PRIVACY POLICY  

The respect and protection of natural persons against the processing of personal data is of utmost importance to our Company under the name “DOMX PRIVATE CAPITAL COMPANY” (hereinafter the “Company”). For this reason, we inform you that, during the provision of our services and during users’ visits to the Website, the terms and conditions of the current legislation, and in particular, the General Data Protection Regulation (GDPR), are observed.

With this Policy, we would like to inform you about the type of personal data we collect, the methods and purposes of their processing, the third parties with whom we may share them, as well as the rights you have, according to the applicable legislation.

1. Definitions:

  • “Personal Data”: Any information relating to an identified or identifiable natural person (”data subject”), such as name, email address, VAT number, etc. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address, e-mail, etc.) or to one or more factors specific to the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
  • “Sensitive Personal Data”: Among personal data, the following are considered “sensitive” and are subject to specific processing conditions: a) personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, b) personal data revealing trade union membership, c) genetic data, biometric data processed solely for the purpose of identifying an individual, d) data concerning health and e) data concerning a natural person’s sex life or sexual orientation.
  • “Processing of Personal Data”: Processing of personal data is any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
  • “Controller”: Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.1
  • “Processor”: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behal2f of the controller.
  • “Recipient of Personal Data”: Recipient of personal data is a natural or legal person, public authority, agency or other body, to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

2. The Type of Personal Data We Collect:

2.1. During the provision of our services, or even during your visit to our website and/or in any communication you have with us by phone or email, we may collect the following types of personal data from you:

  • Website User Identification Data: When visiting the Company’s websites, we may collect and process personal user identification data that is automatically collected during your browsing (IP address, device type, browser, referring website, Company pages you visited, the date and time of your visit), as well as any data you entered when filling out the site’s contact form (name, contact telephone number, email address, content of communication).
  • Identification and Contact Details for the Provision of Our Products and Services: Information that allows us to contact you directly, such as name, home address, postal code, email address, contact telephone number (landline and/or mobile number), VAT number, competent Tax Office, which the transactional partner or their representatives provide us for their identification and our communication with them.
  • domx Account Details: When you download and use our applications, you will be asked to register with us and create a domx account. Your account details include your username, password, and contact details, such as your name, address, and email.
  • Details of Transactions Performed: Records of the products and services you purchase from us.
  • Payment Information: Credit/debit card details and bank account details you provide for the payment of the products and services you purchase from us.
  • Delivery, Installation, and Service Information: Information regarding the delivery of our products to you, data related to the installation of our products at your home or property, and information regarding the maintenance of this product.
  • Product Installation Information: Details about the heating system of the potential or existing customer, such as the manufacturer and model of the heating system, for which the remote heating management controller has been or is about to be installed.

2.2. We DO NOT collect special categories of your personal data, such as “data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation (Article 9(1) of the GDPR).

2.3. You are not required to provide us with any of the personal information described above; however, if you do not, we may not be able to provide our services or you may not be able to use the products and services you purchased from us.

3. Sources from Which We Collect the Above Information

The mentioned information is collected by us from various sources, the main ones of which are the following:

  • Directly from you: For example, when you create a domx account, purchase products and services from us, fill out the forms we provide, participate in our contests and offers, and communicate with us via phone or email, for example.
  • From our website or applications: You provide us with information about how you use them and the domx products and services.
  • From cooperating companies: Cooperating companies may provide us with information so that we can offer you additional services related to the domx products you use (e.g., cleared consumption data from your energy provider for the analysis of the degree of savings achieved).
  • From our partners: In providing our services, we collaborate with experienced technicians/installers for the installation of the products you purchase from us. These individuals may ask you to provide useful information to help us deliver our products and services to you.
  • Via social networks, if you have granted access rights to your data to one or more social networks, such as Facebook.

4. Methods of Collection and Processing of Your Personal Data:

4.1. The collection and processing of your personal data is carried out by the competent, authorized, and specially trained employees of our Company.

4.2. They are collected either upon the conclusion of the service contract or subsequently, whenever deemed necessary for the effective provision of our services.

4.3. Personal data are stored in electronic media, which are accessible only to the specially authorized employees of our Company for this purpose, who are covered by the obligation of confidentiality.

5. Purposes of Processing:

The processing of personal data is carried out for the following purposes:

  • To serve our pre-contractual relationship, so that you receive personalised information and we can answer your questions.
  • To manage our contractual relationship with our customers and fulfil our contractual obligations.
  • To establish any legal claim of our Company against possible online fraud or cyber-attack.
  • To create anonymised statistics on the use of our products and services.
  • Furthermore, we may anonymise and aggregate any of the above-mentioned personal information we hold, so that it does not directly identify you, in order to use it for purposes including testing our IT systems, research, data analysis, improving our website, applications and products, and developing new products and services.

6. Legal Bases for Processing:

6.1. Processing is necessary for the performance of the pre-contractual relationship with our customers (Article 6(1)(b) of the General Regulation).

6.2. Your explicit consent has been given for the processing of personal data (Article 6(1)(a) of the General Regulation).

6.3. Processing is necessary for compliance with a legal obligation of the Company or for the purposes of the legitimate interests pursued by the Company (Article 6(1)(c) or (f) of the General Regulation, respectively).

6.4. Processing is necessary to protect the vital interests of the data subject or of another natural person or is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (Article 6(1)(d) or (e) of the General Regulation, respectively).

7. Recipients and Transfers:

7.1. Our company does not transfer your data to third parties, unless this is necessary for the provision of our services or is mandatory by law. In this case, the transfer of your personal data is done to the extent necessary for the mentioned purposes.

7.2. The main recipients of the personal data we collect are the following:

  • Public Authorities: The Company may transfer personal data to judicial, administrative, tax, customs, arbitral authorities or other public authorities, regulatory bodies and lawyers if this is necessary for compliance with legislation or for the establishment, exercise or defence of its legitimate interests.
  • Third Parties-Partners: The Company may assign part or all of the above processing to third-party processors, e.g., IT services, accounting firms, as well as to installers or technicians who undertake to install, provide, or support domx products and services.
  • Delivery Companies: For the delivery of our products you have ordered.
  • Market Research: Occasionally, we may ask our market research partners to contact our customers to help us learn how to improve our products and services.
  • Third-Party Associates: In some cases, you may have purchased our product through a third-party associate, who may have combined these products with their own capabilities, such as applications or service offerings from your energy provider. Such associated functionalities may require all or part of your personal data to provide you with all or part of their functionalities. By consenting to the provision of services for such products, you automatically choose and allow us to share your personal data with such third parties.

7.3. We do not disclose personal information to anyone else other than those mentioned above. We may provide third parties with aggregated statistical information and analytical information about the users of our products and services, but we will ensure that no one can be identified from this information before we disclose it.

7.4. Under no circumstances will we disclose data to third parties not specified here for advertising purposes.

8. International Transfer of Your Personal Data:

The personal data we collect and process within the framework of providing our services may be transferred and stored in countries outside the European Union. In these cases, we ensure that all reasonable measures are taken to ensure that your personal information is used only in accordance with this privacy policy and the applicable European data protection legislation.

9. Data Retention Time:

9.1. Your Personal Data will be retained for as long as required for the specific business purpose or for the purposes for which they were collected.

9.2. The Company reserves the right to retain personal data of its customers for as long as required by national law to safeguard its legitimate interests.

9.3. If no transaction has been made with us and there is no specific reason, your Personal Data will be deleted 1 year after your last communication with us.

9.4. If you have made a transaction with us, your data will be deleted at the latest 20 years from the last transaction with us.

10. Technical and Organisational Measures for the Protection of the Personal Data We Process:

Our Company, taking into account the latest developments, the cost of implementation and the nature, scope, context, and purposes of processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons from the processing, applies appropriate technical and organisational measures to ensure an appropriate level of security, including, but not limited to:

  • Use of equipment located in an environment that ensures controlled physical access to it, maintaining high security standards.
  • Protection of equipment by Firewalls, controlling and restricting electronic access to it.
  • Continuous monitoring of equipment and software by automated systems.
  • Security Passwords for access to all systems, compliant with strict specifications and pseudonymisation during data transfer.
  • Controlled access to personal data and the servers hosting them only by company executives assigned to this role.
  • Automated backup mechanism that guarantees the possibility of data recovery.
  • Staff awareness-raising actions regarding procedures and applicable legislation.

11. Minors:

The Company does not intend and does not wish to collect any personal information concerning minors under the age of 15 and urges all parents to inform their children about the safe and responsible use of their personal data when they use the Internet. Visiting the website by minors under the age of 15 must be done under the supervision of the parent or person having parental responsibility for the child, and information should not be submitted to the website by anyone under the age of 15 without the consent of the parent or person having parental responsibility for the child. If the Company is informed of the disclosure of online personal data of an individual under the age of 15, without the consent of the parent or the person exercising parental responsibility, the Company will take appropriate measures to delete such data from its databases and not use this data for any reason (except, if required, for the protection of the child or others in accordance with the provisions of the law).

14. Rights of the Data Subject:

14.1. Our Company respects and complies with all rights provided by the current legislation, and in particular, by Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation), to the data subjects. Specifically, data subjects retain:

  • Right of Information and Access to Data: The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed, in order to have more and clearer information about the categories of data collected and the purposes of the processing.
  • Right to Rectification: The data subject has the right to require the controller to correct inaccurate data and to complete incomplete data concerning them.
  • Right to Restriction of Processing: The data subject has the right to obtain from the controller restriction of processing under specific conditions.
  • Right to Object to Processing: The data subject has the right to object to the processing of their data under specific conditions, especially in cases of “profiling” or for direct marketing purposes.
  • Right to Erasure (‘Right to be Forgotten’): When they no longer wish the processing and retention of their personal data, the data subject has the right to request their erasure, provided that the data are not retained for a specific legal and stated purpose.
  • Right to Data Portability: The data subject has the right to receive or request the transfer of their data, in a machine-readable format, from one controller to another under specific conditions, if they so wish.
  • Right to Withdraw Consent: In case the data subject has given their consent for the processing of specific personal data by the Company, they have the right to withdraw consent at any time, with future effect. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal and may result in the inability to provide our services, if it concerns information necessary for it. In case of withdrawal of consent, the Company may further process the personal data, only in cases where there is another legal ground for the processing.

14.2. To exercise their rights, the data subject can submit a written request to the Secretariat of our Company, which will respond within a period of 20 days from the receipt of the request. Finally, according to the General Data Protection Regulation, the data subject has the right to lodge a complaint with the Hellenic Data Protection Authority.

15. Personal Data Controller – Contact:

RoleDetails
Data Protection Officer
Responsible Person:Keranidis Efstratios
Position:Director of Research and Development
Phone:6975260268
E-mail:stratos@domx.io

If the Customer wishes to exercise their rights or if they generally have any query regarding the protection of personal data by the Company, they can address their request by contacting the above details.

16. Personal Data Breach Policy:

The Company fully undertakes the obligation to inform the data subjects about any suspected breach concerning personal data within the framework of the Contract between them, as well as any deviation from this contract without delay and in any case within forty-eight (48) hours of the creation of suspicion or knowledge of an incident.

17. Revision of the Personal Data Protection Policy:

This Personal Data Protection Policy may be modified/revised in the future, within the framework of the Company’s regulatory compliance and the optimization and upgrade of our Website’s services. When we change this policy in a material way, we will update the issue date at the bottom of this page. For significant changes to this policy, we will try to notify you within a reasonable time. Where required by law, we will seek your consent to changes in the way we use your personal information.

Would you like me to clarify any specific section or translate any other document?

Are you an installer?

Discover our premium products now.

Get in touch