Personal Data Protection Policy

The intuis Group specializes in the thermal comfort sector and designs and manufactures thermal equipment (heating, cooling, domestic hot water) for sustainable housing (residential, commercial, and industrial buildings).

intuis Services is one of the Group’s entities and produces radiators, air-to-air and air-to-water heat pumps, thermodynamic water heaters, pulsating combustion boilers, 4-in-1 systems, and solar systems.

The mobile applications, websites, and corresponding subdomains accessible at the following addresses are published by intuis Services to provide information about the Group’s product and service offerings and under the data processing responsibility of intuis Services:

intuis website: https://www.intuis.fr
Noirot website: https://www.noirot.fr
Intuis Services Pro mobile application
In addition to intuis Services, the data controllers mentioned below vary depending on the Services or off-Service activities concerned:

For the intuis website and the Intuis Services Pro mobile application:
Intuis Services, a simplified joint-stock company with a capital of €800,000, registered with the Trade and Companies Register under number 394 885 990 RCS Nanterre, whose registered office is located at 28 rue de Verdun – 92150 Suresnes.

For the Noirot websites:
Intuis-Elec, a single-shareholder simplified joint-stock company with a capital of €16,422,181, registered under number 334 981 958 RCS Nanterre, with its registered office at 28 rue de Verdun – 92150 Suresnes.

For off-Service activities:
Intuis-Thermo, a single-shareholder simplified joint-stock company with a capital of €15,510,000, registered under number 722 041 845 RCS Nanterre, with its registered office at 28 rue de Verdun – 92150 Suresnes.

All the above-mentioned entities, as well as:

Intuis & Cie, a public limited company with a board of directors and a share capital of €12,250,752, registered with the Trade and Companies Register of Nanterre under number 602 053 761, whose registered office is located at 28 rue de Verdun – 92150 Suresnes, represented by its legal representative domiciled in this capacity at the same address.

This Personal Data Protection Policy is intended to describe how intuis Services or the other listed Entities process users' personal data when using the Services, or how the Entities collect such data directly or indirectly through the Services and/or outside the Services (for example, during offline activities).

Respect for your privacy and personal data is a priority for us. We are committed to processing your data in compliance with French Law No. 78-17 of January 6, 1978 on Information Technology and Civil Liberties (as amended), the General Data Protection Regulation (EU) 2016/679 of April 27, 2016 (hereinafter “GDPR”), and the standards and recommendations of the CNIL (collectively referred to as the “Applicable Regulations”).

 
ARTICLE 1. IDENTITY AND CONTACT DETAILS OF THE DATA CONTROLLER
Intuis Services or the relevant Entity acts as the data controller for all personal data it collects from Users via one or more of the Services. Additionally, each Entity may act as a data controller for all personal data it collects itself, through another Entity, or via third parties, outside the Services (e.g., for the performance of a contract with you as a supplier or customer, or for messages or marketing activities conducted by this or another Entity).

To learn more about the different Entities acting as data controllers and their contact details, please visit:

intuis website: https://www.intuis.fr
Noirot website: https://www.noirot.fr
If the User wishes to exercise any of their rights provided under the Applicable Regulations and mentioned in Article 6 of this Policy, they may contact the Data Controller using one of the methods listed below, specifying their identity and the exact nature of the request (a form of ID may be requested in case of doubt about the requester's identity).

For any questions regarding the use of your personal data or your rights, you may contact the Data Controller by one of the following means, depending on the Entity concerned:

By email, for all Entities: dpo@groupe-intuis.fr (for optimal handling of your request, please specify the Entity and, where applicable, the Service or other relevant activity);
By postal mail, depending on the Data Controller in charge of your data in relation to the Service or off-Service activity:
intuis Services, 28 rue de Verdun – 92150 SURESNES
intuis-Thermo, 28 rue de Verdun – 92150 SURESNES
intuis-Elec, 28 rue de Verdun – 92150 SURESNES
intuis & Cie, 28 rue de Verdun – 92150 SURESNES
ARTICLE 2. DATA COLLECTED
As part of its data processing activities, the Data Controller may collect your personal data, in particular in the context of professional meetings, records, partnerships, job applications, commercial operations, visits to the Data Controller’s premises, your use of a Service (especially when completing a contact form), handling a request addressed to the Data Controller, or when you wish to exercise your rights under the Applicable Regulations.

The types of data collected include:

Identification data (e.g., full name, IP address, year of birth, unique GUID generated by the Data Controller’s information system to identify certain data flows concerning you, and where applicable, your SIRET number);
Contact details (e.g., postal address(es), email address(es), phone number(s));
Professional data (e.g., profession, interest in partnerships or investments, the company you work for or represent, professional registration number if applicable, your SIRET and VAT numbers, the SIRET number of the company you represent);
Connection and browsing data, including:
Cookies and visitor cookie identifiers (e.g., Google Analytics or Matomo “client ID”);
Your IP address;
Information about your browser and operating system (user-agent, screen resolution, language settings);
The domain name or URL of each visited page;
The referring page (referer), if any;
Optionally, a user ID assigned by the website publisher;
Event or activity data (e.g., page views, order-related info);
IP-based geolocation performed by Google or via the site form to locate the nearest installer, with your consent;
Data derived from your use of our Services, obtained through scripts, pixels, and/or redirection from third-party websites. These technologies enable our service providers to collect certain information, such as browser type and the referring web page. These third parties process such data for purposes such as security, auditing, statistics, research, and reporting in connection with our Services or advertisements. We do not share your identifying data with these providers.
Your topic preferences regarding Group activities, if you choose to share such information with the Data Controller;
The content of your message if you send one using a contact form or another channel;
Banking data (e.g., IBAN, credit card identifiers);
Data related to products or services subscribed with or marketed by an Entity, including energy consumption data, equipment operating data, invoice and payment information, customer relationship tracking, submitted reviews, and complaint management.
Under no circumstances can the Data Controller be held liable for any breach of the Policy by the User or by a third party not acting as a subcontractor of the Data Controller.

 
ARTICLE 3. PURPOSES AND LEGAL BASES FOR DATA PROCESSING
3.1 Necessity of Data Collection
In the context of using a Service, completing a contact form, entering into a contractual or professional relationship with the Data Controller or another Entity, applying for a position with the Data Controller, or visiting its premises, you may be asked to provide personal data (that may identify you directly or indirectly). If you do not provide the requested information, you may be unable to access certain parts or features of the Service or other activities (e.g., job application processes).

Whether the requested personal data is mandatory or optional will be indicated at the time of collection.

3.2. Purposes of Data Processing and Corresponding Legal Bases
The User’s personal data is collected for specific, explicit, and legitimate purposes. Depending on the case, personal data may be used for the following purposes:

To manage your membership in potential loyalty programs (based on your consent or as necessary for the preparation or execution of your membership contract and the management of your account and associated benefits);
To manage your participation in potential contests or sweepstakes (based on your consent or as necessary for your application or execution of your participation contract and related account and benefit management);
To create and manage your account when using a Service and to ensure optimized and secure operation, as well as continuous improvement of the Service and its features (based on your consent or the legitimate interest of Muller Services in ensuring the best performance and quality of the Service, including through usage statistics or implemented security measures);
To create and manage your account in the context of off-Service activities and to ensure optimized and secure operation and continuous improvement of those activities and their features (based on your consent or the legitimate interest of the Data Controller in ensuring the best performance and quality of the activity, including through usage statistics or security measures);
To respond to your requests for information or content (based on your consent as expressed by submitting your request);
To perform statistical analyses, studies, and other commercial promotion actions (based on the Data Controller’s legitimate interest in promoting its activities or your consent if required by Applicable Regulations). If your connection data is used, it will be anonymized before being stored for statistical purposes;
To provide information about the Data Controller or another Entity, or about their activities, products, and services, and to promote them or those of their partners (based on the legitimate interest of the Data Controller to communicate effectively, or your consent if required by Applicable Regulations);
To conduct commercial operations, including with partners, related to the sale and use of products and services marketed by any Group Entity and/or those partners, in collaboration with such Entities (based on the legitimate interest of the Data Controller to promote and enhance the quality of these products and services, or your consent if required by Applicable Regulations);
To manage relationships with customers, partners, or suppliers:
(i) in the case of an independent customer, partner, or supplier: based on the performance of pre-contractual measures or a contract to which the person is a party, or the legitimate interest of the Data Controller to ensure the best quality of products and services, or your consent;
(ii) in the case of legal representatives or other individuals acting on behalf of customers, partners, or suppliers: based on the Data Controller’s legitimate interest in ensuring the best quality of products and services, or your consent;
including, but not limited to:
Following up on your orders;
Connecting you with installers, service providers, or other partners related to the marketed products or services;
Providing after-sales service;
To manage and respond to requests to exercise your rights (based on the Data Controller’s legal obligations);
To detect potential abusive or fraudulent activities on the Service or in the context of another activity (based on the legitimate interests of the Data Controller to ensure security);
To ensure compliance with legal obligations (based on the Data Controller’s legal obligations);
To handle disputes or legal claims (based on legal obligations or, depending on the case, the Data Controller’s legitimate interest in defending itself in legal proceedings);
To interact with you or welcome you in the event of your visit to the Data Controller’s premises (based on your consent, the legitimate interest of the Data Controller in ensuring site security, or the execution of a contract, pre-contractual measures, or legal obligations);
To manage recruitment processes if you apply for a position within the Data Controller (based on your consent to participate in a selection process or the Data Controller’s legitimate interest in responding to your application).
ARTICLE 4. DATA RETENTION PERIODS
The Data Controller retains Users' personal data only for the time necessary to fulfill the purposes for which it was collected, subject to legal archiving options and obligations to retain certain data (in particular, in the event of litigation or pre-litigation or to respond to requests from authorized authorities), and/or to anonymization of the personal data. Retention periods may vary depending on the purpose pursued. The Data Controller applies, in particular, the following retention periods (without prejudice to legal archiving or retention requirements unless the data is otherwise deleted by the Data Controller):

For identification and contact data related to your information requests: the data is retained while you remain active, for a maximum of three (3) years from your last contact request.
For managing requests to exercise your rights: the data is retained for as long as necessary to process the request.
For tracking tools and data collected through them: information stored on the User’s device or any other element used to identify and enable traceability, including raw usage data associated with an identifier, is kept for a maximum of thirteen (13) months from the placement of the associated cookie.
For IP addresses: they are immediately anonymized after collection and used only for statistical purposes.
For data related to the contact form (identity, contact details, professional information, etc.): the data is retained for the time necessary to process the subject matter of the message sent via the form.
For data related to relationships with customers, partners, or suppliers: the data is retained for three (3) years from the last contact or the end of the relevant contract.
For data submitted via the candidate selection form: all CVs received are automatically deleted two (2) years after receipt, unless you request your CV to be deleted earlier. If you would like it to remain in the Data Controller’s database beyond this period, you will need to resubmit an updated version of your CV.
ARTICLE 5. DATA RECIPIENTS
Your data may only be disclosed to the following recipients or categories of recipients, within the limits of their respective responsibilities and only insofar as such disclosure is strictly necessary to achieve the purposes outlined in Article 3 of this Policy:

Authorized personnel of the Data Controller’s marketing, administrative, legal, compliance, finance, and IT departments;
Individuals in charge of internal and external audit functions;
Other entities within the Group;
Partner installers or service providers acting as subcontractors for services sold by an Entity, or other service providers related to these products or services;
Operators of third-party social networks (such as Google, LinkedIn, Facebook, Pinterest, etc.) for the purpose of personalized audience targeting via social media platforms;
The hosting provider for the intuis and Noirot websites, namely:
AMAZON WEB SERVICES EMEA SARL, a Luxembourg-based company with share capital of 25,000 euros, registered with the Trade and Companies Register under number 831 001 334 RCS Nanterre, headquartered at 38 avenue John F. Kennedy – L 1855 Luxembourg, LUXEMBOURG.

We may also share data in response to legal or regulatory requirements, court decisions, subpoenas, or legal proceedings if required by applicable law, and in cases where the Data Controller transfers all or part of its assets to a third-party company.

Under no circumstances does the Data Controller sell or rent your personal data to third parties for their own purposes.

ARTICLE 6. USER RIGHTS
6.1. Your rights regarding the processing of your data
In accordance with the Applicable Regulations and within the conditions and limitations set forth therein, each User has all or part of the following rights:

Right of access to request confirmation of whether personal data concerning them is being processed and, if so, to access such data and certain information about its processing (Art. 15 GDPR).
Right to rectification of inaccurate or incomplete data (Art. 16 GDPR).
Right to erasure of their data (in cases provided for under Art. 17 GDPR).
Right to withdraw consent for data processing (only where the legal basis for processing is consent) (Art. 7 GDPR).
Right to restriction of processing (in cases provided for under Art. 18 GDPR).
Right to object to the processing of their data (only where the legal basis for processing is the legitimate interest of Muller Services, and subject to the User demonstrating reasons relating to their particular situation) (Art. 21.1 GDPR).
Right to object to the processing of their data for marketing purposes, including profiling (Art. 21.2 GDPR).
Right to data portability for data the User has provided (only where the legal basis for processing is consent; the contract legal basis, another possible basis for exercising this right, is not applicable in this case) (Art. 20 GDPR).
Right to define instructions on what happens to the User’s personal data after their death and to designate who, if anyone, Muller Services should share their data with (Art. 85 of the French Data Protection Act).
6.2. How to exercise your rights
If the User wishes to exercise one of the above rights, they may contact the Data Controller using one of the methods listed below, specifying their identity and the exact nature of their request (proof of identity may be requested if there is any doubt about the requester’s identity).

For the processing of your data via Services or outside of Services, you may contact the Data Controller through one of the following methods depending on the relevant Entity:

By email, for all Entities: dpo@groupe-intuis.fr (for optimal processing, please specify the relevant Entity and, if applicable, the relevant Service or activity concerned by your request);
By postal mail, according to the Data Controller in charge of your data for the relevant Service or for processing outside of Services:
intuis SERVICES, 28 rue de Verdun – 92150 SURESNES
intuis-Thermo, 28 rue de Verdun – 92150 SURESNES
intuis-Elec, 28 rue de Verdun – 92150 SURESNES
intuis & Cie, 28 rue de Verdun – 92150 SURESNES
For cookie and tracking tool management, please refer to Article 7 below.

The Data Controller commits to responding as soon as possible and, in any case, within one (1) month from receipt of your request.

If necessary, this period may be extended by two (2) months, depending on the complexity and number of requests received. In such cases, you will be informed of the extension and the reasons for the delay.

If your request is made electronically, the response will also be provided electronically when possible, unless you expressly request otherwise.

If we are unable to respond positively to your request, we will inform you of the reasons, and you will have the right to file a complaint with a supervisory authority and/or seek judicial remedy.

In particular, if after contacting the Data Controller and despite our efforts, the User still believes their rights are not being respected, they may file a complaint with the competent supervisory authority. In France, this is the Commission Nationale Informatique et Libertés (CNIL): https://www.cnil.fr/fr/plaintes.

ARTICLE 7. COOKIES
When browsing any of the Services, cookies may be placed on your device (computer, mobile phone, tablet), subject to the choices you have expressed and which you may modify at any time.

A cookie is a small text file containing information related to browsing a website, primarily intended to improve user experience and enable the delivery of personalized services.

Some of these browsing tracking tools are strictly necessary for the operation of the Service and are therefore exempt from consent, as they are essential to ensure access and stable functioning of the Service. Others are subject to the User’s consent.

Cookies on computers are managed by the internet browser.

Cookies may be session-based (deleted automatically upon closing the browser) or persistent (retained on the device until they expire).

Below are the cookies used by our Services:

Essential cookies: cookies related to login and connection

Youtube
Google ReCaptcha
i18n: cookie used to detect the User's preferred language
cookie_brands: functional cookie to show or hide the Group brands pop-up
Matomo
Google Analytics
How to accept or refuse cookies?

You can configure your browser to either allow cookies to be stored on your device or to reject them, either systematically, depending on the issuer, or to notify you when a cookie is being stored to allow acceptance or refusal.

However, deleting all cookies used by the browser, including those from other websites, may lead to the alteration or loss of certain settings or stored information.

Each browser's settings are different. You should follow the instructions provided by the publisher of your browser:

Internet Explorer: [click here to learn more]
Safari: [click here to learn more]
Chrome: [click here to learn more]
Mozilla Firefox: [click here to learn more]
Opera: [click here to learn more]
For more information about cookies and how they work, please visit the “How it works” section on the CNIL website available here.

 
ARTICLE 8. TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION
For certain purposes listed in Article 3.2 of this Policy, we may transfer your personal data (connection and browsing data) to recipients located in countries other than your country of residence, including outside the European Union.

These transfers are carried out to provide you with our products and services, to properly execute your contract(s) with an Entity, for personalized audience targeting, or because service providers to the Group operate from various countries outside the European Union, including the United States of America.

If such transfers are necessary to meet these needs, the Data Controller ensures that the recipient is located in a country that has received an adequacy decision from the European Commission or that appropriate technical and organizational measures are implemented to ensure that personal data transferred to those countries receives adequate protection in accordance with the provisions of the Applicable Regulations.

 
ARTICLE 9. POLICY UPDATES
The Data Controller reserves the right to modify or update this Policy at any time. Changes or updates will take effect immediately upon being published on the Services, or, in the case of a contractual relationship, as soon as they are communicated by any means, particularly via email. If these changes are significant and impact your obligations, the Data Controller will inform you and obtain your consent if required by the Applicable Regulations. You agree to review this Policy each time you use a Service. The applicable version will be the one in effect at the date of the Service visit.

 
ARTICLE 10. APPLICABLE LAW AND DISPUTE RESOLUTION
This Policy is governed by French law, except where mandatory provisions of another country’s law apply due to the User’s place of residence.

In case of a dispute, and if an amicable resolution cannot be reached, the competent court will be the one determined in accordance with applicable procedural rules.