Sound Advice Hearing (“We”) are committed to protecting and respecting your privacy. We take our responsibilities under the General Data Protection Regulations very seriously and we want to comply with the spirit and the letter of guidance provided by the Information Commissioners Office (ICO). You can find information about ICO at their website https://ico.org.uk/
This policy together with our Terms & Conditions http://www.soundadvicehearing.co.uk/terms-conditions/ and any other documents referred to on it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.soundadvicehearing.co.uk you are accepting and consenting to the practices described in this policy. We regret that if there are one or more points below with which you are not happy, your only recourse is to leave our website immediately.
For the purpose of the Data Protection Act 1998 (the Act), the data controller is Sound Advice Hearing Ltd of 22 High Street, Washingborough, Lincoln LN4 1BG.
We do not sell to a third party, any personally identifiable information collected. No third parties have direct access to personal data. However, we may share or receive information from a third party such as a GP where it is in your best interest and is best practice to do so, subject to your consent.
Personal data we may collect from you
We always aim to minimise the amount of personal data we collect, we do not collect any personal information which is not required to perform our duties as hearing healthcare professionals or to run our website efficiently and effectively. This does mean that any personal data may vary based on your relationship with us. Your privacy is important to us.
We may collect and process the following data about you depending on your relationship with us:
- Information you give us.You may give us information about you, by filling in forms on our site www.soundadvicehearing.co.uk (our site) or by corresponding with us by phone, e-mail, visiting us, or otherwise. This includes information you may provide when entering a competition, promotion or survey, and when you report a problem with our site.
- Because we are a hearing healthcare based business, any healthcare information you provide us with will be held in the strictest of confidence. Any healthcare information, will be used by us to provide you with the best possible care and will be handled at all times in a way that is consistent with the Health and Care Professions Council (HCPC);
- The information you give us may include your basic personal data:
- e-mail address;
- date of birth;
- contact telephone number (including mobile);
- relevant health details including any past or current hearing issues;
- relevant lifestyle information.
- Information we collect about you. With regard to each of your visits to our website we may automatically collect the following information:
- We may use software embedded in our website to collect information about pages you view and how you have reached them, what you do when you visit a page, length of time you remain on the page, and how we perform in providing content to you. We do not associate such information with an identifiable source.
If visiting one of our hearing centres, day centres, open events or if we visit you at home – we may also collect the following:
- your test results (Audiological Information – which is used to assess and monitor hearing requirements), details of current or newly prescribed or recommended hearing instruments and their programming history, accounting information which may consist of previous and/or current orders and other transaction history.
- Information we receive from other sources. We may receive information about you if you use any other websites we operate/or are associated with, or other services we provide. In this case we will have informed you (or any other relevant party will have informed you) when that data was collected and that it may be shared, shared internally and combined with data collected on this site or by other means. We may also work closely with third parties (including, for example, solicitors in respect of Noise Induced Hearing Loss Claims, GPs in respect of referrals and best practice, insurance companies in respect of hearing instrument loss, website analytics providers, search information providers, credit reference agencies (if applicable) and we may receive information about you from them.
How do you use my personal data
The law requires us to determine how we process different categories of your personal data, and to notify you of the basis for each category. If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data.
Under GDPR we use the following lawful bases for processing such data depending on your relationship with us:
- Information we process because we have a contractual obligation with you. When you buy a product or service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us.
In order to carry out our obligations under that contract we must process the information you give us.
We process this information on the basis there is a contract between us, or that you have requested we use the information before we enter into a legal contract. We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
- Information we process with your consent. Where there is no contractual relationship between us, such as when you browse our website or ask us to provide you more information about our business, including our products and services, you provide your consent to us to process data that may be personal information.
Sometimes you might give your consent implicitly, such as when you send us a message by e-mail to which you reasonably expect us to reply, or when you call us by phone.
Except where you have consented to our use of your information for a specific purpose, we do not use your information in any way that would identify you personally.
We continue to process your information on this basis until you withdraw your consent, or it can be reasonably assumed your consent no longer exists.
With your permission and/or permitted by law, we may also use your personal data to send marketing related information that we feel is relevant to you and your hearing.
You may withdraw your consent at any time. Please see contact details below.
- Information we process because we have legitimate interest. If you are a customer, we are obliged to keep clear and accurate records about your care. This is an integral part to good professional practice and the delivery of quality healthcare, and also enables us to provide continuity of care. It is also a fundamental aspect of hearing healthcare and what the health care regulator expects from us.
- Information we process because we have a legal obligation. We are subject to the law like anyone else. Sometimes, we must process your information in order to comply with a statutory obligation. This can include your personal information.
Examples of how we may use your personal information:
- to respond to enquiries received from you;
- to provide accurate and up to date records and to provide you with the services that we have been engaged to perform;
- perform our statutory, legal and regulatory obligations with regards to correct accurate hearing aid prescription, appropriate hearing healthcare treatment and all necessary onward referrals, that would be appropriate in any patient pathway;
- providing our products and services to you;
- processing and retaining your payment and order details to facilitate your purchase and to deal with any queries or refunds;
- notifying you about any changes to our products and services;
- contacting you regarding your ongoing hearing healthcare. For example, this could be letting you know when your next appointment is due and reminding you to book this with us;
- contacting you regarding your warranty expiration and the process for renewing such (if applicable);
- sending Birthday Cards or Christmas Cards;
- we may occasionally carry out customer care surveys. These surveys will be optional, and any data will only be used internally and never shared with third parties;
- if applicable, we may carry out credit checks but only with your explicit permission;
- maintaining records for tax, compliance with statutory, legal and regulatory obligations, defence of claims and other corporate purposes;
- managing and administrating any insurance claims;
- to provide you with information about other goods and services we offer that are similar to those that you already have or enquired about;
- information collected from our website may be used to ensure that content from our site is presented in the most effective manner for you and for your computer and to keep our site safe and secure. Also, to administer our site for internal operations, including trouble shooting, data analysis;
- we may also occasionally use information to communicate (using e-mail, phone, or mail) about relevant and suitable product developments and updates;
- for marketing to potential customers where they have given consent.
How long will you keep my personal data
Personal data processed by us is kept by us for as long as is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation) and this is determined by your specific relationship with us. We are subject to legal, regulatory and professional obligations.
We need to keep certain records to demonstrate that we are compliant with those obligations and those records may contain personal data.
Our retention policy for records and other documentary evidence created in the provision of hearing healthcare services is as follows:
- If you are an existing client, we will keep all your records to ensure we continue to meet our duty of care and maintain good professional practice and quality of healthcare;
- because of the nature of our business we will retain records for a period of 20 years, or until a ‘right to erasure’ or ‘right to be forgotten’ request is received by us (verbally or in writing), or a notification of death is received;
- in the absence of specific legal, regulatory or contractual requirements, once a right to erasure has been received or notification of death, basic personal data such as address, telephone number, e-mail address is permanently deleted. The only other data that would then be retained would be to comply with legal and regulatory standards and maintain the integrity of our data;
- if you request correspondence with regard to products, services, promotions etc. the information that we use for this purpose will be kept until we receive a ‘request to erasure’ or a ‘request to restrict processing.’
Security for personal data
We work hard to protect your data from unauthorised access, accidental loss or disclosure, destruction and abuse and keeping it private and safe. We hold your personal data on a secure server that is protected by multiple security measures. This data is protected by up-to-date firewall protection, monitored by intrusion detection systems, SSL encryption, antivirus, and spyware. Only authorised staff have access to the secure server via valid username and password combinations, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.
Data is stored on a primary database server that is clustered with a backup database server for redundancy. The data is stored on disk storage that is mirrored across different storage cabinets and controllers. The data is automatically backed up to a tape library on a nightly basis. Backup tapes are immediately cloned to a second tape library to verify their integrity, and the clones are moved to secure, fire resistant off-site storage on a regular basis. Disaster recovery plans are in place.
Use of site by children
If you are under 18, you may use our site but only with consent from a parent or guardian.
Links to other websites
Our site may, from time to time, contain links to other websites, references and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
GDPR provides the following rights for individuals:
The right of access – if an individual wishes to see a record of what data we hold, they should submit a ‘subject access request’ verbally or in writing, stating what information you require. As this request would contain particular healthcare information, we are permitted to charge an administration fee of £10.
You may be required to provide proof of identity prior to us providing this information. This process will involve providing evidence of name, address, telephone number, e-mail address and by attending one of our hearing centres with photographic ID (either a passport or driving licence).
The right to rectification – we aim to keep all personal data we hold as accurate and up-to-date as possible. If you notice an error, or you would like us to update your details, or if you notice your details are incomplete, please contact us using the details below.
The right to erasure and/or objecting – in certain circumstances you can make a request to have your personal data ‘erased’ or ‘forgotten’. You can also object to us processing or ask us to limit/restrict/suppress how we process data. This can all be done verbally or in writing.
We aim to be as clear and transparent about what information we collect along with your rights. If you have any additional questions, then please contact us on the details below.
How do i contact you
To contact us about anything to do with your personal data and data protection i.e. questions, comments, and any requests please contact our data protection lead Angela Driver.
By e-mail: firstname.lastname@example.org
Updated June 2018