With this document we inform you about the processing of personal data when using this website, but also about the general processing of personal data at iDM.
iDM Energiesysteme GmbH, Seblas 16-18, 9971 Matrei in Osttirol, Austria, email@example.com (“iDM”) is responsible for processing the data. For questions about data protection at iDM in general or to exercise your rights, please contact our data protection officer at firstname.lastname@example.org
You have the right to access, rectification and erasure of the data, the right to restrict processing, to object to processing (in particular the objection to the sending of direct mail) and the right to lodge a complaint with a supervisory authority. The supervisory authority responsible for iDM is the Austrian data protection authority in Vienna (www.dsb.gv.at). However, you can also lodge a complaint with another supervisory authority responsible for your place of residence.
In principle, your data will only be passed on if iDM is legally obliged to do so (e.g. to tax authorities) or if the data transfer is necessary to fulfill a contractual obligation (e.g. to logistics partners for the delivery of products). In addition, iDM can also commission technical service providers (processors) to support the implementation of individual processes. However, these processors are not allowed to use the data for their own purposes and are bound by separate agreements to the strict provisions of the General Data Protection Regulation (GDPR). As a member of the Pletzer group of companies (https://www.pletzer-gruppe.at/), the company also passes on some data to the group of companies out of a legitimate interest in efficient corporate planning and the shared use of technical and human resources (Art. 6 (1) f GDPR).
Processing generally takes place within the European Union. If, in exceptional cases or for certain types of processing, a transfer to countries outside the European Union is necessary, you will be informed separately below.
In addition to this general information, we will inform you below about the individual processing of personal data at iDM.
Provision of the website (server logs)
When accessing the iDM website, logs are created for the purpose of guaranteeing secure and efficient operation of the website, which contain the date/time, the page accessed and the publicly visible IP address of your device. This processing takes place on the basis of iDM’s legitimate interest in the secure operation of the IT infrastructure (Art. 6 (1) f GDPR). The data will be deleted or made anonymous after one month.
General inquiries (postal, e-mail, telephone, contact form)
The data of your request (name, contact details, content of the request, history of previous contacts with us), which you send via the contact form or to us by e-mail, will be used by us for customer service (pre-contractual measures, Art. 6 (1) b GDPR) and processed for marketing purposes (legitimate interest in sending direct mail by post, Art. 6 (1) f GDPR). Your data will be deleted by us 3 years after your last request, provided there are no legal obligations to store the data.
If it is necessary to fulfill your request, we pass on data to external bodies such as planning offices or heating engineers.
At irregular intervals, we conduct customer surveys for the purpose of improving our products and services. Only those customers who have given their consent to receive our newsletter will be contacted by e-mail and invited to the survey. The survey is voluntary and anonymous, unless you reveal your identity to us in the comment fields or to answer queries. The e-mail addresses used for sending the invitations remain stored until you revoke your consent.
In principle, your data will not be passed on to third parties. Exceptions exist for technical service providers who support us in sending the invitations or conducting the survey. However, these service providers are not allowed to use the data for their own purposes and are bound by their own contracts to the strict provisions of the General Data Protection Regulation.
Customer feedback for product improvement
Customers have the opportunity to participate in our product improvement program. In addition to the personal data for access, suggestions for product improvements and coordination regarding proposed product improvements are also processed. This processing is voluntary and non-participation in the customer improvement program will not have any negative consequences. The legal basis for processing is the customer’s consent, which is given when actively registering for the customer feedback program. Processing generally takes place until revoked. Consent can be revoked at any time without giving reasons by sending an email to email@example.com.
Your data will generally not be passed on to third parties. Exceptions exist for technical service providers who support us in operating the customer feedback platform. However, these service providers are not allowed to use the data for their own purposes and are bound by their own contracts to the strict provisions of the General Data Protection Regulation.
Personal data is processed for the purpose of organizing the training, creating training certificates and billing for services. This is due to legal obligations (accounting) as well as iDM’s legitimate interest in an efficient and high-quality implementation of training courses and a safe environment for all participants.
For internal documentation purposes due to the legitimate interest in continuously improving the quality of the training and for archiving purposes, photos and videos are also taken during the training.
Your data will generally not be passed on to third parties. However, it may be necessary to pass on additional services (e.g. hotel bookings) or for organization within the Pletzer group of companies. If an infection of a participant with a contagious disease becomes known, we will pass on the data of the other training participants to the responsible health authorities. iDM can also pass on data to service providers (processors), who, however, are not allowed to use the data for their own purposes and are bound by their own agreements to comply with data protection laws.
The data on the training carried out will be kept for ten years in order to enable a new training certificate to be issued during this period (e.g. due to the loss of the original document). Photographs are retained indefinitely for archival purposes.
Photos or video recordings will only be used for marketing purposes with your consent. Publishing such recordings on social media requires additional consent. Publication on social media also means a transfer of data to countries outside the European Union, in particular the USA. The level of data protection in the USA is lower than in Europe and you must expect that you will not be able to appeal against unlawful processing. This applies in particular to processing by US authorities for national security purposes. With your consent to publication in new media, you also give your consent to this transmission of the data to the USA in accordance with Art. 49 (1) a DSGVO. You can revoke your consent at any time by sending an email to firstname.lastname@example.org. This does not affect the lawfulness of processing until revocation.
You have the right to access, rectification and erasure of data, the right to restrict processing, to object to processing and the right to data portability to another person responsible. You also have the right to lodge a complaint with a supervisory authority.
Analysis of website usage (Google Tag Manager, Google Analytics)
For error analysis and for statistical evaluations of our website and only with your consent, our website uses the analysis service Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, e-mail: email@example.com (“Google”), which in turn transmits your data to the USA for further processing. We would like to point out that the USA has a lower level of data protection than the EU and US companies are obliged to release data to courts, law enforcement authorities, supervisory authorities or security bodies. In accordance with Art. 49 (1) a GDPR, with your consent to the use of Google Analytics, you also consent to the transfer of personal data to the USA.
Google also uses the information collected for its own purposes. For more information, see https://policies.google.com/technologies/partner-sites
Analysis of website usage (Microsoft Clarity)
In order to analyze the use of our website and optimize the content for users, we use the analysis software Microsoft Clarity. The behavior when using the website is recorded so that, for example, the time spent on certain content or movement within the page displayed can be measured and tracked.
The data will only be processed with Microsoft Clarity if you have given your prior consent.
When the data is processed, the data is passed on to Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland, as well as further data transfer to Microsoft companies in other countries, in particular the USA. Microsoft also processes the data for its own purposes as part of its data protection declaration (https://privacy.microsoft.com/privacystatement). Microsoft is committed to complying with the EU-US Data Privacy Framework (DPF), which has been recognized by the EU Commission as providing adequate protection for personal data. Therefore, according to Art. 45 GDPR, no further legal basis is required for the transfer of data to the USA.
Inquiries with the IDM configurator
Data transfer to heating engineers
In order to calculate the iDM heat pump configuration that is optimal for your requirements, information about your living situation and the building is linked to climate information at the location you specified (postal code). This results in a system proposal that can be checked by one of our sales partners or heating engineers, so that they can provide you with a tailor-made offer for implementation. You can therefore send the system proposal directly to an iDM sales partner working in your region. Your personal data will also be passed on so that the sales partner can contact you. The legal basis for this data transfer is Art. 6 (1) b GDPR (implementation of pre-contractual measures taken at the request of the data subject). Due to the legitimate interest of guaranteeing optimal service quality (Art. 6 (1) f GDPR), iDM also checks by e-mail whether the communication with the sales partner was correct and satisfactory. For this purpose, the data is stored for three years.
Optimization of products and services
Data is used in an anonymous form to improve iDM products and services, for example to identify product combinations that are particularly popular in individual regions. In addition, due to the legitimate interest of product and marketing planning (Art. 6 (1) f GDPR), there is also a link between the data entered in the configurator and the new systems installed. For this purpose, the data is stored for three years.
myiDM Portal and iDM Smart Navigator App
By registering on myIDM, you agree that your personal data (first and last name, e-mail address, telephone number, home address, language, system and usage data) will be processed by IDM. By creating this user account, you are able to register your own heat pumps on myIDM or receive access rights to the heat pumps of other heat pump owners. This requires the processing of personal data (Art. 6 (1) b GDPR). Only IDM and persons expressly named by you have access to the personal data. Your personal data will not be passed on to other third parties. The processing is carried out for the purpose of monitoring the system, diagnosing error conditions, analyzing usage to optimize the system and preparing and carrying out maintenance work (creating a system report). The usage data of the heat pump can be viewed by iDM as well as the heating engineer connected to the system account. iDM also anonymizes this data in an additional step in order to be able to use the data obtained in this way for development and research purposes.
You can request a deletion of your user account from IDM at firstname.lastname@example.org. After a revocation, your data will be deleted within 14 working days
If you do not use the myIDM service for more than 24 months either by logging in to the platform or by logging in to the myIDM app, IDM will assume that the system in question is no longer in operation and will mark the account for deactivation. You will receive a corresponding notification by e-mail. If you do not respond to the notification, the user account will be anonymized so that no personal reference can be made.
IDM reserves the right to change or discontinue the Service (or any part thereof), either temporarily or permanently.
In the IDM partner portal, service and installation partners can organize work on systems and order spare parts. For this purpose, the names and contact details of employees of these business partners and of customers are processed to contact them. This processing is necessary for the fulfillment of agreements (Article 6 (1) b GDPR). The data is kept until statutory retention periods (e.g. for warranty, product liability and the archiving of business documents) have expired. The data is then anonymized so that no personal reference can be made, but statistical evaluations are still possible.
Online Marketing (Google Ads)
If you give your consent, we will process your personal data with the Google Ads service, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as the joint controller, for the purpose of placing personalized advertising and measuring our advertising success.
Not giving your consent has no direct effect on the function of the website, but if you do not give your consent, it is not possible for us to place personalized advertising on your end devices. You can revoke consent that you have already given by changing the data protection settings at the bottom of this page.
We enable the service to collect connection data, data from your web browser and data about the content accessed. In addition, we enable the service to run tracking and recognition software and to store data on your device. Using the tracking and recognition software, it is then possible for the service to enrich its advertising network and to recognize you when you visit external websites or to display personalized advertising. We also use the data collected to measure our advertising success. The data on your end device is stored for a period of up to two years. The Google Group transmits your personal data to the USA. The legal basis for the data transfer to the USA is your consent in accordance with Art. 49 Para. 1 lit a in conjunction with Art. 6 Para. 1 lit a GDPR. You were informed before you gave your consent that the USA does not have a level of data protection that corresponds to the standards of the EU. In particular, US secret services can access your data without you being informed and without you being able to take legal action against it. For this reason, the European Court of Justice declared the earlier adequacy decision (Privacy Shield) invalid in a judgment.
External content from Facebook
Based on your consent, we use social plugins (“plugins”) from the social network facebook.com. These are operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interaction elements or content (e.g. videos, graphics or text contributions) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the terms “Like”, “I like” or a “thumbs up” sign ) or they are marked with the addition “Facebook Social Plugin”. You can see what the individual social plugins look like here: https://developers.facebook.com/docs/plugins/.
If a user calls up a function of this online offer that contains such a plugin, his device establishes a direct connection with the Facebook servers. The content of the plugin is transmitted directly from Facebook to the user’s device, which integrates it into the online offer. User profiles can be created from the processed data. We therefore have no influence on the amount of data that Facebook collects with the help of this plugin and therefore only inform users according to our state of knowledge.
By integrating the plugin, Facebook receives the information that a user has accessed the corresponding page of the online offer. If the user is logged into Facebook, Facebook can assign the visit to his Facebook account. If users interact with the plugins, for example by pressing the Like button or making a comment, the corresponding information is sent directly from your device to Facebook and stored there. If a user is not a member of Facebook, there is still the possibility that Facebook will find out and save their IP address.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the relevant rights and setting options for protecting the privacy of users can be found in Facebook’s data protection information: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about him via this online offer and communicate without being linked to member data stored on Facebook, he must log out of Facebook and delete his cookies before using our online offer. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices. Switching off the use of data for advertising purposes does not end the display of advertising, however, the collection of data itself.
External content from Instagram
With your consent, functions and content of the Instagram service are integrated within our online offer, offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. This can include, for example, content such as images, videos or text and buttons with which users can express their liking for the content, the authors of the content or subscribe to our posts. If the users are members of the Instagram platform, Instagram can assign the above-mentioned content and functions to the user profiles there. Instagram is part of the meta group, which includes Facebook.
External content from Google (Google Maps, YouTube)
This website uses Google Maps to display interactive maps and to create directions, as well as YouTube to display videos on the website. Service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, Email: email@example.com (“Google”) By the use of Google Maps and YouTube, information about the use of this website, including your IP address and the (start) address entered as part of the route planner function, can be transmitted to Google in the USA if you call up a website on our website that contains Google Maps , your browser establishes a direct connection to the Google servers. The content of the map is sent directly to your browser by Google, which integrates it into the website. We therefore have no influence on the extent of the data collected by Google in this way. As far as we know, this is at least the following data:
- the date and time of the visit to the relevant website,
- Internet address or URL of the accessed website,
- IP address,
- (Starting) address entered during route planning
- Information about the viewed video
The transfer of the data is necessary for the correct presentation of the data and takes place on the basis of your express consent. We have no influence on the further processing and use of the data by Google and can therefore not assume any responsibility for this. However, it is known that Google uses the data, among other things, to select personalized advertising. We have therefore concluded an agreement on joint responsibility for processing with Google (Article 26 GDPR), the content of which can be viewed at https://privacy.google.com/intl/de/businesses/mapscontrollerterms/.
The purpose and scope of the data collection and the further processing and use of the data by Google as well as your rights in this regard and setting options for protecting your privacy can be found in Google’s data protection information (https://policies.google.com/privacy?hl=de).
Google also transmits your data to the USA for further processing. We would like to point out that the USA has a lower level of data protection than the EU and US companies are obliged to release data to courts, law enforcement authorities, supervisory authorities or security bodies.
External content from OpenStreetMap
We use a map section from OpenStreetMap (https://www.openstreetmap.de/) on our website to show you how to get to our company and to make it easier for you to plan your journey.
OpenStreetMap is an open source mapping tool. Your IP address will be forwarded to OpenStreetMap so that the map can be displayed to you. You can see how OpenStreetMap stores your data on the OpenStreetMap privacy page here https://wiki.osmfoundation.org/wiki/Privacy_Policy.
We use OpenStreetMap to improve usability on our website. The OpenStreetMap functions are only activated with your prior consent.
Security check of e-mail content
When communicating with iDM via e-mail, all incoming messages are automatically checked for the purpose of detecting cyber attacks (phishing, malware) and, in the event of anomalies, are assigned to an additional check by iDM employees. This processing takes place on the legal basis of the legitimate interest in the secure operation of the IT infrastructure and is also part of the technical and organizational measures to protect personal data at iDM.
In the course of checking the mail content, data is forwarded to our selected service provider Proofpoint, Inc., 925 W. Maude Avenue, Sunnyvale, CA 94085, USA. In order to ensure the protection of data when it is transferred to a country outside the European Union, an agreement using the EU standard contractual clauses has been concluded. As a processor, Proofpoint is not entitled to use the personal data for its own purposes.
Bot detection with Google ReCaptcha
Some of our Internet forms are protected against the use of bots. Bots are programs that automatically enter data into forms at high frequency, thus affecting the system. To protect ourselves from this, we use “ReCaptcha” from the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Tel: +353 1 543 1000, Fax: +353 1 686 5660, email: support-at @google.com (“Google”), a. You can find a data protection declaration at https://policies.google.com/privacy, you can find options for opting out at https://adssettings.google.de.
Google also transmits your data to the USA for further processing. We would like to point out that the USA has a lower level of data protection than the EU and US companies are obliged to release data to courts, law enforcement authorities, supervisory authorities or security bodies. In order to still ensure an adequate level of data protection, Google assures the conditions of the EU standard contractual clauses for data transfer to countries outside the EU.
Photo and video recordings at iDM events
At our events, photos and videos are regularly taken for the legitimate interest of the organizer in public relations and event advertising or for internal documentation purposes.
Photos of individuals (e.g. in the media, on websites or brochures) will only be published with your express and voluntary consent. You can revoke this consent at any time without giving reasons by sending an email to firstname.lastname@example.org. The publication, especially in social media, can also mean a transfer of data to countries outside the European Union where there is a lower level of data protection. If you give your consent to the publication of your photos, you also agree to this transmission in accordance with Art. 49 (1) a GDPR.
Except for publication, which only takes place with consent, the data will not be passed on to third parties. Excluded from this is the transfer to service providers (contract processors within the meaning of the GDPR), who, however, are not allowed to use the data for their own purposes and are bound by additional agreements to the strict provisions of the GDPR.
With your express consent, iDM will send you information about news about iDM products and services by e-mail. This consent is voluntary and can be revoked at any time without giving reasons by clicking on the unsubscribe link in every e-mail or by sending an e-mail to email@example.com. In addition to the e-mail address and your name, it is also saved whether and when individual articles of the newsletter were read. Your data will not be shared with third parties. Only technical service providers (processors) who support iDM in the implementation and sending of the newsletter are given access to the data. However, these service providers may not use the data for their own purposes and are bound by separate contracts to the strict provisions of the General Data Protection Regulation (GDPR). The entire processing of the data takes place within the European Union. According to Art. 6 (1) a GDPR, the legal basis for the processing of the data is your consent. If you do not want to give your consent, this has no effect whatsoever on the rest of the contractual relationship with iDM. In particular, the sending of important information about concluded service contracts, order processing or safety-related product information does not depend on consent. For more information about data protection at iDM, visit https://www.idm-energie.at/datenschutz/ or by email to our data protection officer at firstname.lastname@example.org