VELUX Privacy Notice


All companies in the VELUX Group respect and protect your privacy. This VELUX Privacy Notice (‘Privacy Notice’) is meant to help you understand why we collect personal data about you, the types of personal data we collect, how we collect it and for how long we keep it, with whom we share it, as well as your rights. We also explain how we keep your data secure.


This VELUX Privacy Notice complies with the Personal Information Protection and Electronic Documents Act 2000 and Privacy Act 1985 (“PIPEDA”).


A picture containing symbol  Description automatically generated

We, VELUX Canada Inc. (Hereinafter ‘VELUX’), with its registered office at 2740 Sherwood Heights Drive Oakville, Ontario L6J 7V5, under registration number 78150505, is the data controller for your personal data.


Why do we process personal data and the lawful bases for collection


The main reason we collect, use, and store your data is to allow us to provide our services to you. “Service”, “our service” and similar descriptions mean conducting business with you/your organisation and assisting you with inquiries, sales processes, and claims.


We also process information about your use of the services for business development purposes, to inform you of our business operations, products, and services through marketing, and to improve our services through any feedback you give us. We may also process your personal data for contractual and recruitment purposes and to comply with legal obligations.


We process personal information with consent except where otherwise permitted or required by law. For example, we may be permitted to collect, use or disclose personal information without consent in order to fulfil an agreement with you, to operate our business, or to comply with applicable laws. Your consent may be express or implied, depending on the circumstances and the sensitivity of the personal information in question. For example, in most cases, your consent to the collection, use and disclosure of personal information by VELUX may be implied by the fact that we provide products and services, where the collection, use and disclosure of personal data relates to the performance of those services by VELUX ad described below in more detail.


A black and white symbol of a person and person  Description automatically generated with medium confidence The types of personal data we process


The following are the main types of personal data collected by VELUX, along with the main purpose and legal basis for collecting the personal data:



Types of personal data we collect

(for illustration purposes)


Legal basis

General business operations

Name, contact details and other information necessary for conducting business with you or your organisation.

As part of general VELUX business operations, we collect personal data about individuals, customers, suppliers (including third-party service providers) and other stakeholders. We may also use your data for testing systems.

Based on general business operations being a legitimate interest and necessary in ensuring business handling throughout VELUX, within what is reasonably

expected by you.

Assisting with enquiries

Name, email address, phone numbers, conversations, other contact details, photos, floor plans of your house when you

provide this to VELUX.

You may choose to provide us with personal data, such as contact details when you contact us by phone, email, post, our chatbot or by using our digital platforms available.

Based on our assistance with enquiries and contact being a

legitimate interest




This personal data enables us to respond to requests for information on such matters as VELUX products, to arrange a measure and quote for installation of VELUX products, or to arrange for a window to be serviced, or to present claims under the VELUX guarantee.


The information may be disclosed to VELUX A/S or other VELUX sales companies within the Group, relevant independent installers or dealers in order for us to assist customers with their enquiry or arrange for services or a quote.

and necessary in ensuring communication with you and throughout the organization, within what is reasonably expected by you.

We record calls for training purposes. We may also ask you to provide your feedback through surveys after the interaction.


Sales (including web sales) and order fulfilment.

Name, contact details, payment and credit card details, credit information, and credit check etc.

We may collect personal data of customers and prospective customers in order to conduct business with you or your organisation. We use your data to analyse shopping trends through your web shop activity and purchase history to provide you a personalised browsing experience. Furthermore, we use the data for processing and fulfilling web shop orders by facilitating the delivery of product orders and providing relevant customer service, including processing your returns.

Necessary for the performance of a contract to which you or the organisation you work for is a party.



We may disclose the information to dealers or independent installers and logistic partners to process a customer’s order, including arranging delivery of VELUX products to the customer or assisting with enquiries such as arranging





consultation between you and our product advisors. We also share your information with third parties for credit

check purposes.



Name, contact details, etc.

Execution of various campaigns (e.g., reward programs, cashback campaigns, sweepstakes). Acceptance of terms and conditions is collected before entry to the activity.

Necessary for the performance of a contract to which you or the organisation you

work for is a party.

Product claims

Name, contact details, etc.

Facilitate service of VELUX products under the VELUX guarantee or by paid service, i.e., we solve claims by call, email, and visits to building sites. In this connection, we may share your personal data with VELUX partners to assist you with a service.

We may ask you to provide your feedback through surveys

after the interaction.

Necessary for the performance of a contract to which you or the organisation you work for is a party.

Business development and VELUX apps

Personal data, which is collected at our digital platforms and in VELUX apps.

The personal data you provide to us, and personal data collected at our digital platforms will be used to enhance our consumer insights and drive relevant communication and offers across all touch points you may have with VELUX. Personal data will also be used for product and service development.

Based on our business development being a legitimate interest and necessary ensuring the improved effectiveness of our business operations, within what is reasonably

expected by you


Contact information,

browsing history, sales and

Based on your consent or legitimate interest, when

applicable, we process your personal data for the purpose

Based on your

informed consent



subscription service information, such as name, address, email, phone number, purchase history, unique identifiers such as cookie IDs or device IDs, tracked browsing history based on these IDs, etc.


Please be aware that this list is not exhaustive as we may process any personal information collected in connection with your interactions with our parent company, VELUX A/S, our websites, mobile applications, products, and services.

of informing you of VELUX business operations, products, and services.


For the above purposes, we create marketing, tailored to your preferences and profile, e.g.:


  • To optimise and tailor the content and delivery of our marketing communications when you want to receive them, and

  • To give you tailored marketing based on your preferences and profile, both when engaging with us on our own channels as well as via third party channels (e.g., social media, search sites, marketplaces).


If you do not wish to receive any further information, you can easily and free of charge unsubscribe from our marketing communication anytime. You will find ways to unsubscribe in connection with subscribing to or receiving marketing communication from us. You can also contact us by email or post to unsubscribe.


For some marketing activities we act as joint controller with other VELUX companies and have entered into joint controller agreements dividing the roles and responsibilities between the VELUX companies.

when legally required for sending you newsletters, or based on this being a legitimate interest necessary in sending you newsletters, within what is reasonably expected by you.

The personalisation of the marketing will be based on a legitimate interest in profiling being necessary when improving marketing impact, within what is reasonably expected by you.

Your participation in

If you have agreed to it and

We will use the photo, testimonials etc. as described in the

Necessary for the

photos, video,

sent a photo to us or if your

contract signed by you.

performance of a

testimonial and

photo is taken by a


contract with


photographer hired by us.


compensation to





which you are a party.

For our internal marketing this will be based on our marketing being a legitimate interest and necessary in using the photos etc. in internal marketing purposes, within what is reasonably

expected by you.

Website visitors, customer surveys and market research

Personal data from digital platforms or customers as part of surveys.

To improve the products and services we offer, we may collect personal data from digital platform visitors or customers as part of surveys.


We will contact you with a survey and process personal data as part of surveys through either consent or legitimate interests.


Surveys processing personal data for marketing purposes will be used only with your consent.

Based on our surveys and market research being a legitimate interest and necessary when improving products and services, within what is reasonably expected by you.

Recruitment and employment contracts

Name, contact details, working history, educational diplomas, relevant record checks, information about

professional interests, etc.

When a person applies for a job or enters into an employment contract with us, we may collect certain information such as name, contact details, information about working history, educational diplomas, relevant

Based on our recruiting being a legitimate interest and necessary in

improving a




record checks and information about professional

successful match


between our

This may be collected from the person directly, from a

company and you

recruitment consultant including references and publicly

as a candidate,

available sources.

within what is

This information is used to inform or assist us in the


decision as to make the person an offer of employment or

expected by you.

engage the person under a contract.


For further information please read our VELUX Recruitment


Notice in WorkDay.



All types of personal

We may collect personal data to comply with the law, a

Necessary for the

including anti-


court or authority’s decision and/or to disclose information

compliance with a



to relevant public authorities as required or permitted by

legal obligation to




which we are

hotline and




sanctions check





image How do we collect your personal data


Directly from you

In most cases, personal data is collected directly from you or generated as part of the use of our services, products, and channels. We collect personal data you provide to us, when you request products, services, or information from us, register with us, participate in public forums, use a chatbot or other activities on our digital platforms and apps, respond to customer surveys, or otherwise interact with us. We collect information through various technologies, e.g., cookies. For cookies, we refer to our website.

From our business partners

In some cases, we can collect your personal data from our business partners, when they need our assistance to provide you with the best possible service.


From your public website

In some cases, we collect your personal data on your company websites, when we want to offer you our services.


Links to other websites

This website contains links to other websites (such as Facebook, Google+, YouTube, and Pinterest) to which this this Privacy Notice does not apply. Please note that we do not endorse other websites and their content. We encourage you to read the privacy policies of each website you visit.


A black and white compass  Description automatically generated with medium confidenceHow long do we keep your personal data


We will only keep your personal data for as long as it is necessary for the purposes described in this Privacy Notice. This means that the retention periods will vary according to the type of the information and the reason that we have the information.


Examples of retention time:


  • Call recordings will be stored for a period of 90 days.

  • Contact details with contractual terms etc. will be stored while your account is active or for as long as needed to provide services to you.

  • We will store the photo and testimonials for as long is necessary and as described in a contract.

  • Personal data are kept until the end of a recruitment process or from withdrawal of the consent (if consent is given for future recruitments).

  • For compliance with, e.g., anti-corruption regulations, we will keep the data accordingly to laws which we are obliged to comply with.


    We will also retain your personal data where this is advisable to safeguard or improve our legal position (for instance in relation to statutes of limitations, security, litigation, or regulatory investigations).


    A picture containing circle  Description automatically generatedWho do we share your personal data with


    Our company is a part of the VELUX Group, which operates globally. We share your personal information within the VELUX Group, but only if it is necessary to fulfil the purpose for which we are processing your personal data. All entities in the VELUX Group have entered into an Intercompany Data Processing Agreement and/or joined agreement where everyone follows the same procedures when processing personal data, ensuring that the same level of security is maintained throughout the Group; dividing the roles and responsibilities between the VELUX companies. If two or more companies act as joint controllers, each of the joint controllers is obliged to independently:

  • Be the first contact for you.

  • Fulfil the information obligations referred to in this Privacy Notice.

  • Exercise your rights provided in this Privacy Notice.

  • Deal with privacy breach Notices and privacy complaints.


    We may also share your personal data with selected third parties, including but not limited to:


  • Business partners, suppliers, and sub-contractors that we cooperate with to deliver you the best services during the support and sales process, including, for example, logistic providers and outsourced customer services.

  • Technology providers, for example, analytics, tracking technologies, targeting and re-targeting technologies, and search engine providers that assist us in the improvement and optimisation of our platforms, as well as companies who provide us with website support and hosting.

  • Advertisers and advertising networks that use data to select and serve relevant adverts to you and others if you have given your consent.

  • Social networking sites such as Facebook, Instagram, and Google, if required, when processing for marketing purposes and based on your consent.

  • With other parties to ensure the safety and security of our customers, to protect our rights and property, to comply with legal processes, or in other cases if we believe in good faith that disclosure is required by law.

  • VELUX Group companies or third parties who operate digital platforms and tools on behalf of our company to provide services connected with our activities (e.g., points collection programs, cashback campaigns, sweepstakes, and training).

When we cooperate with external service providers, we enter into a data processing agreement, if relevant. These service providers are prohibited from using your personal data for purposes other than those requested by us or required by law.


Transfer to countries outside Canada


As a global organisation with offices and operations throughout the world, we will transfer personal data collected by us on an aggregated or individual level to various divisions, subsidiaries, joint ventures and affiliated companies of the VELUX Group around the world located inside or outside Canada for the purposes stated above and in accordance with applicable laws, as well as to sub- contractors to VELUX (data processors) for storage and service purposes. Your personal data will not be disclosed to anyone outside the VELUX Group unless permitted or required under applicable legislation and where necessary subject to appropriate written assurances from third parties who have access to your personal data, in which they must guarantee that they will protect the data with security measures designed to provide an adequate level of protection.


A black and white padlock  Description automatically generated with medium confidence Data security


The security, integrity, and confidentiality of your personal data is important to us. We have implemented technical, administrative, and physical security measures that are designed to protect your personal data from unauthorised access, disclosure, use, and modification. From time to time, we review our security procedures to consider appropriate recent technologies and methods. Please be aware that despite our best efforts, no security measures are perfect or impenetrable.


A black and white line art of a megaphone  Description automatically generated with low confidence

Your privacy rights


The Personal Information Protection and Electronic Documents Act 2000 and Privacy Act 1985 provides you, as the data subject, with the following rights in respect of the personal data we store about you:


Your rights

Legal basis


Access to your data


Schedule 1,

clause 4.9

You have the right to request information about whether VELUX processes personal data relating to you, and if so, you have the right to request a copy of the personal data we have processed.

There are some exemptions, which means you may not always receive all the data we process.

Request rectification


Schedule 1,

clause 4.9

At any time, you have the right to request correction of any incorrect or incomplete personal data we may process on you.

Request erasure


Schedule 1,

clauses 4.5.3

and 4.9.5

You have the right to request deletion of your personal data depending on the processing activity, and under certain circumstances, before we would normally be obligated to cease processing.

Withdraw your consent


Schedule 1,

clause 4.3.8

You have the right to withdraw your consent at any time by opting out in the e-mail or by contacting us. However, this will not affect our right to process personal data obtained prior to the withdrawal of your consent, or our right to continue parts of the processing based on other legal bases than your consent.

Right to object


Schedule 1,

clause 4.10

If you are not satisfied with how we process personal data in VELUX, you can send your objections to

If you have any questions regarding the specific personal data we process or retain about you, or if you want to exercise your rights, please contact


We will respond to your request to exercise any of your rights within one month, but we have the right to extend this period by two months. If we extend the response period, we will inform you within one month of your request.



If you consider that we have failed to resolve the complaint satisfactorily, you may file a complaint to the Office of the Privacy Commissioner of Canada. You can find the contact details of the Office of the Privacy Commissioner of Canada on their website.


Changes to this VELUX Privacy Notice


From time to time, we may change this Privacy Notice to accommodate the latest technologies, industry practices, regulatory requirements, or for other purposes. At all times, we will post the most recent version on our digital platforms. We advise you to read the Privacy Notice regularly.


This Privacy Notice was last updated: 06-06-2024