- This Privacy Notice applies to the processing of your personal data in connection with your use of the Apps in the Glen Dimplex IOT Platform and provides information about how we process your personal data.
- Glen Dimplex is committed to protecting and respecting your privacy. For the purposes of applicable Data Protection Law, the controller (or its equivalent under the applicable Data Protection Law) is Glen Dimplex Ireland Unlimited Company, Old Airport Road, Cloghran, Co Dublin, K67 VE08 (“GDI”, "us", "we" or "our").
- This Privacy Notice sets out the basis on which any of your personal data will be processed by us. The Privacy Notice should be read in conjunction with our Cookies Policy available here. Please read the Privacy Notice carefully to understand our treatment and use of your personal data as the controller and how we will use, store, disclose or otherwise process it.
- In this Privacy Notice, references to “you” means the person whose personal data we collect, use and process.
- In this Privacy Notice, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal data.
- This Privacy Notice outlines the steps we take to ensure that the processing of your personal data adheres to relevant national, regional and state data protection and privacy legislation. This includes General Data Protection Regulation or GDPR (Europe), the Australian Privacy Act 1988 (Cth), the Australian Spam Act 2003 (Cth) and the New Zealand Privacy Act 2020 and the New Zealand Unsolicited Electronic Messages Act 2007 (collectively, “Data Protection Law”).
- Capitalised terms which are not defined within this Privacy Notice shall have the meaning given to them in the Terms and Conditions of Use for Dimplex App.
2. Processing of your personal data
In this Privacy Notice we refer to the term ‘personal data’ and we mean the following when we use it as the context requires:
In Europe, ‘personal data’ means any information which relates to an identified or identifiable natural person.
In other regions we use personal data instead of ‘personal information’ which has the following meaning in those regions:
In Australia, this means any information or an opinion about an identified individual, or an individual who is reasonably identifiable.
In New Zealand, this means information about an identifiable individual.
What categories of personal data do we collect?
Registration Data: name, email address, mobile number, country, language Code from device, GUID login
Device Data: technical telemetry.
Location Data: latitude and longitude coordinate parameters of the user’s device at the time of commissioning.
Personal Data related to your social media accounts: where you use a third party social media account to create an Account we receive the following information: First name, last name, email address, phone number, Country (if social media account has been created with a phone number).
Any other personal data which you provide us with in the course of using your services. For example, personal data relating to any queries or complaints you make.
The personal data we collect helps us manage our relationship with you, e.g. collection of appliance data to provide remote diagnostics service, but also to comply with our legal obligations or for the conduct of our business. We rely on different legal bases to process your personal data. For each legal basis set out below, we have set out the purpose for each processing operation and the categories of personal data which is processed in respect of same.
Legal Basis: Necessary for the performance of our contract with you or to take steps for entering into our contract with you
|Purpose of processing||Processing operation||Categories of personal data|
To provide you with a unique login account and to link your product to your account.
To provide you with important messages, system notifications and functionalities including to send you site access invitations, to respond to site access requests and to transfer appliance ownership.
To notify you of changes to the Terms and Conditions of Use and/or of downtime.
Registration Data which is:
To maintain the App
|We send users system notifications to ensure that the App is kept up to date.||
Registration Data which is:
To provide the App according to your local country and language
|To provide you with energy reporting services||
Legal Basis: Legitimate Interests
|Purpose of processing||Legitimate Interests||Processing operation||Categories of personal data|
To carry out business analytics and improve our Apps
You have the right to object to, and seek restriction of, this processing. To exercise your rights, please see section 11 ‘Your Rights.’
Legal Basis: Consent
|Purpose of processing||Processing operation||Categories of personal data|
To provide location enabled services via BLE for the app to function correctly
Location data: Using Bluetooth low energy (BLE)
|To allow us to map where all connected assets are to assist servicing||
You have the right to withdraw your consent for this processing. To exercise your rights, please see section 11 ‘Your Rights.’
Most of the personal data we process is collected from you when you register an account with us, but we also obtain personal data about you in the course of the performance of your contract with us, including the collection of personal data in order to provide device control functionality.
You are required to provide Registration Data and Device Data in order to use the App. If you do not provide your Registration Data you will not be able to register an account with us and you will not be able to use the App. We require your Device Data in order to enable us to provide you with energy reporting services and without this data we are unable to provide those services.
If we offer and you choose to use third-party social media services like Facebook to access or use the mobile apps, the social media service may send personal data about you to us. To the extent we combine such third-party sourced information with personal information, we collect directly from you, we will treat the combined information as personal data under this Privacy Notice. If we discontinue use of any third-party social media services, you understand that we may nevertheless retain any personal data, and other information and data, we may have already received in connection therewith in accordance with this Privacy Notice.
We do not use automated decision-making/profiling in the administration of the contractual relationship.
3. Sharing your personal data
Our Group Companies
GDI is one of the Glen Dimplex Group companies. Personal data will only be shared across the Glen Dimplex Group in certain circumstances and where necessary to do so. We share your personal data with members of the Glen Dimplex Group through a secure internal web portal to enable us to provide you with the App services.
Access rights between members of the Glen Dimplex Group are limited and granted only on a need to know basis, depending on job functions and roles.
For the purposes of this section, a list of the companies within the Glen Dimplex Group to whom we may share your personal data with is available in Appendix 1.
Disclosures to Third Parties
In order to provide you with our services, we share your personal data with the following third parties:
|Third Party||Purpose (why?)||Categories of Personal Data|
Where you enter into an agreement with an energy supplier that allows/requires your appliances to be controlled remotely by them, we will share limited data with the supplier to facilitate this on your behalf
Depending on the circumstances, personal data may include:
|Legal Advisors||To enable our legal advisors to provide us with legal advice.||
Depending on the circumstances, personal data may include:
|Analytics and search engine providers||To assist us in the improvement and optimisation of the app.||
|Suppliers||IT Cloud provider (for service support purposes only, where there are issues with the hosted cloud services).||
|Future potential purchaser||If we are involved in a sales of assets, merger, acquisition, business transfer, or other change of control, we may share your personal data with other entities involved and will require any such successor business entity to honor this Privacy Notice||
|Local law enforcement||To enable us to respond to applicable law or regulations, court orders or government requests. For example, where we are required to provide information under the Companies Act 2014, the Competition and Consumer Protection Act 2014 or the Data Protection Acts 1998 to 2018.||
|The Revenue Commissioners||Where we are required to provide information to assist in the investigation or prevention of fraud or other illegal activity.||
- We will only use your personal data for our own marketing purposes where you have explicitly provided us with your consent.
- We will not share your personal data with any third parties, other than our corporate group members, for marketing purposes.
- We will not sell your personal data to any third party.
You can ask to be removed from our marketing list at any time by contacting us directly using the details set out at the bottom of this Policy Notice.
5. Third party links
7. Security of your personal data
We operate and use appropriate technical and physical security measures to protect your personal data.
We have in particular taken appropriate security measures aimed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
8. Cross border transfers of your personal data
Your personal data is shared and stored on services in the European Economic Area. We do not transfer your data outside of the EEA.
Glen Dimplex will take reasonable steps to ensure that your personal data will be stored in a secure and encrypted form and handled in accordance with applicable Data Protection Law aimed to minimise the risk of unauthorised access to, and loss, misuse or wrongful alteration of, your personal data.
9. Children’s data
We understand the importance of protecting children's privacy, especially in an online environment. Our Apps are not intentionally designed for or directed at children under the age of 18. It is our policy never to knowingly collect or maintain information about anyone under the age of 18.
10. How long we keep your data
We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information.
To determine the appropriate retention period for personal data, we consider:
- The amount, nature, and sensitivity of the personal data and why it is collected and processed. For example:
- We keep Registration Data for as long as your account remains active. We keep this so that you can access your account and we can maintain your account.
- We keep Device Data for as long as your account remains active.
- We keep Location Data for as long as is necessary to provide you with optional features as long as your account remains active and your consent remains valid.
- Applicable legal requirements. For example:
- We keep relevant personal data where it is necessary for reasons related to a legal claim or complaint, such as where we are subject to an investigation by a regulatory authority or where we are engaged in legal proceedings with respect to a claim related to your personal information or a claim brought by you.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
11. Your rights
You have various rights in relation to your personal data. In particular, you have a right to:
- obtain confirmation that we are processing your personal data and request access to a copy of the personal data we hold about you;
- be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from where it was obtained);
- ask that we update or erase the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
- ask that we delete or erase personal data that we hold about you, or restrict the way in which we use such personal data;
- withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent). If you withdraw your consent, this will only take effect for the future;
- receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
- object to our processing of your personal data; and
- to lodge a complaint Irish Data Protection Commission using the contact details provided in section 12 below.
We will endeavor to respond within a reasonable period and in any event within one month in compliance with Data Protection Law. We will comply with our legal obligations as regards your rights as a data subject; and
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change using the contact details set out in section 12.
You have rights in relation to your personal data, including to:
- complain to the Office of the Australian Information Commissioner (OAIC), who may be contacted using the details under section 12 below;
- access or correct your personal data that we hold about you; and
- withdraw consent to use or process your personal data.
If you withdraw your consent, you should be aware that we may in some circumstances be required to continue to hold and process your personal data to fulfill our legal obligations.
Generally you will not have to pay a fee to access your personal data (or to exercise any of your other rights), however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help speed up our response.
We will try to respond to all legitimate requests by you, regarding your personal data within thirty (30) days after receiving them. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will let you know and keep you updated.
New Zealand residents
The Privacy Act 2020 gives you certain rights to access and correct your personal information.
You can request to access the personal information we hold about you or correct your personal information if you think it is wrong, incomplete or out of date.
If you formally ask for your personal information under the Privacy Act 2020, we may charge you for that access, or for giving you copies of your information. We will try to respond to all formal requests by you, regarding your personal data within twenty (20) working days after receiving them.
If we do not hold the information to which your request relates, but we believe that the information is held by another organisation, or is more closely connected with the functions or activities of another organisation, we will let you know within ten (10) working days after receiving your formal request.
Occasionally it may take us longer if your request is particularly complex, consultation is necessary or your request involves large quantities of information or necessitates a search through large quantities of information. In this case, we will let you know if we need to extend these time limits.
If we can’t give you access to your personal information for any reason, or if we disagree that your personal information needs to be corrected, we’ll inform you why.
If you are unhappy with our response, you can make a complaint to the Privacy Commissioner in respect of our refusal using their online form.
You may also contact us in regards to any questions you may have about this notice. In order for residents from the above regions to exercise any rights under the applicable, please contact us using the details set out in section 16.
12. Your right to lodge a complaint with a Supervisory Authority
You can lodge a complaint with your relevant supervisory authority if you consider that our processing of your personal information infringes applicable law.
The Irish Data Protection Commission’s contact details can be found here
Contact details for all EU supervisory authorities can be found at this link
You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) here or on 1300 363 992.
You can lodge a complaint with the Office of the Privacy Commissioner in New Zealand here
13. Changes to this Privacy Notice
We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post these changes here and update the “Last Updated” date at the top of this Privacy Notice. If at any time we decide to use your personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you in writing, and you will have a choice as to whether or not we use your personal data in the new manner in accordance with your rights under Data Protection Law.
14. Contact us
You can contact us to update your preferences, correct your information, submit a request, or ask us questions at the below email and/or postal address:
Address: Data Protection Lead, Glen Dimplex, Old Airport Road, Cloughran, Co. Dublin, Ireland, K67 DT89.
You can also contact us at your nearest regional Dimplex office, so we can ensure that your request or query will be handled by the data protection team based in your region. You can find the appropriate office at the following link
The Glen Dimplex Group consists of the following entities:
- Glen Dimplex Ireland Unlimited Company, with its registered address at Old Airport Road, Cloghran, Co Dublin, K67 VE08
- Glen Dimplex UK Ltd, with its registered address at Millbrook House, Grange Drive, Hedge End, Southampton, Hampshire, SO30 2DF; and
- Muller Intuitiv, with its registered address at 107, boulevard Ney, 75018 Paris, France