Who we are and purpose of this privacy notice
Angli-EAR Hearing and Tinnitus Solutions Limited, a UK company with registered number Company number 10124257, registered office at Audiology House (Cambridge), 15 Woollards Lane, Great Shelford, Cambridgeshire CB22 5LZ and website at www.angliearhearing.co.uk (“we”), as a Controller, respects your privacy and are committed to protecting your personal data in accordance with General Data Protection Regulation (EU) 2016/679 and the UK Data Protection Act 2018 (hereafter “Applicable Law”).
Please read this privacy notice to understand how we collect, use and protect the personal data (including personal sensitive information) that you provide to us in the context of using our services.
While using AEH services via the AEH website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you, in order to let you participate fully in the services provided, or to generate your Angli-EAR Hearing profile in order to access and utilise our services. Certain personal information and non-personal information may be collected from or about you while using the AEH services, in order to provide you with services or advice.
What is the data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data: first name, last name, date of birth;
• Contact Data: email address, telephone numbers;
• Technical Data: internet protocol (IP) address, browser type and version, time zone setting and location, operating system and platform;
• Usage Data: information about how you use our services.
We also collect medical and health data about you, which are considered as sensitive data, and which are necessary for using our hearing services. The processing of those data is possible only if you consent to. You may withdraw your consent at any time, or exercise one of your legal rights as mentioned in the section “Your legal rights”.
How your personal data are collected
We use different methods to collect data from and about you:
Direct interactions: You may give us your identity and contact information by filling in forms. This includes personal data you provide when you:
• request a hearing report to be sent to you;
• request to be called back or contacted by us.
Third parties or publicly available sources: We will receive data from Google Analytics. We gather information to analyse user actions in our application and to improve our product and services. All data are anonymized/aggregated.
Why we use your personal data
We use your personal data for the following purposes:
• To send you marketing information, to make suggestions and recommendations to you about goods or services that may be of interest to you, based on your specific consent;
• To use data analytics to improve our website, analysis and development of services and products, customer relationships and experience based on our legitimate interest.
Disclosure of your personal data
We may share your personal data with third parties and sub processors acting on our behalf in connection with the provision of hearing services in case they need access to perform tasks on our behalf. Such parties are obligated not to disclose or use your data for any other purpose than those set out in the table above.
We require all third parties to respect the security of your personal data and to treat it in accordance with Applicable Law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
In addition, we may transfer your personal data in a de-identified form to our technology partners with the aim to improve services and products offered to you. The processing of personal data for these purposes will be done in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, or it will be anonymized.
Working with 3rd Parties
As part of our Services we will also manage, process and store your data using 3rd party service providers which are based outside of the UK and the EU (such as JaneApp). Before transferring your personal information, we ensure that appropriate safeguards are in place and that your privacy rights are protected and preserved. Such safeguards may include the existence of an EU adequacy decision, certification and adherence to EU-US Privacy Shield and Swiss-US Privacy Shield Frameworks, the Standard Contractual Clauses approved by the European Commission, binding corporate rules, or other legal mechanisms to safeguard the personal information being transferred.
In the event your personal data are transferred outside the UK or European Union/ European Economic Area to countries not considered as providing an adequate level of protection according to the European Commission, we commit to:
• Implement adequate procedures to comply with Applicable Law, and in particular when a request for authorization from the competent supervisory authority is necessary;
• Implement appropriate organizational, technical and legal safeguards to govern the relevant transfer and to ensure the necessary and adequate level of protection under the Applicable Law;
• If necessary, implement Standard Contractual Clauses as adopted by the European Commission.
Depending on the importing third country, we undertake to adopt supplementary measures such as completing a data transfer adequacy assessment if, after evaluation of the circumstances of the transfer and after evaluation of the legislation of the third country, it is necessary for the protection of the transferred personal data.
We have adopted appropriate security measures according to Applicable Law to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. We also have adopted procedures to deal with any suspected personal data breach and will notify you and any applicable supervisory authority of a breach where we are legally required to do so.
In addition, we limit access of your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for. In some circumstances we will de-identify your personal data (so that it can no longer be associated with you) for research or . statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
Under Applicable Law, you have the right of access, rectification, restriction of processing, data portability, objection of the processing of your personal data, erasure of your personal data, and withdrawal of your consent. Please note that the exercise of such rights is not absolute and is subject to the limitations provided by Applicable Law.
If you wish to exercise one of these legal rights, we may need to request specific information from you to help us confirm your identity and ensure your request is lawful. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Please know that if you consider that the processing of your personal data constitutes a violation of the Applicable Law, you can lodge a complaint with the UK Information Commissioners office the competent supervisory authority.
Minors’ personal data
This website and specific services are intended for paediatrics. We classify paediatrics as 17 years and under. We do not knowingly collect data relating to paediatrics. Any information disclosed to us is with a parent or guardians consent.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy statement of every website you visit.
Change of purpose
We will only use your personal data for the purposes for which we collected them as set out above. Before we change the purpose of processing your personal data, we will notify you and will explain the legal basis which allows us to do so. You have the right to reject to the processing for a different purpose at any time, and we will change or delete your data according to your request according to Applicable Law and recommended retention schedules as specified by the health & care professional council.
However if you do require us to delete information about you, we may no longer be able to provide further services or support services to you in connection with our goods and services.
How to contact us
If you wish to exercise any of the rights set out above, or for any other questions, information or remarks about this privacy notice or our privacy practices, please contact us at
Angli-EAR Hearing & Tinnitus Solutions Limited, Audiology House (Cambridge), 15 Woollards Lane, Great Shelford, Cambridge, Cambridgeshire, England, CB22 5LZ
website at angliearhearing.co.uk
contact T: 01223 661399, or email firstname.lastname@example.org
The security of your Personal Information is very important to us. We strive to use all acceptable means to protect your Personal Information. We are actively working on preventing unauthorized access to data via our internal procedures and by the usage of appropriate technology together with applying suitable safeguards with any 3rd parties or sub processors we work with. Despite our measures, we cannot guarantee total confidentiality. AEH can not be held responsible for any losses or damages suffered as a result of such unauthorized access. AEH may store data outside of your state, country or continent but will only do that on the highly secure Microsoft Azure infrastructure while remaining compliant with the applicable laws and regulations to protect your data.