) (EU processors) or standard contractual clauses (SCC) (third country processors) with these parties to ensure that your personal data is also processed by them in a safe and confidential manner. The DPA / SCC guarantees appropriate technological and organizational protective measures. Your personal data is therefore in good hands with these processors.
  • We also have controller-to-controller agreements with other data controllers such as Flexibility Service Providers which help us with energy and flexibility services. It’s important for you as a visitor to review their information notice in case you want to make use of our services. Only in Dutch.

No personal data will be passed on to third parties/processors in inadequate countries (e.g. certain countries outside the EU such as the United States) with the exception that Thermovault uses Google Workspace, an application from Google, an American company for our email traffic and some document storage. Standard Contractual Clauses (SCC) were signed with Google.

Except in the situations described above, your personal data will not be transferred to third countries without your prior consent. Under no circumstances will they be sold, rented or made available to third parties without your prior consent.

The use of cookies

We currently don’t make use of any cookies on our website nor do we use fingerprinting technologies or any comparable technology.

ThermoVault services privacy policy

The privacy policy about the processing activities of our services and solutions can be requested via e-mail privacy@thermovault.com. We will send you the Privacy policy with undue delay.
We will not use your e-mail address for other purposes than sending you the Privacy Policy Document, so you will not receive any marketing emails. Your email address will be retained for 1 week after which it will be deleted.

Which are your rights as a data subject

As a data subject, you have a number of rights with regard to your personal data. These are described below.

Right of information
This privacy policy is written to inform you about our privacy practices

Right of access
You can always send a request to Thermovault to get an overview of all we process about you or to obtain an expression of this in a readable format. When you request this information, Thermovault will provide it with all necessary information such as: the processing, the retention period, the legal basis for processing and the recipients.
This information will be sent to you within one month.

Right of rectification
You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning yourself.

Right to erasure
If you no longer wish Thermovault to process your personal data, you can request (by email) to remove this data from our files / databases.
However, this is not an absolute right and you should be aware that other legislation may limit this right. E.g. you cannot request deletion of data on which a legally defined retention period has been set and this retention period has not yet been reached.
You can have all personal data that we process from you on the basis of “consent” removed immediately when you withdraw your consent. This can be done by simple request by email.
However, if disputes are ongoing, for example a lawsuit or other discussion that may have legal consequences, our interest in retaining this data is more important than your right to erasure. We cannot delete data while such activities are in progress.

Right of restriction of processing
If you do not agree with one or more of the processing activities that Thermovault does with your data, you can invoke a restriction on that specific processing activity. This can be done with a simple question by e-mail.

Right to object
You have the right to object to any processing of your personal data for which we believe we have a legitimate interest. The processing of relevant personal data is stopped, unless we put forward compelling legitimate grounds for this processing that outweigh your interests, rights and freedoms or if these personal data are related to the establishment, exercise or defence of legal claims.

Right of data portability
If you want to move to another similar service, you can ask Thermovault (by e-mail) to supply the data you have provided in a digital format so that you can communicate it to a similar organization. [This only applies for personal data processed using consent or on the basis of a contract]

Right to lodge a complaint
If you consider that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with the Belgium Authority: Gegevensbeschermingsautoriteit (GBA), Drukpersstraat 35, 1000 Brussels.

Right the revoke consent
At any time and without having to motivate this you have the right to withdraw your consent for any personal data processing by Thermovault based on consent as legal basis.

Who do you contact in case of questions regarding this policy?

If you have any questions regarding this privacy policy or the exercise of your rights in this regard, please contact our DPO through the following e-mail address: privacy@thermovault.com

Changes in this privacy policy 

Thermovault reserves the right to update this privacy policy. In the event that this Privacy Policy changes, We advise you to review this Privacy Policy regularly when you visit our website.