Let's talk

How can we help?

Privacy policy


ThermoVault considers your privacy very important. You have the right to know which personal data we process about you and how we do this. In this privacy policy you will receive an answer to the following questions:

  • Who is responsible for the processing of personal data?
  • What is the scope of application of this privacy policy?
  • When do we collect which personal data from you, what do we do with it and why are we allowed to do this and for how long do we keep it?
  • How do we protect your personal data?
  • Who has access to your personal data?
  • What are your rights as a data subject?
  • Whom do you contact in case of questions regarding this privacy policy?
  • Changes to the privacy policy


The data controller for the processing of your personal data is ThermoVault BV, with registered office Hoefstadstraat 86, 3600 Genk.
Our contact details are by phone at +32 456 22 61 37 or by email at contact@ThermoVault.com
For questions regarding the processing of your personal data, it is best to contact our DPO who can be reached at the following email address: privacy@ThermoVault.com


This Privacy Policy is only applicable when ThermoVault is in charge of the processing of your personal data. This means that ThermoVault acts as a data controller and determines why and how your data is being processed.

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly.
Which specific data this may concern, will be explained in detail below.

‘Processing’ means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This Privacy Policy applies to the processing of personal data by ThermoVault from the categories of persons (data subjects) mentioned hereunder. The categories include persons who belonged to these categories in the past (e.g. former customers), and persons who may belong to these categories in the future (e.g. potential clients).

  • visitors to our public website;
  • our customers or business partners;
  • our suppliers, that assist us in operating our activities;
  • staff candidates.

If one of the persons referred to above is a legal person, we still process data from our contact persons at these entities and the GDPR applies.

Our website uses cookies. For more detailed information about the processing of your data by the use of cookies on a website, please refer to our Cookie Policy, which forms an integral part of this Privacy Policy.


Below we clarify what personal data we may process from you. Depending on the specific situation, your preferences and how you contact us, we may not process all of the data below.


From all our contacts we may process the data below:

Type of data

Examples (non-exhaustive)

Electronic identification and usage data (related to our website)

IP address, browser type, location data, by which route you arrived at our website, the type of device you use to visit our website, the web pages visited, and the way you navigate on the web pages visited. This data is processed mainly through the use of cookies. For more details on this, please refer to our separate Cookie Policy[SK1] .   

Identification data

A copy of your identity card (solely to verify your identity if you wish to exercise any of your rights as a data subject under the GDPR).

Contact details and history

Name, first name, address, email address, phone number, communications sent and received (e.g., email messages, messages sent via the contact form on our website, letters, etc.).


Customers and business partners or suppliers

From (contact persons of) our customers and business partners or suppliers we may additionally process the following data:

Type of data

Examples (non-exhaustive)

Contact details and history

See above.

Payment and billing information

Payment card details, and bank account number, if you make payments to us or receive payments from us.


Any feedback you may have, as a customer or business partner or supplier, on our co-operation.


Staff Candidates

Of staff candidates, we may additionally process the following data. Of course, this will largely depend on what data you wish to provide us with in connection with your job application.

Type of data

Examples (non-exhaustive)

Contact details and history

See above.

Personal details

Age, gender, date of birth, nationality.

Work-related data

Curriculum vitae, education, certificates and credit lists, language skills, professional career, publications, portfolio.

Personality Profile

Motivation letter, hobbies, social activities, personality, interview notes.

Audiovisual data

Pictures and video recordings that you would provide to us in the context of your application.

Special categories of personal data

Special categories of personal data are personal data relating to health, racial or ethnic origin, political opinion, religious beliefs, trade union membership, genetic or biometric data, sexual orientation/life, and criminal conviction. In principle, we will not process special categories of data unless you provide it to us with your explicit consent.


We only process your personal data for legitimate purposes that are part of our organisation’s activities. The processing is always based on the legal grounds listed in the GDPR.


The processing steps below are potentially relevant to all of our contacts.

Processing purpose

Legal basis

Answering your question when you contact us, should this not be (or no longer be) part of an existing, former or potential future relationship with you as our client, (potential) customer of our client, business partner, supplier, or staff candidate, including when this is done through one of the forms on our website.

Legitimate interest


Promoting the activities of ThermoVault, by using your contact information to call you or send newsletters or other marketing materials (to you), if you give your express consent to do so, or if it is possible based on our legitimate interests. You have the right to withdraw your consent at any time. You also have an absolute right to object to such processing, after which we must cease such processing.


Legitimate interest, if possible, after consideration.

To provide a website that functions properly on a technical level by using strictly necessary cookies, so that we can provide you with a safe and well-functioning website.

Legitimate interest

The use of analytical cookies on our website to understand how you use our website, for the purpose of, among other things, detecting navigation problems, and making the website more user-friendly and attractive.



The use of marketing cookies on our website, to implement features on our website provided by social media.


Fulfilling our legal obligations as an organisation, such as data protection and tax/accounting obligations.

Legal obligation

To ensure the possibility of exercising or defending the interests of ThermoVault in court, and to do so, if we believe that our interests are being harmed and legal proceedings are imminent (e.g., judicial collection of an unpaid invoice), or if legal action should be taken against us by a person who feels aggrieved by us (e.g., for defence if you would like to hold us liable for defects in the delivery of our merchandise or our services).

Legitimate interest


Customers and business partners or suppliers

From our customers and business partners or suppliers we process the personal data additionally for the following purposes:

Processing purpose

Legal basis

Entering into, performing or terminating the specific agreement with you as our customer or business partner, fulfilling our pre-contractual obligations, managing our client relationship or relationship as business partners, communicating with you, paying the amounts we owe you as your business partner, or invoicing and collecting the amounts you owe us as a result of the cooperation.

The necessity for the formation or performance of a contract.



Legitimate interest (for contacts at our business partner who are not a party to the contract)

Staff Candidates

From our prospective staff, we process the data additionally for the following purposes:

Processing purpose

Legal basis

Assessing whether ThermoVault wishes to enter into an employment or partnership agreement with you.


Necessary for the formation of a contract.

Keeping for a maximum of 2 years the data you provided us with in the context of a job application, if you have an interesting profile, but we could not make you an initial proposal because a suitable position was not available. If a suitable position should become available, we will use your data to contact you again and gauge your interest in further discussions.



We do not store your data for longer than is necessary to achieve the purpose for which the data has been collected or processed, as specified above.

Since the period for which the data can be stored depends on the purposes for which the data has been collected, the storage period will vary according to the individual situation. Sometimes specific legislation will require that we store certain data for a certain period. Our retention periods for personal data are based on legal requirements and balancing your rights and expectations against what is useful and necessary to provide our services or allow you to provide your services to us.

When it is no longer necessary to process your data, we will delete or anonymize your data. If this is not (technically) possible, for example, because your data is stored in backup archives, then we will retain your data, but we will not further process it and will remove it when this becomes possible.


As a customer, business partner, supplier, or staff candidate, we mainly obtain your personal data directly from you, as a result of the contact we have with each other with a view to the (possible) provision of services or support or possible collaboration. However, we cannot rule out obtaining certain of your personal data indirectly in specific circumstances, from public sources or from third parties. We may also consult the profile of staff candidates on professional social media platforms, or receive your details from a recruitment agency should you apply with us this way.
In the event we obtain your data indirectly, we will inform you about the processing of your data no later than at the time of our first contact with you.


Your privacy is our top priority, which is why we do everything we can to protect your personal data. We have taken all appropriate technical and organizational measures to protect your data against a possible data breach.



Within our organization, only authorized staff members and the persons we designate have access to your personal data. These are only those persons who require access for the correct performance of their function or for the needs of the service.


Personal data will never be passed on by us to third parties/processors, unless:
– There are legal obligations.
– For certain processing within the implementation of our agreement, such as IT support, we call on other parties. We have concluded a processor agreement (DPA) (EU processors) or standard contractual clauses (SCC) (third country processors) with these parties to ensure that your personal data is also processed by them in a safe and confidential manner. The DPA / SCC guarantees appropriate technological and organizational protective measures. Your personal data is therefore in good hands with these processors.
Controllers/processors who may receive personal data from ThermoVault:
– Court and/or police services in the context (possible) fraud investigation, …
– Processors (see above) who support us in our administrative obligations such as IT hardware and software support.
– Third parties in connection with the handling of complaints in which you are involved
– Lawyers, bailiffs, government inspection services and similar third parties in the context of investigations or legal proceedings.


No personal data will be passed on to third parties/processors in third countries (e.g. certain countries outside the EU such as the United States), unless necessary.
Where we transfer personal data outside of the European Economic Area to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses or your explicit consent that will be requested before transferring your personal data outside of the EEA.
In any case, we and such third parties have taken the necessary technical and organizational measures intending to protect your data against loss or any form of unlawful processing.


You have several rights concerning the personal data we process about you. If you wish to exercise any of the rights set out below, please contact us using the contact details provided in the first heading of this Privacy Policy.

Right of access and copy

You have the right to access your data and obtain a copy thereof. This right also includes the possibility of requesting further information on the processing of your data, including the categories of data processed about you and for what purposes.

Right to rectification

You have the right to have your data amended if you believe we have incorrect data.

Right to erasure (right to be forgotten)

You have the right to request that we delete your data without unreasonable delay. However, we will not always be able to comply with such a request, including when we still need the data in function of a current contractual relationship, or when the retention of certain data for a certain period is required by law.

Right to restriction of processing

You have the right to restrict the processing of your data. In this way, the processing is temporarily stopped until, for example, there is certainty about its accuracy.

Right to withdraw your consent

Where the processing is based on your consent, you have the right to withdraw this consent at any time by contacting us. For marketing messages you receive from us via email based on your consent, you can easily withdraw this consent by clicking ‘Unsubscribe’ at the bottom of each such message.

Right to object

You have the right to object to the processing of your data based on our legitimate interests. This should be based on reasons specific to your situation. In this case, we must stop processing unless we provide compelling legitimate grounds to continue processing.
However, you can always object to the use of your data for direct marketing purposes, after which we are obliged to stop the processing for these purposes.

Right to data portability

You have the right to obtain your data, which you have provided to us yourself, in electronic form. In this way, they can be easily transferred to another organization. You also have the right to request us to transfer your data directly to another organization, if this is technically possible.

Right to complain to your supervisory authority

If you believe that we are improperly processing your data, you always have the right to lodge a complaint with your data protection supervisory authority. You can do this with the supervisory authority of the EEA member state where you usually reside, where you have your place of work or where the alleged infringement has taken place. Since we manage and coordinate the project activities primarily from Belgium, please refer below to the contact details of the Belgian Data Protection Authority.

Belgian Data Protection Authority (GBA)
Drukpersstraat 35
1000 Brussels
+32 (0)2 274 48 00
Website GBA – filing a complaint

For further information and the contact details of the supervisory authority of each EEA member state, please refer to this website page of the European Data Protection Board with all relevant contact details. In addition, you may always apply to the competent civil court to claim compensation.


You can exercise the aforementioned rights simply by contacting us using the contact information outlined at the beginning of this Privacy Policy.
When you request to exercise your rights, if we have any doubts about your identity, we will ask you to verify it. In this case, we will request the transmission of documents that enable your identification beyond a reasonable doubt, such as a copy of the front of your identity card. We do this to prevent your data from falling into the wrong hands. It is sufficient for such a copy to show your name and date of birth clearly. You preferably delete all the other data.
The exercise of your rights is in principle free of charge. However, where your request is manifestly unfounded or excessive, we may charge you a reasonable fee in light of the administrative costs incurred by us. In the same case, however, we may choose not to act on your request. You will be informed of the reasons if we do so.
In any event, we will always inform you of the action taken on your request at the latest within 1 month of receipt. In the case of complex or frequent requests, this period may be extended to 3 months. In the latter case, you will be informed of the extension of the response period.


If you have any questions regarding this privacy policy or the exercise of your rights in this regard, please contact our DPO through the following e-mail address: privacy@ThermoVault.com


ThermoVault reserves the right to update this privacy policy. If this Privacy Policy changes, we advise you to review this Privacy Policy regularly when you visit our website.


We maintain a separate privacy policy about the processing activities of our services and solutions, which can be requested via e-mail at privacy@ThermoVault.com. We will send you the Privacy policy without undue delay. We will not use your e-mail address for other purposes than sending you the Privacy Policy Document, so you will not receive any marketing emails.