Heatmiser Policies
Heatmiser UK Limited – Privacy Notice
This Privacy Notice is provided by Heatmiser UK Limited (“Heatmiser”, “we”, “us”, or “our”), a subsidiary of IMI plc. Heatmiser is responsible for processing your personal data and is committed to protecting your privacy. Heatmiser is the data controller and is responsible for heatmiser.com and heatmisershop.co.uk (referred to herein after as “our Sites”).
This Privacy Notice contains important information about how we may process (collect, store, use, delete, etc.) your personal data including when you visit and make transactions on our Sites or other interactions you have with us (e.g., when selling or buying products/services, when you visit Heatmiser premises, or interacting with us at conferences, exhibitions or on online forums, such as LinkedIn).
This Privacy Notice may not cover the full details of all processing by Heatmiser. Users of Heatmiser’s mobile application, “neoApp”, should consider the Heatmiser neoApp Privacy Notice, and job candidates/applicants should consider the IMI plc Candidate Privacy Notice.
1. What personal data do we process?
For the purposes of this Privacy Notice, “personal data” refers to any data relating to an identified or identifiable natural person that we maintain in an accessible form.
We may process the following data about you which identifies you (e.g., contact details) or which can be used to identify you (e.g., device identifiers that can be linked with other data):
- Contact, account and financial data for sales, transactions and fulfilment – to purchase from our Sites, or otherwise buy directly from Heatmiser, we process personal data including contact details, professional data, user authentication data (email and passwords) payment card and other financial data, and details of quotations (including addresses and other contact data) to fulfil your order(s).
- Data obtained about you from third parties or from the public domain – for the purposes of sales and marketing, we may obtain personal data about you from event sponsors, trade conferences, or publications or where you interact with us on social media or professional contact sites such as LinkedIn.
- Data captured when you visit our premises – in order to protect the health and safety of you and others, we may obtain personal data in the form of videos, photographs and other image/voice recordings, such as Closed Circuit Television (CCTV) footage, visitor sign-in records (which may include biometric data where this complies with applicable laws), identity documentation, accessibility requirements and other personal data reasonably required for this purpose.
- Data in correspondence and reports – to effectively manage and respond to your enquiries, provide customer support and address any security vulnerabilities you report, we may store personal data such as contact details and records of correspondence between you and Heatmiser (including images, recordings, and correspondence submitted through our Sites and other channels).
- Data needed to comply with laws – to prevent fraud, investigate whistleblowing reports and mitigate compliance risks. If you engage with Heatmiser (e.g. as a supplier, agent, distributor or customer), we may process your personal data to protect Heatmiser’s business interests and comply with applicable legal requirements. The personal data that may be processed includes your nationality and ethnicity, identity documentation (such as, driving licences and passports), details about sales transactions, suspected fraud, offences, suspicious transactions, professional and political data (including being on sanctions lists) and personal data included in whistleblowing reports.
- Your comments or questions – any personal data you provide to us through interactions with us on our Sites, social media sites, or while using our online chatbot functionality (where available), to respond to your comments or questions, improve our products and services, and enhance your overall experience with Heatmiser.
- Survey and feedback responses – contact data may be used to request that you complete surveys or provide us with feedback and we will process any responses provided by you; and
- Website and communication usage – details of your visits to our Sites and personal data collected through cookies and other tracking technologies including, but not limited to, your IP address or other device identifiers, your browser version and operating system, traffic data, precise or general location data, web logs and other communication data, and the resources that you access. For more information on our use of cookies and tracking technologies, please visit our Heatmiser Cookie Policy.
2. How do we use personal data?
In this Section, we set out the purposes for which we use and share personal data that we collect. If you are in a country in the European Economic Area (EEA) or the United Kingdom, in compliance with our obligations under applicable law, we also identify the “lawful bases” on which we rely to process personal data.
| Purpose | Details | Lawful Bases |
| Providing our products and services | We will need your personal data to enable you to set up an online account or interact with our sales teams, process your order, deliver products, provide customer and technical support and after-sales services to you, and administer return and refund policies. This may include sharing your personal data with third parties such as delivery agents, business partners, our group companies, contractors or our external professional advisors (e.g. legal, financial or commercial advisors). | Contract performance, legitimate interests (to enable us to perform our obligations and provide our products and services to you). |
| Enabling vulnerability reporting | We will ask you to provide contact details when you report a security vulnerability so that we can respond to you and properly investigate any issue(s) reported. | Legitimate interests (to enable us to protect our services). |
| Improving our products and
services |
We may collect your personal data for improving our products and services including training of artificial intelligence components, for purposes of internal training, quality control and research and development. This may include sharing your personal data with third parties such as business partners, suppliers and/or service providers. Where possible we will aggregate and/or anonymise your personal data when using for such purposes. | Legitimate interests (to enable us to improve our products and services), compliance with legal obligations including Product Security and Telecommunications Infrastructure Act 2022. |
| Obtaining feedback | We may occasionally contact you to invite you to provide feedback on our products and services, or to assess your product and services needs as a part of our innovation and research and development practices. | Legitimate interests (to enable us to gather feedback and improve products and services). |
| Ensuring the content of our Sites is relevant | We may use your personal data to analyse how you use our Sites, and to ensure that the content, services and advertising that we offer are tailored to your needs and interests. We may also provide you with suggested local distributors who stock products that you are interested in, which may include sharing your personal data with third parties such as business partners, suppliers and/or service providers. We may also aggregate and/or anonymise your personal data for such purposes. | Legitimate interests (to allow us to provide you with relevant content and services on our Sites). |
| Conducting compliance checks and reporting | If you (or a business entity you are related to, where applicable) seek to do business with, places an order with, and/or opens a sales account with, us then we may use your personal data for trade screening against international restricted and denied parties lists (as required by applicable law, regulation and best practice at any given time). If false or inaccurate information is provided by you and fraud is identified or suspected, such information (which may include your personal data) may be passed to fraud prevention agencies and may be recorded by us or by them. Your personal data may also be captured if you, or another individual, submit a report via our whistleblowing hotline. | Legal obligations, legitimate interests (to ensure that you (and/or a business entity you are related to, where applicable) falls within our acceptable risk profile, to assist with the prevention of crime and fraud and to protect Heatmiser and our employees). Where this includes special categories of personal data, we will usually rely on substantial public interests (processing for the prevention and detection of fraud/crime), or very rarely, where necessary, explicit consent. |
| Marketing | We may contact you to provide the latest updates and offers on our products and services, where you have opted-in to receive such communication. We may market to you by post, e-mail, SMS or telephone. Where required by law, we will ask for your consent at the time that we collect your personal data to conduct any of these types of marketing. We will provide you with the option to unsubscribe, or opt-out, from further marketing communication sent to you or you may opt-out by contacting us as set out in Section 13 below. | Consent (where required) or legitimate interest where in compliance with applicable law (to keep you updated with news in relation to our products and services). |
| Facilitating visits to our premises | Where you visit one of our premises, we may obtain personal data about you to facilitate your visit and ensure health and safety of you, our employees, and other visitors. | Legal obligations, legitimate interests (to ensure the safety and security of our premises). |
| Monitoring and quality control | For quality control and training purposes, we may monitor or record your calls with us and any online chat service (where this is available on our Sites). When you use any online chat function on our Sites, we will collect personal data such as your name, email address and chat logs. | Legal obligations, legal claims, legitimate interests (to ensure the quality of our services). |
| Allowing you direct interactions | Where we have enabled certain interactive features on our Sites, such as online chat, you may message a member of our staff so that they can answer your queries and provide support to you in real time. Our online chat functionality may be provided by a third party. When you use online chat, third parties may place cookies on your computer to enable the service to work (please see the Heatmiser Cookie Policy for further details). When you contact us by using the online chat, we and related third parties will process the information, which may include personal data, that you have provided. | Legitimate interests (to allow us to provide you with real-time online advice and support). |
| Understanding your interactions with content | Where we have: (a) provided you with certain email content; or, (b) you have forwarded such email content to recipient(s), you and the recipient(s) will have been presented with a message box which informs you that your interaction with such content will be analysed, and requires you and your recipient(s) to consent to such analysis. Where both you and your recipient(s) consent to such analysis, we will be provided with the name(s) and email address(es) of your recipient(s). We collect this personal data to better understand who you share our content with and to inform our business decisions. | Consent (to enable our use of the tracking technology where legally required),
legitimate interests (to allow us to understand who our content is shared with). |
| Informing you of changes and updates | We may use your personal data to notify you about changes and updates to our services and products. | Legitimate interests (to notify you about changes to our services); contract performance. |
| Reorganising our business | In the event that we are: (i) subject to negotiations for the sale of our business or part thereof to a third party, (ii) sold to a third party; or, (iii) undergo a re-organisation, we may need to transfer some, or all, of your personal data to the relevant third party (or its advisors) as part of any due diligence process for the purpose of analysing the proposed sale or re-organisation (as applicable). We may also need to transfer your personal data to that re-organised entity or third party after the sale or reorganisation (as applicable) for them to use for the same purposes as set out in this Privacy Notice. | Legitimate interests (in order to allow us to change our business). |
| Protecting interests of Heatmiser and ensuring legal or regulatory compliance | We may process your personal data to meet legal and regulatory obligations including, prevention of fraud, managing compliance risks and investigating whistleblowing reports. | Legal obligations, legal claims, legitimate interests (to protect Heatmiser and its employees and to co-operate with law enforcement and regulatory authorities). |
3. To whom do we disclose your personal data?
We may share personal data internally and externally as permitted under applicable laws. Disclosures might be made to third-party service providers (e.g., Heatmiser uses Zendesk for customer service platform technology, BigCommerce for e-commerce transactions and SAP for finance operations), contractors, agents and professional advisors (e.g. legal, financial, commercial, or other advisors) and other direct, and indirect, subsidiaries of IMI plc, that perform essential business activities for, and on behalf of, Heatmiser.
Where we provide personal data to service providers, we shall only disclose what is necessary to deliver the specific service, or as required by law. We take reasonable measures to ensure that service providers and data processors keep your data secure and oblige them, by contract, not to use the data for their own purposes.
We may disclose your personal data to third parties, the court service and/or regulators or law enforcement agencies in connection with enquiries, proceedings, or investigations by such parties anywhere in the world where compelled, or permitted, to do so. Where required by law, we will direct any request to disclose personal data to law enforcement agencies, or other third parties, to you or notify you before responding.
4. Where is personal data processed?
Heatmiser is a subsidiary of IMI plc which is a global company based in the United Kingdom. Your personal data may be transferred, accessed, processed or stored in countries around the world. Regardless of location, we will, where necessary, put in place appropriate safeguards, including during transfer, to ensure your personal data is adequately protected. This may include encryption (where possible). We may store the personal data that we collect in the United States or in other countries where we, or our service providers, have facilities. We may transfer personal data to countries outside of your country of residence, including the United States, which may have data protection laws and regulations that differ from those in your country of residence. Where local laws regulate the transfer of data, such as in the United Kingdom, EEA and the People’s Republic of China (PRC), we will comply with such requirements.
Any transfers of personal data originating from within the EEA, the United Kingdom, and Switzerland to countries outside of the EEA, UK, or Switzerland will normally be made on the basis of the model clauses approved by the European Commission for transfers from EU controllers to non-EU controllers, which may be found at the Commission’s website at https://ec.europa.eu.
5. How long do we keep your personal data?
Our retention periods for personal data are based on business needs and applicable legal requirements. We will keep your personal data for as long as is necessary for the processing purpose(s) for which they were collected and any other permitted linked purpose. For example, we may retain certain transaction details and correspondence until the time limit for claims arising from such transaction has expired, or to comply with regulatory requirements regarding the retention of such data. When we no longer have a purpose for retaining your personal data, we will destroy it and take commercially reasonable measures to make sure that the personal data is irrecoverable and irreproducible.
6. How are cookies used?
For detailed information on the cookies we use on our Sites, please see Heatmiser Cookie Policy. Where required by law, you will be provided the option to reject or accept cookies that are not strictly necessary. Other sites may use additional cookies. Where this occurs, specific information and additional options to reject or accept cookies, that are not strictly necessary, shall be provided on these sites.
7. What about Third-Party Websites?
Our Sites may contain links to third-party sites which we do not operate or endorse. These websites may use cookies and collect your personal data in accordance with their own privacy policies. This Privacy Notice does not apply to third-party websites, and we are not responsible or liable for third-party websites, their policies, or their processing of your personal data.
8. How do we protect your personal data?
We take appropriate physical, electronic and procedural measures to protect your personal data. However, no data transmission over the internet or our Sites can be guaranteed to be secure from intrusion and we cannot guarantee absolute security.
Where we have given you (or, where you have chosen) a password which enables you to access certain parts of our Sites, you are responsible for keeping this password confidential and complying with any other security procedures that we notify you of. Please do not share your password with anyone.
When you are on any third-party website that asks you for confidential information, you should check that the third party is a trusted source and if the information being transmitted is encrypted to increase the security of your information. Keep in mind that there is no such thing as perfect security.
9. What rights do individuals have?
Depending on the jurisdiction in which you are located, you have certain rights with respect to your personal data. If you wish to exercise your legal rights, please contact us as set out in Section 13 below. We will process your request in accordance with any applicable legal requirements.
- Marketing
You have the right to ask us not to process personal data for direct marketing purposes. Where legally required, we will inform you if we intend to use your personal data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your personal data. You can also exercise this right at any time by contacting us as set out in Section 13 below.
- Updating your personal data
We will use reasonable endeavours to ensure that your personal data is accurate. To assist us with this, please notify us of any changes to the personal data that you have provided to us by contacting us as set out in Section 13 below.
- Additional Rights for individuals
Many laws provide specific rights to individuals, including countries in EEA, United Kingdom, Switzerland, Mexico, Brazil, South Korea, Japan, PRC, Singapore, Australia and California, United States.
Depending on the specific laws that apply to you, you may have the right to request that we:
- provide you with further details on the use we make of your personal data, including about types of third parties to whom data is disclosed;
- provide you with a copy of personal data that you have provided to us;
- update any inaccuracies in the personal data we hold (please see Section 11 above);
- delete any personal data that we no longer have a lawful basis to use;
- where processing is based on consent, stop particular processing when you withdraw your consent for such processing (see Section 10 above) and erase personal data. Please note that if you withdraw your consent, we may not be able to provide a particular service or content to you;
- transmit certain personal data (that you have provided to us) to a third party electronically;
- anonymize, restrict, eliminate unnecessary, excessive or illegal personal data; and
- review any decision based solely on automated processing, including profiling, which affects your interests and to require data about the criteria and the processes.
You may also be able to object to any processing based on grounds of legitimate interests (unless our reasons for undertaking that processing outweigh any prejudice to your rights as a data subject under applicable data privacy laws) and restrict how we use your personal data whilst a complaint is being investigated.
If you exercise any of these rights, we will check your entitlement, and respond in most cases within a month (or within the time period as required by applicable law).
- Contact us
Where required by local law, Heatmiser has nominated Data Protection Officers. To exercise your rights regarding your personal data, to contact a Data Protection Officer, or if you have questions, please email us at data.privacy@imiplc.com or Data Privacy c/o Legal Department, IMI plc, Lakeside, Solihull Parkway, Birmingham Business Park, Birmingham, United Kingdom B37 7XZ.
When you contact us, please indicate in which country and/or state you reside. Please provide as much information as possible to allow us to understand and evaluate your request so that we can substantively respond to you. In some cases, we may need to verify your identity.
If you are not satisfied with our use of your personal data, or our response to any exercise of your rights, you have the right to contact the data protection regulator in the country in which you are based including the following:
EU Data Protection Authorities (DPAs)
Swiss Federal Data Protection and Information Commissioner (FDPIC)
Information Commissioner’s Office (United Kingdom)
Brazil, the Autoridade Nacional de Proteção de Dados (ANPD)
14. Updates to this Privacy Notice
We may update this Privacy Notice at any time and we encourage you to review this Privacy Notice from time to time. Where required by law, we will notify you of changes.
This Privacy Notice was last updated on 14 January 2025.
