Internet of Things Privacy Policy

Please see below our Internet of Things Privacy Policy for all Glen Dimplex Heating and Ventilation (GDHV) brands.

Open all Close all

1. General

  • This Privacy Notice for the the mobile apps in the Glen Dimplex IOT platform provides information about how we process your personal data.  The information below applies to Glen Dimplex UK, Glen Dimplex Americas, Glen Dimplex Germany and Glen Dimplex Nordic. All are part of the Glen Dimplex Group of Companies (“Glen Dimplex”).
  • Glen Dimplex ("us", "we" or "our") is committed to protecting and respecting your privacy. This Privacy Notice sets out the basis on which any of your personal data will be processed by us. Please read this IoT Privacy Notice carefully to understand our treatment and use of your personal data as the controller and how we will use, store, disclose or otherwise process it.
  • In this Privacy Notice, references to “you” means the person whose personal data we collect, use and process.
  • In this Privacy Notice, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal data.
  • This Privacy Notice outlines the steps we take to ensure that the processing of your personal data adheres to relevant national, regional and state data protection and privacy legislation. This includes General Data Protection Regulation or GDPR, The Californian Consumer Privacy Act (CCPA) and The Personal Information Protection and Electronic Documents Act (PIPEDA).
  • For the purposes of Data Protection Law, the controller is Glen Dimplex.

2. Processing of your personal data

The personal data we collect helps us manage our relationship with you, e.g. collection of appliance data to provide remote diagnostics service, but also to comply with our legal obligations or for the conduct of our business. The personal data we collect, the basis of processing and the purposes of processing are detailed below.

 

Personal Data Processed Legal Basis Of Processing Purpose Of Processing

Registration Data which is:

  • Name (first name, last name)
  • Email address

It is necessary for the performance of our contract with you, or to take steps for entering into our contract with you.

1. Provide a unique login account.

2. Linking of products to user accounts.

3. System Notification to users.

Device Data:

including Lan / internal IP address, external router WIFI SSID, external router LAN / internal IP Address, manual proxy settings.

It is necessary for the performance of our contract with you, or to take steps for entering into our contract with you.

4. To identify location to display the correct languages and screens on the device.

5. To review the services provided to you and to analyse relevant information in order to determine whether any changes/improvements are required for the service.

Location Data:

Using Bluetooth low energy (BLE)

Where you have consented to such processing. You have the right to withdraw your consent at any time.

6. To provide location enabled services via BLE for the app to function correctly.

 

Most of the personal data we process is collected from you when you register an account with us, but we also obtain personal data about you in the course of the performance of your contract with us, including the collection of personal data in order to provide device control functionality.

 

A failure to provide the personal data requested will prevent Glen Dimplex from performing its contract with you.

3. Sharing your personal data

Our Group Companies

 

Personal data will only be shared across the Glen Dimplex Group in certain circumstances and where lawful to do so, i.e. it may be necessary to share your personal data with other members of the Glen Dimplex Group, which includes our ultimate holding company and its subsidiaries for the purposes of our business management, including workforce management and administration, management information, forecasting and other related functions.

 

Access rights between members of the Glen Dimplex Group are limited and granted only on a need to know basis, depending on job functions and roles.

 

Disclosures to Third Parties

 

In order to provide you with our services, carry out our activities and to comply with legal obligations, we may share your personal data with certain third parties such as:

  • service providers, agents and advisors appointed by us;
  • analytics and search engine providers who assist us in the improvement and optimisation of the app;
  • business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you;
  • if we are involved in a sales of assets, merger, acquisition, business transfer, or other change of control, we may share your personal data with other entities involved and will require any such successor business entity to honor this Privacy Notice;
  • local law enforcement, local authorities, the Revenue Commissioners, the courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime;
  • others who work for us in connection with the provision of products and/or services to you; and
  • as otherwise permitted or required by applicable law.

4. Marketing

  • We will only use your personal data for our own marketing purposes where you have explicitly opted in via an easy to understand pop up on the app.
  • We will not share your personal data with any third parties for marketing purposes.
  • We will not sell your personal data to any third party.

5. Security of your personal data

We operate and use appropriate technical and physical security measures to protect your personal data.

 

We have in particular taken appropriate security measures to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.

 

No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.

6. Cross border transfers of your personal data

EU/EEA residents

 

All personal data is stored on servers in the European Union , no personal data is transferred outside of the EU/EEA.

 

USA and Canada residents

 

Your personal data is shared and stored on servers in the European Union.
If you would like to see a copy of any relevant provisions, please contact the data protection lead using the details set out in section 12.

7. Children’s data

We understand the importance of protecting children's privacy, especially in an online environment. Our Online Services are not intentionally designed for or directed at children under the age of 16. It is our policy never to knowingly collect or maintain information about anyone under the age of 16.

8. How long we keep your data

We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information.

 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

 

In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

9. Your rights

EU/EEA residents

 

You have various rights in relation to your personal data. In particular, you have a right to:

  • obtain confirmation that we are processing your personal data and request access to a copy of the personal data we hold about you;
  • be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from where it was obtained);
  • ask that we update or erase the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
  • ask that we delete or erase personal data that we hold about you, or restrict the way in which we use such personal data;
  • withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent);
  • receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract); and
  • object to our processing of your personal data.

We will endeavour to respond within a reasonable period and in any event within one month in compliance with Data Protection Law. We will comply with our legal obligations as regards your rights as a data subject; and

 

We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change using the contact details set out in section 12.

 

USA residents

 

Depending on the jurisdiction in which you are located, you may have the right to request that we modify, delete, or stop processing your personal information,

 

You may also have the right to request that we provide the following information regarding the personal information we hold about you:

  • The categories and/or specific pieces of personal information we collected
  • The categories of sources from which personal information is collected
  • The business or commercial purpose for collecting personal information
  • The categories of third parties with whom we shared personal information

To exercise any of your rights under applicable law described above regarding your personal information, please contact us using the details set out in section 12.

 

California residents

 

The California Consumer Privacy Act provides Californian consumers with additional safeguards for protecting their personal information (PI).

 

PI includes information that identifies, describes, or could reasonably be linked with a consumer or their household.

 

You can request

  • access to the PI that we have collected about you
  • that we delete PI collected about you 

To make any of these requests or for any related query you can contact us using the details set out in section 12.

 

Canada residents

 

You have various rights in relation to your personal data. In particular, you have a right to:

  • obtain confirmation that we are processing your personal data and request a copy of the personal data we hold about you
  • ask that we update the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete
  • ask that we delete personal data that we hold about you, or restrict the way in which we use such personal data
  • withdraw consent to our processing of your personal data (to the extent such processing is based on consent)
  • to the extent prescribed by applicable law, receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract)
  • object to our processing of your personal data.

To exercise any of your rights under applicable law described above regarding your personal information, please contact us using the details set out in section 12.

10. Your right to lodge a complaint with a Supervisory Authority

You can lodge a complaint with your relevant supervisory authority if you consider that our processing of your personal information infringes applicable law.

 

Contact details for all EU supervisory authorities can be found at the following link: https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080.

 

You can lodge a complaint with Canada’s federal Privacy Commissioner here: https://www.priv.gc.ca/en/report-a-concern/file-a-formal-privacy-complaint/. You may also direct your inquiry/complaint to the relevant Information and Privacy Commissioner in your jurisdiction of residence.

11. Changes to this Privacy Notice

We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post these changes here and update the “Last Updated” date at the bottom of this Privacy Notice. If at any time we decide to use your personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you in writing, and you will have a choice as to whether or not we use your Data in the new manner in accordance with your rights under Data Protection Law.

12. Contact us

You can contact us to update your preferences, correct your information, submit a request, or ask us questions at the below email and/or postal address:

 

Email: Data.Privacy@glendimplex.com

 

Address: Data Protection Lead, Glen Dimplex, Old Airport Road, Cloughran, Co. Dublin, Ireland, K67 DT89.

 

You can also contact us at your nearest regional Dimplex office, so we can ensure that your request or query will be handled by the data protection team based in your region. You can find the appropriate office at the following link: https://www.glendimplex.com/brands/dimplex.

Last updated: 14/12/2020