What is Teseos’ role in the protection of your privacy?
The protection of personal data policy (hereafter the “Privacy Policy”) governs the manner according to which Teseos Luxembourg S.A, whose registered office is located at 9, rue Robert Stümper, L-2557 Luxembourg, registered with the Luxembourg Trade and Companies Registry under number B91753 and/or its affiliated companies belonging to the Encevo Group (hereafter the “Subsidiaries”) (collectively designated “Teseos”), collect, use, process and/or communicate personal data of natural persons (such as “Prospects”, “Customers” or “Users” or “Professionals[1]” ) in relation to the installation of equipment and provision of technical services in the energy sector and/or the use of websites, mobile applications, and digital services of each concerned entity (collectively referred as the “Services”).
Through its Subsidiaries, Teseos carries out an activity of sale and installation of equipment, facility management, and the provision of technical services in the sectors of construction, professional lighting, energy management and distribution, renewable energy production, electromobility, and energy efficiency. For each relevant Subsidiary, the Services also encompass services such as access to and management of the customer portal, customer accounts, organization of commercial and marketing operations, as well as communication with Clients, Professionals, and, more generally, Users.
Within the framework of the Privacy Policy, Teseos and/or the relevant Subsidiary acts as data controller (“Data Controller”). The Privacy Policy aims to provide transparency about your personal data either collected directly from you or indirectly, notably coming from publicly available sources. We process your personal data as part of the conclusion and execution of your contracts and to better handle your requests, complaints, and any potential disputes. We share certain data with technical service providers (“Data Processors”) based on your consent and/or with third parties to comply with the Law.
We inform you that we recently updated our Privacy Policy concerning the concept of legitimate interests, the type of data collected, for which purposes and on which legal basis (cf. the Schedule below) and concerning the retention periods.
Our commitment to comply with data protection Law
Teseos and its Subsidiaries acknowledge and undertake to comply with the national laws and regulations applicable to the protection of personal data (the “Law”), and with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”).
Your points of contact
As Data Controller, Teseos considers the protection of your personal data to be of great importance and has appointed a data protection officer (hereafter the “DPO”) that you can contact for any questions you may have. Each Subsidiary has also appointed a DPO when necessary. The main role of our DPO is to ensure that personal data of our employees, Prospects, Customers, Professionals and generally speaking of Users are processed in compliance with the Law and the GDPR within the framework of the activities carried out by the concerned Subsidiary.
For any questions about the processing of your personal data, please feel free to contact the DPO of Teseos or of the relevant Subsidiaries at the following addresses:
| COMPANIES | Contact by post or by telephone | Contact by email |
| Teseos Luxembourg S.A. | Data Protection Officer Address: 9, rue Robert Stümper L-2557 Luxembourg (Luxembourg) Tel: +352 481 991 199 | dpo@teseos.lu |
| Paul Wagner & Fils S.A. and its subsidiaries: Electricité Wagner S.A., Blitzschutzbau-Rhein-Main GmbH, Hoffmann S.A.S et Arctic Cooling Systemes S.àr.l. | Responsable de la protection des données Address: Paul Wagner et Fils S.A. 9, rue Robert Stümper L-2557 Luxembourg Tel: +352 48 19 91 – 1 | dpo@pwagner.lu |
| MINUSINES S.A. | Data Protection Officer Address: 8, rue François Hogenberg L-1735 Luxembourg B.P. 2212 L-1022 Luxembourg Tel: +352 495858-1 | dpo@minusines.lu |
| Agence de l’énergie S.A. – energieagence | Data Protection Officer Adress: 60A, rue d’Ivoix L-1817 Luxembourg Tel: +352 40 65 64 | dpo@energieagence.lu |
| Global Facilities S.A. and its subsidiary CONCORDE GESTION S.à r.l. | Protection des données Address: 24 Rue Léon Laval, L-3372 Leudelange Tel: +352 26 37 28 1 | privacy@globalfacilities.lu |
| Power Panels S.A. | Data Protection Officer Adress: 12, rue de Bitbourg L-1273 Luxembourg Tel: +352 26 09 54 1 | contact@powerpanels.lu |
| electris Luxembourg S.A. | Data Protection Officer Address: 9, rue Robert Stümper L-2557 Luxembourg Tel: +352 28 83 80 80 | dpo@electris.lu |
| Grethen Sàrl et Grethen Rénovation Sàrl | Data Protection Officer Address: Zone Industrielle Rolach Hall n°7 L-5280 Sandweiler Luxembourg Tel: +352 48 31 38 | contact@grethen.lu |
| C. Schanen S.à r.l. | Data Protection Officer Address: 26, ZAC Klengbousbierg L-7795 Bissen Tel: +352 812 406 Fax: +352 81 73 96 | dpo@c-s.lu |
| e3consult S.à.r.l. | Data Protection Officer Address: 2 Rue Haute, L-6680 Mertert Tel: +352 26 19 63 01 | info@e3consult.lu |
How to stay involved in the treatment of your personal data?
We invite you to read this Privacy Policy. If you are already in contact with Teseos or Customer of a Subsidiary, please also check the contracts by which you are bound because they may contain further details on how we collect and process your data.
Please note that these personal data will only be used for the specific reason for which they were transmitted.
By contracting with us, our Subsidiaries or by using the Services, you acknowledge and accept the treatment of your personal data in accordance with Teseos’ Privacy Policy.
When and how do we collect data?
As from your first interaction with us, our Subsidiaries or with third parties, personal data are collected through various digital channels (by email, by navigating on our web sites or through social media) and by correspondence in writing (letter, messages) or verbally (during a physical meeting or by telephone). The Privacy Policy is applicable regardless of the communication channel or the method used to collect your data.
The Schedule below provides more details about the type of data we collect, for which purposes and the legal basis on which we process your personal data.
| data provided by you | data collected by Teseos or the relevant Subsidiary | |
| – | X | You browse any page of our websites |
| X | X | You place a request for any of our products/services |
| X | X | You sign a contract for specific products/services |
| X | X | You buy/purchase, use or and/or are supplied with our products/services |
| – | X | You are invoiced for our products/services |
| X | X | You pay an invoice. |
| X | X | You contact us for any kind of customer service or support. |
| Optional | Optional | Optional: By opting-in, you can give us your clear and explicit consent to process your personal data for a specific purpose (marketing, newsletter, digital onboarding, customer portal) |
What are our “legal bases” for processing your data?
In the framework of our activities, we collect and process several types of personal data depending on the offers and services you have subscribed to and the forms you have filled-in on our websites. This processing is based on one of the following legal bases:
a. Contract: We process your personal data within the extent it is necessary to execute the contract you have entered with us and/or for the needs of the pre-contractual relationships.
b. Consent: We process your data on the basis of a clear and explicit consent (by ticking the box or clicking) that you have given to us for a specific purpose.
You can change your mind! If you have previously given consent to the processing of your personal data, you can freely withdraw such consent at any time by sending an email to the DPO of the relevant Subsidiary at the email address provided on page 2 of the Privacy Policy.
If you withdraw your consent, and if we do not have another legal basis for processing your personal data, then we will stop processing such data. If we have another legal basis for processing your data, we will limit our processing to what is strictly necessary with regard to the purpose of the concerned treatment.
c. Legitimate interests: In the following cases, we process your data on the basis of our legitimate interests within the limits of what you can reasonably expect in the interactions with us or with the relevant Subsidiary and as long as there is no other legal basis for such processing. Our legitimate interests are:
In each case, we ensure to find a balance between your rights and our legitimate interests. For more information about such balancing, you can contact the DPO of the relevant Subsidiary by email at the address provided on page 2 of the Privacy Policy.
d. Law: We process your personal data in accordance with the Law and the legislation applicable to the relevant fields of activity of each Subsidiary.
How and why, we process your data?
In the schedule below, you will find the detail of (i) the categories of personal data that we collect, (ii) the purposes for which we process such data, (iii) the legal basis associated with each purpose.
When collecting data, we indicate which information is mandatory or necessary for the conclusion of the contract. Failure to provide such data will prevent us from entering into a contract with you. Optional information is indicated as “optional”.
| Context | Type of personal data[2] | Purposes of the processing | Legal basis |
| Browsing our websites | Cookies | Improve the design, content, and usability of our website | – General Terms of Use – Cookie Policy (based on consent) |
| Provision of services to Subsidiaries (intra-group) | Identification DataCommunication Data | By Teseos: For personnel management (recruitment, training, internship requests, etc.) For the management of technical services (use of platforms, IT tools, etc.) | Legitimate interests (employer)Service Level Agreement (SLA) |
| External growth operations | – Information about the target company (employees, clients, partners, etc.) | By Teseos: For preliminary analysis and audits for acquisition operations of companies, client portfolios, and/or contracts | – Confidentiality Agreement – Pre-contractual information – Conclusion and execution of a contract (letter of intent, sales agreement, etc.) |
| Sales of equipment (heating/cooling, ventilation, sanitation, lighting) Sales of equipment in renewable energies (charging stations, solar panels, heat pumps, LED) Technical services related to energy | Identification Data Communication DataContractual Data Billing DataFinancial Data | By the relevant Subsidiary: To identify and process your request To provide you with a quote/commercial offer To conclude and execute a service contract (installation, works, etc.)To communicate with technical partners and subcontractors To participate in tenders and submit an offer matching the catalogue of requirements To create a customer account allowing access to your user profile (optional)For billingTo collect payments, manage and recover payments To manage disputes and amicable resolutionsTo combat fraud and corruption | – Privacy Policy – Pre-contractual information – Conclusion and execution of a contract – Legitimate interests (economic and commercial) – Legitimate interests (enforce our rights and defend our interests) |
| Electro mobility services | Communication DataConsumption Data | By the relevant Subsidiary: To provide charging services (access to charging station networks, consumption measurement)For platform use (access, viewing, and monitoring consumption) For consumption reimbursement services To communicate with the network manager and balancing responsible party, technical partners, and subcontractors (measurement, etc.) | – Conclusion and execution of a contract |
| Energy consulting | Communication DataConsumption Data | By the relevant Subsidiary: To analyse your energy consumption (audit, energy efficiency diagnosis, energy passport issuance)To advise you on energy efficiency measures, perform monitoring, and prepare the grant application | – Execution of a contract – Based on your Opt-in (consent) |
| Exchange and communication with our services | Communication Data | By the relevant Subsidiary: To improve the user experience and facilitate communication and satisfaction surveysTo improve service quality and employee training To manage your rights | – Legitimate interests (economic and commercial, quality service) – Legal obligations |
| Commercial activities | Communication Data | By the relevant Subsidiary: For marketing operations based on your consent, such as to receive: Commercial offers on our goods or services Advice on energy efficiency measures Commercial offers from technical or commercial partners (craftsmen, installers, electric vehicle rental companies), etc. | – Consent (Opt-in) |
What about sensitive data?
We don’t collect any sensitive data as defined by the GDPR (like racial or ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic data, biometric data, health data, data about your sexual life or orientation, and offences or alleged offences).
What are your privacy rights?
You have personal rights regarding your data that you can exercise in accordance with the Law and the GDPR, including a right of access, right to correct, right to erasure, a right to restrict a treatment, right to oppose (right to be forgotten), and a portability right.
If you want to exercise or get more explanation about any of these rights, please contact the Data Protection Officer at the following address: dpo@teseos.lu or the DPO of the relevant Subsidiary to the above indicated address. We will answer you within a reasonable delay, not exceeding one month as from the date of your request.
Such right can be exercised to the extent it does not adversely affect the rights and freedoms of others. Under certain circumstances, some rights such as the right to be forgotten or the portability right can be exercised subject to conditions, for example, they shall not prevent the execution of ongoing contracts or prevent us from complying with our obligations or obstructing any possible legal proceedings.
In such cases, we will provide you with any further explanation which might be relevant to you.
a. You have the right to access to the personal data we or the relevant Subsidiary holds about you. Please refer to the Schedule above. You can ask us whether your personal data is being processed or not and request further details about the processing of your data.
b. You have the right to request an update, an addition or a correction of any personal data which is inaccurate, incomplete, or wrong. Please inform us about any update or inaccuracy you may have noticed by sending an email at dpo@teseos.lu or at the address of the DPO indicated in the above-mentioned schedule.
c. You can request the erasure of your personal data under certain circumstances. This right may be subject to limitations as mentioned above.
d. You can ask the restriction of processing of your personal data under certain circumstances. This right means that the treatment we operate on your personal data is limited, so that we can retain some data, but we cannot not use or process them for any other purpose(s).
e. You have the right to object to the processing of personal data (“right to be forgotten”). This means that you can request us to stop using your personal data, notably for direct marketing purposes. We will do so as long as such data are no longer necessary for the provisions of services.
f. You have the right to ask for the portability of your personal data carried out by automated means. You can request to receive directly your personal data in a structured commonly used and machine-readable format. The data will be given in MS Excel format directly to you so that you can transmit it to another controller and/or where technically feasible, your personal data will be transmitted directly to another controller.
Such right can be exercised to the extent it does not adversely affect the rights and freedoms of others. In such case, we will provide you with any further explanation which might be relevant to you.
g. You have the right to lodge a complaint with the relevant supervisory authority, i.e. the “Commission Nationale de Protection des Données (“CNPD”).
We provide several channels to exercise your rights so that you can choose the more convenient to you.
For any questions/concerns, please contact us at the following addresses so that you have a chance to address your request in the best delay:
How we secure the data we collect?
Teseos and its Subsidiaries have implemented appropriate physical, technical, and organizational security measures to protect your personal data against unauthorised access, alteration, disclosure, theft, destruction or other accidental or unlawful forms of processing in accordance with the Law, GDPR and generally accepted standards of technology and operational security.
We have set-up internal security policies, and we require our Data Processors to comply with the Law and GDPR. They are bound by contractual obligations related to confidentiality, processing, and security measures to prevent unauthorised access, use, theft, destruction and disclosure of personal data.
Security issues being a general matter concerning everyone, we advise you to remain vigilant and take any useful or necessary precaution to guarantee the confidentiality of your password and your access code to the customer account.
How do we store and transfer your personal data?
Your personal data are stored with the European Union either by our organization or by our service providers (Data Processors).
In the event a transfer of personal data outside the European Union or outside the European Economic Area (EEA) is contemplated, such transfer will only take place provided the appropriate safeguards provided by articles 44 to 47 of the GDPR are in place, i.e.:
How long do we retain your data?
Teseos and its Subsidiaries have taken all reasonable measures to ensure that your personal data are processed for the minimum period necessary for the purposes set out in this Privacy Policy. The criteria to determine the duration during which we retain your personal data in connection with the Services are as follows:
The main retention periods are the following (for Luxembourg):
Despite these retention periods, your data may be archived with restricted access for a further period for limited reasons as permitted by law (default payment, warranty, disputes, etc.). Teseos or the relevant Subsidiary undertakes to delete or to anonymise your personal data upon expiry of the retention period as described above.
To whom your data are shared?
We communicate certain data to our technical partners on basis of your consent and/or to third parties in compliance with the Law. We share personal data with Data Processors within the limit of what is necessary for the performance of the services entrusted to them. In accordance with the terms of the contracts by which they are bound, Data Processors process data in compliance with GDPR on the basis of our instructions in relation to defined purposes and ensure to implement appropriate technical and organisational security measures.
We use the following categories of recipients to provide Services (a list of contracting entities can be shared upon request):
– affiliated companies within the Encevo Group for intra-group services (accounting, finance, legal, IT, etc.),
– Database, sales administration, and market interaction software providers,
– Professionals equipment installers (craftsmen, technicians, electricians),
– Technical services providers (charging station operators, customer support);
– Credit reference and fraud prevention agencies to assess your ability to make payments, credit decisions, identity checks, fraud and money laundering prevention and account management. Credit reference agencies will record the search on your credit file whether or not your application has been successful. (There is no automated decision making based on that research).
– Credit insurers,
– Survey provider and market research,
– IT/Cloud service providers,
– Telecommunication network operators and roaming services,
– Payment/debt collection agencies,
– Print service providers,
– Facilities’ service providers, – Subsidies’ energy agencies and entities awarding the subsidies,
– Third party auditors, where applicable, to meet legal and regulatory obligations.
– Head-hunter and/or employment agency,
– Training service providers,
The data may be transmitted to third parties where this is required or expressly authorised by the Law, to enforce a provision of the law, or further to a judicial/regulatory decision if such disclosure is necessary in the context of an investigation or a legal proceeding and to protect the rights and interests, properties, safety and security of Teseos, and of each concerned Subsidiaries our clients or other persons.
Changes to this Privacy Policy
The Privacy Policy will be updated regularly to consider legal, regulatory, and operational changes. In case of important changes (e.g.: type of data collected, how we use it or for which purposes), we will highlight such change at the top of the Policy. You are invited to read the Privacy Policy regularly to be informed about its evolution and modifications. The continued use of the Services following the posting of any changes to this Privacy Policy will be deemed as an acceptance of those changes.
[1] Professionals refer to the craftsmen, technicians, and/or electricians with whom Teseos and its subsidiaries work.
[2] The content of the data categories (Customer Identification, Customer Communication, Contractual, Delivery Point, etc.) are defined by the Encevo Group’s internal policies.
Teseos Privacy Policy – v2.12.07.2024 – Legal Encevo