Privacy Policy


Why and for whom?

At eco2heat® (inclduing eco2heat GmbH, eco2heat Nordics AB, eco2heat AG) "eco2heat®", "we", "us", "our" we care about personal privacy. This means that we respect and protect your privacy and the right to control and transparency when processing your Personal Data.

eco2heat® is the Data Controller in relation to the Processing of Personal Data listed in this Privacy Policy (the "Policy". The policy describes for what purposes we need your Personal Data, what legal basis we rely on and what measures we take to protect personal data. We also inform you about how to exercise the rights you have linked to our processing of your Personal Data.

We will also list our Data Processors so that you can feel 100% sure of where your Personal Data is stored and Processed.

The Policy informs about our handling of Personal Data in cases where you communicate with us, use the Service or visit our website together "Features".


This policy is aimed at:

– Users of the Service

– Potential customers

– Customers

– Employees of potential customers

– Employees of existing customers

– Visitors to our website

– Suppliers

– Partners of eco2heat®



"Processing" of Personal Data is everything that can be done with a Personal Data, e.g. storage, modification, reading, handover, etc.

"Applicable Law" is the legislation applicable to the processing of Personal Data including the General Data Protection Regulation (GDPR), supplementary national legislation, as well as practices, guides and recommendations issued by a national or European supervisory authority.

"Personal data" is any kind of information that can be linked to an identifiable, living person.

"Personal Data Controller" is the company / organization that decides for what purposes and in what way the Personal Data is to be processed and thus also responsible for ensuring that Personal Data is processed in accordance with Applicable Law.

"Personal Data Assistant" is the company / organization that processes Personal Data on behalf of the Personal Data Controller and may thus only Process the Personal Data in accordance with the Personal Data Client's instructions and applicable legislation.

"Data subject" means the living, natural person whose Personal Data is processed.

"Service" We sell solutions related to heating radiators, solar panels and Smart homes.


eco2heat®'s personal data responsibility

The information in this Policy includes the Processing of Personal Data over which eco2heat® is the Data Controller, i.e. the Processing for which we determine the purpose of why a processing is done and the means in what way, what personal data, for how long, etc. The policy does not describe how we process personal data in the role of personal data assistant – i.e. when we process personal data on behalf of our customers.

We sell services and products to companies in marketing such as advertising web development and also training in sales and marketing. The services are performed on an ongoing basis and in order to perform them correctly, they require the right information.


eco2heat®' processing of personal data

We have a responsibility to describe and show how we live up to the requirements placed on us when we process your Personal Data. This section aims to inform about:

– Why the Personal Data Processing is necessary in relation to the purpose

– What legal basis we have identified for the Processing


Legal bases

Consent – eco2heat® processes your Personal Data after we have obtained your consent to processing. Information about the processing is always provided when we ask for consent.

Agreement – The processing is necessary to be able to fulfill obligations in an agreement between us and the Data Subject or to prepare for entering into an agreement with the Data Subject.

Balancing of interests – eco2heat® may process personal data if we have assessed that there is a legitimate interest that outweighs the Data Subject's protection of personal privacy and if the Processing is necessary for the purpose in question.

How long do we save your Personal Data?

We save your Personal Data for as long as it is necessary with regard to the purpose for which it was collected. Depending on the legal basis on which we support the processing, this may follow from a contract, b be dependent on a valid consent, c be stated in legislation or d follow from an internal assessment based on a balance of interests. In the list below, we indicate, to the extent possible, the period the Personal Data will be stored or the criteria used to determine the period.


Processing and the purpose of the processing: Register user account to enable the customer to log in

Personal data: Name, E-mail, Social security number, Credentials encrypted passwords, password hints and other security information, Gender, Device and usage data e.g. information about the customer's device, used functions and visited websites and settings,

Source: Direct from the data subject, From the data subject's employer, Credit rating agency, Information created from analysis of data, From public sources authority, company website SPAR etc., Generated internally.

Legal basis: The legitimate interest in being able to fulfill the commitments the customer asked us to perform.

Period of storage: One year after the end of the customer relationship

Processing and the purpose of the Processing: Send requested information and answer questions to satisfy your customers and stakeholders

Personal data: Name, E-mail, Social security number, Credentials encrypted passwords, password hints and other security information, Device and usage data e.g. information about the customer's device, used functions and visited websites and settings

Source: Direct from the data subject, From the data subject's employer, Generated internally

Legal basis: Agreement – Business agreements form the basis for being able to deliver the services

Retention period: As long as there is a valid consent. Information on how long the consent is valid is provided in cases where it is possible in connection with the collection of the consent.


Your rights

You are the one who controls your Personal Data. We always strive to ensure that you can exercise your rights as efficiently and smoothly as possible.

Access – You always have the right to receive information about the Personal Data Processing that concerns you. We only disclose information if we have been able to ensure that it is actually you who asks for the information.

Correction – If you discover that the Personal Data we process about you is not correct, you can send us an email to and we will help you update your personal data

Deletion – Do you want us to forget you completely? You have the right to request deletion of your Personal Data when it is no longer necessary for the purpose for which it was collected. If we are required to retain your data by law or a contract we have entered into with you, we will ensure that it is only processed for the specific purpose set out in the law or contract; Next, we make sure that the data is deleted as soon as possible.

Objection – Do you not agree with us that our interest in processing your Personal Data outweighs your interest in protecting personal privacy? Don't worry – in that case, we'll review our balance of interests and check that it still holds up. Of course, we consider your objection when we reassess whether we can still justify our Processing of your Personal Data. If you object to direct marketing, we will delete your Personal Data at once without reviewing our assessment.

Restriction – You can also ask us to restrict our Processing of your data:

While we are processing a request from you for any of your other rights

If, instead of requesting deletion, you want us to mark that the data should not be processed for a specific purpose. For example, if you do not want us to send you advertising in the future, we still need to save your name to know that we should not contact you

In cases where we no longer need the data for the purpose for which it was collected; provided that you do not have an interest in us retaining the data in order to assert a legal claim.

Data portability – We may provide you with the information you have provided to us yourself or that we have received from you in connection with entering into an agreement with you. You receive your information in a commonly used and machine-readable format that you can then take with you to another Personal Data Controller.

Withdraw consent – If you have consented to one or more specific processing operations of your Personal Data, you have the right at any time to withdraw your consent and thereby ask us to cease the Processing immediately. Please note that you can only withdraw your consent for future Processing of Personal Data and not for any Processing that has already taken place.


How to use your rights

Contact us at and we will help you.


Transfer of Personal Data

In order to run our business, we may need to get help from others who process Personal Data on our behalf, so-called Personal Data Assistants.

In cases where our Personal Data Assistants transfer the Personal Data to a country outside the EU / EEA, we have ensured that the Processing is legal according to applicable law by meeting one of the following requirements:

– there is a decision from the European Commission that the country ensures an adequate level of protection;

– application of the European Commission's standard contractual clauses for third-country transfers; or

– other appropriate safeguards complying with applicable law.

We have entered into personal data assistant agreements PUB agreements with all our Personal Data Assistants. The PUB agreement regulates how the Personal Data Processor may process the Personal Data and what security measures are required for the processing of personal data.

We may also need to provide your Personal Data to certain designated authorities in order to fulfill obligations under law or government decisions.


Our Data Processors

Data Processor: Facebook

Personal data processed: Name, E-mail, Telephone number

Instructions: Storage, processing, analysis

Data Processor: Google

Personal data processed: Name, E-mail and Telephone number

Instructions: Storage, processing, analysis


Data Processor: LinkedIn

Personal data processed: Name, E-mail, Telephone number

Instructions: Storage, processing, analysis


Transfer of Personal Data to another Personal Data Controller

Delivery of ordered goods to customers such as PostNord, Schenker, DHL



eco2heat® has taken technical and organizational measures to ensure that your personal data is processed securely and that it is protected from loss, misuse and unauthorized or unauthorized access.

Our security measures

Organizational security measures are measures that are implemented in working methods and routines within the organization. Our organizational security measures are:

– Internal steering documents policies/instructions

– Login and password management

– Information security policy

– Physical security premises, etc.

"Technical security measures are measures that are implemented through technical solutions.

 Our technical security measures are:

– Encryption

- Access list

- Access log

– Secure network


– Firewall

– Backup

– Regular security level check

– Two-step verification



eco2heat® uses cookies and similar tracking technologies to, among other things, analyze how Features are used so that we can provide you with the absolute best user experience. For more information on how we use cookies, please see our Cookie Policy.


If we do not keep our promises

If you feel that we are processing your Personal Data incorrectly, even after you have brought this to our attention, you always have the right to submit your complaint to More information about our obligations and your rights can be found on You can also contact the Swedish Authority for Privacy Protection at


Changes to this policy

We reserve the right to make changes to this Policy. In cases where the change affects our obligations or your rights, we will inform you of the changes in advance so that you are given the opportunity to take a position on the updated policy.


Please contact us if you have questions about your rights or if you have any other questions about how we process your personal data:


Last updated: 2022-03-03