Stromfee · AI Energy Management

GDPR-compliant AI for swimming pools, hotels and wellness centres

AI can lower the energy costs of pools, saunas, ventilation and hot water — but only if it is clear which data it actually needs. This page outlines the process Stromfee follows: separate technical data from personal data, define a legal basis per group of people, check whether a data protection impact assessment is required, and run the AI locally. It is a general process description, not legal advice in an individual case — the operator involves their data protection officer.

Separate technical data from personal data

Energy optimisation of a pool works on technical data: pump speeds, flow temperatures, heat demand, ventilation runtime, sauna heating cycles and electricity prices. None of this identifies a guest. The starting point of a GDPR-compliant setup is to keep this technical layer separate from personal data such as guest profiles or booking records.

In a hotel or wellness pool the guest and booking data stay in their own systems and are not touched by the energy AI. The same path used in a municipal bath — measure, plausibilise, digitalise, add an AI assistant, run it locally — lowers the energy costs of pool, sauna, ventilation and hot water without accessing guest or booking data.

A legal basis for each group of people

Where personal data is unavoidable, GDPR requires a defined legal basis for each group affected — staff, guests, members. The basis differs by group and by purpose, which is why it is set per target group rather than once for the whole system.

Because this is a legal assessment for the specific site, the operator involves their data protection officer. Stromfee describes the process; it does not provide legal advice in the individual case.

Check whether a data protection impact assessment is needed

Before deploying, the operator checks whether a data protection impact assessment (DPIA) is required for the planned processing. This DPIA check is part of the standard process, not an afterthought.

Keeping the energy AI on the technical data layer — pump, heating, ventilation and price signals — is what keeps this assessment narrow, because the system is not built around identifying or profiling individuals.

On-premise AI as the most privacy-friendly route

Running the AI locally, on site, is the most data-protection-friendly option: the data used for optimisation does not have to leave the building for a cloud service. Stromfee's stated approach is local, edge-based AI operated in a GDPR-compliant way.

This edge setup lets the assistant work on live technical readings without exporting them, which reduces the surface where personal data could be exposed and keeps the technical and personal layers physically apart.

What the AI optimises in pool, sauna and ventilation

On the technical layer the assistant analyses bathing patterns and adjusts pump speed via VFD control, which Stromfee reports can cut pump electricity by about 55%. Heating is managed by forecasting heat demand from weather and occupancy and running the heat pump during low electricity prices, reported at around 60% lower heating costs.

Presence-based control activates jets, steam and lighting only when the wellness area is in use (about 45% lower attraction costs), and the AI builds a sauna and preheating schedule. In hotels, related measures such as intelligent preheating with occupancy forecasting and night setback, plus laundry load shifting into low-price hours, follow the same principle of acting on technical and price data only.

AI Act labelling and responsibility

Where the system interacts in a way that falls under transparency duties, it is labelled accordingly under Article 50 of the AI Act. This labelling is part of the same process description.

The overall setup remains a general process, not legal advice for a specific case. Responsibility for the legal assessment stays with the operator, who binds in their data protection officer; contact for the process is HR Energiemanagement.

FAQ

Does the energy AI see guest or booking data?

No. In a hotel or wellness pool the guest and booking data stay in their own systems and are kept separate. The energy AI works on technical data such as pump speeds, flow temperatures, heat demand and electricity prices, which do not identify individuals.

Is running the AI in the cloud required?

No. Stromfee's approach is local, edge-based AI. Running it on site is the most data-protection-friendly route because the technical data used for optimisation does not have to leave the building for a cloud service.

Is a hotel or wellness pool treated differently from a municipal bath?

The path is the same. A hotel or wellness pool has the same trades — pool, sauna, ventilation, hot water — and follows the same steps: measure, plausibilise, digitalise, add an AI assistant, run it locally, with guest and booking data kept separate.

Does this page replace legal advice?

No. It is a general process description covering data-type separation, legal basis per group, the DPIA check, on-premise operation and AI Act labelling. The operator involves their data protection officer for the assessment in the individual case.