1. This policy
1.1 The Hearing Clinic (we) are the data controller in relation to personal data we collect from you in connection with our provision of products and services.
1.2 We are committed to protecting and respecting your privacy.
1.3 We are registered in England and Wales as Bridgette Harley Hearing Care Limited under company number 09158896 and have our registered office address at P.O. Box 501, The Nexus Building, Broadway, Letchworth Garden City, Herts SG6 9BL. We can be contacted at firstname.lastname@example.org.
1.4 This policy (together with any terms and conditions that have been notified to you and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
2. Information we collect from you
2.1 We will collect and process the following data about you:
(a) Information you give us. This is information about you that you give us by filling in forms at our clinic, or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your title, name, address, e-mail address phone number, date of birth, and GP.
(b) Information we collect about you. This is information that we collect during an examination. This includes special types of information such as your hearing health, ear health, auditory processing, ear and hearing history, your use of hearing aids or other assistive listening technologies, your general well-being, balance, dexterity, vision, mental health.
2.2 Collecting this personal data is essential to us being able to provide you with hearing services. If we are not able to collect this personal data, our ability to provide a high level service to you may be limited. We will not collect any personal data from you that we do not need in order to provide hearing services to you.
3. How we use your information
3.1 All the personal data we process is processed by our staff in the UK. However, for the purposes of IT hosting and maintenance this information is located on servers within states which the European Commission has deemed to have adequate data security protection or which are otherwise permitted under the GDPR. Data may be stored and processed on systems including The Blueprint IT, NOAH IT, Microsoft Azure and Microsoft Office 365.
3.2 A key requirement of UK Data Protection law is that we have a lawful basis for processing your personal data. Where the data is collected for the purpose of fulfilling a contract with you, we will use your personal data on the basis that processing is necessary to fulfil that contract. Where the data is collected for all other purposes (outlined below), we will process your personal data on the basis that you have given consent via our consent form or that we have a legitimate interest to process the personal data.
3.3 We will use information you give to us and which we collect from you:
(a) To provide information, products and services that you request from us;
(b) To provide you with information about other services and products that we offer that are similar to those that you have enquired about or which we reasonably consider may be of interest to you where you have given your consent to this; and
(c) To notify you about changes to our services.
3.4 There may be circumstances in which we will share your personal data with other healthcare professionals to assist with your treatment, or with manufacturers in order for them to deliver products which you have ordered. We will not share your personal data with any other third parties unless permitted or required to do so by law or as referred to in paragraph 3.5 below.
3.5 We reserve the right to process your personal data for our legitimate interests of obtaining legal or other professional advice or transferring our business assets (including personal data) on reorganisation, sale or merger of any part of our business.
3.6 Where we have a legitimate interest (which you may object to at any time as set out in paragraph 5.1 below) to process personal data, we will use your data on the basis that we have legitimate interest to do so which is not overridden by your rights and freedoms, which may include the use of CCTV on our premises for the purpose of public safety, crime prevention, detection and prosecution of offenders.
3.7 We will never sell your information to third parties. However we may disclose your personal information to third parties in the following circumstances:
3.7.1 In the event that we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyers of such business or assets and to their legal advisers;
3.7.2 In the event that we appoint a third party data processor to process your personal data in accordance with our documented instructions and with the requirements of UK Data Protection law;
3.7.3 If we are under a duty to disclose or share your personal data in order to comply with any legal obligation;
3.7.4 If it is necessary to disclose your personal data to our professional advisers (for example, to our legal advisers or our accountants);
3.7.5 If it is necessary to do so in order to enforce or apply our terms and conditions of supply (if applicable) or to protect the rights, property, or safety of The Hearing Clinic, our clients or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction and exchanging information with debt recovery agencies; and
3.7.6 To licensed credit reference agencies, other suppliers and creditors to help us and others make credit decisions; to help prevent or detect fraud or other crimes; to trace debtors; to provide trade references on a confidential basis to our agents and sub-contractors; and to insurance companies for the purpose connected with insurance products that relate or might relate to the you.
4. How long we keep your personal data
4.1 We will keep any personal data for providing services or products or informing you of new products or services until such time as you notify us that you no longer require services or products and no longer wish to receive this information.
4.2 We will store any other personal data for no longer than is reasonably required. We consider this to be the amount of time that we need your personal data in order for us to fulfil our obligations to you under any contract we may enter into and in order for us to fulfil any legal obligations.
4.3 Personal data which is recorded on our CCTV will usually be deleted after 7 days, except where we consider it necessary to retain the personal data for the purpose of public safety, crime prevention, detection and prosecution of offenders.
5. Your rights
5.1 You have the right to object to our use of your personal data for marketing purposes and/ or for the purpose of CCTV monitoring. You may object to our use of your personal data for marketing purposes and/ or for the purpose of CCTV monitoring by writing to us at our registered office, or by phoning 01923 372101 or 01462 506074 or by emailing email@example.com and informing us of your objection.
5.2 You have the right to withdraw your consent to our processing for specified purposes or at all at any time. You may withdraw consent by writing to us at our registered office, or by phoning 01923 372101 or 01462 506074 or by emailing firstname.lastname@example.org and informing us that you are withdrawing your consent for one or more of the purposes for which consent was given.
5.3 You may request access to your information, to have any incorrect information corrected and to have your information deleted.
5.4 You have the right to request a copy of information held about you by us. Generally we will provide this information free of charge, however in certain circumstances we reserve the right to charge a reasonable fee to meet our costs in providing you with details of the information we hold about you in accordance with UK Data Protection law.
5.5 In certain circumstances, you have the right to require us (and our third party data processors) to erase your personal data without undue delay, although we reserve the right not to erase personal data (or to inform our third party data processors) where processing remains necessary for purposes which are permitted by UK Data Protection law.
5.6 You have the right to request that your personal data is made portable for the purposes of transferring personal data to another supplier in relation to:
5.6.1 Personal data which you have provided to us;
5.6.2 Personal data which is processed on the basis of your consent or the performance of a contract; and
5.6.3 Personal data which is processed by automated means.
6. Access to information
6.1 UK Data Protection law gives you the right to access information held about you by us. Generally we will provide this information free of charge, however in certain circumstances we reserve the right to charge a reasonable fee to meet our costs in providing you with details of the information we hold about you.
7. Right to lodge a complaint
7.1 While we will endeavour to only use personal data that is relevant to our purpose and ensure your personal data is kept secure, sometimes errors occur. If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data as required by law you can contact the Information Commissioner’s Office on 0303 123 1113.