Hearing Healthcare Practice takes the privacy of personal data seriously and we are committed to the security of, and transparency around, how we handle personal data. This notice is intended to inform you about the types of personal data we process, how we collect it and our legal bases for doing so. It also informs you of your rights in relation to personal data we may hold about you and how you can contact us should you have any queries or concerns about this.
When we refer to ‘Hearing Healthcare Practice’ or ‘we’ (or ‘our’ or ‘us’) we are referring to Hearing Healthcare Practice Ltd. Our head office is 26 Burgundy House, The Foresters, Harpenden, Herts, AL5 5PT.
For UK and European data privacy purposes when we act as a controller of personal data we do so either as Hearing Healthcare Practice Ltd (registered in England & Wales number 3459945).
We obtain personal data only directly; for example, directly from our clients when they engage with us for audiological goods and services, directly from our employees when they either apply to, or start, work with us and directly from our suppliers and other business partners in the course of normal commercial interactions to procure goods and services from them.
We do not obtain personal data indirectly from third parties.
We process personal data in respect of the following broad categories of individuals:
Personal data that we collect from you directly is used only in the course of delivering goods and services to you. We will only collect data from you that is relevant to the service, or the goods, being delivered. This may include some or all of the following:
We will add your contact data to our mailing list unless you tell us not to (see ‘Marketing’ below).
We consider our lawful basis for processing the types of personal data above to be the fulfilment of our contract with you to deliver goods and/or services to you. If you have given us your email address, we will use that to communicate with you specifically in relation to matters to do with you as a client. If you agree we may send marketing information to you by email (see ‘Marketing’ below).
We recognise your health data as ‘Special Category Data’ and as such we take extra special care to protect that. Your health data is protected internally and only staff and employees of Hearing Healthcare Practice that have a valid reason to see your health data can do so. Except for data processed within our Clinic Management Systems we do not share your data with any external third parties, unless there is a medical requirement to consult with another medical professional, in which case you would be informed and your data would be shared and handled securely at all times.
We consider that the additional condition that enables us to process your health data, as set out in Article 9 of the GDPR, is the provision of aural health care (diagnosis and treatment) that we deliver to you. The supervisory body for these services is the HCPC (http://www.hcpc-uk.co.uk
We process your data within our Clinic Management Systems in order to provide effective services to you. Your data is managed securely and in accordance with GDPR rules. The system we use is:
We will retain your data for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws. Thereafter we will only retain your data if we have a continuing legal requirement to do so. For example, Health information may need to be retained for a period of time after you have ceased to be a Hearing Healthcare Practice client in order to fulfil our obligations to the NHS, regulatory or similar bodies, and financial details in relation to payments for goods and services must be kept for six years as dictated by HMRC. You also have the right, under UK Data Protection legislation, to formally request that you wish your data to be removed from our systems (see the end of this notice for further details).
Several times a year we send out a brief newsletter to our clients and other contacts on our mailing list. We do this as a way to keep you informed about our services to give you news and updates about what is going on at the Practice. For this we will use your email address and occasionally your postal address. We have a legitimate interest in marketing our services as a normal and expected activity in running a business, and we make every effort to do this in the most informative way and with the minimum amount of intrusion. You have the right to opt out of receiving our newsletter and to be removed from our mailing list at any time; to do so, please contact us either in writing or by email (see contact details at the end of this notice).
We process personal data in respect of prospective, current and former employees. This privacy notice addresses only prospective employees; current and former employees are the subject of an internal privacy notice.
For prospective employees we only process personal data that is given to us directly by the individual. We do not use recruitment agencies or any other means of obtaining personal data through third party channels.
Typically, the personal data provided to us by a prospective employee will be their CV and personal contact details, and potentially passport information and right to work checks, as well as any data collected during the interview stage. We will process this data on the legal basis of contract, albeit that this is prior to, but nevertheless essential for, any future contract of employment.
The Company seeks information from third parties only with your consent, such as references supplied by former employers.
Some special categories of personal data, such as information about health or medical conditions, may be processed to carry out responsible and legal employer obligations to support you as an employee in your workplace.
Personal data obtained during recruitment will be retained on the company Intranet for a period of six months for unsuccessful applicants and thereafter will be securely disposed of. For successful applicants we will retain personal data obtained during recruitment for six months or until the probationary period is successfully completed; thereafter only data relevant to their ongoing employment will be retained and any other data will be securely disposed of.
The Company employs permission-based access controls across all of its systems to ensure the security of all employee-related personal data.
We process contact details for individuals who work for our suppliers and other business partners. Typically, such data will comprise of name, email, telephone number(s) (direct dial and mobile) and business address. We use this data in order to procure goods and services and to fulfil our contractual obligations entered into and also on the basis of legitimate interest in the normal course of business. Where an individual is in business as a sole-trader we may also hold details of their bank account, which we use solely for the purpose of making payment for their goods and services supplied.
We may disclose your data to our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable data protection laws, including GDPR). We may also disclose your information if required by law, requested by law enforcement authorities or to enforce our legal rights; for example, HMRC have the right to inspect our records for Tax and VAT compliance purposes.
We do not transfer data outside of the EU.
Our website at https://www.hearinghealthcare.co.uk does not collect or process personal data in any automated way.
When you contact us through our website your details are not stored by the website; the details that you enter are simply processed by sending an email to us, the content of which is securely stored on our internal email system. We will only use the details you provide to us for the purpose of responding to your enquiry.
A cookie is a small text file that’s placed on your computer or mobile device when you visit a website. Some of these are persistent cookies (they remain on your hard drive for an extended period of time) and some are session ID cookies (they expire when you close your browser).
We use a small number of cookies on our website for the purposes of using Google Analytics to help us understand the web traffic we get on our website. The cookies we use do not contain any personal information about you, they are simply an identifier used for analytics.
Hearing Healthcare Practice recognises that your personal data belongs to you and we do our best to use it in ways that you are happy with.
You can control whether or not you receive marketing email from Hearing Healthcare Practice by letting us know directly. You can either write to us or send us an email to : [email protected]
You also have a range of rights depending on our use of your data:
You can exercise any of these rights by contacting us either in writing or by email to : [email protected]
We will acknowledge your request and let you know the next steps. In most cases we will need to verify your identity before actioning your request.
You have the right to lodge a complaint with the UK Information Commissioner’s Office (https://ico.org.uk/ ) or the supervisory authority in your country of residence or place of work.