Version: 01 issued 23/05/2018
Maintaining the security of your data is a priority at Hearbase and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. Hearbase is also dedicated to being transparent about what data we collect about you and how we use it.
This policy, which applies whether you visit our clinics at private hospital locations or Hearbase premises, provides you with information about:
- General Rules
- How do we use your data?
- What data do we collect?
- How is the data stored and protected?
- For what purposes is it used?
- Your legal rights to your data
- Data protection officer
Hearbase (and trusted partners acting on our behalf) uses your personal data:
– to provide audiology services to you;
– to make a tailored website available to you;
– to verify your identity;
– for crime and fraud prevention, detection and related purposes;
– with your agreement, to contact you electronically about promotional offers and products and services which we think may interest you;
– for market research purposes – to better understand your needs;
– to enable Hearbase to manage customer service interactions with you;
– where we have a legal right or duty to use or disclose your information (for example in relation to an investigation by a public authority or in a legal dispute).
How do we use your data?
Hearbase uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you on the latest Hearbase offers.
Hearbase aims to update you about products and services which are of interest and relevance to you as an individual.
You have the right to opt out of receiving promotional communications at any time by:
- Changing marketing preferences with us via telephone or email.
- Making use of the simple “unsubscribe” link in emails
- Contacting Hearbase via the contact channels set out in this policy.
Sharing data with third parties
Our service providers and suppliers
In order to make certain services available to you we may need to share your personal data with some of our service partners. These include affiliated private hospitals or NHS elements such as your GP or chosen surgery.
Other third parties
Aside from our service providers, Hearbase will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.
We may share your data with governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:
– to comply with our legal obligations;
– to exercise our legal rights (for example in court cases);
– for the prevention, detection, investigation of crime or prosecution of offenders;
– for the protection of our employees and customers.
How long do we keep your data?
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data. The longest we will normally hold any personal data for private patients is seven years beyond the end of the relationship. In the case of NHS patients we use current NHS guidelines which can be found on the NHS direct website (https://digital.nhs.uk/data–and–information/)
What data do we collect?
Hearbase may collect the following information about you:
– your name, age/date of birth and gender;
– your contact details: postal address, telephone numbers (including mobile numbers) and email address;
– purchases and orders made by you;
– when you make a purchase or place an order with us, your payment card details;
– your communication and marketing preferences;
– your interests, preferences, feedback and survey responses;
– your location;
– your correspondence and communications with Hearbase;
– in some cases phone conversations, which are recorded for training purposes and are automatically deleted after 30 days;
– other publicly available personal data, including any which you have shared via a public platform (such as a Twitter feed or public Facebook page).
Our websites are not intended for children and we do not knowingly collect data relating to children.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this policy. Some of the above personal data is collected directly, for example when you send an email to our customer services team. Other personal data is collected indirectly, for example when supplied by your GP or personal physician. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
How is the data stored and protected?
Hearbase is committed to keeping your personal data safe and secure.
Our security measures include:
– encryption of data;
– regular cyber security assessments of all of our systems and control measures;
– regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
– security controls which protect the entire Hearbase IT infrastructure from external attack and unauthorised access;
– internal policies setting out our data security approach and training for employees.
Your legal rights to your data
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision-making and profiling
You are entitled to a “subject access” which Hearbase (under ICO guidelines) defines as the following:
- Confirmation that you are processing their personal data;
- A copy of their personal data;
- Other supplementary information
Data protection officer
The Hearbase data protection officer is James Gibbs. Please direct any subject access requests for information to him at firstname.lastname@example.org or ring 01303 254416. Requests can also be made in writing to the following address:
Data Protection Officer, Hearbase, 140 Sandgate Road, Folkestone. CT20 2TE