Privacy Policy
Internet of Things Privacy Policy
Last updated: 11 November 2024
1. General
- This Privacy Notice applies to the processing of your personal data in connection with your use of the Apps in the ADAX AS IOT Platform and provides information about how we process your personal data.
- ADAX AS is committed to protecting and respecting your privacy. For the purposes of applicable Data Protection Law, the controller (or its equivalent under the applicable Data Protection Law) is ADAX AS (registered number 991 678 891) with a registered address at Myhres gate 1 NO-3060 Svelvik, Norway.(“ADAX”, “us“, “we” or “our“).
- This Privacy Notice sets out the basis on which any of your personal data will be processed by us. The Privacy Notice should be read in conjunction with our Cookies Policy available here. Please read the Privacy Notice carefully to understand our treatment and use of your personal data as the controller and how we will use, store, disclose or otherwise process it.
- In this Privacy Notice, references to “you” means the person whose personal data we collect, use and process.
In this Privacy Notice, your information is sometimes called “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal information as “processing” such personal data. - This Privacy Notice outlines the steps we take to ensure that the processing of your personal data adheres to relevant national, regional and state data protection and privacy legislation. This includes General Data Protection Regulation or GDPR (Europe), the Australian Privacy Act 1988 (Cth), the Australian Spam Act 2003 (Cth) and the New Zealand Privacy Act 2020 and the New Zealand Unsolicited Electronic Messages Act 2007 (collectively, “Data Protection Law”).
- Capitalised terms which are not defined within this Privacy Notice shall have the meaning given to them in the Terms and Conditions of Use for ADAX App.
2. Processing of your personal data
In this Privacy Notice we refer to the term ‘personal data’ and we mean the following when we use it as the context requires:
- In Europe, ‘personal data’ means any information which relates to an identified or identifiable natural person.
- In other regions we use personal data instead of ‘personal information’ which has the following meaning in those regions:
In Australia, this means any information or an opinion about an identified individual, or an individual who is reasonably identifiable.
In New Zealand, this means information about an identifiable individual.
What categories of personal data do we collect?
- Registration Data: name, email address, mobile number, country, language Code from device, GUID login
- Device Data: technical telemetry.
- Location Data: latitude and longitude coordinate parameters of the user’s device at the time of commissioning.
- Personal Data related to your social media accounts: where you use a third party social media account to create an Account we receive the following information: First name, last name, email address, phone number, Country (if social media account has been created with a phone number).
- Any other personal data which you provide us with in the course of using your services. For example, personal data relating to any queries or complaints you make.
The personal data we collect helps us manage our relationship with you, e.g. collection of appliance data to provide remote diagnostics service, but also to comply with our legal obligations or for the conduct of our business. We rely on different legal bases to process your personal data. For each legal basis set out below, we have set out the purpose for each processing operation and the categories of personal data which is processed in respect of same.
Legal Basis: Necessary for the performance of our contract with you or to take steps for entering into our contract with you
| Purpose of processing | Processing operation | Categories of personal data |
|---|---|---|
| To provide you with a unique login account and to link your product to your account. To provide you with important messages, system notifications and functionalities including to send you site access invitations, to respond to site access requests and to transfer appliance ownership. To notify you of changes to the Terms and Conditions of Use and/or of downtime. | - We collect your name, email address and phone number and country to set up your account. - We verify your email or phone number by sending you a verification email or SMS. - We store and record your name, email address and phone number and Country to enable you to log in to your account. - We delete your account at your request or in accordance with the terms of our Agreement. - We retrieve and use your Registration Data to provide you with certain functionalities, including to enable us to respond to certain functions you enable/request (for example where you request forget me notifications). | Registration Data which is: - Name (first name, last name) - Email address - Mobile number - Country - Language Code from Device |
| To maintain the App | We send users system notifications to ensure that the App is kept up to date. | Registration Data which is: - Name (first name, last name) - Email address - Mobile number - Country - Language Code from Device |
| To provide the App according to your local country and language | - We identify your country to provide you with the available social media providers in your country so that you can choose to use such applicable social media accounts to log in to the App. - We identify your locale code from your device to display the APP in the correct language. | - Country and Locale Code from Device |
| To provide you with energy reporting services | - We collect and use your device data to provide you with the energy reporting services | - Device Data |
Legal Basis: Legitimate Interests
| Purpose of processing | Legitimate Interests | Processing operation | Categories of personal data |
|---|---|---|---|
| To carry out business analytics and improve our Apps | - Our interests to measure the use of the App in order to inform and improve the App and to enable accurate reporting. - Our interests to improve the customer experience while using the App to improve customer satisfaction. | - We review the services provided to you and to analyse relevant information in order to determine whether any changes/improvements are required for the service | - GUID for login |
You have the right to object to, and seek restriction of, this processing. To exercise your rights, please see section 11 ‘Your Rights.’
Legal Basis: Consent
| Purpose of processing | Processing operation | Categories of personal data |
|---|---|---|
| To provide location enabled services via BLE for the app to function correctly | - We require location services to be switched ON to enable us to perform a Bluetooth scan for nearby products, to allow the product to be added | Location data: Using Bluetooth low energy (BLE) |
| To allow us to map where all connected assets are to assist servicing | - When sites in the App are created or products added to the App we collect the location | Location data |
You have the right to withdraw your consent for this processing. To exercise your rights, please see section 11 ‘Your Rights.’
Most of the personal data we process is collected from you when you register an account with us, but we also obtain personal data about you in the course of the performance of your contract with us, including the collection of personal data in order to provide device control functionality.
You are required to provide Registration Data and Device Data in order to use the App. If you do not provide your Registration Data you will not be able to register an account with us and you will not be able to use the App. We require your Device Data in order to enable us to provide you with energy reporting services and without this data we are unable to provide those services.
You may decide not to provide your Location Data to us. However, failure to provide such personal data requested may prevent the App from functioning as intended and ADAX AS shall not be liable for being unable to perform its contract with you in accordance with the Terms of Use.
If we offer and you choose to use third-party social media services like Facebook to access or use the mobile apps, the social media service may send personal data about you to us. To the extent we combine such third-party sourced information with personal information, we collect directly from you, we will treat the combined information as personal data under this Privacy Notice. If we discontinue use of any third-party social media services, you understand that we may nevertheless retain any personal data, and other information and data, we may have already received in connection therewith in accordance with this Privacy Notice.
We do not use automated decision-making/profiling in the administration of the contractual relationship.
3. Sharing your personal data
Our Group Companies
Adax AS is one of the Glen Dimplex Group companies. Personal data will only be shared across the Glen Dimplex Group in certain circumstances where necessary to do so and via secure means to provide you with the App services.
Disclosures to Third Parties
In order to provide you with our services, we share your personal data with the following third parties:
| Third Party | Purpose (why?) | Categories of Personal Data |
|---|---|---|
| Smart home gateways | Where you enter into an agreement with a smart home gateway supplier that allows/requires your appliances to be controlled remotely by them, we will share limited data with the supplier to facilitate this on your behalf | Depending on the circumstances, personal data may include: - Location Data - Device Data |
| Energy Suppliers | Where you enter into an agreement with an energy supplier that allows/requires your appliances to be controlled remotely by them, we will share limited data with the supplier to facilitate this on your behalf | Depending on the circumstances, personal data may include: - Location Data - Device Data |
| Legal Advisors | To enable our legal advisors to provide us with legal advice. | Depending on the circumstances, personal data may include: - Registration Data - Location Data - Device Data - Any other personal data which you provide us with in the course of using your services |
| Analytics and search engine providers | To assist us in the improvement and optimisation of the app. | - Registration and Device Data |
| Suppliers | IT Cloud provider (for service support purposes only, where there are issues with the hosted cloud services). | - Registration and Device Data |
| Future potential purchaser | If we are involved in a sales of assets, merger, acquisition, business transfer, or other change of control, we may share your personal data with other entities involved and will require any such successor business entity to honor this Privacy Notice | - Registration Data - Location Data - Device Data - Any other personal data which you provide us with in the course of using your services |
| Local law enforcement | To enable us to respond to applicable law or regulations, court orders or government requests. For example, where we are required to provide information under the Companies Act 2014, the Competition and Consumer Protection Act 2014 or the Data Protection Acts 1998 to 2018. | - Registration Data - Location Data - Device Data |
| Norwegian Tax administration | Where we are required to provide information to assist in the investigation or prevention of fraud or other illegal activity. | - Registration Data - Device Data |
4. Third party links
Our mobile apps may include links to other websites, plug-ins and applications provided by others, including those acting on our behalf. Clicking on those links or enabling those connections may allow third parties to collect or share data about you, and have their own privacy policies. We do not control third party websites, plug-ins and applications and are not responsible for their privacy policies or actions and do not endorse them. When you leave our mobile apps, we encourage you to read the privacy policy and terms of use of every website you visit.
5. Cookies
Our Apps in the ADAX AS IOT Platform do not use cookies, as set out in the ADAX App Cookie Policy which is incorporated automatically by reference into this Privacy Notice and forms a part of it.
6. Security of your personal data
We operate and use appropriate technical and physical security measures to protect your personal data.
We have in particular taken appropriate security measures aimed to protect your personal data from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access, in connection with the customer relationship. Access is only granted on a need-to-know basis to those people whose roles require them to process your personal data. In addition, our service providers are also selected carefully and required to use appropriate protective measures.
No method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.
7. Cross border transfers of your personal data
Your personal data is shared and stored on services in the European Economic Area. We do not transfer your data outside of the EEA.
ADAX AS will take reasonable steps to ensure that your personal data will be stored in a secure and encrypted form and handled in accordance with applicable Data Protection Law aimed to minimise the risk of unauthorised access to, and loss, misuse or wrongful alteration of, your personal data.
8. Children’s data
We understand the importance of protecting children’s privacy, especially in an online environment. Our Apps are not intentionally designed for or directed at children under the age of 18. It is our policy never to knowingly collect or maintain information about anyone under the age of 18.
9. How long we keep your data
We will keep your personal data for as long as it is necessary to fulfil the purposes for which it was collected as described above and in accordance with our legal and regulatory obligations. This may mean that some information is held for longer than other information.
To determine the appropriate retention period for personal data, we consider:
- The amount, nature, and sensitivity of the personal data and why it is collected and processed. For example:
- We keep Registration Data for as long as your account remains active. We keep this so that you can access your account and we can maintain your account.
- We keep Device Data for as long as your account remains active.
- We keep Location Data for as long as is necessary to provide you with optional features as long as your account remains active and your consent remains valid.
- Applicable legal requirements. For example:
- We keep relevant personal data where it is necessary for reasons related to a legal claim or complaint, such as where we are subject to an investigation by a regulatory authority or where we are engaged in legal proceedings with respect to a claim related to your personal information or a claim brought by you.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
10. Your rights
EU/EEA residents
You have various rights in relation to your personal data. In particular, you have a right to:
- obtain confirmation that we are processing your personal data and request access to a copy of the personal data we hold about you;
- be informed about the processing of your personal data (i.e. for what purposes, what types, to what recipients it is disclosed, storage periods, any third-party sources from where it was obtained);
- ask that we update or erase the personal data we hold about you, or correct such personal data that you think is incorrect or incomplete;
- ask that we delete or erase personal data that we hold about you, or restrict the way in which we use such personal data;
- withdraw consent to our processing of your personal data (to the extent such processing is based on previously obtained consent). If you withdraw your consent, this will only take effect for the future;
- receive a copy of the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to transmit such personal data to another party (to the extent the processing is based on consent or a contract);
- object to our processing of your personal data; and
- to lodge a complaint Norwegian Data Protection Authority using the contact details provided in section 12 below.
We will endeavor to respond within a reasonable period and in any event within one month in compliance with Data Protection Law. We will comply with our legal obligations as regards your rights as a data subject; and
We aim to ensure that the information we hold about you is accurate at all times. To assist us in ensuring that your information is up to date, do let us know if any of your personal details change using the contact details set out in section 14.
Australian residents
You have rights in relation to your personal data, including to:
- complain to the Office of the Australian Information Commissioner (OAIC), who may be contacted using the details under section 12 below;
- access or correct your personal data that we hold about you; and
- withdraw consent to use or process your personal data.
If you withdraw your consent, you should be aware that we may in some circumstances be required to continue to hold and process your personal data to fulfill our legal obligations.
Generally you will not have to pay a fee to access your personal data (or to exercise any of your other rights), however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to help speed up our response.
We will try to respond to all legitimate requests by you, regarding your personal data within thirty (30) days after receiving them. Occasionally it may take us longer if your request is particularly complex or you have made a number of requests. In this case, we will let you know and keep you updated.
New Zealand residents
The Privacy Act 2020 gives you certain rights to access and correct your personal information.
You can request to access the personal information we hold about you or correct your personal information if you think it is wrong, incomplete or out of date.
If you formally ask for your personal information under the Privacy Act 2020, we may charge you for that access, or for giving you copies of your information. We will try to respond to all formal requests by you, regarding your personal data within twenty (20) working days after receiving them.
If we do not hold the information to which your request relates, but we believe that the information is held by another organisation, or is more closely connected with the functions or activities of another organisation, we will let you know within ten (10) working days after receiving your formal request.
Occasionally it may take us longer if your request is particularly complex, consultation is necessary or your request involves large quantities of information or necessitates a search through large quantities of information. In this case, we will let you know if we need to extend these time limits.
If we can’t give you access to your personal information for any reason, or if we disagree that your personal information needs to be corrected, we’ll inform you why.
If you are unhappy with our response, you can make a complaint to the Privacy Commissioner in respect of our refusal using their online form.
You may also contact us in regards to any questions you may have about this notice. In order for residents from the above regions to exercise any rights under the applicable, please contact us using the details set out in section 14.
11. Deleting your data
You can delete your data at any time by doing either of the following:
- You can delete your account directly through the APP or
- You can send a request to delete your account via email to the contact details as per Section 14. Contact Us
12. Your right to lodge a complaint with a Supervisory Authority
You can lodge a complaint with your relevant supervisory authority if you consider that our processing of your personal information infringes applicable law.
Contact details for all EU/EAA supervisory authorities can be found at this link
You can lodge a complaint with the Office of the Australian Information Commissioner (OAIC) here or on 1300 363 992.
You can lodge a complaint with the Office of the Privacy Commissioner in New Zealand here
13. Changes to this Privacy Notice
We reserve the right to change this Privacy Notice at any time in our sole discretion. If we make changes, we will post these changes here and update the “Last Updated” date at the top of this Privacy Notice. If at any time we decide to use your personal data in a manner significantly different from that stated in this Privacy Notice, or otherwise disclosed to you at the time it was collected, we will notify you in writing, and you will have a choice as to whether or not we use your personal data in the new manner in accordance with your rights under Data Protection Law.
14. Contact us
You can contact us to update your preferences, correct your information, submit a request, or ask us questions at the below email and/or postal address:
Email: Data.Privacy@adax.no
Address: Data Protection Lead, ADAX AS, Myhres gate 1 NO-3060 Svelvik, Norway.