Internet of Things Privacy Policy

Last updated: 25 July 2023

Open all Close all

1. General

  • This Privacy Notice applies to the processing of your personal data in connection with your use of the Apps in the Glen Dimplex IOT Platform and provides information about how we process your personal data.
  • Glen Dimplex is committed to protecting and respecting your privacy. For the purposes of applicable Data Protection Law, the controller (or its equivalent under the applicable Data Protection Law) is Glen Dimplex Ireland Unlimited Company, Old Airport Road, Cloghran, Co Dublin, K67 VE08 (“GDI”, "us", "we" or "our").
  • This Privacy Notice sets out the basis on which any of your personal data will be processed by us. The Privacy Notice should be read in conjunction with our Cookies Policy available here. Please read the Privacy Notice carefully to understand our treatment and use of your personal data as the controller and how we will use, store, disclose or otherwise process it.
  • In this Privacy Notice, references to “you” means the person whose personal data we collect, use and process.
  • In this Privacy Notice, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal data.
  • This Privacy Notice outlines the steps we take to ensure that the processing of your personal data adheres to relevant national, regional and state data protection and privacy legislation. This includes General Data Protection Regulation or GDPR (Europe), the Australian Privacy Act 1988 (Cth), the Australian Spam Act 2003 (Cth) and the New Zealand Privacy Act 2020 and the New Zealand Unsolicited Electronic Messages Act 2007 (collectively, “Data Protection Law”).
  • Capitalised terms which are not defined within this Privacy Notice shall have the meaning given to them in the Terms and Conditions of Use for Dimplex App.

2. Processing of your personal data

In this Privacy Notice we refer to the term ‘personal data’ and we mean the following when we use it as the context requires: 

  • In Europe, ‘personal data’ means any information which relates to an identified or identifiable natural person. 

  • In other regions we use personal data instead of ‘personal information’ which has the following meaning in those regions:

              In Australia, this means any information or an opinion about an identified individual, or an individual who is reasonably identifiable. 

              In New Zealand, this means information about an identifiable individual. 

What categories of personal data do we collect? 

  • Registration Data: name, email address, mobile number, country, language Code from device, GUID login 

  • Device Data: technical telemetry.  

  • Location Data: latitude and longitude coordinate parameters of the user’s device at the time of commissioning.  

  • Personal Data related to your social media accounts: where you use a third party social media account to create an Account we receive the following information: First name, last name, email address, phone number, Country (if social media account has been created with a phone number).  

  • Any other personal data which you provide us with in the course of using your services. For example, personal data relating to any queries or complaints you make.  

The personal data we collect helps us manage our relationship with you, e.g. collection of appliance data to provide remote diagnostics service, but also to comply with our legal obligations or for the conduct of our business. We rely on different legal bases to process your personal data. For each legal basis set out below, we have set out the purpose for each processing operation and the categories of personal data which is processed in respect of same.  

 

                                      Legal Basis: Necessary for the performance of our contract with you or to take steps for entering into our contract with you 

Purpose of processing Processing operation Categories of personal data

To provide you with a unique login account and to link your product to your account. 

To provide you with important messages, system notifications and functionalities including to send you site access invitations, to respond to site access requests and to transfer appliance ownership.  

To notify you of changes to the Terms and Conditions of Use and/or of downtime. 

  • We collect your name, email address and phone number and country to set up your account.   

  • We verify your email or phone number by sending you a verification email or SMS. 

  • We store and record your name, email address and phone number and Country to enable you to log in to your account.  

  • We delete your account at your request or in accordance with the terms of our Agreement. 

  • We retrieve and use your Registration Data to provide you with certain functionalities, including to enable us to respond to certain functions you enable/request (for example where you request forget me notifications).  

Registration Data which is: 

  • Name (first name, last name) 

  • Email address 

  • Mobile number 

  • Country 

  • Language Code from Device 

To maintain the App

We send users system notifications to ensure that the App is kept up to date. 

Registration Data which is: 

  • Name (first name, last name) 

  • Email address 

  • Mobile number 

  • Country 

  • Language Code from Device 

To provide the App according to your local country and language 

  • We identify your country to provide you with the available social media providers in your country so that you can choose to use such applicable social media accounts to log in to the App. 

  • We identify your locale code from your device to display the APP in the correct language. 

 

  • Country and Locale Code from Device 

To provide you with energy reporting services 
  • We collect and use your device data to provide you with the energy reporting services 
  • Device Data 

 

                                     Legal Basis: Legitimate Interests 

Purpose of processing  Legitimate Interests Processing operation Categories of personal data 

To carry out business analytics and improve our Apps 

  • Our interests to measure the use of the App in order to inform and improve the App and to enable accurate reporting.  

  • Our interests to improve the customer experience while using the App to improve customer satisfaction.

 

  • We review the services provided to you and to analyse relevant information in order to determine whether any changes/improvements are required for the service 

  • GUID for login 

   You have the right to object to, and seek restriction of, this processing. To exercise your rights, please see section 11 ‘Your Rights.’ 

 

                                   Legal Basis: Consent 

Purpose of processing  Processing operation Categories of personal data 

To provide location enabled services via BLE for the app to function correctly 

  • We require location services to be switched ON to enable us to perform a Bluetooth scan for nearby products, to allow the product to be added 

 

Location data: Using Bluetooth low energy (BLE) 

To allow us to map where all connected assets are to assist servicing 
  • When sites in the App are created or products added to the App we collect the location 
Location data 

   You have the right to withdraw your consent for this processing. To exercise your rights, please see section 11 ‘Your Rights.’ 

 

Most of the personal data we process is collected from you when you register an account with us, but we also obtain personal data about you in the course of the performance of your contract with us, including the collection of personal data in order to provide device control functionality.  

You are required to provide Registration Data and Device Data in order to use the App. If you do not provide your Registration Data you will not be able to register an account with us and you will not be able to use the App. We require your Device Data in order to enable us to provide you with energy reporting services and without this data we are unable to provide those services.   

You may decide not to provide your Location Data to us. However, failure to provide such personal data requested may prevent the App from functioning as intended and Glen Dimplex shall not be liable for being unable to perform its contract with you in accordance with the Terms of Use.    

If we offer and you choose to use third-party social media services like Facebook to access or use the mobile apps, the social media service may send personal data about you to us. To the extent we combine such third-party sourced information with personal information, we collect directly from you, we will treat the combined information as personal data under this Privacy Notice. If we discontinue use of any third-party social media services, you understand that we may nevertheless retain any personal data, and other information and data, we may have already received in connection therewith in accordance with this Privacy Notice. 

We do not use automated decision-making/profiling in the administration of the contractual relationship. 

3. Sharing your personal data

Our Group Companies

GDI is one of the Glen Dimplex Group companies. Personal data will only be shared across the Glen Dimplex Group in certain circumstances and where necessary to do so. We share your personal data with members of the Glen Dimplex Group through a secure internal web portal to enable us to provide you with the App services.

Access rights between members of the Glen Dimplex Group are limited and granted only on a need to know basis, depending on job functions and roles.

For the purposes of this section, a list of the companies within the Glen Dimplex Group to whom we may share your personal data with is available in Appendix 1.

Disclosures to Third Parties

In order to provide you with our services, we share your personal data with the following third parties:

 

Third Party  Purpose (why?)  Categories of Personal Data  

Energy Suppliers

Where you enter into an agreement with an energy supplier that allows/requires your appliances to be controlled remotely by them, we will share limited data with the supplier to facilitate this on your behalf

Depending on the circumstances, personal data may include:

  • Location Data
  • Device Data
Legal Advisors   To enable our legal advisors to provide us with legal advice. 

Depending on the circumstances, personal data may include: 

  • Registration Data 

  • Location Data 

  • Device Data 

  • Any other personal data which you provide us with in the course of using your services 

Analytics and search engine providers  To assist us in the improvement and optimisation of the app. 
  • Registration and Device Data  
Suppliers IT Cloud provider (for service support purposes only, where there are issues with the hosted cloud services).  
  • Registration and Device Data 
Future potential purchaser  If we are involved in a sales of assets, merger, acquisition, business transfer, or other change of control, we may share your personal data with other entities involved and will require any such successor business entity to honor this Privacy Notice 
  • Registration Data 

  • Location Data 

  • Device Data 

  • Any other personal data which you provide us with in the course of using your services 

Local law enforcement  To enable us to respond to applicable law or regulations, court orders or government requests. For example, where we are required to provide information under the Companies Act 2014, the Competition and Consumer Protection Act 2014 or the Data Protection Acts 1998 to 2018.
  • Registration Data 

  • Device Data 

  • Location Data 

The Revenue Commissioners  Where we are required to provide information to assist in the investigation or prevention of fraud or other illegal activity.  
  • Registration Data 

  • Device Data 

 

4. Marketing

  • We will only use your personal data for our own marketing purposes where you have explicitly provided us with your consent.
  • We will not share your personal data with any third parties, other than our corporate group members, for marketing purposes.
  • We will not sell your personal data to any third party.

You can ask to be removed from our marketing list at any time by contacting us directly using the details set out at the bottom of this Policy Notice.

5. Third party links

Our mobile apps may include links to other websites, plug-ins and applications provided by others, including those acting on our behalf. Clicking on those links or enabling those connections may allow third parties to collect or share data about you, and have their own privacy policies. We do not control third party websites, plug-ins and applications and are not responsible for their privacy policies or actions and do not endorse them. When you leave our mobile apps, we encourage you to read the privacy policy and terms of use of every website you visit.

6. Cookies

Our Apps in the Glen Dimplex IOT Platform uses cookies, as set out in the Dimplex App Cookie Policy which is incorporated automatically by reference into this Privacy Notice and forms a part of it.

7. Security of your personal data

We operate and use appropriate technical and physical security measures to protect your personal data.

We have in particular taken appropriate security measures aimed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

8. Cross border transfers of your personal data

Your personal data is shared and stored on services in the European Economic Area. We do not transfer your data outside of the EEA.

Glen Dimplex will take reasonable steps to ensure that your personal data will be stored in a secure and encrypted form and handled in accordance with applicable Data Protection Law aimed to minimise the risk of unauthorised access to, and loss, misuse or wrongful alteration of, your personal data.

9. Children’s data

We understand the importance of protecting children's privacy, especially in an online environment. Our Apps are not intentionally designed for or directed at children under the age of 18. It is our policy never to knowingly collect or maintain information about anyone under the age of 18.

10. How long we keep your data

We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information.

To determine the appropriate retention period for personal data, we consider:

  1. The amount, nature, and sensitivity of the personal data and why it is collected and processed. For example:
  • We keep Registration Data for as long as your account remains active. We keep this so that you can access your account and we can maintain your account.
  • We keep Device Data for as long as your account remains active.
  • We keep Location Data for as long as is necessary to provide you with optional features as long as your account remains active and your consent remains valid.
  1. Applicable legal requirements. For example:
  • We keep relevant personal data where it is necessary for reasons related to a legal claim or complaint, such as where we are subject to an investigation by a regulatory authority or where we are engaged in legal proceedings with respect to a claim related to your personal information or a claim brought by you.

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

11. Your rights

EU/EEA residents

You have various rights in relation to your personal data. In particular, you have a right to:

  • obtain confirmation that we are processing your personal data and request access to a copy of the personal data we hold about you;
  • be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from where it was obtained);
  • ask that we update or erase the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • ask that we delete or erase personal data that we hold about you, or restrict the way in which we use such personal data;
  • withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent). If you withdraw your consent, this will only take effect for the future;
  • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
  • object to our processing of your personal data; and
  • to lodge a complaint Irish Data Protection Commission using the contact details provided in section 12 below.

We will endeavor to respond within a reasonable period and in any event within one month in compliance with Data Protection Law. We will comply with our legal obligations as regards your rights as a data subject; and

We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change using the contact details set out in section 12.

Australian residents

You have rights in relation to your personal data, including to:

  • complain to the Office of the Australian Information Commissioner (OAIC), who may be contacted using the details under section 12 below;
  • access or correct your personal data that we hold about you; and
  • withdraw consent to use or process your personal data.

If you withdraw your consent, you should be aware that we may in some circumstances be required to continue to hold and process your personal data to fulfill our legal obligations.

Generally you will not have to pay a fee to access your personal data (or to exercise any of your other rights), however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help speed up our response.

We will try to respond to all legitimate requests by you, regarding your personal data within thirty (30) days after receiving them. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will let you know and keep you updated.

New Zealand residents

The Privacy Act 2020 gives you certain rights to access and correct your personal information.

You can request to access the personal information we hold about you or correct your personal information if you think it is wrong, incomplete or out of date.

If you formally ask for your personal information under the Privacy Act 2020, we may charge you for that access, or for giving you copies of your information. We will try to respond to all formal requests by you, regarding your personal data within twenty (20) working days after receiving them.

If we do not hold the information to which your request relates, but we believe that the information is held by another organisation, or is more closely connected with the functions or activities of another organisation, we will let you know within ten (10) working days after receiving your formal request.

Occasionally it may take us longer if your request is particularly complex, consultation is necessary or your request involves large quantities of information or necessitates a search through large quantities of information. In this case, we will let you know if we need to extend these time limits.

If we can’t give you access to your personal information for any reason, or if we disagree that your personal information needs to be corrected, we’ll inform you why.

If you are unhappy with our response, you can make a complaint to the Privacy Commissioner in respect of our refusal using their online form.

You may also contact us in regards to any questions you may have about this notice. In order for residents from the above regions to exercise any rights under the applicable, please contact us using the details set out in section 16.

12. Your right to lodge a complaint with a Supervisory Authority

You can lodge a complaint with your relevant supervisory authority if you consider that our processing of your personal information infringes applicable law.

The Irish Data Protection Commission’s contact details can be found here

Contact details for all EU supervisory authorities can be found at this link

You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) here or on 1300 363 992.

You can lodge a complaint with the Office of the Privacy Commissioner in New Zealand here

13. Changes to this Privacy Notice

We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post these changes here and update the “Last Updated” date at the top of this Privacy Notice. If at any time we decide to use your personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you in writing, and you will have a choice as to whether or not we use your personal data in the new manner in accordance with your rights under Data Protection Law.

14. Contact us

You can contact us to update your preferences, correct your information, submit a request, or ask us questions at the below email and/or postal address:

Email: Data.Privacy@glendimplex.com

Address: Data Protection Lead, Glen Dimplex, Old Airport Road, Cloughran, Co. Dublin, Ireland, K67 DT89.

You can also contact us at your nearest regional Dimplex office, so we can ensure that your request or query will be handled by the data protection team based in your region. You can find the appropriate office at the following link

Appendix 1

The Glen Dimplex Group consists of the following entities:

  • Glen Dimplex Ireland Unlimited Company, with its registered address at Old Airport Road, Cloghran, Co Dublin, K67 VE08
  • Glen Dimplex UK Ltd, with its registered address at Millbrook House, Grange Drive, Hedge End, Southampton, Hampshire, SO30 2DF; and
  • Muller Intuitiv, with its registered address at 107, boulevard Ney, 75018 Paris, France