Privacy Policy

Introduction

At Groupe Atlantic UK, ROI & NA(“Groupe Atlantic”), we appreciate the trust you place in us when you choose to visit our website at www.installerconnect.com (the “Site”) and use the services we offer on our Site (the “Services”). Groupe Atlantic is committed to protecting and respecting your privacy and the security of your personal data. We aim to be clear and transparent about the manner in which we process your personal data.

In this Policy, “we”, “our” or “us” means Groupe Atlantic and our affiliates and “you” means any person who visits our Site, enrolls in our Installer Connect Program, or authorises a third party to submit information on your behalf. For the avoidance of doubt, all references to the “Site” in this Policy also includes any Services offered through the Site.

This policy describes how we process your personal data, who we share it with, how we protect it, and your rights with respect to your personal data.

Applicability and Definitions

This Connect Privacy Policy is applicable to visitors of the Site, and installers based in the UK, ROI, USA, and Canada and any personal data submitted via the Site.

For installers based in the UK and ROI, the data controller is Ideal Heating Ltd, registered office, National Avenue, Hull, East Yorkshire, HU5 4JB. For Ideal Heating installers based in North America, the data controller is Ideal Heating. For Triangle Tube installers based in the USA, the data controller is Triangle Tube Phase III Co., both based at1240 Forest Parkway, Ste 100 West Deptford, NJ 08066

For the purposes of this document, the term “personal data” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with an identifiable individual or household. For the avoidance of doubt, personal data includes “personal information” and “personal identifiable data” as defined under applicable data protection laws.

As used herein, “processing” or “process” means anything we do with your personal data, and includes collecting, using, disclosing, storing, and deleting it.

Contact Us

If you have any questions, requests or comments regarding this privacy policy or the manner in which we or our service providers (including service providers outside Canada) treat your personal information, you can reach our global data protection officer via our global email: [email protected], or you can also contact us at the relevant postal addresses below:

UK and ROI - Ideal Heating Ltd, National Avenue, Hull, East Yorkshire, HU5 4JN.

USA and Canada - Ideal Heating, 1240 Forest Parkway, Ste 100 West Deptford, NJ 08066

Triangle Tube - 1240 Forest Parkway, Ste 100 West Deptford, NJ 08066  

The personal data we collect and how we collect it

We may collect the following personal data from you when you are an installer:

Contact information when you fill in a form on our Site, including information provided at the time of registering to use our Site, subscribing to a Service, and requesting further Services, such as your: first and last name, email address, a password that you create, and phone number.

Loyalty Program information when you sign up for the Installer Connect Program including your first and last name, email address, phone number.

We may collect the following personal data when you interact and communicate with us, such as information you provide when you complete a Contact Form, report a problem with our Site, contact us by phone, complete any surveys we send to you, interact with us via social media, review our Services, and any other information you provide in the course of our interactions. When we collect banking details from you in order to make payments to you for services that you perform on our behalf. All banking details are stored on our Salesforce platform which is compliant with PCI DSS standards.

Banking details will be retained for as long as you have an active connect account.

We may also automatically collect personal data about you when you visit our Site, such as:

location data from your desktop or mobile device(s) for determining which country you are located within.

traffic, browser usage, and other communications data about your browsing habits on our Site provided by us or third parties such as search terms you entered on our Site, what websites and pages you visit, how long you stay and what actions you take, search terms that directed you to our websites and mobile apps, which websites you came from, and which websites you visit right after leaving one of our websites.

We may also collect personal data about you from a third party, such as:

Business contact information from third-party database providers of business lists (not consumers or sole traders) if they are a potential B2B relevant incorporated business who we wish to trade with; or

From your authorized installer or contractor.

We may collect other information with your additional consent or as permitted or required by law.

IP Addresses and Cookies

Like most websites you visit, we use cookies. If you would like more detailed information about how these cookies work, please see our separate Cookies Policy.

How we use your personal data and our relevant legal basis

Our Site

When you visit and use our Site, we may store your personal data. In the EEA, our legal basis for doing so is ‘legitimate interests’. Where we process your personal data under this basis, we perform an assessment (LIA) that balances your rights and freedoms alongside our interests, to ensure that what we do with your personal data is what you would reasonably expect.

Products and Services

When providing our Products and Services, we use your personal data for the following purposes (and in the EEA, there are four legal bases on which we use to process such personal data):

When you register a product. In the EEA, the legal basis for this is ‘performance of a contract’;

Where we keep your personal data for the purpose of product recall requirements. In the EEA, the basis is ‘vital interests’;

After the expiry of a warranty, in the EEA, for example, we may also keep your personal data under the basis of ‘legal obligation’ such as gas safety, and health and safety regulations;

To work with and sell to installers. In the EEA, the legal basis for this is ‘legitimate Interests’.

Marketing

We may send you relevant marketing messages by email, text message (SMS), telephone or post about us and our products and offers where you are a business-to-business customer or potential business-to-business customer.

For example, you may already install our equipment and/or provide servicing, be a product reseller, or have registered for one of our promotions or competitions. Alternatively, you may have had a dialogue with our sales team. If you are an incorporated business, you may currently have no relationship with us, but are one of the trade suppliers we wish to target.

In the EEA, for email and SMS messages, the legal basis for processing is normally legitimate interests, although in limited circumstances when required by applicable law we will seek your consent.

If you want us to stop sending you information by email or SMS, you can opt out at any time by selecting the ‘unsubscribe’ link on any email or SMS we send you. You can also opt out by emailing us at [email protected]. or by writing to the DPO at the relevant postal address:

Surveys

We may ask you to complete surveys for research purposes. In the EEA, our legal basis for such surveys is legitimate interest or performance of a contract. Where legitimate interest is relied on, you have the right to opt out at any time.

How we share your personal data

We will not sell your personal data to any third party for money. We may share your personal data under certain circumstances to trusted third parties, including our affiliates, that help us bring you our Services. We use third party processors to provide Services on our behalf such as hosting the Site and providing email marketing services. Please see below for more information about our sharing practices.

We are required to have written contracts in place with any third parties used to process your personal data. This is to ensure that third party processors only act on the documented instructions of the data controller, and to ensure that both parties understand their responsibilities, especially in regard to safeguarding personal data.

We also receive and share personal data from Installers when they register products or are required to undertake warranty or other contracted work.

In the EEA, our basis for receiving or sharing data with Installers is on the basis of Data Controller to Data Controller. Where required, appropriate data processing documentation will be put in place between the parties to protect personal data.

No personal data belonging to any third party may be shared with us without first obtaining the consent of the data subject (householder/individual). In transferring any personal data either electronically or verbally, the installer MUST confirm that they have permission from the data subject to do so.

We may also disclose your information to third parties if:

we sell or buy any business or assets; we may disclose your personal data to the prospective seller or buyer of those assets; or we (or our third-party processors) have a duty to disclose your personal data to comply with any legal obligation. This includes disclosing your personal data in response to a search warrant or other legally valid inquiry or order, or to another organization for the purposes of investigating a breach of an agreement or contravention of law or detecting, suppressing or preventing fraud, or as otherwise may be required or permitted by applicable UK, EU, Canadian, U.S. or other law or legal process, which may include lawful access by UK, EU, Canadian or U.S. or foreign courts, law enforcement or other government authorities. Your personal data may also be disclosed where necessary for the establishment, exercise or defence of legal claims and to investigate or prevent actual or suspected loss or harm to persons or property.

ONLINE ADVERTISING AND ANALYTICS

We work with third-party network advertisers, analytics service providers, and other vendors to deliver our online advertisements to you and to provide us with information regarding your use of our Site and the effectiveness of our advertisements.

Our third-party service providers may set and access their own tracking technologies on your device, such as cookies and web beacons, and may collect or access information about you, such as your device’s IP address, your browser type, your operating system, date and time information, such as when you receive, open, or click a link in an email message from us, and other technical information about your device. Cookies and web beacons, including those set by third-party advertisers, may be used to target advertisements, prevent you from seeing the same advertisements too many times, and conduct research regarding the usefulness of certain advertisements to you. We may share certain information such as device identifiers, usage patterns, transaction information, and de-identified information with third-party vendors for advertising and analytics purposes.

Specifically, Groupe Atlantic uses the remarketing features of interest-based advertising of Google Ads, Facebook Custom Audience, and LinkedIn Ads. These service providers use specific cookies to allow them to serve ads to you around the web. For more information on how to opt-out of receiving advertisements, please see the chart below.

Where we process personal data

Personal data is stored within the EU and processed in Germany.

Applicable UK and ROI only, listed below is some other personal data that we collect, which is transferred and stored outside the EEA. All other personal data is processed within the EEA.

Third parties we may share your personal data based within the UK and EEA:

Third parties we may share your personal data who may be based outside the UK and EEA or at multiple locations one of which is in the United States:

It will also be processed by staff who work for us and/or by one of our suppliers. This includes for example staff fulfilling your order, processing your payment details and providing support services. We take all necessary steps to ensure that your data is processed securely in accordance with this Privacy Policy.

Our staff and/or our suppliers may access, store and otherwise process personal data outside of the jurisdiction in which you are located, including Canada (and for individuals located in Quebec, outside of Quebec), the United States and other foreign jurisdictions.

How long we keep your personal data

This depends on the type of personal data and what it is used for. We only keep personal data for the purposes set out herein or as long as we have a legal basis to do so, and we adhere to the principle of data minimisation. This means that we only keep the minimum amount of information necessary for specific processing.

We keep personal data you provide when you sign up for our marketing communications unless or until you unsubscribe. If you unsubscribe, we retain minimal information about you to ensure that we know you have unsubscribed.

Financial transaction data is kept for a maximum of seven years. This is due to legal obligations in relation to accounting and tax.

Where there is a contract between us, and in case of any legal action, personal data is retained for 8 years after the end of the contract.

A Data Retention Schedule listing how long different documents are retained is available on request, by emailing: [email protected].

How we secure personal data

We use a combination of physical, technical and organisational controls to safeguard your personal data. We are also committed to regularly evaluating our data protection security. Examples of our controls are listed below:

Personal data is stored on secure servers;

Payment transactions such as card transactions are encrypted using SSL technology;

Emails are scanned for malware and viruses;

Data sent between our website and your browser is protected using industry standard protocol such as Transport Layer Security;

Data processed by third parties is safeguarded by contracts containing privacy and security obligations, audit rights of inspection and warranties;

Personal data is stored within secured networks, and is only accessible by a limited number of people. Access rights and other policies and procedures forming part of our Information Security Management System (ISMS) further secure your information; and

Our security procedures mean that we may occasionally request proof of ID before we are able to disclose personal information to you.

Unfortunately, the transmission of information via the Internet is not always secure. Although we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site. Once received however, we will use our procedures and security to prevent unauthorised access.

Control Over Your Personal Data

Depending on the data protection laws that apply to your jurisdiction, you may have certain rights including those detailed below, and you can make requests to us about any personal data we hold about you.

Requests must be submitted via our global data protection officer: [email protected] or using the postal address listed further below.

We may request certain personal data to verify your identity and we will email you a Data Subject Access form for you to complete. Once this has been submitted, we have 30 days from the date of receipt to provide the information requested, and will not ordinarily charge a fee. If further copies are required, and/or the request is deemed vexatious, we may charge a reasonable fee.

Your rights may include:

Right to be informed. You have the right to be informed about the collection, use and disclosure of your personal data, as detailed in this Privacy Policy;

Right to access. You have the right to request a copy of the information we hold about you. If you want to request a copy you can contact us as detailed above;

Right to rectification/update. We want to make sure that your personal information is accurate and up to date. You have the right to ask us to correct, update or remove information you think is inaccurate;

Right to erasure. You have the right to ask us to delete your personal data. You can ask us to erase your personal data where there is no good reason for us to continue to process it. This will apply for example where the purpose we collected your information for is no longer relevant, or where you withdraw consent, if consent was given to start with;

Right to restriction. You have the right to request the restriction or suppression of your personal data under certain circumstances. This means you can limit how we use your personal data. This might apply if for example you believe the processing is unlawful;

Right to data portability. You have the right to ask for a copy of your personal data in a form that lets you copy or transfer it to another IT system in a machine-readable way, and / or another organisation. This will apply where the processing is based on consent or a contract, and the processing is by automated means;

Right to object. You have the right to object to the processing of your personal data in some circumstances. For example, you have the right to stop your data being used for direct marketing purposes;

Right not to be subject to automated decision-making including profiling. Where such processing produces legal effects or similarly significantly affects;

Right to withdraw consent. Where our processing is based on your consent, you have the right to withdraw this consent at any time. Note that if you withdraw your consent, we may not be able to provide you with the Services you have requested; and

Right to opt-out of the sale or sharing of your personal data to third parties (other than service providers and contractors identified above). We do not currently sell or share your personal data to such third parties, nor do we plan to do so in the future.

If you have any questions, requests or are unhappy with how we have handled your personal data you should raise a complaint via the global email address: [email protected]

Or you can write to us at the relevant address and the end of this Privacy Policy. We will respond within 30 days.

If after 30 days you have not received a response from us, you have the right to complain to the relevant regulatory authority.

CHILDREN’S PRIVACY

Our Site is not intended for children. Groupe Atlantic does not knowingly collect any personal data or data from children under the age of thirteen (or such other age as may be directed by applicable law), and will dispose of any such information if we become aware that it has been provided to us. If you believe that your child under the age of 13 (or such other age as may be directed by applicable law) has submitted personal data to us in connection with our Site, please contact us at [email protected]so that we may take steps to delete this information.

THIRD PARTY LINKS

Our Site may include links to third party websites whose privacy practices may differ from ours. If you choose to purchase products or services through a third-party site, or otherwise access a third-party site, the information collected by the third party is governed by that third party’s privacy policy. We encourage you to review the privacy policies of any other websites you visit.

Changes to our Privacy Policy

We keep our privacy policy under regular review and we will place any updates on this web page. All updates are dated. We encourage you to view this policy from time to time to be aware of any changes. This policy was last updated on March 18 2024.

Privacy Governance Policies and Practices

We are committed to protecting your personal data and have implemented policies and practices that govern our treatment of personal data, including:

• a privacy framework that defines the roles and responsibilities for our employees with respect to the treatment of personal data in our custody and control;
• processes for responding to data subject requests and complaints concerning the handling of personal data in a timely and effective manner;
• a framework governing the retention and destruction of personal data that is designed to ensure compliance with our legal obligations;
• policies and procedures concerning the protection of personal data, including safeguards designed to protect personal data in our custody and control against loss or theft and unauthorized access, use or disclosure;
• the designation of a Data Privacy Officer who is responsible for overseeing Groupe Atlantic’s compliance with applicable privacy legislation;
• practices pertaining to privacy training and awareness for our personnel with access to personal data.

If you have any questions regarding this Connect Privacy Policy please contact: [email protected]

Or you can write to us at the relevant address:

UK and ROI - Ideal Heating Ltd, National Avenue, Hull, East Yorkshire, HU5 4JN.

Canada and US - 1240 Forest Parkway, Ste 100 West Deptford, NJ 08066