Privacy and Cookie Policy
What does this policy cover?
This policy describes how Kingfisher plc and Kingfisher group companies (for more information on the Kingfisher Group please visit: www.kingfisher.com), also referred to as "Controller", "we" or "us", will make use of your personal data to ensure that you can interact with Myko Microsite (www.mykoapp.com) and that you can securely connect, manage, track and use connected products via the Mobile Myko App and to manage your user account.
We are committed to protecting your personal data and your privacy. We will use your personal information in accordance with all relevant laws and regulations that relate to data protection and privacy, including the UK or EU General Data Protection Regulation, as applicable (GDPR).
This Privacy and Cookie Policy tells you:
- what personal information we process and where we get it from;
- why we process this information;
- the legal basis for our processing of this information;
- how long we will keep it;
- who else will see it;
- where your personal information will be processed;
- your rights in relation to the personal information that we hold, including your rights to change, delete and see your information; and
- how you can contact us.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you (including the privacy policy of our Kingfisher group companies website) so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
What information do we collect when you interact with our website?
The Myko Microsite (www.mykoapp.com) may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave the Myko Microsite, we encourage you to read the privacy notice of every website you visit.
For more information about the cookies we use, please see our Cookie Notice.
What information do we collect when you use the Myko App?
We collect and process personal data about you when you interact with us and the Myko App. This includes:
- Email address
- Password
- Version of the terms of service seen and approved
- The timestamp when the user registered
- Most recent time that the user account was authenticated
- Failed login count
- Notifications token
- Phone location (to the extent the user opts-in to location collection as part of the connected product setup)
- Connected product location (manually by the user via a map picker or automatically from the phone's operating system)
- Usage data including information about how you use our products and services
- Time zone of phone (may be removed from data captured)
- Whether the user is on iOS or Android and what operating system version the phone uses.
- Phone model
- Model information (including whether the phone being used is a real phone (hardware) or a software-based phone simulator (used for development and testing, etc).
- Phone manufacturer
- The name of phone as provided by the user
- The locale that is set for the phone at the time of registration
- The version and build number of the Myko App
- The cloud region at the time of sign up (for example, Google europe-3, europe-4, etc.)
- User-defined home names
- User-defined room names
- User-defined connected product names
- User-defined group names
- State and activity of Connected Products
- Current WiFi SSID/signal strength for phones and connected products
- Whether or not the user has connected to Alexa or Google Home
- Delegation rights to guest users
- Connected Product performance data (e.g. on/off rates for lighting and heating, room temperature)
- Marketing communication data: communication preferences (opt-in), marketing communication data;
How do we use this information, and what is the legal basis for this use?
We process this personal data for the following purposes:
- To fulfil a contract, or take steps linked to a contract: this is relevant where for example, we need to deliver a product you have ordered. This includes:
- verifying your identity;
- communicating with you;
- providing customer services and arranging the delivery or other provision of products, discounts or services;
- To conduct our business and pursue our legitimate interests, in particular:
- we will use your information to provide products and services you have requested, and respond to any comments or complaints you may send us;
- we monitor use of the Myko App and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;
- we use information you provide to personalise the app, our website, products or services for you;
- we monitor customer accounts to prevent, investigate and/or report fraud in accordance with applicable law;
- we use information you provide to investigate any complaints received from you or from others, about our website or our products or services and
- we use data of some individuals to invite them to take part in market research.
- Where you give us consent:
- we will send you direct marketing in relation to our relevant products and services, or other products and services provided by us, our affiliates and carefully selected partners;
- we monitor use of the Myko App and online services, and use your information to help us monitor, improve and protect our products, content, services and websites, both online and offline;
- we place cookies and use similar technologies in accordance with our Cookies Policy and the information provided to you when those technologies are used.
- For purposes which are required by law:
- where we need parental consent to provide online services to children under 16 (for EU jurisdictions) and 13 (for UK jurisdiction). However, the app is not designed for children under 16.
- In response to requests by government or law enforcement authorities conducting an investigation.
Who will we share this data with and how?
We will share your personal data internally with Kingfisher group of companies in order to drive users to relevant banners for purchase decisions.
We will share your data with our external business partners, namely Afero, Google, Amazon for the provision of smart home solutions, customer service and app maintenance.
We use and store your personal data within the UK and the European Economic Area (EEA). Some of our external third parties (such as Afero, Google and Amazon) are headquartered or based outside of the UK and the EEA, so their processing of your personal data will involve a transfer of data outside of the UK and the EEA. Certain third party providers (such as Afero) may have a US-based company but we aim to ensure in each case that your personal data remains with their EEA-based company.
Whenever we transfer your personal data out of the UK and the EEA, we ensure a similar degree of protection is afforded to it by ensuring that appropriate safeguards are implemented, including any of the following:
- We will transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by a decision of the European Commission in the EEA and/or by adequacy regulations in the UK.
- Where we use certain service providers, we use specific contracts approved by the European Commission and the UK public authorities which aim to provide appropriate safeguards for the protection of personal data outside the UK and the EEA.
You can get a copy of the relevant transfer mechanism by contacting us.
Automated decision making and profiling
We use automated profiling for our marketing and product development purposes but such profiling does not produce a legal or similarly significant effect.
You have rights in relation to automated decision-making, including the right to request a review of the accuracy of a decision that you are unhappy with. If you want to know more, please contact us using our contact details.
What are my rights?
Your personal data is protected by legal rights, which include your rights to:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, following your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: if you want us to establish the data's accuracy; where our use of the data is unlawful but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party (data portability). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
- These rights may be limited, for example if fulfilling your request would reveal personal data about another person, where they would infringe the rights of a third party (including our rights), or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping. Relevant exemptions are included in data protection laws both in the EEA and the UKGDPR and in the Data Protection Act 2018. We will inform you of relevant exemptions we rely upon when responding to any request you make.
If you wish to exercise any of these rights, please contact us using the details we provided.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you have concerns about how we process your personal data or you believe that a violation of data protection law has occurred, you also have the right to complain to the Information Commissioner's Office or the data protection authority of the place where you live, work or you consider that a violation has occurred.
How long do we retain your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Where we process personal data for managing your Myko App user account, we process device information for a maximum of 24 months after you delete your Myko app user account.
Cookie Policy
Subject to your consent, the Myko Microsite uses cookies and similar technologies to provide, customize, evaluate, improve, and protect our Programs except where these are strictly necessary cookies.
About Cookies
Cookies are small text files that are stored on your computer or other device by websites that you visit. This page explains the cookies we use and what we use them for, and lets you turn them on or off. Some cookies are necessary in order for our website to work properly. We also explain in our which other companies use cookies on the Myko Microsite and what they use them for, and lets you turn those other companies' cookies on or off.
The Myko Microsite uses cookies in order to make the website easier to use, to support the provision of information and functionality to you, as well as to provide us with information about how the website is used so that we can make sure it is as up to date, relevant and error free as we can. We also use cookies to try to ensure that our online adverts reflect the interests of web users. Further information about the types of cookies that are used on the Myko Microsite is set out in the .
We use the following type of cookies:
- Essential cookies - These cookies are essential in order to enable you to move around the Myko Microsite, and to use their features - for example, to provide secure login. Without these cookies, we would not be able to provide you with services like enabling appropriate content based on your type of device. Performance and Analytics cookies. These cookies help us understand and analyse how people use the Myko Microsite. They collect information such as which pages on our website visitors go to most often, which features they use, and which websites people have visited before they visit ours. We use this information to improve our website and provide a better user experience.
- Functional Cookies These cookies allow us to remember choices you make (such as your language or the region you are in) and provide enhanced, more personal features. These cookies can also be used to remember changes you have made to text size, fonts, and other parts of web pages that you can customise. They may also be used to provide services you have asked for such as watching a video. If you enable these, we will ask for your consent at that time you change the settings. These cookies cannot track your browsing activity on other websites.
What is the lifespan of the cookies?
Cookie details are provided in the table below. If we have asked for your consent to use cookies, this means we will ask you for consent again at this point.
| Cookie | Provider | Duration | Type |
|---|---|---|---|
| _ga | Google Analytics | 13 Months | Analytics |
| _gid | Google Analytics | 1 Day | Analytics |
| _hjid | Google Analytics | 6 Months | Analytics |
| addevent_track_cookie | AddEvent | 1 year | Analytics |
| TAsessionID | Trust Arc | 30 minutes | Performance |
| cf_clearance | Cloudflare | 1 year | Essential |
| __cf_bm | Cloudflare | 30 minutes | Functional |
| notice_behavior | Trust Arc | Session | Performance |
| CONSENT | Youtube | 2 years | Analytics |
| _gat | Google Analytics | 1 Minute | Performance |
How to manage Cookies
As well as the options provided in our cookie banner, you can choose to restrict or block cookies through your browser settings at any time. For more information about how to do this, and about cookies in general, you can visit www.allaboutcookies.org and www.youronlinechoices.eu. However, please be aware that restricting or blocking cookies set on the Myko Microsite may impact the functionality or performance of the website, or prevent you from using certain services provided through the website.
Please note that third parties (including, for example, advertising networks and providers of external services like website analysis services) may also use cookies, over which we have no control, although we may receive services from these third parties (including, for example, for targeted advertising purposes and website analytics). These cookies are likely to be performance cookies or targeting cookies (as described in our cookie banner). Please note that, if you change your cookie preferences via the Myko Microsite, this may require the deletion of cookies. However, we cannot delete third party cookies. The only way to ensure all cookies are removed from your computer is to use the cookie management tool within your browser.
Updates to This Policy
We reserve the right to amend the terms of this Privacy and Cookie Policy. If we makes any material changes to this Policy or decides to use personal information in a manner that is materially different from the uses described in this Policy, we will use reasonable means necessary to notify you.
This version of our privacy notice was last updated on 17/01/2024.
How can you contact us?
We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy notice. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact [email protected].