Privacy Policy

The controller for the processing of your personal data when you use this website is Vaillant Group UK Limited, Nottingham Road, Belper, Derbyshire, DE56 1JT ("we", "us").

You can find more information and our contact details in the section titled ‘Contact Detail of the Data Protection Officer, below.

We are a company of the Vaillant Group. The Vaillant Group means Vaillant GmbH (Vaillant GmbH, Berghauser Str. 40, 42859 Remscheid, Germany) and the companies affiliated with Vaillant GmbH. The Vaillant Group includes the brands Vaillant, Saunier Duval, awb, Bulex, DemirDöküm, Heatline, Glow worm, Hermann Saunier Duval and protherm. You can find more information about Vaillant Group here

Under data protection law, we must have a legal basis to process your personal data, and generally speaking we process under one of the following:

1. CONSENT

e.g., usually, we rely on your consent to process your personal data in relation to marketing, market surveys, advertising our products and services and website cookies. You can withdraw your consent to this processing at any time.

2. THE INITIATION OR PERFORMANCE OF A CONTRACT WITH YOU OR THE STEPS TAKEN PRIOR TO ENTERING INTO A CONTRACT

e.g., Where you are an existing customer or professional Partner of ours, we will be processing your personal data in performing our obligations under the contract with you or if we have not been contacted by you before, many of our services require us to process your personal data prior to entering a contract with you, in both cases, we process your information to enable us to provide our services.

3. LEGITIMATE INTERESTS PURSUED BY US OR BY A THIRD PARTY

e.g., where we process your personal data for our own business purposes, e.g. product monitoring, service quality, handling complaints, statistical use etc. this is being processed for the purposes of the legitimate interests pursued by us or by a third party.

4. COMPLIANCE WITH A LEGAL OBLIGATION.

We may need to process or share your personal data where we have a legal obligation that we are required to comply with, an example might be the police or emergency services, insurance investigations and court orders.

5. VITAL INTERESTS

We will share your personal data where it is necessary to protect the vital interests of you or a third party.

In particular, we process your personal data in order to answer your enquiries, to provide assistance in using our website, products and services, to prepare or conclude repair, maintenance and other service contracts, to provide you with requested information or services via our website or other means, to adapt our internet offers, products and services to your interests or to improve them and to support the marketing of our products and services. Specific details of the legal basis we rely on for each of our products and services can be found in the relevant product and service sections to follow.

You can browse our website www.vaillant.co.uk without identifying yourself or registering with us. However, even when you browse our website, your device transmits personal data to us via your browser that is technically necessary to establish the connection and use our website. This includes, in particular, the date and time of the connection, your IP address, requested web pages and downloaded files, data on the transmission and use of the website, information on the browser and browser settings, operating system and device and the internet address from which you accessed our site. We use this information to ensure the security of our web pages, to measure the effectiveness of internet advertising, to compile statistics and to measure the activities on the website with the aim of improving our offer.

More information is provided about cookies in the section below titled; Cookies, analysis tools, tracking and targeting

Our website provides links to some of our apps available in AppStore that offer personalised services. These personalised services require certain personal data, in particular so that you can use the respective service and systems, to register or so that we can contact you to provide the information or services that you requested. For example, MYVAILLANTAPP asks for your login name, email, wifi access as a minimum, optionally you may also provide the ambient temperature, energy consumption, heating schedules, etc. for your home for more sophisticated functions of the personalised services to work e.g. local weather compensation data relies on having your location.

Other apps we provide access to are V Smart, Senso, VRC700 all available on AppStore.

When we ask you to provide us with personal data in the apps, we will indicate whether it is necessary for us to provide you with the particular service. Required information is marked with an asterisk (*). All other information you provide to us is voluntary to enhance the personalised service to you.

Our lawful basis for processing your personal data in respect of personalised services, is the performance of a contract with you (since you will accept the terms and conditions for the app when you register) or the steps required prior to entering a contract with you.

We retain the personal data required for the services for as long as you are registered on the app and thereafter for as long as required and permitted by law.

If you are already a customer of ours, we may also be able to associate and link your app registrations with your existing customer account.

Third parties may have access to your personal data in an app where the apps are created or hosted by another business or our Group Companies. The third parties responsible for our apps are Google Analytics, Crashlytics and Vaillant Group companies.

If you click on any of the links ‘Boiler Installation’, ‘Boiler Replacement’, ‘Modernisation’, ‘How to Buy’ this will take you to the ‘Find an installer’ search function (available here). Generally, you can use this service without entering any personal data, by only entering a city or postcode area location. However, you can enter your exact address or enable the transmission of your approximate location (city) via your browser if you wish. Your browser uses various information to determine your location, in particular your IP address. Details of this can be found in the privacy policy of your browser. The transmission of an address or location is voluntary. Based on the information provided, you will receive a list of installers in your area.

Our lawful basis for processing the location data is your consent. You can withdraw your consent at any time by deleting cookies in your browser settings, otherwise you can find out more about cookies and how long they last in the below section on Cookies, analysis tools, tracking and targeting.

As a rule, by using our ‘Literature’ link (available here) you can download information and brochures on our products and services directly from the website without providing any other personal data.

If you click on the careers link on our website (available here), you will be taken to the Vaillant GmbH website hosted in Germany. As this website is not operated by Vaillant Group UK your continued use will be subject to their website privacy policy and a separate cookie consent will be obtained.

When you click on the whistleblowing link (available here), this will take you to the Vaillant GmbH website hosted in Germany and the BKMS. As this website is not operated by Vaillant Group UK your continued use will be subject to the Vaillant GmbH website privacy policy and a separate cookie consent will be obtained.

If you are a professional installer of our products, you are able to become a member of our loyalty scheme (known asVaillant Advance) by clicking on the link on our website. By clicking the ‘Sign-Up’ link you will be transferred to the website www.vaillant-advance.co.ukyour continued use will be subject to the separate privacy policy and a separate cookie consent will be obtained.

Once you are accepted as a Vaillant Advance loyalty member you will then be able to log-in and use the website www.vaillant-advance.co.uk for all of your business needs concerning Vaillant products and installation.

We provide several ways to contact our contact centre and customer service via the ‘Contact Us’ link (available here).

If you contact us by telephone, email or by filling in our contact form, we will need to ask you to provide us with the information necessary to process your enquiry and reply to you. This includes; name, address and phone or email contact details, where applicable, details of the Vaillant product, customer number, order number and details describing your concern. We may require further information about the owner of the Vaillant product or the recipient of the service or invoice if you are not the owner. We may also collect unit data, fault information, spare parts required, geo-data of the unit location) in order to better perform our customer service. We also supplement the data you provide with information relating to our processing of your request and execution of orders in relation to the services provided. We use the personal data to process your respective request, to answer questions about our products and services, to accept orders, to arrange appointments with our customer service, to document services provided or to invoice services. If you have provided us with your telephone number, mobile number or email address, we will use this to communicate with you regarding your request until the order has been completed. This also includes messages via email or SMS to confirm or remind you of appointments. If your enquiry is about purchase and installation of a new Vaillant product we will pass your enquiry form to our third party RIPPL in the UK, who will use your postcode to refer your enquiry to approximately 3 third party installers from the ‘Find an Installer Search’ on our website, that are in close proximity to you. Please see the Find and Installer section below for more details on this.

Our lawful basis for collecting your personal data when you get in touch with our contact centre is our legitimate interests in as far as we aim to provide excellent customer service by responding to your request, and if you are an existing customer, for the performance of a contract with you.

We will retain your personal data in respect of contact us queries, complaints, orders and servicing etc. in your registration account with us for as long as you have a Vaillant product under a guarantee and thereafter for the purposes of the Gas safe registration scheme. If you no longer have a Vaillant product you can ask us to remove your details from our customer database.

Additional Personal Data uses:

When you speak to the contact centre, they may also ask you if you consent to receiving advertising, marketing, customer satisfaction surveys, and of course to document your consent to these uses.

Consent is our lawful basis for these additional personal data uses.

You can withdraw your consent at any time and stop receiving marketing by contacting our contact centre or emailing our data protection officer dataprotectionUK@Vaillant-group.com. In the case of marketing your personal data will then be placed on a suppression list to ensure that you are not sent marketing.

We also record telephone conversations for quality assurance and training purposes, claim and complaint management. Our lawful basis to process the recordings is our legitimate interests, namely, training, quality control, claim and complaint management. Voice recordings are collected using our telephony system and are held by our third-party telephony provider (Vonage) their data centre storing the recordings is in the UK. For service calls we retain the recordings for a maximum of 5 years. For any other calls we retain the recordings for 1 year.

If you use the ‘Press Office’ link (available here) and fill in an email form, these forms go directly to our Marketing Agency (Bright McCann) based in the UK who will provide you with their own privacy policy. We do not hold or process your personal data ourselves in this situation.

In certain cases, we offer the possibility of receiving selected information about our services and products by email or by post. For this purpose, you would fill in an email form relating to literature requests under the ‘Contact Us’ page (available here)

and provide us with details of the information you require and your name, email address and/or postal address.

These request forms go directly to a third party (Staci UK) to handle on our behalf. Staci UK will only use your personal data to provide the requested information, but your personal data will be visible on any envelopes or parcels that they send to you. However, if you raise any questions, or place any orders for our products or services Staci UK do not manage this, and they therefore need to send all of your contact details to us to process the query (see the section above on ‘Contact Us - Contact Centre’ for the processing of your personal data in this case).

Our lawful basis for processing your information via Staci is our legitimate interests, in that we are responding to a request for information made by you that we do not have the resources to manage within our own teams so have outsourced this service to Staci UK.

Staci UK will retain your personal data for 12 months after your request was fulfilled, at which time it will be deleted.

Provided you have given your consent, we may contact you by email, telephone, or SMS to provide details of offers or complimentary services that may be of interest to you based on the services you have previously used or ask you to participate in online customer satisfaction surveys. Depending on the circumstances, we process information about your consent (date and time), about the products and services you use, the sending of the advertising or the customer satisfaction survey (in particular the content of our messages, date and time), information about the delivery and opening of the email, the data for establishing the connection between the website and your browser and device, and the information you provide in connection with the customer satisfaction survey. We associate this information with your existing customer data so that we can better understand your interests and send you relevant information and offers. If we conduct an anonymous customer satisfaction survey, we will make specific reference to this. We also use the data for statistical purposes.

Our lawful basis for processing your personal data for advertising and customer satisfaction surveys is your consent. You can withdraw your consent at any time by telling us by phone, sending an email to dataprotectionUK@Vaillant-group.comor via an unsubscribe link provided for this purpose in the respective email, and we will place your details on a suppression list so that we know not to contact you with advertising and customer satisfaction surveys in the future. Please note it can take up to 28 days for any advertising already in process to complete and you may continue to receive some communications during this time.

We offer the possibility to make an appointment with our customer service online or by phone through our ‘Contact Us’ page (available here). For this purpose, we require information on the type of order (repair, maintenance or other), on your problem and the services requested, on the product concerned (e.g. serial number, name, class, type, model, performance), your name, title, email address, telephone number (landline or mobile) and the location of the device. We also ask you to confirm that you agree to the applicable terms and conditions. Where you use this service, your information will be matched with an existing account, or a new account will be created if it is the first time you have contacted us. Our account holder system is provided by a third party (Salesforce) and is managed by Vaillant GmbH in Germany, Salesforce do not have access to your personal data.

Our lawful basis for processing your personal data in these cases is the performance of a contract or the steps required prior to entering a contract and our legitimate interests. We need this information to plan the deployment of customer service, to coordinate appointments with you and possibly a third party installer, to confirm the order and to communicate with you and possibly an installer during the processing of the order. We check the existence of the location address in order to avoid incorrect information.

We will retain your personal data in respect of appointments and orders in your registration account with us for as long as you have a Vaillant product under guarantee and thereafter for the purposes of the Gas safe registration scheme and our legal and regulatory obligations.

We offer you the possibility to register your product for our Guarantee to benefit from special advantages for registered products, you can do this by calling us (see details on the contact us page) or on our website (available here).

If you click the ‘Repairs and Servicing’ option and then follow the link to ‘Register your Guarantee’ to do this.

For product registration online, we need you to fill in the guarantee form with the serial number of the relevant product and further details about the device and your contact details. As part of the registration process, you will need to set a password. You can set your other contact preferences during registration, and you can change these at any time. You can also specify your chosen installer to obtain certain benefits we offer to them. Filling in the guarantee form creates an account for you in our Salesforce customer database managed by Vaillant GmbH in Germany and records the Guarantee.

Our lawful basis for processing your personal data for the purposes of the Guarantee is the performance of a contract with you (since you will accept the Guarantee terms and conditions when you register it) or the steps required prior to entering a contract with you.

We also provide your registration details to the GasSafe registration scheme, our lawful basis for sharing your personal data is a legal requirement placed on us which of course is there to protect you should there be any issues with the gas supply or product. You should check the separate privacy notice for the Gas Safe scheme for details of how they will use your personal data.

We will retain your personal data in respect of the product registration for as long as you have a Vaillant product under guarantee and thereafter for the purposes of the Gas Safe registration scheme.

We offer a web-based application which is designed to provide you, as a user of Vaillant Group UK products, with fast and efficient support and assistance from an independent specialist tradesman who will conclude a repair or maintenance contract with you if you wish. To do this, you click on ‘Find an Installer’ (available here)select up to 3 installers in your area and then ‘continue’ fill in the details of your requirements in a webform, we save your webform details in our customer database hosted by our Head Office Vaillant GmbH in Germany to enable us to follow up with you and/or support any questions you might have. The form is sent to your chosen independent specialist tradesman for the purpose of establishing contact and initiating a contract for service, repair or installation. You can select more than one independent specialist tradesman. All your selections will receive your request and they can each accept it or reject it.

If the independent specialist tradesman accepts your request, they will become a controller of your personal data and will make contact with you to arrange a quote and or service/repair and should explain to you how long they will hold your details for after they have completed your requested service or repair. If the independent specialist tradesman rejects your request your personal data will no longer be available to them.

Our lawful basis for processing your personal data in the request form as set out above is our legitimate interests which are to provide excellent customer service and the swift resolution to any query you make.

We offer a help portal (available here) where you can search for information on numerous questions and topics like an FAQ section. In principle, you can use the help portal without disclosing any personal data. However, please refer to the section on Cookies, analysis tools, tracking and targeting for more details of your device data that we may collect via cookies.

We operate a live chat which allows you to communicate directly and personally with a member of staff about our products and promotions. To provide the live chat, we use a service provided by salesforce.com Germany GmbH, Erika-Mann-Straße 31, 80636 Munich, Germany ("Salesforce"). To enable the service, we set a cookie. We process information during the chat (start and end, duration and its content). Furthermore, the data for establishing the connection to our website and the use of the live chat are processed in order to be able to provide the service. You may also provide us with other personal data when using the chat so that we can help you with your request (e.g., name, contact details, heating system) so that we can identify you if you are an existing customer. We process the information to provide the live chat and for statistical purposes.

Our lawful basis for processing your personal data within the chat is the performance of a contract or the steps required prior to entering into a contract, and our legitimate interests, which are to fulfil your enquiry effectively and to your satisfaction.

Personal data processed during the chat may be retained on your customer account if you have one, and if you are not an existing customer it may be used to create an account with us, but only if that is appropriate to your enquiry.

We offer you the opportunity to use certain services independently via a self-service portal. You can register for this either with your residential address or your customer number. The prerequisite is that you have already had a customer service assignment at the current device location or that you have registered your product with us. To register, you must provide your customer number, zip code and email address. For product registration, we need the serial number of the product and other information about the device. Alternatively, you can also register with your complete address data and your e-mail address. In both cases, you will need to create a password. We use your data to provide and manage your registration and the services offered, in particular to arrange repair and maintenance appointments, to manage appointments and the contact settings you have chosen.

Our web site contains links or references to other web sites that we do not control and to which our privacy policy does not apply. Please be sure that you read the privacy policy of every website you visit to ensure you are happy with all the way that your personal data is being processed.

Facebook & Instagram (Meta)

Our websites use social plugins (“plugins”) provided by the social networks facebook.com and Instagram.com, operated by Meta Platforms Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour

Dublin 2 Ireland. The plugins are identifiable by either:

• a Facebook logo (white letter f on blue background or a thumb up icon) or the notice “Facebook Social Plugin”. For a full list of all social Plugins please see http://developers.facebook.com/docs/plugins; or

• a Instagram logo (depicting a camera, but in the most minimal way and in multicolour, with just a square, a circle, and a dot on a white background). For a full list of all social Plugins please see Social Plugins - Instagram : EKM

When you visit a page of our website that contains a social plugin, your browser establishes a direct connection to Facebook or Instagrams servers. Facebook and Instagram directly transfer the plugin content to your browser which embeds the latter into the website, enabling Facebook and Instagram to receive information about your having accessed the respective page of our website. Thus we have no influence on the data gathered by the plugin and inform you according to our state of knowledge:

The embedded plugins provide Facebook and Instagram with the information that you have accessed the corresponding page of our website. If you are logged into Facebook or Instagram, your visit can be assigned to your Facebook or instagram account. If you interact with the plugins, for example by clicking “Like”, or entering a comment, the corresponding information is transmitted from your browser directly to Facebook or Instagram and stored by it. Even if you are not logged into Facebook or Instagram, there is possibility that the pluginstransmits your IP-address to Facebook or Instagram.

For the information on the purpose and scope of data collection and processing by Facebook and Instagram, as well as your rights in this respect and settings options for protecting your privacy please visit either: Facebook’s privacy policy: http://www.facebook.com/policy.php or Instagram’s privacy policy https://privacycenter.instagram.com/policy.

If you are a Facebook or Instagram member and do not want Facebook or Instagram to connect the data concerning your visit to our website with your member data already stored by Facebook or Instagram, please log off Facebook or Instagram before entering our website. Further you can block Facebook and Instagram social Plugins by using add-ons for your browser, like the “Facebook Blocker” and “Instagram Blocker“, e.g. for or for Firefox either https://addons.mozilla.org/en-GB/firefox/addon/fb_ad_block/ or https://addons.mozilla.org/en-GB/firefox/addon/instagram-webview-blockstopper/

Facebook Advertising

To make potential users aware of our Internet presence, we use the Facebook advertising network, which includes conversion tracking, an analysis service from Facebook (Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). Facebook will set a cookie on your computer ("conversion cookie") if you have been directed to our website via a Facebook ad. The cookie loses its validity at the end of 30 days. If you visit within this period certain pages of us, Facebook and we can recognize that the ad was clicked. Information obtained using the conversion cookie is used to create conversion statistics. We receive information about the total number of users who clicked on a particular ad and were redirected to a website associated with the conversion tracking network. Personal identification is not possible for us. If you do not wish to participate in the tracking procedure, you can also reject the required setting of a cookie, for example via a browser setting, which generally deactivates the automatic setting of cookies.

Twitter

Functions of the X (formally known as Twitter) service are integrated in our site. These functions are being offered by X, Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA). The use of X and the “Repost” (formerly “Retweet”) function links the websites you visit with your X account and makes this information available to other users. Data is transferred to X in the process.

We want to make you aware that we as a provider of the pages have no knowledge of the content of the transferred data or of its use by X. You can find more information about the data privacy declaration of X at twitter.com/privacy.

Please note, on this website, X is referred to by its former Twitter icon featuring a white bird silhouette on a blue background, and may be referenced as Twitter on older pages and multimedia elements.

YouTube

Our website uses plugins from YouTube (YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA). When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. The Youtube server will be informed which of our pages you visited. If you're logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. For more information on how to handle user data, please refer to the YouTube Privacy Policy athttps://www.google.com/intl/en/policies/privacy

Our lawful basis for placing cookies is your consent. You can withdraw your consent at any time.

LinkedIn

Our website uses plugins from LinkedIn (LinkedIn, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland). When you visit one of our LinkedIn plug-in-enabled sites, you will be connected to the servers of LinkedIn. The LinkedIn server will be informed which of our pages you visited. If you're logged in to your LinkedIn account, LinkedIn allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your LinkedIn account. For more information on how to handle user data, please refer to the LinkedIn Privacy Policy at

https://www.linkedin.com/legal/privacy-policy

Personal data collected by cookies is deleted after 30 days.

Cookies are small text files that are stored in the browser of your computer, tablet or phone when you first visit our websites. We use functional, analytical and tracking cookies. These ensure that the website works properly and that, for example, your preferred settings are remembered. These cookies also ensure the website works effectively. In addition, cookies are stored and processed by us that track your web surfing behaviour so that we can offer customised content, measure the effectiveness of and tailor internet advertising, to ensure the security of our web pages, to compile statistics and to measure the activities on the website with the aim of improving our offer and making it appropriate for your needs. This involves collection of information that can be classified as personal data, about you, your devices and your use of our services.

We use our own cookies, in particular functional cookies, to make our website more user-friendly, to facilitate navigation and the use of forms, to simplify logging in and registration, to provide certain functions, to store the consent or rejection of cookies and to ensure the security of our website and our systems. We call these ‘necessary cookies’ as they need to be accepted to be able to fully use our website functionality.

We also use third-party cookies, particularly in connection with the use of analytics tools, tracking and targeting technologies:

Hotjar

We want to make the best use of our website so that we also use the services of Hotjar (Hotjar Ltd, Level 2, St Julian's Business Center, 3, Elia Zammit Street, St Julian's STJ 1000, Malta), which uses cookies and other information to analyse our digital presence. The information generated by the tracking code and the cookie about website usage is transmitted to Hotjar and stored on servers in Ireland. The use takes place on the basis of your consent in accordance with Article 6.1 (a) of the GDPR and on the basis of our legitimate interest in the optimisation and user-friendly design of the Vaillant website in accordance with Article 6.1 (f) of the GDPR.

Detailed information about Hotjar's privacy policy and its use of cookies is available at https://www.hotjar.com/legal. You can deactivate the collection and processing of data at any time under https://www.hotjar.com/opt-out.

Google Analytics for Firebase

We use Google Analytics for Firebase ("Google Firebase") to analyze user behavior. The provider of these services is Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The solution is used to optimise the MyVaillant website in order to make it more user-friendly, as well as for error detection and troubleshooting. The use takes place on the basis of your consent in accordance with Article 6.1 (a) of the GDPR and on the basis of our legitimate interest in the optimisation and user-friendly design of the MyVaillant website as well as error detection and troubleshooting in accordance with Article 6.1 (f) of the GDPR. We use Google Firebase to analyse the use of the MyVaillant web portal by users (e.g. pressing buttons, frequency of function calls). For this purpose, Google Firebase also collects data about your device (device model, manufacturer, operating system, browser used, geo-data (country, region, city), language). We use the data collected and provided by Google Firebase exclusively for statistical, anonymous evaluations in order to optimize the app for the various user groups, devices, operating systems, etc. and to eliminate errors.

The use of Google Firebase may require Google to forward the above-mentioned data to the USA; Google has committed itself to complying with the General Data Protection Regulation (see: https://firebase.google.com/support/privacy). Details on data processing, in particular on the scope and storage period, can be found in Google's privacy policy for Firebase and Crashlytics (https://firebase.google.com/terms/data-processing-terms and https://firebase.google.com/terms/crashlytics-app-distribution-data-processing-terms/). We refer to the following information on the processing of your data by processors and third parties outside the EU or EEA.

Google Analytics

Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses cookies to help us analyse how you use the website. The information generated by the cookie regarding your use of this website (including your IP-address) will be transmitted and stored on a Google server in the United States of America. Google will use such information to evaluate your use of the website, to compile reports on the web site activities for website operators as well as to provide other services in connection with website internet usage. Google may also transfer such information to third parties, provided this is required by law, or where third parties process such data on behalf of Google. Google will not associate your IP-address with any other Google data. You may refuse the generation of cookies by selecting the appropriate settings on your browser; however, please note that in refusing cookies you may not be able to make full use of all website functions. Please use the Google deactivation add-on "http://tools.google.com/dlpage/gaoptout?hl=en" if you do not want your personal data to be transmitted to the web analytics service of Google Inc. You can object to the creation of user profiles via pseudonyms at any time. In addition, you can withdraw your consent to advertising at any time. In view of the discussion on the use of analysis tools with full IP-addresses, please note that this website uses Google Analytics with the extension/add-on "_anonymizeIp()" and that thus IP-addresses are processed only in an abbreviated form in order to rule out any direct relation to persons.

DoubleClick

Our web site uses “Doubleclick”, a service provided by of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043 USA, (hereinafter referred to as “Google”). Doubleclick by Google uses cookies to show you advertisements that are relevant to you. Your browser will be assigned a pseudonymous identification number (ID) to check which ads have appeared in your browser and which ads have been viewed. Using the DoubleClick cookie allows Google and its affiliate websites only to serve ads based on previous visits to our or other websites on the Internet. The information generated by the cookies is transmitted by Google for evaluation to a server in the USA and stored there. A transfer of the data by Google to third parties takes place only due to legal regulations or in the context of data processing relationships. You can choose your browser settings so that you are informed about the setting of cookies and individually decide on their acceptance, or exclude the acceptance of cookies for specific cases or in general. If you do not accept cookies, you may not be able to use certain or all features of our website. You may also prevent the collection by Google of the data generated by the cookies and related to your use of the website and the processing of such data by Google by downloading and installing the browser plug-in available under the DoubleClick Deactivation Extension link (https://support.google.com/ads/answer/7395996?hl=en). Alternatively, you can opt out of DoubleClick cookies via Advertising Settings on Google (https://adssettings.google.com) or on the Digital Advertising Alliance website (http://www.youronlinechoices.com).

Google AdWords Conversion Tracking

Our web site uses conversion tracking. When you reach this site through a Google ad, Google AdWords will set a cookie on your computer as soon as you click on a Google-enabled ad. The validity of this cookie is 30 days and is not for personal identification. If you visit certain pages of our website and the cookie has not expired, we and Google can see that you have clicked on the ad. Each Google AdWords customer receives a different cookie and thus cannot be tracked through the website of other advertisers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. Such customers experience the total number of users who clicked on an ad and were directed to a site that was tagged with a conversion tracking tag. Information that can personally identify users is not transmitted.

If you do not want to participate in the tracking, you can reject the required setting of a cookie in your browser setting by disabling the automatic setting of cookies or by blocking your browser cookies of the domain. You may not delete the opt-out cookie as long as you do not wish to record the data.

Measurement and analysis tools are used to better understand the use of our website and to optimise it accordingly. With the corresponding cookies, we collect information about how you interact with our website and which pages you have visited. The information we collect or store with these cookies is aggregated and not linked to you personally. Such cookies are activated with your consent, and you can withdraw your consent at any time.

Tracking and targeting technologies are used to optimise the delivery of advertising and other marketing on the internet. These cookies track and collect information about your online activities to help advertisers deliver more relevant advertising to you according to your interests. These cookies may share this information with other organisations or advertisers. Such cookies are activated with your consent, and you can withdraw your consent at any time.

We also integrate certain so-called social media offers or external content on our websites. When using social media, you also use the respective offers of the social media providers, which also use cookies. Such cookies are activated with your consent, and you can withdraw your consent at any time.

In principle, you can also view our website without cookies. However, most browsers automatically accept cookies as the default setting. However, you can prevent or restrict the storage of cookies on your end device. Please refer to the instructions of your browser manufacturer for details of how this works. You can also delete cookies that have already been set at any time via your browser. You can also use the "Do Not Track" settings of your browser to manage cookies. You can also deactivate cookies from certain third-party providers on the page of the "Digital Advertising Alliance" at http://www.aboutads.info/choices/ or on the page "Your Online Choices" at https://www.youronlinechoices.com. If you do not accept necessary cookies, this may lead to functional restrictions of our offers.

When using third party cookies, it is possible that the collected data may be transferred by the respective cookie provider to a country outside the UK that does not offer an adequate level of data protection and in these circumstances, we will take all reasonable steps to ensure adequate safeguards are in place that meet the standards of UK data protection law.

For more details on the cookies placed when surfing our website and how long those cookies last please browse to the end of this page

Data Accuracy

We share our customer data with a third party in Germany called CDQ who offer data cleansing services, this is to fulfil our legal obligation to ensure that the personal data we hold about you is complete and accurate as far as possible. Our lawful basis for processing your personal data for this purpose is our legitimate interests in maintaining an up to date and accurate database of our customers and their contact details, and also in order to comply with our legal obligation to ensure personal data that we process is complete and accurate as far as we can reasonably do so.

Videocalls

We use a third party called Sightcall based in the USA for our video calling capability, this will be used between a Vaillant engineer or other third-party engineer located at your property and a Vaillant technical support agent at our call centre. The video call is used to aid installation checks and fault finding. The users of the video call will not seek to put you in the video and will be advised as far as it is possible to only capture the Vaillant product, but in doing so they may inadvertently capture partial views of your property where the Vaillant product is situated. We do not record these videos, so they are purely live streaming and unsaved. Our lawful basis for using video calling and your data within it if captured is our legitimate interests, in that it is legitimate, given the low likelihood of capturing your personal data, for us to utilise video calling in order to ensure a correct and proper installation or repair of your boiler.

CCTV

If for any reason you enter on to any of our premises, we have 24-hour closed-circuit television surveillance that may capture your image and activity within our perimeter, our lawful basis for capturing your image on CCTV is our legitimate interests, in that it is legitimate to seek to protect and secure our premises and property and those people working at our premises, at all times. We will retain images captured on CCTV for no more than 31 days unless that recording is required to assert our legal rights.

Profiling & Segmentation

We want to give you the best possible customer experience. One way to achieve this is to get the richest picture we can of who our customers are by combining the customer postcode data we hold in a market segmentation and profiling software (supplied by TransUnion) to establish a set of customer segments. We do this so that we can understand our customers better and similar potential customers who might be interested in Vaillant Group products and services. Examples of how this might be used e.g.,(i) identifying key market segments who purchase from us (ii) typical customer lifestyle preferences (iii) and likely customer behaviours towards heating industry products and services. We use this market segmentation and profiling service to better target our marketing activities around the UK. Our lawful basis for using your aggregated postcode data is legitimate interests, in that it is legitimate for a business to seek the best use of its marketing budget and activities to optimise our business and improve the relevance for our existing and future customers. We will periodically re-assess our key customer profiles and market segmentation to keep the data we derive from that up to date. Please be assured that we will not advertise to you directly unless you have given us your consent to do so.

You can use the Cookie Consent Management Tool integrated into our website to manage your individual settings for the use of cookies. There you will also find detailed information on the individual cookies.

We use the Consent Management Tool from Consentmanager AB (Håltegelvägen 1b, 72348 Västerås, Sweden) on our website. The tool enables you to give consent to data processing via the website, in particular the setting of cookies, as well as to make use of your right to withdraw consent already given. The processing of data and the use of cookies is necessary for the documentation and administration of your settings. The following data is collected and transmitted to the provider of the tool: Date and time of the page call, information on the browser you use and the device you use, anonymised IP address, opt-in and opt-out data relating to the respective cookies. This data is not passed on to other third parties.

For more information on the privacy terms of the cookie consent management tool used, please visit: https://www.consentmanager.net/privacy.php.

Personal data processed by us as the controller and, for the purpose of providing our website and services, is sometimes passed on to other entities within the Vaillant Group and certain third-parties who process the personal data on our behalf and strictly in accordance with our instructions (we have set out in the individual sections of this policy wherever that is the case).

We may also pass on your personal data to installers, service engineers or other third parties if this is necessary for the provision of certain services, e.g., service and repair services. Our lawful basis for this would be to comply with a contract we have with you or another person, or our legitimate interests in providing our services as efficiently and professionally as possible.

We may also disclose your personal data to other third parties such as:

• Gas Safe, other industry regulators, HM Revenue & Customs, the FCA, the Financial Ombudsman, the insurance Ombudsman and other authorities and regulators acting as controllers based in the United Kingdom who require us to disclose information in certain circumstances, and the health & safety executive wherever this is necessary, depending on the circumstances our lawful basis could be our legitimate interests, your vital interests, for a contract with you, or a legal obligation;

• Professional advisers acting as processors or controllers including lawyers, bankers, auditors and insurers based in the UK/EU who provide consultancy, banking, legal, insurance and accounting services strictly where there is a need to share personal data, our lawful basis here is usually our legitimate interests in that all of these disclosures are necessary for operating a compliant business in the UK;

• Service providers acting as processors based in the UK/EU who provide IT and system administration services including, but not limited to River Marketing Limited (RIPPL), our lawful basis for this is our legitimate interests in that it is legitimate for us to operate our business as we see fit provided this is within the law: and

• Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If such a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice until you are notified of any changes. Our lawful basis for this is our legitimate interests in that it is legitimate to manage, merge or dispose of our business or parts of it as we see fit provided this is within the law.

We may also pass on your personal data to installers, service engineers or other third parties if this is necessary for the provision of certain services, e.g., service and repair services. Our lawful basis for this would be to comply with a contract we have with you or another person, or our legitimate interests in providing our services as efficiently and professionally as possible

We may also be required to transfer your personal data to domestic or foreign courts, law enforcement authorities or other governmental institutions where this is required and permitted by law an example might be the police or emergency services, insurance investigations and court orders. Our lawful basis for this is compliance with a legal obligation or the vital interests of our customers or others.

In some circumstances (as already set out in this privacy notice), data processing of your personal data is carried out on our behalf by our Head Office Vaillant GmbH in Germany or a third-party organisation based outside the UK. This is particularly so in connection with the use of analysis tools, tracking and targeting cookies and other technologies or the integration of social media offers. In such cases, unless there is an adequacy decision by the UK in relation to the recipient country (e.g., as with all EU member states), we will have agreed adequate safeguards for the protection of personal data by that organisation, in particular by agreeing the applicable UK International Data Transfer Agreement (IDTA) or the EU standard contractual clauses with the UK IDTA Addendum, to ensure the same standards of protection as UK data protection law requires.

Depending on the purpose of the transfer our lawful basis could be any of the bases set out in paragraph 3 above.

We apply technical and organisational security measures to protect the personal data we process against destruction, loss, alteration or unauthorised disclosure of, or access.

All personal data provided by you when using personalised services will be transmitted to us in encrypted form. Your data is password protected in the systems in which it is stored. The persons who have access to it are prohibited by strict security regulations from disclosing your data to third parties unless we have set out where a third party is used as part of the provision of any of our services in this policy.

In addition:

• Our system security is regularly audited internally and by an External Qualified Security Assessor

• We regularly update our firewalls and ensure that our systems are continually updated to protect against new cyber attacks

• We use a third-party web application firewall from WAF to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, WAF processes site visitors’ IP addresses

• All our staff are required to undertake information security awareness training to spot spam, phishing and other malicious emails that could compromise the integrity of our systems

• Our call centre staff are trained in following caller identification practices to prevent disclosing personal data to third parties attempting to obtain personal data by deception

• All staff are required to comply with our group policies on information security, data protection, information classification etc.

• Our physical premises are secured so that only staff with company issued security passes can enter our buildings without prior authorisation, and guests are accompanied at all times. Closed-circuit television (CCTV) operates outside the building for security purposes. The information is viewed by us on a live feed and recorded on a 30 day loop.

• We have a robust disaster recovery and business continuity policy that follows a strategy that ensures that we can restore the availability and access to personal data in the event of a physical or technical incident in a ‘timely manner’

• Your personal data is password protected in all the systems in which it is stored and will only be accessed where there is a genuine reason to do so.

• The persons who have access to the systems where your personal data is held are prohibited by strict security regulations from disclosing your data to third parties unless we have set out where a third party is used as part of the provision of any of our services in this policy.

• Our data security measures are continuously reviewed, improved and we regularly employ penetration testing performed by a third party provider, to assess the strength of our technical defences.

• We ensure that any data processor we use also implements appropriate technical and organisational measures to comply with data protection law.

You have the right to request access to and rectification or erasure of personal data concerning you or restriction of processing, or to object to processing as well as the right to know and question any decisions made about you using automated means and data portability, in each case in accordance with data protection law.

The following links are to the ICO website where you can find additional information on your rights and ion what situations you can exercise them (please note that the ICO’s separate website Privacy Notice will apply to your use of their website):

Know about use of your personal data

Access to personal data

Correction of personal data

Erasure of personal data

Restrict the use of personal data

Object to processing of personal data

Portability of personal data

Use of automated decisions about you

Complaint

Where the lawfulness of our processing of personal data relies on your consent, you have the right to withdraw your consent at any time.

You can contact our data protection officer using the details in the section below, to assert your data protection rights above.

You will not be charged for exercising your rights and, once we receive your request, we have one-month to respond to you, unless we let you know otherwise.

Complaints

If You are unhappy with our website or the services available on it, or anything that Glow Worm have done for you other than on the website, you can make a complaint by going to our ‘Contact Us’ page and filling in the complaint form (available here).

If You are unhappy with the way we are using your personal data, please contact our data protection officer and we will seek to resolve any issues. You also have the right to lodge a complaint with the competent supervisory authority if you are of the opinion that the processing of personal data concerning you is not lawful. For this purpose, you may in particular contact the competent supervisory authority in the country where you reside or of the place of the alleged infringement.

The competent supervisory authority in the UK is the Information Commissioners Office. You can find their current contact details at

https://ico.org.uk/global/contact-us/

If you have any questions or suggestions on our use of your personal data, please feel free to send them by email or letter to our data protection officer, who can be reached at the following contact details:

By email: DataprotectionUK@vaillant-group.com

By post: The Data Protection Officer, Vaillant Group UK Limited, Nottingham Road, Belper, Derbyshire, DE56 1JT

We reserve the right to change this privacy policy at any time. Please also note the respective terms of use and the general terms and conditions when using our Website.

Status: Published 22nd August 2023

Previous Privacy Policies

January 2023

August 2021