Privacy
Transparent information about how we process personal data on our website under GDPR rules.
- Last updated
- 2026-05-30
1. Overview
This privacy notice explains the type, scope, and purpose of personal data processing when you use our website.
Personal data means any information relating to an identified or identifiable natural person.
2. Data Controller
ovvvo GmbH (sub-brand: thermobee), Palisadenstraße 41, 10243 Berlin, Germany, Email: info@thermobee.de, Phone: 030 83791315.
3. What data we process
When you visit our website, we process technically required connection and log data (for example IP address, timestamp, requested URL, referrer, browser and device metadata).
If you contact us, we process the contact and message data you provide (for example name, email address, and message content).
Through our contact and quote forms on /kontakt and /angebot, we process the information you submit and proof of your consent (confirmation, full consent text, timestamp). The quote form may include heating type, living area, building type, heating location, planned project timeline, postal code, name, email address, and optional phone number. The contact form processes name, email address, optional phone number, and message content.
Consent data is processed through our consent management system to record and enforce your cookie and tracking choices.
On the homepage, our server evaluates the `Accept-Language` HTTP header sent by your browser to route you to the German or English entry page when no stored language preference exists. This information is processed for that request and is not stored by us in a profile database.
4. Purposes and legal bases
We process data to provide a functional and secure website (Art. 6(1)(f) GDPR, legitimate interests).
We process contact requests to handle and respond to inquiries (Art. 6(1)(b) GDPR for pre-contractual communication or Art. 6(1)(f) GDPR).
We process form submissions with explicit consent based on your consent (Art. 6(1)(a) GDPR) and, where applicable, to take pre-contractual steps (Art. 6(1)(b) GDPR).
Non-essential cookies and similar technologies are only used based on your consent (Art. 6(1)(a) GDPR and Section 25(1) TTDSG).
5. Cookies and consent management
We use a consent management platform from consent.io (c15t) to collect, store, and manage consent choices.
Strictly necessary cookies are required for website operation. Other categories (for example measurement or marketing) are currently not active and would only be enabled after your explicit choice if we introduce such services.
You can withdraw or change your consent at any time with effect for the future via the privacy settings link.
If your browser does not indicate a German language preference and no language cookie is set yet, we may redirect you from the German homepage (`/`) to the English entry page (`/en`). When you explicitly select a language in the footer language switcher, we store your choice in a first-party cookie `TB_LOCALE` (values `de` or `en`, one-year lifetime, `Path=/`, `SameSite=Lax`) so that future visits to the homepage match your preference. You can delete this cookie at any time in your browser settings.
6. Vendor and cookie list (current status)
The following overview describes the currently used vendors and the technically visible cookie/consent storage purposes on this website.
Active vendors
| Vendor | Purpose | Activation | Privacy/DPA |
|---|---|---|---|
| Vercel | Hosting and deployment | Always active (technically required) | https://vercel.com/legal/dpa |
| consent.io (c15t) | Consent management | Loaded with the website (technically required) | https://inth.com/legals/privacy-policy |
| thermobee (first-party) | Contact and quote forms | When using the forms | — (see this privacy notice) |
| Neon | Storage of form submissions (leads) | On form submission | https://neon.tech/privacy-policy |
| Mailjet | Email notification for form submissions | On form submission | https://www.mailjet.com/legal/data-processing-agreement/ |
| Microsoft | Other business email communication | When communication happens by email | https://www.microsoft.com/en-us/privacy/privacystatement |
| thermobee (first-party) | Language preference for the homepage (`TB_LOCALE` cookie) | After click in the language switcher / homepage routing | — (see this privacy notice) |
Cookie and storage categories
| Category | Status | Legal basis | Recipients |
|---|---|---|---|
| Necessary | Active | Art. 6(1)(f) GDPR and Section 25(2) TTDSG (where applicable) | thermobee, Vercel, consent.io |
| Language choice (first-party `TB_LOCALE`) | Active after user action / homepage logic | Art. 6(1)(f) GDPR; Section 25(2) TTDSG where classified as essential | thermobee |
| Measurement | Currently inactive | Art. 6(1)(a) GDPR and Section 25(1) TTDSG | none (currently disabled) |
| Marketing | Currently inactive | Art. 6(1)(a) GDPR and Section 25(1) TTDSG | none (currently disabled) |
7. Technology stack in use
We use a documented technology stack to build, run, and maintain this website.
Core technologies
| Area | Technology | Purpose |
|---|---|---|
| Frontend framework | Next.js / React / TypeScript | Web application delivery |
| Hosting | Vercel | Deployment, delivery, and operations |
| Database | Neon Postgres (pg) | Data storage and connectivity |
| Consent management | consent.io (c15t) | Cookie consent management |
| Forms | First-party (Next.js / shadcn) | Contact and quote requests |
| Email (form notifications) | Mailjet | Notification for new submissions |
| Email (business communication) | Microsoft | Communication with prospects and customers |
8. Recipients and processors
We work with technical service providers that process data on our behalf (currently including Vercel for hosting/deployment, consent.io for consent management, Neon for storing form submissions, Mailjet for email notifications on form submissions, and Microsoft for other email communication). Contact and quote forms are provided on our website and initially processed on our servers.
Data processing agreements under Art. 28 GDPR are executed and documented with all required processors.
9. Third-country transfers
If data is transferred outside the EU/EEA for specific services, this is done only under the conditions of Art. 44 et seq. GDPR (for example adequacy decisions or Standard Contractual Clauses).
10. Data retention
We retain personal data only as long as necessary for the stated purposes or to satisfy legal retention obligations.
Form submissions (contact and quote requests) are stored for handling your inquiry and for up to 24 months thereafter, unless statutory retention obligations require longer storage. Consent proof is stored for the same period.
Server and security logs are rotated regularly and deleted or anonymized when no longer needed.
11. No automated decision-making
At this time, we do not carry out solely automated decision-making, including profiling, within the meaning of Art. 22 GDPR in connection with this website.
12. Data subject rights
Under GDPR, you have rights including access, rectification, erasure, restriction of processing, data portability, and objection to certain processing activities.
You can withdraw consent at any time with effect for the future.
To exercise your rights, contact us at info@thermobee.de. We usually respond within 7 working days; for complex requests, processing may be extended to up to 14 working days.
13. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory data protection authority if you believe your personal data is processed unlawfully.
14. Changes to this privacy notice
We update this privacy notice when legal requirements, data processing activities, or service providers change.
The current version published on this page applies.