Privacy Policy

Therme Group and its affiliates (collectively, “Therme Group”, “we” or “us”) are committed to protecting your personal data and respecting your wishes and we want you to be confident that we are. We aim to be clear about when we collect your information and not do anything you would not reasonably expect us to do with your personal data. This policy aims to help you understand what personal data we collect, how we use it and how we store it and how this applies to our websites, products and services (collectively “Services”).

BY ACCESSING AND READING THIS PRIVACY POLICY YOU ACCEPT THAT YOU HAVE BEEN INFORMED REGARDING YOUR PERSONAL DATA PROCESSING BY US, AS DESCRIBED IN THIS POLICY.

When we act as data controller, deciding on the purposes and means of the processing of personal data , we have the responsibility to fulfil all legal requirements regarding the processing of your personal data.

This Privacy Policy describes our privacy practices and policies relating to our Services. Therme Group operates in various jurisdictions, including outside the UK , EU and EEA . Any personal data collected will be used and held in accordance with both domestic and EU data protection requirements as dictated by applicable privacy legislation.

SOME OF OUR AFFILIATED COMPANIES MAY PROVIDE YOU WITH THEIR OWN PRIVACY POLICIES AND NOTICES RELATING TO THEIR SPECIFIC ROLE IN THE ORGANISATION, THAT WILL COMPLEMENT THIS POLICY, WHEN YOU ACCESS THEIR SERVICES.

If you would like to know more about how we collect and use your personal data, please click on the headings below for further information. If you have any further questions, please contact us using the details in the Contact us section below.

When we refer to Therme Group, we are referring to Therme Group RHTG AG, a public limited company with its registered office address at Wienerbergstraße 51, 1120 Vienna, Austria, with company number FN 364773 g, and its affiliated companies.

For further information regarding Therme Group’s affiliates, please contact us using the details in the Contact us section below.

• When you provide your personal data directly to us

If you sign up to one of our newsletters or events, download one of our publications, purchase a product, or communicate directly with our teams for another reason, whether online, on paper, in person, or over the phone, you will be sharing your personal data with us.

• When you provide your personal data through a third-party organisation

From time to time, we work with other organisations such as to sponsor an event. If you provide your personal data to these third parties and indicate that you wish to hear from us such as by receiving a publication, attending an event or signing up to hear our news, the organisation you have contacted may share your details with us (including personal data). For information about the type of information we receive through these third parties, see the section below What type of information do we collect. To learn how these organisations use your personal data please read their privacy policies.

• Publicly available personal data

In some circumstances, we may combine information you provide us with personal data available from external sources such as on your employer’s website, in newspapers and magazine articles in the press, or in your organisation’s public records. This might be in order to provide you with a better experience at Therme Group events, to ensure that we are contacting you with information that we feel is relevant to you, or in order that we can provide you with a better and more personal experience in your interactions with us. It also enables us to gain a better understanding of our stakeholders and to improve our products and services.

• Social media

We may refer to personal data available on and through your LinkedIn, Twitter, Instagram and Facebook profiles in order to provide you with a better and more personal interaction with Therme Group. Your personal settings within those social media accounts and the privacy policies of their website and messaging services will determine what information you have given us, and others, permission to access. Please check your settings and the privacy policies of those sites if you’re not sure what permissions you’ve given.

• When you use our website or app

So that we can provide you with the best possible experience when you visit our website, we collect cookies when you use our website. This can include the pages you visit and areas that are of most interest. Cookies can also be used to make using the website faster, such as by automatically filling in your name and address. Further information about cookies is set out below. In addition, the type of device you’re using to access our website or app and the settings on that device may provide us with information about your device, including the type of device it is, what specific device you have, what operating system you’re using, or why a ‘crash’ has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

The type of information (including personal data) that we collect and use and what we do with it will depend upon your relationship with us.

If you download a publication, sign up for an event or to receive news updates from Therme Group, the information that we need to collect will vary but may include:

• Your name;
• Your contact details, including email, telephone number and postal address;
• If you create an account with us, your screen name user ID and password;
• Your bank or credit/debit card details;
• Personal health data (only where relevant and necessary to fulfil your request for a specific product or service);
• Why you’re interested in our publications, news and events;
• The name and address of your employer;
• Your job title;
• If an event is being provided by a third party, the name and contact details of that third party supplier;
• Details needed to improve your event experience such as dietary requirements or accessibility needs; and
• Invoicing information.

We will rarely collect information classified as sensitive data, such as information about your race, religious beliefs, political opinions and personal health data. We will only do so if there is a clear reason for doing so, such as to enable you to participate in an event, or if we need your personal health data to ensure your safety at an event.

If you provide us with your bank or credit card details to process a payment over the telephone, we will always ensure that your information is handled securely. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details.

If you make a payment through our website, the payment may be processed through a secure third-party and we will not have access to any of your card details. Your card will be processed in accordance with the policies of the processor providing that service that you will be notified of at the time of making payment and we would refer you to their terms and conditions for further information.

Therme Group uses your personal data in different ways, depending on the nature of our relationship with you.

If you download a publication or register to receive our news or attend an event, we need to collect this information for numerous reasons, in order to:

• provide you with the services, products or information you asked for;
• ensure your safety at an event;
• understand who is accessing our services, publications, events or information;
• keep a record of your relationship with us;
• make sure we know how you prefer to be contacted; and
• understand how we can improve our services, products or information.

We may also use your information for the following:

• Direct Marketing

We will use the details you provide to us to communicate with you about matters such as future events, news and publications.

We will never send you electronic marketing communications, such as marketing emails unless we have your express consent that you wish to hear from us in this way. If you do subscribe to Therme Group emails or to hear our news, we will understand that you are granting us the right to use that email address for email marketing.

If you don’t currently hear from us by email or receive our e-newsletter and would like to do so, or if you would like to update your preferences, please contact us using the details in the Contact us section below. You can also unsubscribe from Therme Group emails by clicking the “Unsubscribe” link at the bottom of any of our emails.

We may contact you by post if we believe we have a legitimate interest in doing so and that contacting you in this way will not have unduly adverse consequences for you. This might be if, for example, you have a history of engaging with us in this way and have not indicated that you no longer wish to receive contact from us by post. If you hear from us via the post and no longer wish to do so, please contact us using the details in the Contact us section below.

We are committed to communicating with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it is quick and easy to let us know that you no longer want to hear from us by using the contact details in the Contact us section below or by posting us an updated consent form that you may receive in the post. You can be assured that our team will deal with any request quickly, sensitively, courteously and professionally.

• Personalisation and Marketing

To help us to make sure you’re happy to hear from us and happy with what we send you, we may use the personal data that we have gathered in the course of our relationship to tailor our future communications. This includes helping us to understand the likelihood of you responding to an email communication from us, or your likely interest in a future event or publication. The greater understanding of you we can obtain from this information, the more personalised and relevant we aim for our communications to be.

We also carry out targeted marketing activity to ensure that we are contacting you with the most appropriate communication, which is relevant and timely and will ultimately provide an improved experience for you. For example, we may provide content and distribute digital and traditional marketing and communications materials based on your location. This permits us to provide you with timely news about the Therme Group and to let you know the different ways you can engage with us and how you can access our services.

You can opt-out of your personal data being used for targeted marketing. However, this may mean that you stop receiving marketing communications from us or they become more generic and less relevant to you. If you do wish to opt out, please contact us using the details in the Contact us section below.

• Sharing Testimonials

To show fellow stakeholders, suppliers, funders, partners, potential partners and customers the great work that we do, we may share testimonials you provide about your engagement with Therme Group. We will not share any information which makes you identifiable unless you have given us express consent to do so.

We usually process your personal data only if at least one of the following legal grounds apply:

• You have given your consent for the processing;

• Processing is necessary for the performance or entering into a contract to which you are a party;

• Processing is necessary for compliance with a legal obligation applicable to us;

• Processing is necessary for the purposes of our legitimate interests.

• Legitimate interest reasons include (but are not limited to):

o Preventing risk and fraud; o Prevention of financial losses;
o Recovery of damages; o Defence of our rights in court;
o Ensuring people’s health and safety;
o Ensuring security of Therme Group’s sites and premises.
o Ensuring cybersecurity;
o Taking the steps necessary to identify you, when necessary;
o Answering questions or providing any support;
o Helping customers find and use relevant products or services through our website;
o Providing and improving our products and services;
o Reporting and analytics;
o Testing out features or additional services;
o Assisting with marketing, advertising, or other communications; or o Protecting Therme Group’s image and reputation.

We only process personal data for these “legitimate interests” after considering the potential risks to your privacy. This may include providing transparency into our privacy practices, offering you control over your personal data where appropriate, limiting the data we keep, limiting what we do with your data, who we send your data to, how long we keep your data, or the technical measures we use to protect your data.

We will never share your information with a third party who intends to use it for their own marketing purposes and there are very limited instances where we will share your personal data with a third party. This could include:

• if a third party provides a service to us, such as running an event on our behalf, providing an element of a contract for us, such as email distribution, fulfilling an order, providing IT, marketing, content services, etc. This would include our trusted partners, entities that sell our products or services or provide our information and marketing for us;

• for the administration of events. For example, an event venue may require the provision of the names and dietary requirements of attendees in advance, for security and health purposes;

• where there is a legal or regulatory requirement to disclose your personal data such as from government authorities or the courts, we have a genuine and real concern regarding a person’s well-being, or where disclosure is necessary for taxation and criminal investigation purposes; and

• where we have your written consent.

We may be involved in the sale, transfer or reorganisation of some or all of its business at some time in the future. As part of that sale, transfer or reorganisation, we may disclose your personal data to the acquiring organisation, however, we will require the acquiring organisation to agree to protect the privacy of your personal data in a manner that is consistent with this Privacy Policy.

Therme Group has a number of steps in place to keep your personal data as safe as possible. Reasonable measures (such as systems access security controls, safeguards to detect and prevent security system failures, and restricted access) have been implemented to help protect personal data from loss, misuse, unauthorized access or disclosure. We train our staff in data protection and data security to increase awareness of its importance. We keep our data protection and data security policies and practices under constant review and review the personal data that we hold, where we hold it and what we do with it.

Therme Group requires the third parties it works with to comply with data protection laws and puts controls in place to ensure that your information is handled safely and appropriately.

We work with and process data about individuals across the world. To operate our business, we may send your personal data outside of your state, province, country or residence within the European Union (EU) and European Economic Area (EEA) or other regions of the world such as the UK, Canada or the United States of America.

If you are in the EEA, the transfer of personal data between member states is considered safe under applicable data protection laws.

Additionally, other countries have been recognised by the European Commission as offering adequate levels of data protection. The full list can be consulted here. In other words, transfers to the country in question will be afforded the same treatment as if transferred between EEA member states. For example, when we send your personal data to Canada it is protected under Canadian law, which the European Commission has determined will adequately protect your data.

Your data may also be sent to other Therme regional business locations and to service providers who may be located in other regions. This data may be subject to the laws of the countries where it is transferred.

We may transfer your personal data to third countries or international organisations that don’t provide adequate levels of data protection according to the European Commission (or, if you are in the UK, the ICO’s requirements). In this situation, we shall take appropriate steps to protect your data, and make available to you effective legal remedies for protecting and exercising your rights.

In such context, we will ensure that your data will be protected by contractual commitments at least equivalent to the Standard Contractual Clauses approved by the European Commission (SCCs), or if you are in the UK, by way of an international data transfer agreement (IDTA) or relevant IDTA addendum to the SCCs, as the case may be.

Where we cannot find other appropriate safeguards, we will transfer data to these destinations only under the following conditions:

• We ask for your prior consent, after informing you of possible risks;

• We transfer the data only at your request for the performance of a contract or the application of necessary pre-contractual measures in relation to us;

• The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person;

• The transfer is necessary for important reasons of public interest;

• The transfer is necessary for the establishment, exercise or defence of a right in court;

• The transfer is necessary to protect your vital interests or those of others when you are not in a physical or legal capacity to express your consent; and

• Other situations stipulated by law.

Therme Group does not have any control over how any third-party websites handle and use your information. Therefore, if you follow any links to any third-party sites from Therme Group websites, you must check the privacy policy for such a third-party organisation in order to understand how your information could be used. This policy does not cover third-party websites.

Cookies are small text files which are used by websites to learn about your visit to the site and in some cases to tailor your experience on the website. We use cookies to improve your experience of using the Therme Group websites, to provide functionality, improve performance, and help with behavioural advertising and embedded content.

Further information about how we use cookies and how you may turn these off is available in our Cookie Policy.

‘Corporate Subscribers’ are organisations who Therme Group might contact in a professional context, using generic work contact details, including phone, email and post. These contact details may be obtained from public domain sources (company websites etc.), from our own business records or from other companies and business contacts.

We may contact corporate subscribers by email or telephone provided that the subscriber has not previously opted out.

We may contact subscribers by mail if they have not previously opted out of receiving such communications.

You have a right to object to the processing of your information for direct marketing. We will provide opt-out notices on our communications to you, or you can advise our team using the contact details in the Contact us section below.

By accepting the terms of this Privacy Policy, you acknowledge and agree that no data transmission over the Internet is completely secure. We cannot guarantee or warrant the security of any information you provide to us and you transmit such information to us at your own risk.

Your personal data is maintained on our networks or on the networks of our service providers. Your information may also be stored in a secure off-site storage facility. We retain personal data only as long as it is needed to fulfil the identified purposes or as may be required to comply with applicable laws. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

When we rely on your consent (e.g., newsletter subscription), your personal data is kept for as long as you continue to consent.

To satisfy regulatory requirements, certain personal data may be retained according to those legal requirements that may require its further retention after which all documentation will be destroyed in a manner commensurate with its sensitivity.

Under the conditions set out in the data protection laws, as a data subject, you have the following rights:

● Right to be informed, right to receive details of the processing of your personal data, as described in the Privacy Policy;

● Right of access, the right to obtain confirmation from us regarding the processing of personal data, as well as details of the processing activities;

● Right to rectification, the right to obtain the correction of inaccurate/unjustified personal data, as well as the completion of incomplete data;

● Right to erasure without undue delay, („right to be forgotten”), under the conditions provided by the data protection laws;

● Right to restriction of processing, to the extent that you contest the accuracy of your data, the processing is unlawful and you oppose to the erasure, requesting instead the restriction of its use, or when we no longer have any purpose to process your data, but you request it for the establishment, exercise or defence of a right in court or when you object to the processing of data for a period enabling us to confirm our legitimate interests;

● Right to data portability to another controller, under the conditions stipulated by law;

● Right to object to the processing of personal data, at any time, free of charge and without any justification, when the data is processed for direct marketing purposes or when the processing is based on one of our legitimate interests invoked, unless we can demonstrate that there are legitimate reasons justifying that processing;

● Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects on you or similarly affects you to a significant extent, with the exceptions set out in data protection laws;

● Right to withdraw your consent, at any time;

● Right to lodge a complaint with a supervisory authority, if you consider that the processing of your personal data infringes data protection laws.

If you have questions or complaints with respect to our privacy policies and practices or if you wish to request access to, or correction of, your personal data under our care and control, please contact us using the contact details in the Contact us section below.

Inquiries or complaints will be dealt with promptly. We will acknowledge your query, investigate and provide you with a response within thirty (30) days.

Considering the complexity and number of pending requests you may have had; we may extend this period by two (2) further months. We will always inform you about any delay in advance, together with the reason for it.

Please note that if you send us a request relating to your personal data, we have to make sure that the requestor is genuinely you before we can respond. In order to do so, we may use a third-party to collect and verify identification documents.

If we are unable to identify you, we may refuse to provide you with the information requested that might not belong to you.

If you are not happy with our response to a request, you can contact us to resolve the issue.

If you believe the privacy laws relating to the protection of your personal data or our Policy have not been respected, you may file a complaint with us at the address listed below. We will investigate all complaints. If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. If you are not satisfied with the results of the investigation or the corrective measures taken by us, you may exercise the remedies available under law by contacting your local Data Protection Supervisory Authority or any other competent supervisory authority.

To make sure that this policy and our practices stay legally compliant and up-to-date, we may make changes from time to time. If we make any substantial changes, we will make this clear on our website, or by contacting you directly, if appropriate. To be sure that you don’t miss anything, please check back to this page from time to time.

If you didn’t find what you have been looking for in this Policy, or you would like to speak to someone at Therme Group about how we collect, use and store your personal data, if you have any questions, comments, requests or suggestions or if you would like to change your contact preferences, please contact us:

 • by email at dataprotection@thermegroup.com

• by mail to:

Therme Group Data Protection
15 Little Green
Richmond
TW9 1QH
United Kingdom