Personal data is all information that can be associated with you personally (see Art. 4 No. 1 GDPR). This includes, for example, your name, your address, your telephone number and your e-mail address. However, general information that cannot be used to identify you is not personal data. Such information includes, for example, the number of users of our websites.

robatherm GmbH + Co. KG
John-F.-Kennedy-Str. 1
89343 Jettingen-Scheppach, Germany
Telephone: +49 8222 999-0
E-Mail: info@robatherm.com

To the
Data Protection Officer
c/o robatherm GmbH + Co. KG
John-F.-Kennedy-Str. 1
89343 Jettingen-Scheppach, Germany
Telephone: +49 8222 999-0
E-Mail: info@robatherm.com

• pursuant to Art. 15 GDPR to access information concerning your personal data processed by us;
• pursuant to Art. 16 GDPR to immediately request completion or the rectification of incorrect of your personal data stored by us;
• pursuant to Art. 17 GDPR to request erasure of your personal data stored by us;
• pursuant to Art. 18 GDPR to request restricted processing of your personal data;
• pursuant to Art. 20 GDPR to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to request transmission to another controller;
• pursuant to Art. 21 to object to the processing of your personal data;
• pursuant to Art. 7 Abs. 3 GDPR at any time to withdraw consent granted to us, with the consequence that our processing based on such consent will be prohibited for the future without affecting the lawfullness of any processing that occurred prior to your withdrawal of your consent;
• pursuant to Art. 77 GDPR to lodge a complaint with a supervisory authority.

In the event that you have questions that are not answered in this privacy statement or if you would like to have more in-depth information for any matter in this regard, please contact us at any time through the contact information listed above.

In principle, there is no legal or contractual obligation for you to provide us with your personal data. This means that we do not make our offers, the conclusion of contracts and the use of our products and services dependent on you providing us with personal data beforehand. However, we may not be able to provide you with certain offers, products and services, or only to a limited extent, if you do not provide us with the necessary data.

When you contact us by e-mail or via a contact form, we will store your e-mail address and, if you provide it, your name and telephone number in order to answer your questions. The legal basis for the processing of this data is the fulfilment of our contractual obligations (Art. 6. (1) clause 1 lit. b GDPR) or the protection of our legitimate interests (Art. 6. (1) clause 1 lit. f GDPR), which consist in particular in being able to process your enquiry satisfactorily for you.

We will not pass on your personal data to third parties unless the transfer is necessary for the provision and use of our products and services or the conclusion and execution of contracts (legal basis: Art. 6. (1) clause 1 lit. b GDPR), you have consented to the transfer (legal basis: Art. 6. (1) clause 1 lit. a GDPR) or the transfer of personal data is permitted on the basis of relevant legal provisions.
We are also authorised to outsource the processing of your personal data in whole or in part to external service providers who act as processors for robatherm in accordance with Art. 4 No. 8 GDPR within the framework of data protection regulations. In particular, we use external service providers for the provision and operation of the websites and our respective services in order to host the websites and store their backend database

• monitor the performance of the websites and recognise and rectify problems and errors on the websites
• to provide a consent management platform for you as a user,
• analyse our website and to generate reports on website activity, and
• and to place relevant adverts.

In all cases, we have concluded agreements with the service providers involved on order processing in accordance with Art. 28 GDPR, which stipulate in particular that data processing is carried out exclusively in accordance with robatherm's instructions and in compliance with the applicable data protection laws.
You will receive further information about which recipients receive access to personal data from us if you contact us via the data in section 2.

As a rule, we process your data in a member state of the European Union (EU) or the European Economic Area (EEA). However, if your data is transferred to third countries outside the EU/EEA, we observe the general principles for data transfers set out in Chapter 5 of the GDPR, such as the implementation of appropriate safeguards (e.g. the application of standard contractual clauses) where required by law. In this way, we ensure that your personal data is adequately protected by the recipient in accordance with European data protection standards. You can find out about the appropriate safeguards we have put in place and obtain a copy of these safeguards by contacting us. To do so, please use the contact details provided in sections 2 and 3 above.

In addition to the data processing described in this data protection notice, we may also process your personal data for other purposes if we are authorised to do so under applicable data protection law.
Personal data may also be processed in other ways and may be disclosed to third parties if we are legally obliged to do so - e.g. by court order or to fulfil legal obligations (legal basis: Art. 6 (1) lit. c GDPR) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to safeguard legitimate interests (legal basis: Art. 6. (1) lit. f GDPR), such as the provision of joint products and services or to protect vital interests (legal basis: Art. 6. (1) lit. d GDPR).
If we process your data for other purposes, we will expressly inform you of this if this is required under applicable law.

We will only store your personal data for as long as is necessary to fulfil the purposes for which it was collected. Data may be stored for as long as claims can be asserted against us for the services provided and/or we may require such data for the purposes of legal defence. In addition, we are often legally obliged to store the data for a longer period of time, regularly for a period of between 6 and 10 years.

We do not use any purely automated processing processes to bring about an automated decision (including profiling) that produces legal effects concerning you or significantly affects you in a similar way.

robatherm implements technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorised forwarding or unauthorized access.

This data protection notice is up to date as of May 2025. It may become necessary to amend this data protection notice as a result of the further development of our website, products and services or other services or due to changes in legal or official requirements. We intend to announce changes to our privacy policy on this website so that you are always fully and correctly informed about how we process your personal data. We therefore recommend that you visit this website at regular intervals to find out about our current data protection practices.

When accessing our website through telecommunication services, communication-oriented information data (e.g. Internet protocol address, referrer, URL, browser) or usage-oriented data (e.g. information concerning start and duration of use and the telecommunication services used by you) are automatically generated by technical means. These generally do not allow us to determine the identity of the website user. Such data is collected and used to ensure a seamless connectivity of the website and convenient use of our website. This information is furthermore used to evaluate system security and stability and for other administrative purposes. Such data is processed within the scope of our legitimate interests (Art. 6 (1) Clause 1 lit. f GDPR). Such data will be erased if it is no longer required for the stated purposes.

Our websites and apps use cookies and similar technologies (‘cookies’). Cookies are data records and information that are stored by a website or app on your hard drive or end device. Cookies do not cause any damage to your computer and do not contain viruses. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. We collect personal data using cookies or similar technologies on the websites or apps and within our services (a) to better understand how our users use the websites or apps; (b) to improve the websites or apps and services; and (c) to provide and maintain smoothly and correctly functioning websites or apps, as far as this is possible and reasonable.
Most browsers automatically accept cookies, but you can set your browser to refuse cookies or to indicate when a cookie is being sent. You can find more information in the help menu of your browser. Cookies that are not absolutely necessary (see description below) can be deactivated at any time or deleted later. You can deactivate these cookies either via the consent management platform on our websites or apps or via your browser settings. Please note that you do not necessarily have to accept essential cookies in order to use our websites or apps to their full extent. However, if you do not accept these cookies, some areas and functions of our websites or apps may not be available.

Our websites may also contain links to other websites. This data protection notice does not apply to linked websites. We ask you to visit the data protection notices on the linked websites directly to obtain information about how these websites protect data and handle your personal data.

We maintain online profiles on social media of the following platform operators and at the addresses below:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

• Our profile:https://www.facebook.com/robatherm
• Data privacy statement of the platform:https://www.facebook.com/about/privacy/
• Information on joint processing pursuant to Art. 26 GDPR: https://www.facebook.com/legal/terms/page_controller_addendum
• Further information on Facebook Insights: https://www.facebook.com/business/pages/manage#page_insights

Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

• Our profile: https://www.instagram.com/robatherm
• Data privacy statement of the platform: http://instagram.com/about/legal/privacy/

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

• Our profile: https://www.xing.com/companies/robatherm
• Data privacy statement of the platform: https://privacy.xing.com/de/datenschutzerklaerung

Linkedin (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

• Our profile: https://www.linkedin.com/company/robatherm
• Data privacy statement of the platform: https://www.linkedin.com/legal/privacy-policy
• Cookie-Policy: https://www.linkedin.com/legal/cookie-policy

Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

• Our profile: https://www.youtube.com/robathermtv
• Data privacy statement of the platform: https://policies.google.com/privacy

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)

• Our profile: https://twitter.com/robatherm/
• Data privacy statement of the platform: https://twitter.com/de/privacy

Within the scope of the use of our profiles on social media, personal data are collected by different data controllers for various purposes. As soon as you visit one of our profiles, the platform operators collect and process personal data for the purpose of enabling the use of their services and possibly other purposes (see below, “Processing by platform operators”). It can also happen that you contact us about this and we collect and process personal data in the course of the contact or we process personal data that is available to us (e.g. a post) due to legal obligations (see below, “Processing by robatherm”).

Facebook processes various data provided by you, including personal data, for the creation of usage statistics (Facebook Insights) by Facebook Ireland and us as joint controllers within the meaning of Art. 26 GDPR. For this purpose, we have concluded an agreement with Facebook as joint controllers in accordance with the legal requirements, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum.

The legal basis for the processing of personal data in this context is Art. 6 (1) sent. 1 lit. f GDPR (legitimate interests) or, if consent has been obtained, Art. 6 (1) sent. 1 lit. a, Art. 7 GDPR (consent). The legitimate interest here is also to be able to inform you effectively and communicate with you and to improve the information offered, in particular on our presence on Facebook. Further information on Facebook Insights can be found here: https://www.facebook.com/business/pages/manage#page_insights.

If you contact us via Xing or Linkedin regarding posted jobs or otherwise for the purpose of applying for a job at our company, the legal basis for the processing of the respective data is Art. 88 GDPR in conjunction with Sec. 26 (1) sent. 1 BDSG [German Federal Data Protection Act] (initiation of an employment relationship).

If you would like to apply for jobs we advertise via Xing and Linkedin and click on “apply”, you will be redirected to the website of one of our service providers. You can find more information on the processing by these providers in Part 6 – Information for job applicants – in this Data Privacy Statement.

How and for what purpose we process personal data in the context of processing job applications is also described in Part 6 – Information for job applicants.

1. Type of processed data

If you, as a customer or interested party, establish business contact with us or maintain a business relationship with us, then we process the following types of personal data:

• address information,
• contact information (generally (cell) phone number, fax number, email address, including name and other details concerning contact persons or personal contact information), contract data,
• creditworthiness data (in this regard we are working with the credit insurer Euler Hermes Deutschland Niederlassung der Euler Hermes SA (Friedensallee 254, 22763 Hamburg), i.e. for each customer or each project, we query the commercial credit amount for the customer from Euler Hermes Deutschland),
• tax-relevant information (e.g. VAT ID no.),
• support information (e.g. customer development, product or contractual interests),
• statistical data,
• billing and service data,
• banking information.

Data is processed for the purpose of preparing offers and processing enquiries, orders and the delivery of the goods as well as the provision of the services or software functionalities you use via our website (e.g. when using robatherm Connect). The data is also processed for invoicing and payment purposes. In this respect, the processing is carried out to fulfil a contract to which you are a party or to carry out pre-contractual measures that are carried out at your request (legal basis: Art. 6. (1) clause 1 lit. b GDPR).

As part of the use of robatherm Connect, the usage data provided by the customer may also be anonymised by robatherm or by service providers commissioned by robatherm to provide the service and subsequently processed and evaluated for the purposes of statistical evaluation of the use of the robatherm Connect service, including telemetry, and for product improvement. This processing is carried out to safeguard legitimate interests (legal basis: Art. 6. (1) sent. 1 lit. f GDPR), which consist in particular in providing robatherm's customers with a functional robatherm Connect service and improving our products and services as well as those of robatherm's service providers used to provide the service.

Furthermore, processing is carried out for the purpose of credit assessment. Our interest in this is to check the solvency of customers in order to protect ourselves against payment defaults. This processing is carried out to protect our legitimate interests (legal basis: Art. 6 (1) sent. 1 lit. f GDPR), whereby there are no overriding interests of the data subjects.

In addition, the processing is carried out for the purpose of after-sales service, i.e. to support you in handling our products even after your purchase. In this respect, the processing is carried out to fulfil a contract to which you are a party (legal basis: Art. 6 (1) sent. 1 lit. b GDPR) or, insofar as direct marketing measures are concerned, on the basis of our legitimate interest (legal basis: Art. 6 (1) sent. 1 lit. f GDPR), and this is subject to any separate consent that may otherwise be required (legal basis: Art. 6. (1) sent. 1 lit. a GDPR).

If you have provided us with your e-mail address in connection with an enquiry and/or the sale of one of our products, we will use it to send you information about similar products and services from us. You can object to this processing at any time and free of charge.

The legal basis for the processing of this data is - subject to other separate consents (Art. 6 (1) sent. 1 lit. a GDPR) - our legitimate interest (Art. 6 (1) sent. 1 lit. f GDPR) in such direct marketing.

For the purpose of the credit check mentioned in this Part 4, our credit insurer receives customer data (company name and address) as well as information about the amount of goods to be insured in order to prepare its insurance offer to us.
We also commission external service partners to provide services (e.g. rectification of defects, commissioning) to our customers. For this purpose, these service partners receive customer data (e.g. customer name, contact details, address). This is done to fulfil a contract to which you are a party (legal basis: Art. 6 (1) sent. 1 lit. b GDPR), whereby we conclude all necessary contracts with our partners to protect your personal data (see also Part 1 - Disclosure of data to third parties).

If you enter into business contact with us or maintain a business relationship with us as a supplier, we process the following types of personal data:

• address information,
• contact information (generally (cell) phone number, fax number, email address, including name and other details concerning contact persons or personal contact information),
• contract data,
• tax-relevant information (e.g. VAT ID no.),
• supplier evaluation,
• statistical data,
• billing and service data,
• banking information

The data is processed for the purpose of preparing enquiries, checking offers and placing orders. The data is also processed in the context of billing and payment. This processing is necessary for the initiation or fulfilment of a contract (legal basis: Art. 6 (1) sent. 1 lit. b GDPR). In addition, we may use the data for the purpose of a credit check if there is a risk of default due to any advance payment on our part. This processing is carried out to protect our legitimate interests (legal basis: Art. 6 (1) sent. 1 lit. f GDPR) and we may also process and store the data of our suppliers for supplier evaluation, including for the preparation of statistical data. Our interest in this is to check the performance of our suppliers in order to protect us against delivery failures. This processing is carried out to protect our legitimate interests (legal basis: Art. 6. (1) sent. 1 lit. f GDPR).

If you apply for a job via the websites of other providers (currently indeed.de, operated by Indeed Ireland Operations Ltd, to which it may be referred in our social media profiles), your data will be gathered by the respective provider and transferred to us for the purpose of processing your job application, whereby your data will not be stored by the service providers. Furthermore, the click rates of the respective job ad will be gathered and transferred to us. In addition, the service provider will send you a confirmation when the application has been successfully sent to us and a copy of the transmitted data if requested by you. You can find the data privacy statement of the currently engaged service provider Indeed Ireland Operations Ltd. at https://hrtechprivacy.com/de/brands/about-indeed.

We also cooperate with service providers that publish our job ads and merely set a link to our website to which you can then transmit your application data. In that case, no application data will be processed by the service providers and merely the click rates of the respective ad will be documented. These service providers currently include stellenanzeigen.de GmbH & Co. KG (data privacy statement available at https://www.instagram.com/robatherm) and Presse- Druck- und Verlags-GmbH (data privacy statement available at https://www.augsburger-allgemeine.de/unternehmen/Datenschutzerklaerung-und-Informationspflichten-nach-Art-13-DSGVO-id10487051.html).

We use the click rates to analyze how worthwhile corresponding job ads are so we can improve the design of the job ads in the future. This, however, involves merely aggregated data that we cannot attribute to any specific person.

When calling up the websites of the respective providers, personal data is processed by the provider insofar as this is necessary for retrieving the pages. We have no influence on the processing of personal data by the respective providers. Nor are we aware of all the purposes of the processing, the storage periods or the scope of data collection by the providers.

According to experience, the platforms process the data for the purposes of advertising, market research and customising the platforms. You can find more details in the data protection notices of the individual platforms linked above. In particular, these data protection notices also contain information on how and for what purposes and on what legal basis the providers process your personal data in connection with the use of the respective online presence. You will also find information on how you can exercise your data protection rights vis-à-vis the respective provider (see also Part 1 - Data protection rights).

We process the following personal data within the scope of the job application process:

• your master data (e.g. first name, last name, affixes, date of birth),
• work permit/residence permit, if necessary,
• contact information (e.g. personal address, (cell) phone number, email address),
• photo, if applicable
• skill information (e.g. special skills and proficiencies),
• if relevant for the advertised position: fitness for duty.

Your personal data is generally collected directly from you within the scope of the application process, in particular from the job application documents, the job interview, and the staff questionnaire.

We may also receive data from third parties, (e.g. employment agencies).We also process your personal data that we permissibly gain from publicly accessible sources (e.g. professional networks).

Data processing chiefly serves to establish an employment relationship. The predominant legal basis for this is Art. 88 (1) GDPR in conjunction with Section 26 (1) German Federal Data Protection Act (BDSG).

Your data is processed exclusively to fill the specific position for which you have applied. The processing of health data may also be necessary for the assessment of your working capacity pursuant to Art. 9 (2) lit.h GDPR in conjunction with Section 22 (1) lit.b BDSG. If, in the event of a rejection, you wish to be included in our pool of applicants or if your application is to be taken into consideration for other vacancies in the company/group, we require a declaration of consent from you for this purpose.

If contact is initiated via corresponding service providers, the legal basis for their involvement, besides Art. 88 (1) GDPR in conjunction with Sec. 26 (1) BDSG, is also Art. 6 (1) lit. f) GDPR if applicable (legitimate interests). Our legitimate interests are being able to organize our application processes and HR marketing efficiently. With regard to the processing of the transmitted anonymized click rates, our legitimate interest is being able to analyze the efficiency of cooperating with the service providers and improve the design of the job ads in the future.

If you are hired, we transfer your application records to your personnel file. After the end of your employment, the personal data that we are legally obligated to retain will continue to be stored. This generally is the based on statutory retention obligations and obligations to provide proof, which, among other things, are stipulated in the German Commercial Code (Handelsgesetzbuch, HGB) and the German Tax Code (Abgabenordnung, AO). According to these, retention periods are up to 10 years. Personal data may also be retained for the duration during which claims can be asserted against us (statutory limitation period from 3 or to up to 30 years).

In the event of a rejection, your application documents will be deleted no later than 6 months after the completion of the application process, unless you have granted us consent for a longer retention period (applicant pool).

Within our company, only the persons and functions (e.g. departments) that are involved in the decision concerning your hire will receive your personal data.

The data in your online application will be encrypted and transmitted using state-of-the-art technology. If you apply to robatherm online on your own initiative or for a current position, your application data will be stored in our software-based applicant management system.

Your written application will be handled in the same way as an online application. You will receive your original documents back no later than after the job vacancy has been filled.

Our apps are available via the Apple iTunes and Google Play app stores, which are operated by Apple Inc. and Google Ireland Limited. The installation of the app requires your prior registration in the App Store and the installation of the App Store software.

When you download the app, the required information is transferred to the App Store, in particular your user name, email address and customer number of your account, time of download, payment information and the individual device identification number. We have no influence on data processing by the operator of the app store and are not responsible for it. Rather, the respective operator of the app store is solely responsible for data processing. Further information on how the respective app store operator processes your personal data and information on your rights as a data subject can be found in the data protection information of the respective app store operator.

Apple iTunes: https://www.apple.com/de/legal/privacy/

Google Play: https://policies.google.com/?hl=de

We only receive anonymised user data about how many users have downloaded the app, which does not allow us to identify individual users.

When you use our apps, we collect the personal data described below, which is technically necessary to provide you with the functions of our apps and to ensure stability and security:

• IP address,
• Date and time of the enquiry,
• Time zone difference to Greenwich Mean Time (GMT),
• Content of the request (specific page),
• Access status/HTTP status code,
• amount of data transferred in each case,
• Website from which the request originates,
• Browser,
• operating system and its interface,
• Language and version of the browser software.

The data processing is carried out for the contractual provision of the app (legal basis: Art. 6 (1) sent. 1 lit. b GDPR) or on the basis of our legitimate interest (legal basis: Art. 6 (1) sent. 1 lit. f GDPR), which consists of being able to offer users convenient and secure use of the functions.

If you register in our apps, the following data will be processed (mandatory information)

• First name,
• Surname,
• Password,
• E-mail.

In addition, the following data is processed (optional information) if you provide it voluntarily:

• Company,
• Address,
• Postal code,
• Town.

This data is collected to prevent misuse, as it can be used to exclude individual users from further use. Querying the surname and first name also serves to enhance the user experience. This processing is carried out for the contractual provision of the app (legal basis: Art. 6 (1) sent. 1 lit. b GDPR). The company and address can be provided voluntarily and can be used by the user for their own personalisation. The processing serves to enhance the user experience and is also carried out for the contractual provision of the app (legal basis: Art. 6 (1) sent. 1 lit. b GDPR).

Our apps use cookies. See the information in Part 2 - Use of cookies and similar technologies.

Personal data is all information that can be associated with you personally. This includes, for example, your name, your address, your telephone number and your e-mail address. However, general information that cannot be used to identify you is not personal data. Such information includes, for example, the number of users of our websites.

robatherm Co., Ltd.
123 Suntowers B, 28th Fl.
Vibhavadi Rangsit Road, Jomphol, Jatujak
Bangkok 10900, Thailand

and

Amata City Industrial Estate
7/208 Moo 6, Mab Yangporn
Pluakdaong, Rayong 21140, Thailand

To the
Data Protection Officer
c/o robatherm Co., Ltd.
123 Suntowers B, 28th Fl.
Vibhavadi Rangsit Road, Jomphol, Jatujak
Bangkok 10900, Thailand
Telephone: +66 2 278 6996
E-Mail: info@robatherm.com

• to access information concerning your personal data processed by us;
• to immediately request completion or the rectification of incorrect of your personal data stored by us;
• to request erasure of your personal data stored by us;
• to request restricted processing of your personal data;
• to receive your personal data, which you provided to us, in a structured, commonly used, and machine-readable format or to request transmission to another controller;
• to object to the processing of your personal data;
• at any time to withdraw consent granted to us, with the consequence that our processing based on such consent will be prohibited for the future without affecting the lawfullness of any processing that occurred prior to your withdrawal of your consent;
• to lodge a complaint with a supervisory authority.

In the event that you have questions that are not answered in this privacy statement or if you would like to have more in-depth information for any matter in this regard, please contact us at any time through the contact information listed above.

In principle, there is no legal or contractual obligation for you to provide us with your personal data. This means that we do not make our offers, the conclusion of contracts and the use of our products and services dependent on you providing us with personal data beforehand. However, we may not be able to provide you with certain offers, products and services, or only to a limited extent, if you do not provide us with the necessary data.

When you contact us by e-mail or via a contact form, we will store your e-mail address and, if you provide it, your name and telephone number in order to answer your questions.
The legal basis for the processing of this data is the fulfilment of our contractual obligations (PDPA) or the protection of our legitimate interests (PDPA), which consist in particular in being able to process your enquiry satisfactorily for you.

We will not pass on your personal data to third parties unless the transfer is necessary for the provision and use of our products and services or the conclusion and execution of contracts (legal basis: PDPA), you have consented to the transfer (legal basis: PDPA) or the transfer of personal data is permitted on the basis of relevant legal provisions.
We are also authorised to outsource the processing of your personal data in whole or in part to external service providers who act as processors for robatherm in accordance with PDPA within the framework of data protection regulations. In particular, we use external service providers for the provision and operation of the websites and our respective services in order to host the websites and store their backend database

• monitor the performance of the websites and recognise and rectify problems and errors on the websites
• to provide a consent management platform for you as a user,
• analyse our website and to generate reports on website activity, and
• and to place relevant adverts.

In all cases, we have concluded agreements with the service providers involved on order processing in accordance with PDPA, which stipulate in particular that data processing is carried out exclusively in accordance with robatherm's instructions and in compliance with the applicable data protection laws.
You will receive further information about which recipients receive access to personal data from us if you contact us via the data in section 2.

In addition to the data processing described in this data protection notice, we may also process your personal data for other purposes if we are authorised to do so under applicable data protection law.
Personal data may also be processed in other ways and may be disclosed to third parties if we are legally obliged to do so - e.g. by court order or to fulfil legal obligations (legal basis: PDPA) or if this is necessary to support criminal or legal investigations or other legal investigations or proceedings at home or abroad or to safeguard legitimate interests (legal basis: PDPA), such as the provision of joint products and services or to protect vital interests (legal basis: PDPA).
If we process your data for other purposes, we will expressly inform you of this if this is required under applicable law.

We will only store your personal data for as long as is necessary to fulfil the purposes for which it was collected. Data may be stored for as long as claims can be asserted against us for the services provided and/or we may require such data for the purposes of legal defence. In addition, we are often legally obliged to store the data for a longer period of time, regularly for a period of between 3 and 10 years.

We do not use any purely automated processing processes to bring about an automated decision (including profiling) that produces legal effects concerning you or significantly affects you in a similar way.

robatherm implements technical and organizational security measures to protect your personal data against accidental or unlawful destruction, loss or alteration and against unauthorised forwarding or unauthorized access.

This data protection notice is up to date as of May 2025. It may become necessary to amend this data protection notice as a result of the further development of our website, products and services or other services or due to changes in legal or official requirements. We intend to announce changes to our privacy policy on this website so that you are always fully and correctly informed about how we process your personal data. We therefore recommend that you visit this website at regular intervals to find out about our current data protection practices.

When accessing our website through telecommunication services, communication-oriented information (data (e.g. Internet protocol address, referrer, URL, browser) or usage-oriented data (e.g. information concerning start and duration of use and the telecommunication services used by you) are automatically generated by technical means. These generally do not allow us to determine the identity of the website user.

Such data is collected and used to ensure a seamless connectivity of the website and convenient use of our website. This information is furthermore used to evaluate system security and stability and for other administrative purposes. Such data is processed within the scope of our legitimate interests (PDPA). Such data will be erased if it is are no longer required for the stated purposes.

Our websites and apps use cookies and similar technologies (‘cookies’). Cookies are data records and information that are stored by a website or app on your hard drive or end device. Cookies do not cause any damage to your computer and do not contain viruses. Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity. We collect personal data using cookies or similar technologies on the websites or apps and within our services (a) to better understand how our users use the websites or apps; (b) to improve the websites or apps and services; and (c) to provide and maintain smoothly and correctly functioning websites or apps, as far as this is possible and reasonable.
Most browsers automatically accept cookies, but you can set your browser to refuse cookies or to indicate when a cookie is being sent. You can find more information in the help menu of your browser. Cookies that are not absolutely necessary (see description below) can be deactivated at any time or deleted later. You can deactivate these cookies either via the consent management platform on our websites or apps or via your browser settings. Please note that you do not necessarily have to accept essential cookies in order to use our websites or apps to their full extent. However, if you do not accept these cookies, some areas and functions of our websites or apps may not be available.

Our websites may also contain links to other websites. This data protection notice does not apply to linked websites. We ask you to visit the data protection notices on the linked websites directly to obtain information about how these websites protect data and handle your personal data.

We maintain online profiles on social media of the following platform operators and at the addresses below:

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

• Our profile:https://www.facebook.com/robatherm
• Data privacy statement of the platform:https://www.facebook.com/about/privacy/
• Information on joint processing pursuant to Art. 26 GDPR:https://www.facebook.com/legal/terms/page_controller_addendum
• Further information on Facebook Insights:https://www.facebook.com/business/pages/manage#page_insights

Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

• Our profile:https://www.instagram.com/robatherm
• Data privacy statement of the platformhttp://instagram.com/about/legal/privacy/

Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany)

• Our profile:https://www.xing.com/companies/robatherm
• Data privacy statement of the platform:https://privacy.xing.com/de/datenschutzerklaerung

Linkedin (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

• Our profile:https://www.linkedin.com/company/robatherm
• Data privacy statement of the platform:https://www.linkedin.com/legal/privacy-policy
• Cookie-Policy: https://www.linkedin.com/legal/cookie-policy

Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)

• Our profile:https://www.youtube.com/robathermtv
• Data privacy statement of the platform:https://policies.google.com/privacy

Twitter (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland)

• Our profile:https://twitter.com/robatherm/
• Data privacy statement of the platform:https://twitter.com/de/privacy

Within the scope of the use of our profiles on social media, personal data are collected by different data controllers for various purposes. As soon as you visit one of our profiles, the platform operators collect and process personal data for the purpose of enabling the use of their services and possibly other purposes (see below, “Processing by platform operators”). It can also happen that you contact us about this and we collect and process personal data in the course of the contact or we process personal data that is available to us (e.g. a post) due to legal obligations (see below, “Processing by robatherm”).

Facebook processes various data provided by you, including personal data, for the creation of usage statistics (Facebook Insights) by Facebook Ireland and us as joint controllers within the meaning of Art. 26 GDPR. For this purpose, we have concluded an agreement with Facebook as joint controllers in accordance with the legal requirements, which you can view here: https://www.facebook.com/legal/terms/page_controller_addendum.

The legal basis for the processing of personal data in this context is PDPA (legitimate interests) or, if consent has been obtained. The legitimate interest here is also to be able to inform you effectively and communicate with you and to improve the information offered, in particular on our presence on Facebook.

Further information on Facebook Insights can be found here:https://www.facebook.com/business/pages/manage#page_insights.

If you contact us via Xing or Linkedin regarding posted jobs or otherwise for the purpose of applying for a job at our company, the legal basis for the processing of the respective data is PDPA (initiation of an employment relationship).

If you would like to apply for jobs we advertise via Xing and Linkedin and click on “apply”, you will be redirected to the website of one of our service providers. You can find more information on the processing by these providers in Part 6 – Information for job applicants – in this Data Privacy Statement.

How and for what purpose we process personal data in the context of processing job applications is also described in Part 6 – Information for job applicants.

If you, as a customer or interested party, establish business contact with us or maintain a business relationship with us, then we process the following types of personal data:

• address information,
• contact information (generally (cell) phone number, fax number, email address, including name and other details concerning contact persons or personal contact information), contract data,
• creditworthiness data (in this regard we are working with the credit insurer Euler Hermes i.e. for each customer or each project, we query the commercial credit amount for the customer from Euler Hermes
• tax-relevant information (e.g. VAT ID no.),
• support information (e.g. customer development, product or contractual interests),
• statistical data,
• billing and service data,
• banking information.

Data is processed for the purpose of preparing offers and processing enquiries, orders and the delivery of the goods as well as the provision of the services or software functionalities you use via our website (e.g. when using robatherm Connect). The data is also processed for invoicing and payment purposes. In this respect, the processing is carried out to fulfil a contract to which you are a party or to carry out pre-contractual measures that are carried out at your request (legal basis: PDPA).

As part of the use of robatherm Connect, the usage data provided by the customer may also be anonymised by robatherm or by service providers commissioned by robatherm to provide the service and subsequently processed and evaluated for the purposes of statistical evaluation of the use of the robatherm Connect service, including telemetry, and for product improvement. This processing is carried out to safeguard legitimate interests (legal basis: PDPA), which consist in particular in providing robatherm's customers with a functional robatherm Connect service and improving our products and services as well as those of robatherm's service providers used to provide the service.

Furthermore, processing is carried out for the purpose of credit assessment. Our interest in this is to check the solvency of customers in order to protect ourselves against payment defaults. This processing is carried out to protect our legitimate interests (legal basis: PDPA), whereby there are no overriding interests of the data subjects.

In addition, the processing is carried out for the purpose of after-sales service, i.e. to support you in handling our products even after your purchase. In this respect, the processing is carried out to fulfil a contract to which you are a party (legal basis: PDPA) or, insofar as direct marketing measures are concerned, on the basis of our legitimate interest (legal basis: PDPA), and this is subject to any separate consent that may otherwise be required (legal basis: PDPA).

If you have provided us with your e-mail address in connection with an enquiry and/or the sale of one of our products, we will use it to send you information about similar products and services from us. You can object to this processing at any time and free of charge.

The legal basis for the processing of this data is - subject to other separate consents (PDPA) - our legitimate interest in such direct marketing.

For the purpose of the credit check mentioned in this Part 4, our credit insurer receives customer data (company name and address) as well as information about the amount of goods to be insured in order to prepare its insurance offer to us.
We also commission external service partners to provide services (e.g. rectification of defects, commissioning) to our customers. For this purpose, these service partners receive customer data (e.g. customer name, contact details, address). This is done to fulfil a contract to which you are a party (legal basis: PDPA), whereby we conclude all necessary contracts with our partners to protect your personal data (see also Part 1 - Disclosure of data to third parties).

If you enter into business contact with us or maintain a business relationship with us as a supplier, we process the following types of personal data:

• address information,
• contact information (generally (cell) phone number, fax number, email address, including name and other details concerning contact persons or personal contact information),
• contract data,
• tax-relevant information (e.g. VAT ID no.),
• supplier evaluation,
• statistical data,
• billing and service data,
• banking information

The data is processed for the purpose of preparing enquiries, checking offers and placing orders. The data is also processed in the context of billing and payment. This processing is necessary for the initiation or fulfilment of a contract (legal basis: PDPA). In addition, we may use the data for the purpose of a credit check if there is a risk of default due to any advance payment on our part. This processing is carried out to protect our legitimate interests (legal basis: PDPA) and we may also process and store the data of our suppliers for supplier evaluation, including for the preparation of statistical data. Our interest in this is to check the performance of our suppliers in order to protect us against delivery failures. This processing is carried out to protect our legitimate interests (legal basis: PDPA).

Ihre Daten werden nur für die Besetzung von Stellen innerhalb von robatherm erhoben. Wir behandeln Ihre Daten absolut vertraulich und geben sie nicht an Dritte weiter.

We also cooperate with service providers that publish our job ads and merely set a link to our website to which you can then transmit your application data. In that case, no application data will be processed by the service providers and merely the click rates of the respective ad will be documented. These service providers currently include jobsDB (data privacy statement available at https://th.jobsdb.com/en-th/pages/terms/privacy-policy.

We use the click rates to analyse how worthwhile corresponding job ads are so we can improve the design of the job ads in the future. This, however, involves merely aggregated data that we cannot attribute to any specific person.).

When calling up the websites of the respective providers, personal data is processed by the provider insofar as this is necessary for retrieving the pages. We have no influence on the processing of personal data by the respective providers. Nor are we aware of all the purposes of the processing, the storage periods or the scope of data collection by the providers.

According to experience, the platforms process the data for the purposes of advertising, market research and customising the platforms. You can find more details in the data protection notices of the individual platforms linked above. In particular, these data protection notices also contain information on how and for what purposes and on what legal basis the providers process your personal data in connection with the use of the respective online presence. You will also find information on how you can exercise your data protection rights vis-à-vis the respective provider (see also Part 1 - Data protection rights).

We process the following personal data within the scope of the job application process:

• your master data (e.g. first name, last name, affixes, date of birth),
• work permit/residence permit, if necessary,
• contact information (e.g. personal address, (cell) phone number, email address),
• photo, if applicable
• skill information (e.g. special skills and proficiencies),
• if relevant for the advertised position: fitness for duty.

Your personal data is generally collected directly from you within the scope of the application process, in particular from the job application documents, the job interview, and the staff questionnaire. We may also receive data from third parties, (e.g. employment agencies). We also process your personal data that we permissibly gain from publicly accessible sources (e.g. professional networks).
Data processing chiefly serves to establish an employment relationship. The predominant legal basis for this is PDPA. Your data is processed exclusively to fill the specific position for which you have applied. The processing of health data may also be necessary for the assessment of your working capacity pursuant to PDPA.
If, in the event of a rejection, you wish to be included in our pool of applicants or if your application is to be taken into consideration for other vacancies in the company/group, we require a declaration of consent from you for this purpose.
If contact is initiated via corresponding service providers, the legal basis for their involvement, is PDPA if applicable (legitimate interests). Our legitimate interests are being able to organize our application processes and HR marketing efficiently. With regard to the processing of the transmitted anonymized click rates, our legitimate interest is being able to analyze the efficiency of cooperating with the service providers and improve the design of the job ads in the future.

If you are hired, we transfer your application records to your personnel file. After the end of your employment, the personal data that we are legally obligated to retain will continue to be stored. This generally is the based on statutory retention obligations and obligations to provide proof, which, among other things, are stipulated in the Thai Civil and Commercial Code and the Thai Revenue Code. According to these, retention periods are up to 10 years. Personal data may also be retained for the duration during which claims can be asserted against us (statutory limitation period from 3 or to up to 10 years).

In the event of a rejection, your application documents will be deleted no later than 6 months after the completion of the application process, unless you have granted us consent for a longer retention period (applicant pool).

Within our company, only the persons and functions (e.g. departments) that are involved in the decision concerning your hire will receive your personal data.

The data in your online application will be encrypted and transmitted using state-of-the-art technology. If you apply to robatherm online on your own initiative or for a current position, your application data will be stored in our software-based applicant management system.

Your written application will be handled in the same way as an online application. You will receive your original documents back no later than after the job vacancy has been filled.