Privacy
Transparent information about how we process personal data on our website under GDPR rules.
- Last updated
- 2026-04-22
1. Overview
This privacy notice explains the type, scope, and purpose of personal data processing when you use our website.
Personal data means any information relating to an identified or identifiable natural person.
2. Data Controller
ovvvo GmbH (sub-brand: thermobee), Palisadenstraße 41, 10243 Berlin, Germany, Email: info@thermobee.de, Phone: 030 83791315.
3. What data we process
When you visit our website, we process technically required connection and log data (for example IP address, timestamp, requested URL, referrer, browser and device metadata).
If you contact us, we process the contact and message data you provide (for example name, email address, and message content).
Consent data is processed through our consent management system to record and enforce your cookie and tracking choices.
4. Purposes and legal bases
We process data to provide a functional and secure website (Art. 6(1)(f) GDPR, legitimate interests).
We process contact requests to handle and respond to inquiries (Art. 6(1)(b) GDPR for pre-contractual communication or Art. 6(1)(f) GDPR).
Non-essential cookies and similar technologies are only used based on your consent (Art. 6(1)(a) GDPR and Section 25(1) TTDSG).
5. Cookies and consent management
We use a consent management platform from consent.io (c15t) to collect, store, and manage consent choices.
Strictly necessary cookies are required for website operation. Other categories (for example measurement or marketing) are currently not active and would only be enabled after your explicit choice if we introduce such services.
You can withdraw or change your consent at any time with effect for the future via the privacy settings link.
6. Vendor and cookie list (current status)
The following overview describes the currently used vendors and the technically visible cookie/consent storage purposes on this website.
Active vendors
| Vendor | Purpose | Activation | Privacy/DPA |
|---|---|---|---|
| Vercel | Hosting and deployment | Always active (technically required) | https://vercel.com/legal/dpa |
| consent.io (c15t) | Consent management | Loaded with the website (technically required) | https://inth.com/legals/privacy-policy |
| Fillout | Contact and quote forms | Only after user action in the form area | https://www.fillout.com/help/gdpr#fillout-and-gdpr-compliant-forms |
| Microsoft | Email communication | When communication happens by email | https://www.microsoft.com/en-us/privacy/privacystatement |
Cookie and storage categories
| Category | Status | Legal basis | Recipients |
|---|---|---|---|
| Necessary | Active | Art. 6(1)(f) GDPR and Section 25(2) TTDSG (where applicable) | thermobee, Vercel, consent.io |
| Measurement | Currently inactive | Art. 6(1)(a) GDPR and Section 25(1) TTDSG | none (currently disabled) |
| Marketing | Currently inactive | Art. 6(1)(a) GDPR and Section 25(1) TTDSG | none (currently disabled) |
7. Technology stack in use
We use a documented technology stack to build, run, and maintain this website.
Core technologies
| Area | Technology | Purpose |
|---|---|---|
| Frontend framework | Next.js / React / TypeScript | Web application delivery |
| Hosting | Vercel | Deployment, delivery, and operations |
| Database | Neon Postgres (pg) | Data storage and connectivity |
| Consent management | consent.io (c15t) | Cookie consent management |
| Forms | Fillout | Contact and quote requests |
| Microsoft | Communication with prospects and customers |
8. Recipients and processors
We work with technical service providers that process data on our behalf (currently including Vercel for hosting/deployment, consent.io for consent management, Fillout for embedded forms, and Microsoft for email communication).
Data processing agreements under Art. 28 GDPR are executed and documented with all required processors.
9. Third-country transfers
If data is transferred outside the EU/EEA for specific services, this is done only under the conditions of Art. 44 et seq. GDPR (for example adequacy decisions or Standard Contractual Clauses).
10. Data retention
We retain personal data only as long as necessary for the stated purposes or to satisfy legal retention obligations.
Server and security logs are rotated regularly and deleted or anonymized when no longer needed.
11. No automated decision-making
At this time, we do not carry out solely automated decision-making, including profiling, within the meaning of Art. 22 GDPR in connection with this website.
12. Data subject rights
Under GDPR, you have rights including access, rectification, erasure, restriction of processing, data portability, and objection to certain processing activities.
You can withdraw consent at any time with effect for the future.
To exercise your rights, contact us at info@thermobee.de. We usually respond within 7 working days; for complex requests, processing may be extended to up to 14 working days.
13. Right to lodge a complaint
You have the right to lodge a complaint with a supervisory data protection authority if you believe your personal data is processed unlawfully.
14. Changes to this privacy notice
We update this privacy notice when legal requirements, data processing activities, or service providers change.
The current version published on this page applies.