Privacy Policy

Privacy and Cookie Management Policy

In the following, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behavior. We have taken extensive technical and operational security measures to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is the

Hydro Building Systems France SARL 270 rue Léon Joulin – BP 63709 31037 Toulouse Cedex 1

France (see our terms and conditions)

2. Contact regarding personal data

If you have questions, concerns, or requests regarding the processing of your personal data, you may contact Hydro Building Systems France using the general contact details provided on our website.

Hydro has established Binding Corporate Rules (BCR) that apply to all Hydro entities and ensure a consistent level of protection for personal data within the Hydro Group.

No Data Protection Officer is appointed for Hydro Building Systems France.

3. Purpose and legal basis for processing

Personal data is only collected if you provide it to us voluntarily, e.g. when filling out the contact form. We use this data exclusively for the purpose for which you entered your data. For other purposes, it will only be used after express notification or after obtaining your consent, Art. 6 para. 1 lit. a) GDPR. In certain cases, personal data will be processed on the basis of a legitimate interest pursuant to Art. 6 (1) lit. f) GDPR (see section 4).

4. Processing based on a legitimate interest pursuant to Art. 6 (1) lit. f) GDPR

Personal data will be processed on the basis of Art. 6 (1) lit. f) GDPR in the following cases:

Collection of personal data when visiting our website

When you use the website for informational purposes only, we collect only the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

Browser type and browser version
Operating system used
Referrer URL
Host name of the accessing computer
Time of the server request
IP address

The legitimate interest consists in the proper presentation of our website and in ensuring the stability and security of our website.

Use of cookies

The legal basis for the possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 (1) lit. a) GDPR. If data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) lit. f) GDPR. The stated purpose then corresponds to our legitimate interest.

We use cookies to ensure the proper functioning of the website, to provide basic functionality, to measure reach and, with your consent, to customize our services to your preferred areas of interest. For this purpose, we use both transient cookies and persistent cookies

You can delete cookies already stored on your device at any time. If you wish to prevent cookies from being stored, you can do so via the settings in your internet browser. Please note that individual functions of our website may not work if you have disabled the use of cookies.

Cookiebot

Cookiebot is a consent management platform that enables websites to protect user privacy and comply with the GDPR when it comes to cookies and tracking. “Cookiebot” is a service provided by Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Through the “Cookiebot” function, we inform our website visitors about the use of cookies and other technologies on our website and enable them to make a decision about their use.

If the visitor consents to the use of cookies, the following data is automatically logged:

IP address
Date and time of consent,
user agent of the end user's browser,
URL of the provider,
The user's permitted cookies (cookie status), which are required as proof of consent,
An anonymous, random, and encrypted key.

The encrypted key and the cookie status are stored on the user's device using a cookie in order to establish the corresponding cookie status when the page is accessed in the future. This cookie is automatically deleted after 12 months.

The legal basis for this is Art. 6 (1) lit. f) GDPR. Our legitimate interest lies in the user-friendliness of the website and in complying with the legal requirements of the GDPR. Local cookie laws may apply depending on your location.

The user can prevent or terminate the installation of the cookie and its storage, and thus their consent to cookies, at any time by adjusting their browser settings. You can open the Cookiebot settings by selecting “Cookies settings” in the footer. Further information on Cookiebot can be found at: https://www.cookiebot.com/en/privacy-policy/

jsDelivr

In order to distribute traffic on the website across multiple servers and optimize response times, we use jsDelivr, a CDN for open source projects provided by Prospect One sp.z o.o., Królewska 65A/1, 30-081 Kraków, Poland.

The following data is collected

IP address
Browser type
Browser version
Pages visited
Date and time of visit
Time spent on a page
Usage data
Device ID
Diagnostic data

The data is deleted as soon as it is no longer required for processing purposes. The information collected is processed in the European Union.

More information on the handling of user data can be found below: https://www.jsdelivr.com/terms/privacy-policy

The legal basis for this is Art. 6 (1) lit. f) GDPR. Local cookie laws may apply depending on your location. Our legitimate interest consists in the functionality and user-friendliness of the website.

Azure CDN

In order to distribute traffic on the website across multiple servers and optimize response times, we use Azure CDN, a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. The responsible service provider in the EU is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18 D18, Ireland.

IP address
Browser type
Browser version
Pages visited
Date and time of visit
Time spent on a page
Usage data

The information collected by cookies about your use of this website is usually processed within the European Union.

This service may transfer visitor data to the US, which does not offer an adequate level of data protection. There is a risk that your data may be processed by US authorities for control and monitoring purposes, without you having any legal recourse.

The data will be deleted as soon as it is no longer required for processing purposes.

More information on the handling of user data can be found below: https://azure.microsoft.com/en-us/support/legal/

Contentful

In order to create and manage digital content, we use Contentful, a content management platform provided by Contentful GmbH, Max-Urich-Straße 3, 13355 Berlin, Germany.

The following data may be collected

Usage data (e.g., IP address, browser information)
Content that you create or upload via our system

The recipient of the data is Contentful GmbH as the processor. The data will be deleted as soon as it is no longer required for processing purposes.

Further information about Contentful can be found at: https://www.contentful.com/legal/privacy-at-contentful/privacy-notice/

The processing of your personal data by Contentful is based on our legitimate interest in the efficient creation and management of our digital content and in the provision of our services (Art. 6 para. 1 lit. f GDPR).

5. Website analysis

We use various services described below for the purpose of analyzing and optimizing our websites. This enables us, for example, to analyze how many users visit our site, which information is most popular, or how users find our site. Among other things, we collect data about the website from which a person has come to a website (known as the referrer), which subpages of the website have been accessed, or how often and for how long a subpage has been viewed. This helps us to design our offerings in a user-friendly manner and to improve them. The data collected in this process is not used to identify individual users personally.

Google Tag Manager

For transparency reasons, we would like to point out that we use the Google Tag Manager provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. For users in the EU, the EEA and Switzerland the service is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The Google Tag Manager makes it easier for us to integrate, centrally manage and schedule our tags. Tags are script codes or code sections that can trigger different functionalities, such as measuring the success of our advertisements (Google Ads). The Google Tag Manager itself does not collect any personal data, but may transmit the IP address to Google. You can find more information in our privacy policy.

If Google stores personal data, this data is stored on the Google servers. The storage period for the data processed by the individual tracking tools can be found in our individual data protection notices for the individual tools.

For more information on Google Tag Manager, see: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

The legal basis and withdrawal option for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future by opening the data protection (“Cookies settings”) in the footer and making the appropriate changes there.

unpckg

If you have given your consent, Hydro uses unpckg, a network for providing content on npm. It can be used to load any file from any package using a URL and is a service provided by Npm, Inc., 1999 Harrison Street, 1150, CA 94612 Oakland, USA.

The following data is also collected via cookies when using the service

IP address
Referrer URL
Unique identifiers
Information about the operating system
Hardware/software type
Date and time of the request
URL
Language information
Browser information
Metadata
Software data

The data will be deleted as soon as it is no longer required for processing purposes.

More information on the handling of user data can be found below: https://docs.npmjs.com/policies/privacy

Legal basis and withdrawal option for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future by opening the data protection (“Cookies settings”) in the footer and making the appropriate changes there.

6. Use of social plugins and embedded functions

Adobe Fonts

If you have given your consent, TECHNAL uses Adobe Fonts, a font service. The responsible service provider in the EU is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland. The use of this service serves to provide fonts and optimize the website.

To integrate the fonts we use, your browser connects to an Adobe server in the USA to download the required font and display texts and font types correctly. Adobe Inc. in the USA receives information that our website has been accessed from the IP address of your device. In addition, the following data is collected using tracking pixels when using the service

Fonts provided
Time required by the browser to download fonts
Account ID
Browser information
Operating system

The information collected about your use of this website is usually processed within the European Union. If data is processed outside the EEA, where there is no data protection level corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to ensure a secure level of data protection.

The data is deleted as soon as it is no longer required for processing purposes; cookies are stored for a maximum of six months.

You can find more information on the handling of user data below:

https://www.adobe.com/privacy/policies/adobe-fonts.html

Google YouTube

If you have given your consent, Hydro uses services from YouTube, a video content provider owned by Google LLC. The responsible service provider in the EU is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

The ability to view videos serves to improve our online offering.

When you visit a website that contains YouTube, your browser establishes a direct connection to Google's servers and processes the following data:

Device information
Videos viewed
IP address
Referrer URL

The information collected about your use of this website is usually processed within the European Union.

The data will be deleted as soon as it is no longer required for processing purposes.

More information on the handling of user data can be found below: https://business.safety.google/privacy/?hl=en https://policies.google.com/technologies/cookies?hl=en https://safety.google/privacy/privacy-controls/

LinkedIn Analytics

If you have given your consent, Hydro uses LinkedIn Analytics, a web analytics service provided by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. LinkedIn Analytics uses cookies that enable an analysis of your use of our websites.

About Add-ons
Browser Information
Device ID
IP address
Referrer URL

The information collected through cookies about your use of this website is generally processed in the European Union. This service may redirect visitors to the United States and Singapore, which do not offer an adequate level of data protection. In the USA, there is a risk that your data will be processed by the US authorities for control and surveillance purposes without you being able to have any legal recourse.

The data will be deleted as soon as it is no longer required for the purpose of processing.

More information on the handling of user data can be found below: https://www.linkedin.com/legal/privacy-policy https://www.linkedin.com/legal/privacy/eu

Legal basis and withdrawal option The legal basis for this data processing is your consent, Art. 6 (1) lit. a) GDPR. You can withdraw your consent at any time with effect for the future by opening the data protection settings (“Cookies settings”) in the footer and making the appropriate changes there.

reCaptcha

If you have given your consent, Hydro uses reCaptcha v2. reCaptcha is a service provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The responsible service provider in the EU is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. reCaptcha is used to prevent abusive automated entries in web forms and thus to protect the technical systems of the host. When you visit one of our web pages that includes reCaptcha, a connection to Google's servers is established. Cookies are also used to collect the following data when you use the service

IP address
Date and time of visit
Operating system
Browser language and plugins
Click path
User input
Time spent on a page
Device information
Mouse movements
Geographical location

You can prevent the storage of cookies and fingerprinting by selecting the appropriate technical settings in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent. The information collected about your use of this website is generally processed within the European Union. If data is processed outside the EEA, where there is no data protection level equivalent to the European standard, we have concluded EU standard contractual clauses with the service provider to ensure a secure level of data protection. The data will be deleted as soon as it is no longer required for processing purposes; cookies will be stored for a maximum of six months.

Google's privacy policy and terms of use can be found here: https://business.safety.google/privacy/?hl=en https://policies.google.com/technologies/cookies?hl=en

Contentsquare (Hotjar)

If you have given your consent, Hydro uses Hotjar, a web analytics service provided by Hotjar Limited, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta. Hotjar uses cookies that enable an analysis of your use of our websites:

- Date and time of the visit - Device Type - IP address - Mouse movements - Visited pages - Referrer URL - Screen resolution - Unique device identifier - Language information - Browser type - Clicks - Domain-Name - Unique user ID - Responses to surveys

The information collected by means of cookies about your use of this website is usually processed in the European Union. This service can redirect visitors to the USA, which does not provide an adequate level of data protection. There is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal remedy. The data will be deleted as soon as they are no longer needed for the processing purposes.

The legal basis and right to withdrawal for this data processing is your consent, Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time with effect for the future by opening the data protection (“Cookies settings”) in the footer and making the appropriate changes there.

Google-Re/Marketing-Services

We use the marketing and remarketing services ("Google Marketing Services" for short) provided by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, to optimize and economically operate our online offer. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The Google Marketing Services allow us to display advertisements for our website in a more targeted manner in order to present you only with advertisements that potentially correspond to your interests. If, for example, you are shown advertisements for our services on other websites, this is referred to as "remarketing". For these purposes, when our and other websites on which Google marketing services are active are accessed, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on your device (comparable technologies can also be used instead of cookies).

The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites you visited, what content you were interested in and what offers you clicked on, as well as technical information about the browser and operating system, referring websites, visiting time and other information about the use of the online offer. Your IP address is also recorded, whereby we inform you within the framework of Google Analytics that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and only in exceptional cases is it transmitted in full to a Google server in the USA and shortened there.

The IP address will not be merged with your data within other Google offers. The above information may also be linked by Google to such information from other sources. If you subsequently visit other websites, you may be shown the advertisements tailored to you according to your interests. We process your data pseudonymously as part of the Google marketing services. This means that Google does not store and process, for example, your name or e-mail address, but processes the relevant data cookie-related within pseudonymous user profiles. The information collected about users by Google Marketing Services is transmitted to Google and stored on Google's servers in the United States. One of the Google marketing services we use is the online advertising program "Google Ads" (formerly: "Google AdWords"). In the case of Google Ads, each Ads customer receives a different "conversion cookie". This means that cookies cannot be tracked via the websites of Ads customers. The information obtained with the help of the cookie is used to create conversion statistics for Ads customers who have opted for conversion tracking. Ads customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. Insofar as data is processed outside the EEA, where there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection. Further information on the use of data for marketing purposes by Google can be found on the overview page:

https://www.google.com/policies/technologies/ads Google's privacy policy is available at https://www.google.com/policies/privacy

7. Advertising

We use cookies for marketing purposes in order to address our users with interest-based advertising. In addition, we use cookies to limit the likelihood of an advertisement being displayed and to measure the effectiveness of our advertising measures. This information may also be shared with third parties, such as ad networks. The legal basis for this is Art. 6 para. 1 lit. a) GDPR.

LinkedIn Ads

If you have given your consent, Hydro uses the online marketing tool LinkedIn Ads. The responsible service provider in the EU is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

For this purpose, we define target groups of users in the LinkedIn Campaign Manager on the basis of certain characteristics, who are subsequently displayed advertisements within the LinkedIn network. Users are selected by LinkedIn on the basis of the profile information they provide, as well as other data provided when using LinkedIn. If a user clicks on an advertisement and then arrives at our website, LinkedIn receives the information via the conversion tag integrated on our website that the user has clicked on the advertising banner. The LinkedIn tag thus enables the collection of visited websites, including the URL, referrer ID, IP address, device and browser properties and time stamp. The IP addresses are shortened or hashed by LinkedIn (in the case of cross-device use).

With the help of the LinkedIn pixel, we can show personalized ads outside of our website without identifying individual members. It also uses data that doesn't identify you to improve ad relevance and reach LinkedIn members across different devices. LinkedIn members can control the use of their personal information for advertising purposes through their account settings. LinkedIn refers to the following link to adjust advertising preferences: https://www.linkedin.com/psettings/advertising/actions-that-showed-interest. We process this data in order to evaluate our advertising campaigns. Further information about the purpose and scope of the data collection and the further processing and use of the data by LinkedIn, as well as your setting options for protecting your privacy, can also be found in LinkedIn's privacy policy. For more information about LinkedIn Conversion Tracking, please visit: https://business.linkedin.com/marketing-solutions/conversion-tracking. Further information on data processing and storage duration can be found at LinkedIn Insight Tag FAQs | LinkedIn Help.

8. Applications

If you submit a job application via our website, your personal data will be processed exclusively for the purpose of handling your application and deciding whether to establish an employment relationship, on the basis of Art. 6 (1)(b) and 6 (1)(f) GDPR.

Your data will be deleted 6 months after the end of the application process unless legal retention periods or legitimate interests prevent deletion.

9. Creating a user account (registration)

To use all the functions of our website, you are free to create your own user account. During the registration process, we collect and store certain personal data via the form provided. Once you have successfully registered, you can access our TEC product range, download documents and technical data sheets, and use our various tool functions.

The processing takes place based on your consent, Art. 6 para. 1 lit. a) GDPR. You can withdraw your consent at any time and thereby delete your user account. We will then delete all stored data, unless there are legal retention periods that prevent this.

10. Data transfer and recipients or categories of recipients

Your data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the performance of the contractual relationship, or you have expressly consented to the transfer of your data in advance.

11. Period of storage

Personal data that we collect will be deleted when the purpose of processing ceases to exist or within the statutory retention periods.

12. Information about the data subject's obligations to provide information

When using our website, you are not subject to any legal or contractual obligation to provide information.

13. Existence of automated decision-making, including profiling

Automated decision-making, including profiling in accordance with Art. 22 GDPR, does not take place.

14. Contact

When you contact us by email or via a contact form, the data you provide (your email address and your name) will be stored by us to answer your questions. If we request information via our contact form that is not required for establishing contact, we always mark this as optional. This information helps us to specify your request and improve the processing of your enquiry. The provision of this information is expressly voluntary and with your consent, Art. 6 para. 1 lit. a) GDPR. Insofar as this involves information about communication channels (e.g., email address, telephone number), you also consent to us contacting you via this communication channel to respond to your request. You can, of course, withdraw this consent at any time in the future. We will delete the data collected in this context after it is no longer necessary for storage or restrict processing if there are legal retention obligations. If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in Salesforce for the purpose of processing the inquiry and in case of follow-up questions.

Salesforce

Salesforce is software provided by salesforce.com Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (“Salesforce”) and is an application for automated lead management, marketing automation, and sales support in the B2B business customer environment. Salesforce stores personal data in the US. Salesforce has issued binding corporate rules (https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf) for this purpose, which ensure the secure transfer of data.

15. Data security

We have taken extensive technical and operational security measures to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.

16. Data transfer and intended data transfer to a third country or an international organization

Your data will not be transferred to third parties unless we are legally obliged to do so, or the transfer of data is necessary for the execution of the contractual relationship, or you have expressly consented to the transfer of your data in advance.

Additional information on data processing when using the TECHNAL at Home

The TECHNAL at Home app requires the following permissions:

Internet access: to ensure the functionality of the application, in particular the downloading of new models for display via Genius ID links/codes.

Camera access: Augmented Reality core functionality and scanning of Genius ID QR codes. Permission is requested when the application is launched for the first time.

Photo access: Write access to the photo library is used to store photos made with the application; permission is requested when the first photo is taken.

The application does not request access to existing photos on the device. Use of the app does not require access to unique (device) IDs. Any usage data is processed for the purpose of providing the service. This data processing is based on Art. 6 para. 1 lit. f) GDPR. The legitimate interest lies in the fact that these permissions are mandatory for the functionality of this app.

Your rights

You have the following rights with regard to your personal data:

General rights

You have the right to information, correction, deletion, restriction of processing, object to processing, and data portability. If processing is based on your consent, you have the right to withdraw this consent with effect for the future.

Rights in data processing based on legitimate interest

Pursuant to Art. 21 (1) GDPR, you have the right to object, on grounds relating to your particular situation, to object at any time to the processing of personal data concerning you which is based on Art. 6 para. 1 e GDPR (data processing in the public interest) or on Art. 6 para. 1 f GDPR (data processing to safeguard a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Rights in direct marketing

If we process your personal data for direct marketing purposes, you have the right, pursuant to Art. 21 (2) GDPR, to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Right to lodge a complaint with a supervisory authority

You also have the right to complain to a competent data protection supervisory authority about our processing of your personal data. In France, the competent authority is the Commission Nationale de l’Informatique et des Libertés (CNIL): www.cnil.fr.

We review our privacy policy regularly. It was last updated in December 2025.