Privacy Policy

CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY Last updated 14 Dec 2021

Introduction
Therme Group and its affiliates (collectively, “Therme Group”, “we” or “us”) are committed to protecting your personal data and respecting your wishes and we want you to be confident that we are. We aim to be clear about when we collect your information and not do anything you would not reasonably expect us to do with your personal data. This policy aims to help you understand what personal data we collect, how we use it and how we store it and how this applies to our websites, products and services (collectively “Services”). This Privacy Policy describes our privacy practices and policies relating to our Services. Any personal data collected will be used and held in accordance with both domestic and EU data protection requirements as dictated by applicable privacy legislation.

BY ACCESSING OUR SERVICES, YOU ACCEPT THE TERMS OF THIS PRIVACY POLICY AND CONSENT TO OUR COLLECTION, USE, DISCLOSURE, AND RETENTION OF YOUR PERSONAL DATA, AS DESCRIBED HEREIN.

If you would like to know more about how we collect and use your personal data, please click on the headings below for further information. If you have any further questions, please contact us using the details in the Contact us section below.
Who is Therme Group?
When we refer to Therme Group, we are referring to Therme Group RHTG AG, a public limited company with its registered office address at Wienerbergstraße 51, 1120 Vienna, Austria, with company number FN 364773 g, and its affiliated companies. For further information regarding Therme Group’s affiliates, please contact us using the details in the Contact us section below.
Where does Therme Group collect your information from?
• When you provide your personal data directly to us
If you sign up to one of our newsletters or events, download one of our publications, purchase a product, or communicate directly with our teams for another reason, whether online, on paper, in person, or over the phone, you will be sharing your personal data with us.

• When you provide your personal data through a third-party organisation
From time to time, we work with other organisations such as to sponsor an event. If you provide your personal data to these third-parties and indicate that you wish to hear from us such as by receiving a publication, attending an event or signing up to hear our news, the organisation you have contacted may share your details with us (including personal data). For information about the type of information we receive through these third-parties, see the section below What type of information do we collect. To learn how these organisations use your personal data please read their privacy policies.

• Publicly available personal data
In some circumstances, we may combine information you provide us with personal data available from external sources such as on your employer’s website, in newspapers and magazine articles in the press, or in your organisation’s public records. This might be in order to provide you with a better experience at Therme Group events, to ensure that we are contacting you with information that we feel is relevant to you, or in order that we can provide you with a better and more personal experience in your interactions with us. It also enables us to gain a better understanding of our stakeholders and to improve our products and services.

• Social media
We may refer to personal data available on and through your LinkedIn, Twitter, Instagram and Facebook profiles in order to provide you with a better and more personal interaction with Therme Group. Your personal settings within those social media accounts and the privacy policies of their website and messaging services will determine what information you have given us, and others, permission to access. Please check your settings and the privacy policies of those sites if you’re not sure what permissions you’ve given.

• When you use our website or app
So that we can provide you with the best possible experience when you visit our website, we collect cookies when you use our website. This can include the pages you visit and areas that are of most interest. Cookies can also be used to make using the website faster, such as by automatically filling your name and address. Further information about cookies is set out below.

In addition, the type of device you’re using to access our website or app and the settings on that device may provide us with information about your device, including the type of device it is, what specific device you have, what operating system you’re using, or why a ‘crash’ has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
What type of information do we collect?
The type of information (including personal data) that we collect and use and what we do with it will depend upon your relationship with us.

If you download a publication, sign up for an event or to receive news updates from Therme Group, the information that we need to collect will vary, but may include:

• Your name;
• Your contact details, including email, telephone number and postal address;
• If you create an account with us, your screen name user ID and password;
• Your bank or credit/debit card details;
• Personal health data (only where relevant and necessary to fulfil your request for a specific product of service);
• Why you’re interested in our publications, news and events;
• The name and address of your employer;
• Your job title;
• If an event is being provided by a third-party, the name and contact details of that third-party supplier;
• Details needed to improve your event experience such as dietary requirements or accessibility needs; and
• Invoicing information.
Do we collect sensitive personal data?
We will rarely collect information classified as sensitive data, such as information about your race, religious beliefs, political opinions and personal health data. We will only do so if there is a clear reason for doing so, such as to enable you to participate in an event, or if we need your personal health data to ensure your safety at an event.

If you provide us with your bank or credit card details to process a payment over the telephone, we will always ensure that your information is handled securely. We do not store your credit or debit card details at all following the completion of your transaction. All card details are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details.

If you make a payment through our website, the payment may be processed through a secure third-party and we will not have access to any of your card details. Your card will be processed in accordance with the policies of the processor providing that service that you will be notified of at the time of making payment and we would refer you to their terms and conditions for further information.
How do we use the personal data we collect?
Therme Group uses your personal data in different ways, depending on the nature of our relationship with you.

If you download a publication or register to receive our news or attend an event, we need to collect this information for numerous reasons, in order to:

• provide you with the services, products or information you asked for;
• ensure your safety at an event;
• understand who is accessing our services, publications, events or information;
• keep a record of your relationship with us;
• make sure we know how you prefer to be contacted; and
• understand how we can improve our services, products or information.

We may also use your information for the following:

• Direct Marketing
We will use the details you provide to us to communicate with you about matters such as future events, news and publications. We will never send you electronic marketing communications, such as marketing emails, unless we have your express consent that you wish to hear from us in this way. If you do subscribe to Therme Group emails or to hear our news, we will understand that you are granting us the right to use that email address for email marketing.
If you don’t currently hear from us by email or receive our e-newsletter and would like to do so, or if you would like to update your preferences, please contact us using the details in the Contact us section below. You can also unsubscribe from Therme Group emails by clicking the “Unsubscribe” link at the bottom of any of our emails.
We may contact you by post if we believe we have a legitimate interest in doing so and that contacting you in this way will not have unduly adverse consequences for you. This might be if, for example, you have a history of engaging with us in this way and have not indicated that you no longer wish to receive contact from us by post. If you hear from us via the post and no longer wish to do so, please contact us using the details in the Contact us section below.
We are committed to communicating with you in the way you wish us to and we will always respect your privacy. You can change your mind at any time and it is quick and easy to let us know that you no longer want to hear from us by using the contact details in the Contact us section below or by posting us an updated consent form that you may receive in the post. You can be assured that our team will deal with any request quickly, sensitively, courteously and professionally.

• Personalisation and Marketing
To help us to make sure you’re happy to hear from us and happy with what we send you, we may use the personal data that we have gathered in the course of our relationship to tailor our future communications. This includes helping us to understand the likelihood of you responding to an email communication from us, or your likely interest in a future event or publication. The greater understanding of you we can obtain from this information, the more personalised and relevant we aim for our communications to be.
We also carry out targeted marketing activity to ensure that we are contacting you with the most appropriate communication, which is relevant and timely and will ultimately provide an improved experience for you. For example, we may provide content and distribute digital and traditional marketing and communications materials based on your location. This permits us to provide you with timely news about the Therme Group and to let you know the different ways you can engage with us and how you can access our services.
You can opt out of your personal data being used for targeted marketing. However, this may mean that you stop receiving marketing communications from us or they become more generic and less relevant to you. If you do wish to opt-out, please contact us using the details in the Contact us section below.

• Sharing Testimonials
To show fellow stakeholders, suppliers, funders, partners, potential partners and customers the great work that we do, we may share testimonials you provide about your engagement with Therme Group. We will not share any information which makes you identifiable unless you have given us express consent to do so.
When might we give your personal data to another party?
We will never share your information with a third-party who intends to use it for their own marketing purposes and there are very limited instances where we will share your personal data with a third-party. This could include:

• if a third-party provides a service to us, such as running an event on our behalf, providing an element of a contract for us, such as email distribution, or fulfilling an order. This would include our trusted partners, entities that sell our products or services or provide our information and marketing for us;
• for the administration of events. For example, an event venue may require the provision of the names and dietary requirements of attendees in advance, for security and health purposes;
• where there is a legal or regulatory requirement to disclose your personal data such as from government authorities or the courts, we have a genuine and real concern regarding a person’s well-being, or where disclosure is necessary for taxation and criminal investigation purposes; and
• where we have your written consent.

We may be involved in the sale, transfer or reorganisation of some or all of its business at some time in the future. As part of that sale, transfer or reorganisation, we may disclose your personal data to the acquiring organisation, however, we will require the acquiring organisation to agree to protect the privacy of your personal data in a manner that is consistent with this Privacy Policy.
How do we keep personal data about you safe?
Therme Group has a number of steps in place to keep your personal data as safe as possible. Reasonable measures (such as systems access security controls, safeguards to detect and prevent security system failures, and restricted access) have been implemented to help protect personal data from loss, misuse, unauthorized access or disclosure. We train our staff in data protection and data security to increase awareness of its importance. We keep our data protection and data security policies and practices under constant review and review the personal data that we hold, where we hold it and what we do with it.

Therme Group requires the third-parties it works with to comply with data protection laws and puts controls in place to ensure that your information is handled safely and appropriately.
Where is your personal data stored?
At times we may store or transfer your personal data outside of your country of residence, including in the UK and the European Economic Area (EEA). We may also use third-party service providers in the UK or the EEA to perform services for us involving some of your personal data. This may require transfer of information to outside of your country of residence. This information is subject to both the laws of your country of residence and the laws of such other jurisdiction, including laws with respect to disclosure of such information, and may be accessible by regulatory authorities in such other jurisdiction. When we transfer personal data to third-parties, we ensure by contractual means that the transferred personal data is protected to the same degree as if it were in our possession.
What about if you use other websites linked from Therme Group websites?
Therme Group does not have any control over how any third-party websites handle and use your information. Therefore, if you follow any links to any third-party sites from Therme Group websites, you must check the privacy policy for such third-party organisation in order to understand how your information could be used. This policy does not cover third-party websites.
What are Cookies?
Cookies are small text files which are used by websites to learn about your visit to the site and in some cases to tailor your experience on the website. We use cookies to improve your experience of using the Therme Group websites, to provide functionality, improve performance, help with behavioural advertising and embedded content.

Further information about how we use cookies and how you may turn these off is available in our Cookie Policy.
Contact with Corporate Subscribers
‘Corporate Subscribers’ are organisations who Therme Group might contact in a professional context, using generic work contact details, including phone, email and post. These contact details may be obtained from public domain sources (company websites etc.), from our own business records or from other companies and business contacts.

We may contact corporate subscribers by email or telephone provided that the subscriber has not previously opted out.

We may contact subscribers by mail if they have not previously opted out of receiving such communications.

You have a right to object to the processing of your information for direct marketing. We will provide opt-out notices on our communications to you, or you can advise our team using the contact details in the Contact us section below.
Disclaimer to security
By accepting the terms of this Privacy Policy, you acknowledge and agree that no data transmission over the Internet is completely secure. We cannot guarantee or warrant the security of any information you provide to us and you transmit such information to us at your own risk.
Retaining and disposing of information
Your personal data is maintained on our networks or on the networks of our service providers. Your information may also be stored in a secure off-site storage facility. We retain personal data only as long as it is needed to fulfil the identified purposes or as may be required to comply with applicable laws. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. To satisfy regulatory requirements, certain personal data may be retained for at least seven years (unless there are legal requirements that require its further retention) after which all documentation will be destroyed in a manner commensurate with its sensitivity.
Accuracy of information
We want to keep your personal data up to date, accurate and relevant for its intended use. We rely on you to let us know if your address, telephone number or other information changes, so that we may provide you with the best possible service.
Access to information
You have the right to request access to your personal data we have on record in order to ensure it is accurate. We do not routinely update personal data unless necessary. Nonetheless, if our records regarding your personal data are inaccurate or incomplete, we will amend that information at your request. To access your personal data, a request must be submitted in writing to us. We will respond to your request for access or information in a reasonable time. There may be times when we are unable to fulfil your request – for example, if providing access to your personal data would reveal confidential commercial or proprietary information or personal data about someone else (and we are unable to separate your information), or if we are prohibited by law from disclosing the information.
Responding to inquiries and complaints
If you have questions or complaints with respect to our privacy policies and practices or if you wish to request access to, or correction of, your personal data under our care and control, please contact us using the contact details in the Contact us section below.

Inquiries or complaints will be dealt with promptly. We will acknowledge your query, investigate and provide you with a response within thirty (30) days.
Right to file a complaint
If you believe the privacy laws relating to the protection of your personal data or our Policy have not been respected, you may file a complaint with us at the address listed below. We will investigate all complaints. If, after an investigation, your complaint is deemed justified, we will take appropriate steps to correct the situation, including, if necessary, amending our policies and practices. If you are not satisfied with the results of the investigation or the corrective measures taken by us, you may exercise the remedies available under law by contacting the Information Commissioner’s Office at the address below:

Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113

Website: www.ico.org.uk
Will this policy change?
To make sure that this policy and our practices stay legally compliant and up-to-date, we may make changes from time to time. If we make any substantial changes, we will make this clear on our website, or by contacting you directly, if appropriate. To be sure that you don’t miss anything, please check back to this page from time to time.
Contact us
If you would like to speak to someone at Therme Group about how we collect, use and store your personal data, if you have any questions, comments, requests or suggestions or if you would like to change your contact preferences, please contact us:

• by email at dataprotection@thermegroup.com
• by mail to:

Therme Group Data Protection,
15 Little Green,
Richmond, Surrey,
TW9 1QH