Data protection declaration
For our Information sheet in accordance with Art. 13 & Art. 14 of the General Data Protection Regulation please click here, for information on video surveillance please click here.
The responsible party as per the General Data Protection Regulation, other data protection laws valid in the member states of the European Union and other regulations relating to data protection, is:
Glen Dimplex Deutschland GmbH
Am Goldenen Feld 18
Data protection agent
You can contact our data protection agent at: E-mail: firstname.lastname@example.org.
Protecting your personal data is important to us. This is why we carry out our activities in accordance with the applicable legal regulations for the protection of personal data and data security. Below, you will find information on data protection for our website.
Definition of terms
The data protection declaration of Glen Dimplex Deutschland GmbH is based on the terminology used by the European directive issuing body and regulators in the General Data Protection Regulation (GDPR). Our data protection declaration is intended to be easy to read and understand for the general public, as well as for our customers and business partners. To ensure this, we will explain some of the terms used below. The following terms are used in this data protection declaration:
a) Personal details
Personal details are all information relating to an identified or identifiable person (referred to in the following as “affected person”). The term identifiable refers to a natural person who can be identified, directly or indirectly, in particular through connection to an identifier such as a name, identification number, location data, online ID or one or multiple unique features that are an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.
b) Affected person
An affected person is any identified or identifiable natural person whose personal details are processed by the person responsible for processing.
Processing refers to any process carried out with or without the help of automated methods or any such series of processes in connection with personal details, such as collecting, logging, organising, sorting, saving, amending or changing, reading out, querying, using, publishing by sending or distribution, or any other form of supplying the information, comparing or linking, restricting, deleting or destroying the information.
d) Limiting the processing
Limiting processing involves marking saved personal details with the goal of limiting their future processing.
Profiling is any form of automated processing of personal details, where these personal details are used to evaluate specific personal aspects relating to a natural person, in particular to analyse or predict aspects connected to work performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or changes in location of this natural person.
Pseudonymization is the processing of personal details in such a way that the personal details can no longer be linked to a specific affected person without additional information, providing this additional information is stored separately and technical and organisational measures are in place to ensure that the personal details are not assigned to an identified or identifiable natural person.
g) Responsible person or person responsible for processing
A responsible person or person responsible for processing is the natural or legal person, authority, organisation or other entity responsible for making decisions regarding the purpose and means of processing personal details, either alone or as a collective.
h) Order processor
An order processor is a natural or legal person, authority, organisation or other entity responsible for processing personal details on behalf of the responsible person.
A recipient is a natural or legal person, authority, organisation or other entity who receives personal details, regardless of whether or not they are a third party. Authorities, who receive personal details as part of an investigation request in accordance with European Union law or the law of the member states, are not regarded as recipients, however.
j) Third party
A third party is a natural or legal person, authority, organisation or other entity apart from the affected person, the responsible person, the order processor and the persons authorised to process personal details under the direct authority of the responsible person or the order processor.
Consent is any notification of intent given for the specific case in an informed and unambiguous way in the form of a declaration or other clearly confirming action, with which the affected person states that they consent to the relevant personal details being processed.
2. Data collection, data transfer and usage
a) Data collection
Your visit to our website will be logged. The main pieces of data that are logged are the IP address currently used by your PC, the date and time, the browser type and the operating system of your PC, as well as the pages you view. It is not usually possible to relate this information to a specific person and this is also not intended. This information is only logged for the purposes of data protection and to optimize our web content. No other evaluation of the data takes place, except for statical purposes exclusively in anonymous form. No personal surf profiles or similar are created or evaluated.
b) Data transfer and usage
The personal information you provide via a website or via e-mail (e.g. your name and address or your e-mail address), will only be used for correspondence with you and for the purpose for which you provided the information. If service providers are used to carry out and complete work processes, the contractual relationships will be regulated in accordance with the Federal Data Protection Act and the EU General Data Protection Regulation.
3. Consent and revocation
Personal data provided via our website will only be stored until the purpose for which it was provided is fulfilled. In special cases, a use beyond the legal retention periods may take place if this is required as evidence for or for the protection of legal claims or to defend against legal action. The use of your e-mail address, telephone and/or mobile number and fax number for the purposes of advertising or market and opinion research requires separate consent. You can give this consent electronically when entering your details and revoke it at any time for the future. If you are no longer happy for your personal details to be stored or if these details are no longer correct, we will arrange for your details to be deleted on request (where possible according to the valid law), for your details to be blocked or for the necessary corrections to be made. On request, we can provide information on all personal details we have stored relating to you free of charge.
4. Internal security measures
We guarantee the confidentiality and security of your personal details by only using the details provided via our website or in e-mail communication to fulfil your request or concern. Our employees adhere to confidentiality obligations, our security measures adequately correspond to the current state of technology and our systems are regularly checked for security so that we can guarantee lasting protection from any damage, losses and access to data held by us.
5. Notes on improving personal data security
Cookies are small text files stored on the PC of the internet user. They are used to control the internet connection during your visit to our websites. Cookies also provide us with information that enables us to optimize our websites to suit the requirements of the user. Some cookies are only used for the duration of the visit to the website.
Cookie Consent with Borlabs Cookie
Our website uses the Borlabs cookie consent technology to obtain your consent to the storage of certain cookies in your browser and for their data privacy protection compliant documentation. The provider of this technology is Borlabs – Benjamin A. Bornschein, Georg-Wilhelm-Str. 17, 21107 Hamburg, Germany (hereinafter referred to as Borlabs).
Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology.
The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/
7. Analysis tools and advertising
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to embed tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transferred to Google’s parent company in the United States.
The use of the Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, dwell time, operating systems used and the origin of the user. This data is summarized in a user ID and assigned to the respective end device of the website visitor.
Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modeling approaches to supplement the collected data sets and uses machine learning technologies in the data analysis.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this service is based on your consent according to Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalized advertising with the help of Google signals. If you have a Google account, Google Signal’s visitor data is linked to your Google account and used for personalized advertising messages. The data is also used to create anonymized statistics on the user behavior of our users.
Contract data processing
We have executed a contract data processing agreement with Google and are implementing the stringent provisions of the German data protection agencies to the fullest when using Google Analytics.
8. Google Maps (route planning / map display)
We use the software module Google Maps to display locations and routes. If you use this service, Google may receive information on your actual location (such as GPS signals transmitted by a mobile device) or information that can be used to determine your approximate location (e.g. the cell ID). Further information on the processing of your data by Google is available under the following link: Google data protection regulations.
9. Web services
Our online services offer a range of tools, e.g. for calculating operating costs and digital offers for planning support, including apps for system installers and operators. Personal data is being collected and processed here. This is only for the purpose intended with the application. The data is statistically evaluated in pseudonymized or anonymized form. In some applications, data is also shared with third parties. In these cases, this is explicitly indicated in the application. If you set up a user account for an application, your entries are saved for later use. This data includes, for example, the type of device, the software versions used and information that is required for troubleshooting and optimizing plant operation. We statistically evaluate information in order to optimize the functionality of the app and the technology behind it. Applications from external service providers are also used for this. e.g. Google Analytics for Firebase and Firebase Crashlytics, which use IP addresses of the users for analysis purposes, which are used anonymously. A conclusion about a specific person is not possible. Further information can be found here: https://firebase.google.com/support/privacy
10. Payment processing in the Dimplex spare parts shop
The payment process in the Dimplex spare parts shop is managed by Heidelpay. Heidelpay (Heidelberger Payment GmbH) is a payment institution recognized by the Federal Financial Supervisory Authority. You remain on the Dimplex website during the payment process, the entire payment process is carried out by Heidelpay in the background. Once the process is complete, we only receive information on the payment status from Heidelpay (payment successful or unsuccessful). We don’t receive any personal banking information. You can view the data protection declaration of Heidelpay here.
11. Links to other websites
Occasionally, we include links to third-party websites. Although we select these third parties carefully, we can not provide any guarantee or accept any liability for the correctness or completeness of the content and data security of third-party websites. This data protection declaration also does not apply for linked third-party websites.
12. Updates to this data protection declaration
We reserve the right to amend this data protection declaration from time to time so that it always corresponds to the latest legal requirements or to implement changes to our services in the data protection declaration, e.g. when new services are introduced. The new data protection declaration then applies for your subsequent visit.
All information on this website has been checked carefully. However, we cannot guarantee that the information will be correct, complete and up-to-date at all times. If you notice an error, we would be grateful if you would let us know. We will then correct it as soon as possible.
14. Control and information centre
If you are not satisfied with the data protection measures outlined here or if you have any questions relating to the recording, processing and/or use of your personal details, please get in touch. We will do our utmost to answer your questions and implement your suggestions as quickly as possible.
15. Use of personal data during the newsletter registration
As part of the registration process for the free GDD Newsletter, you agree to your personal data being collected. This data is only used for sending the newsletter and is not passed on to third parties. If you no longer want to receive newsletters from GDD in the future, click on the link in the newsletter to unsubscribe.
16. Contact form
For legal reasons, the website of Glen Dimplex Deutschland GmbH contains information that enables quick electronic contact with our company and direct communication with us, including a general address for so-called electronic mail (e-mail address). If an affected person contacts the person responsible for processing via e-mail or via a contact form, the personal details provided by the affected person are saved automatically. Such personal details provided voluntarily by an affected person to the person responsible for processing are saved for the purposes of processing or for contacting the affected person. No personal details are passed on to third parties.
17. Online application form
The personal details provided by you during the application process are processed exclusively for the purpose of filling jobs within our company. Your details will only be forwarded to the internal positions and specialist departments explicitly responsible for the concrete application process within our company. The information will not be used for any other purpose, nor will it be passed on to third parties. The application details and files provided by you are forward to our human resources department and processed in accordance with the internal guidelines and legal regulations. Once your documents have been evaluated, we will contact you. If we no longer require your details, they will be deleted.
18. Rights of the affected person
a) Right to information
b) Right to correction
c) Right to deletion (right to be forgotten)
d) Right to limited processing
e) Right to data portability
f) Right of appeal
g) Right to revoke consent given in line with data protection regulations
19. Legal basis for processing
Our company uses Art. 6 I lit. a GDPR as a legal basis for processing methods, for which we obtain consent for a specific purpose.
b) Fulfilling an agreement
If it is necessary to process personal details in order to fulfil an agreement, where a contractual party is the affected person, as with processing methods required for delivering goods or providing a different service or return service, for example, the processing is carried out in accordance with Art. 6 I lit. b GDPR.
c) Precontractual measures
The same applies for processing methods required to carry out precontractual measures, such as for processing enquiries relating to our products or services.
d) Legal obligations
If our company is subject to a contractual obligation which makes it necessary to process personal details,for fulfilling tax obligations, for example, the processing is carried out based on Art. 6 I lit. c GDPR.
e) Vital interests of the affected parties
In rare cases, it may become necessary to process personal details to protect the vital interests of the affected person or another natural person. This would be the case, for example, if a visitor to our company were to be injured and their name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. The details would be processed based on Art. 6 I lit. d GDPR in this case.
f) Justified interests of our company
Finally, processing methods may be based on Art. 6 I lit. f GDPR. Processing methods are carried out on this legal basis if they are not covered by any of the legal bases outlined above, if the processing is necessary to preserve a justified interest of our company or a third party, providing the interests are not outweighed by the interests, basic rights and basic freedoms of the affected party. We are authorised to carry out these processing methods in particular because they have been specifically referred to by the European legislator. The legislator maintained that a justified interest could be assumed if the affected person is a customer of the responsible party (Recital 47 Paragraph 2 GDPR). If the processing of personal data is based on 6 I lit. f GDPR, our justified interest is carrying out our business activity for the benefit of all our employees and shareholders.
20. Retention period for personal data
The relevant legal retention period is the criteria dictating how long personal details are stored for. Once this retention period has elapsed, the relevant details are deleted routinely, providing they do not need to be retained to fulfil the agreement or for contract initiation or for enforcing, executing or defending legal claims.
21. Use of automated decision making
As a responsible company, we refrain from using automated decision making or profiling.