Privacy & Data Policy

Introduction

In this Privacy Notice, we tell you about:

  • Your rights and how to contact us so as to exercise these rights.
  • The personal data that we collect, our uses of the data and the legal basis for processing.
  • The recipients or categories of recipients to whom your personal data are disclosed.
  • Where data is transferred to a third country or international organisations, the safeguards that we rely, in the absence of the recipient country having received an adequacy decision.
  • Information relating to the criteria used to determine how long personal data is retained.

This Privacy Notice applies to customer personal data that we process and includes data collected, for example, in our premises, from our website, via the use of online forms, social media, emails, complaints, customer satisfaction surveys, written correspondence and information gathered with speaking to you.

In this Privacy Notice, when we refer to ‘you, your’, we mean the person whose personal data we collect, use and process. This includes anyone who engages with us in connection with the products and services we provide or who interacts with us in another manner, for example, in our premises or by using our website.

For our use of cookies on our website, please read here:

About us

The group of undertakings to which this Privacy Notice applies includes:

  • TAC Holding Ltd
  • House of Hearing Ltd
    • (Northern Audiology Ltd)
    • (Alderley Edge Hearing Ltd)
  • Help in Hearing Ltd
    • (The Hearing Clinic (Henley) Limited).
  • The Hearing Care Centre Limited
  • The Eastbourne Hearing Centre Limited
  • Hearing Matters Ltd
  • Bexhill Hearing Centre Limited
  • Dove Hearing Centres (Cross Hearing Services Limited)
  • Aston Hearing Services Limited

References to ‘we’, ‘us’ or ‘our’ means the companies listed above that process personal data in the capacity of a data controller.

How to contact us

You can contact us in a number of ways:

Protecting your confidentiality

To protect the confidentiality of your information, we may ask you to verify your identity before proceeding with any request you make when exercising your rights or sending a complaint.

Our responses may include sensitive personal data and confidential data, so in certain instances we require:

That your requests are given to us in writing (including email) or are given verbally.

Details of identity; including as a minimum, first name, last name, address and date of birth.

Please note – in most instances access to your personal data is free of charge. However, we do reserve the right to charge a fee for repeated requests.

We are only able to comply with requests that relate to personal data held in accessible, structured filing systems for which we are the data controller.

Your rights

Your rights We will:

Right of access (also known as a Subject Access request):

  • At your request, we will confirm whether or not we are processing your personal data.
  • You have a right to receive a copy of your personal data that we process.
  • You have the right to consent to us making your personal data available to a third party.

Once we have received sufficient information to process your request, we will make your information available to you within the regulated timeframe.

We will make your personal data available to a third party if you have consented to this.

For more information on giving consent to a third party or family member, please see the section 'Subject Access Requests by Third parties' below.

 

Right of rectification

You can request that incorrect or inaccurate information is corrected.

We will assess your request but may need to verify the new data that you provide to us, or we may take our own steps to verify that the new data you have supplied us with is correct.
In certain circumstances we may refuse your request for rectification, but in such a case, we will confirm this to you and explain our decision.

Right to restrict processing

In certain instances, you can request that we stop processing some or all of your information, for example, where you believe the information is inaccurate, or you believe there is no legal reason for us to continue to process your personal data.

Where we agree to processing being restricted, we will (with the exception of storage) not process your personal data without your consent, unless we have a legal basis for doing so.
This could include, without limiting the right, the need to institute or defend a claim, or we need to protect another individual's rights.

Right to data portability

You have the right to have information transferred to another entity where this is technically possible.

We will provide your personal data to you in a structured, commonly used method.

Right to object

You have the right to object to the processing of your personal data for purposes of direct marketing or where we use ‘legitimate interests’ as the lawful purpose for processing.

We will record your request and stop processing your personal data for purposes of direct marketing. This may take 28 days to take effect after receiving your request.

We will stop processing your personal data where we rely on ‘legitimate interests’ as the lawful basis for processing unless we believe that we have a legitimate overriding reason to continue processing, or we need to defend any legal claims against us.

Right to withdraw consent

Whenever you have given us your consent to use your personal data, you have the right to withdraw your consent.

We will stop processing your personal data for the purpose that consent was given upon your consent being withdrawn.

Right to Erasure

You have the right to request that we delete the personal information we hold on you. You have the right to have your personal data deleted only in the following circumstances:

  1. Where we no longer need your data for the purposes it was originally collected.
  2. Where you have withdrawn consent that you had previously given.
  3. Where you object to us processing your data and we have no overriding legal reason to continue processing it.
  4. Where the personal data has been unlawfully processed.

Where law requires us to delete the personal data.

We will assess your request and confirm if your request can be actioned. We are not always obliged to erase personal data as legislation or contracts that we have entered into may place an obligation on us to retain personal data for a period of time.

Where we have been asked to erase your data but have a obligation to keep it, we will:

  • Inform you of the obligation.
  • At your request, suppress your record to ensure that no
  • further communications are sent to you.
Right to lodge a complaint with a supervisory body e.g., the ICO in the UK.

The contact details are as follows:

  • ICO - Information Commissioner Officer, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

Tel: 0303 123 1113. Email: casework@ico.org.uk

 

What data do we collect?

We collect personal data in a number of ways, including when you visit our premises, via our websites, by phone, email, post, social media and any other engagement that we may have with you.

The type of personal data we collect is:

  • Information collected when booking a meeting/examination, for example, your name and surname, address, contact details (phone and email), date of birth, age and the premises that you select.
  • Medical and health information concerning current or past hearing health and other general health conditions.
  • Your prescription and other information relating to your health forming part of your examination.
  • Results and recommendations made by the examining practitioner.
  • Information received from other health or medical professionals, including the NHS.
  • Details of your purchases including past orders, any discounts applied as well as refunds processed.
  • Membership subscriptions that you have with us.
  • Your payment details and payment behaviour (where relevant).
  • You’re marketing and communication preferences.
  • Information relating to your lifestyle and hobbies.
  • Relevant personal information about others e.g., your family history, next of kin, contact details of your family that you provide to us.
  • Feedback and survey responses.
  • Information collected as a result of your visit to our website, including any transactions that you carry out on the website, as well as your demographics, interests, details of your browsing and your direct marketing and other preferences.
  • Images and recordings from our systems.
  • Your correspondence with us either in writing or by phone e.g., details of queries, complaints, call recordings or notes taken during conversations, requests for access to information and other requests exercising your rights.
  • Feedback and ratings of our products and services published on our website.
  • Electronic information, collected from your device.
  • Any other information you have voluntarily given us.
  • Information that we have collected from a third party if it is legal to do so.
  • Information that provides marketing and advertising assistance.

How and why do we use your personal data?

Your personal data is processed for the following reasons, so that we can provide you with the best possible care and customer experience. Here’s how we use your data:

1.    To provide professional care services:

  • To book and confirm your appointment. We will send you a confirmation if you book online and a courtesy reminder will be sent a short period before the appointment is due.
  • To carry out a hearing examination so that we can understand the status of your hearing health and any medical or other conditions.
  • To formulate your prescription so as to determine your needs for hearing.
  • To carry out aftercare services, for example, where you have purchased contact lenses from us.
  • To send you hearing test reminders. Changes in your hearing are usually very gradual, so regular hearing tests are important.
  • To notify you that products that you have purchased are available for collection.
  • To refer you to other medical or health professionals, or to the NHS.
  • For research and scientific reasons by us or third parties. Information provided to third parties will be anonymised.

2. To process transactions

We will process your personal data:

  • So that we can provide our products and services to you and process any transactions, including payments, when you purchase our goods and services, or refunds.
  • In respect of payments made to us as well as payments using card processors where payment is processed using a credit or debit card.
  • And will make the required personal data available to third parties where you wish to conclude an agreement with that third party. For example, you may wish to apply for and enter into a payment arrangement with a third party, or you may want to apply for and obtain insurance over the product that you have purchased.
  • To meet our contractual obligations to third parties e.g., the NHS.
  • To ensure delivery of goods to your nominated address where you elect not to collect the goods from our premises.

3. To communicate with you

  • We send you services messages which may including communications about hearing health.
  • We may send you messages to notify you of any relevant changes, for example, to matters that could affect or inconvenience you. For example, a change to your usual store’s location, shop opening or closing hours.
  • We may send you direct marketing communications – we will send you information about our products, offers and discounts by email and/or post. You are free to opt out of these communications at any time by contacting us or going online and updating your preferences. For details, refer to the ‘How to contact us’ section.
  • We will invite you to respond to surveys and provide us with feedback of your experience in one of our stores. Where you respond to a survey or provide feedback, we process your personal data to help us improve our service to you and make our services and products more relevant to you.
  • We process your personal data to respond to complaints, queries and any claims made against us.

4. To engage with you via our website

  • If you are just browsing our website, we will not collect any information which will identify you by name, unless you provide this information, for example when rating our products or services.
  • We will process your personal data in order that you can create and manage information in the online account that you have created with us.
  • We will process your personal data so as to create and administer your online account.

5. Other reasons

  • We may need to provide your personal data to a regulator requesting information when they are carrying out their function.
  • We may also make your personal data available to third parties in terms of a contract that we are bound by or who have the legal right to access your personal data.
  • We may need to make your personal data available to other medical practitioners, health and social care providers or the NHS.
  • For purposes of fraud prevention and detection and for the health and safety of members of the public, our staff and our customers.
  • For our Corporate requirements, including mergers and acquisitions.

Third Parties we share data with or receive data from

  • Other data controllers – from time to time, we may partner with third parties in order that our customers can obtain benefit from the products or services that they offer.
  • Marketing Companies and Online Advertising – to help us manage our electronic communications to you and to help us show you the advertising you are most likely to be interested in. Companies that provide marketing and advertising assistance (including management of email marketing operations, mobile messaging services such as SMS, and services that deploy advertising on the internet or social media platforms, such as Facebook and Google) as well as analysis of the effectiveness of our advertising and communications campaigns
  • We use technologies such as cookies within digital marketing networks, ad exchanges and social media networks such as Facebook and other social media to get relevant marketing messages across to you and other customers. We share aggregated and anonymised information about the customer segments we are interested in reaching with advertising partners, so they can focus on showing adverts to those who are most likely to be interested in our products, services and offers, and to prevent them showing you irrelevant or repetitive advertisements.
  • We share limited information with selected suppliers to enable them to identify new prospective customers on our behalf and to prevent us repeatedly advertising products or services you have already bought.
  • We receive information on how you interact with our adverts and content on third-party websites and social media platforms (such as Google or Facebook) which we use to tailor the information that is displayed to you.
  • Delivery or courier companies who we appoint to deliver products that you have purchased from us.

Lawful purpose for processing your personal data

We need a lawful purpose to process your personal data.

1. For processing your special category personal data

The services offered by us are classified as health services. Health service providers are permitted to process your special category personal data (for example, information relating to your health, medical information, etc) as processing is necessary for the purpose of your hearing health care or treatment, or for purposes of preventative or occupational medicine, medical diagnosis and for the assessment of the working capacity of an employee.

If we wish to process your special category personal data for another purpose, we must have a lawful purpose to do so, which may be the following:

(i) by getting your consent to process your personal data;
(ii) processing is necessary to establish, exercise or defend legal claims or whenever courts are acting in their judicial capacity;
(iii) processing is necessary in the public interest in the area of public health, subject to local laws and safeguarding measures (in particular professional secrecy) or
(iv) processing is necessary for archiving purposes in the public interest, scientific or historical research or statistical purposes, subject to local laws.

2. For processing your personal data

We rely on legal obligations where we have a statutory or other legal obligation to process the information:

  • To meet our legal obligations.
  • To make your personal data available to other medical practitioners, health and social care providers.
  • To generate and issue invoices.
  • Regulators may request information when carrying out their functions.
  • Other third parties who have a legal right to access personal data e.g., the police, our insurers, lenders, external auditors and investigators.
  • Other companies who provide us with updated personal information e.g., changes to your contact information, deceased indicators.
  • If you choose to exercise your data rights e.g., requesting a subject access request.
  • To respond to any complaints or claims we receive from regulators or other third parties.
  • For purposes of fraud prevention and detection.
  • For purposes of health and safety of members of the public, our staff and our customers.
  • Corporate requirements including mergers and acquisitions.

We rely on contractual obligations when we process your information to fulfil a contract that we have entered into with you:

  • To process any transactions when you purchase our goods and services.
  • To process credit and debit card payments as well as payments using payment card processors. We provide your information to the relevant bank in order that they can process payment of a transaction.
  • For purposes of us providing our products and services to you, including without limitation our aftercare contact lens service.
  • To deliver products purchased to your nominated address.
  • To meet any other contractual obligations that we have undertaken to you.
  • To meet the contractual obligations that we have with the NHS.

We rely on your consent:

  • To provide your personal data to a third party who does not have a legal right to receive the information, for example a lawyer, a friend, a member of your family who does not have parental responsibility over a child.
  • Received from a child to provide personal data to a parent, where the child has been deemed capable of giving consent.
  • In order for a third party to provide you with payment options. In this case, we will pass the required information to them in order that that they can assess where you qualify for the payment method, and to tailor payment methods which they think may be suitable for you.
  • To provide your personal data to insurance companies where you wish to apply for insurance cover that you wish to take up. We will pass your contact and other personal data to the insuring company so that they can assess whether you qualify for insurance cover.

Where your personal data is transferred to a third party, for example, the bank, a lender or an insurer, these parties are data controllers and personal data that is transferred is processed in line with the recipient’s own privacy notice.

We rely on our Legitimate Interest when we process your information for any of the following purposes:

  • Sending service or direct marketing communications to you.
  • Booking an appointment for an examination.
  • Sending your reminders that your hearing test is about to become due or is overdue.
  • Processing and reporting financial transactions.
  • Instituting and defending legal or other claims.
  • When you respond to questionnaires and surveys.
  • For purposes of market research and statistical analysis.

Our legitimate interests are derived from our requirement to protect and grow our business, including our commercial and financial interests, as well as our desire to retain existing and attract new customers.

We rely on Vital interests to process your personal data in certain circumstances.

As we collect information regarding your hearing health, in exceptional circumstances we may be required to provide this information to another medical or healthcare provider for your safety and to prevent significant harm. For example, in exceptional circumstances we may provide information regarding your hearing health to your hospital if you were unable to give us consent.

How long do we process personal data?

We will keep your personal data for as long as is reasonably necessary to provide our products and services, including aftercare services, and to maintain records as needed to satisfy tax and other legal or regulatory requirements, as well as to protect and defend against claims or allegations. We anonymise your personal data once we no longer need it.

When defining our retention periods, we consider healthcare laws and regulations which apply, contracts that we have entered into with the NHS and recommendations made by industry bodies.

Who do we share your personal data with?

We share your personal data within our group of companies, with data processors with whom we have entered into a Data Processing Agreement, with other medical or health professionals and with trusted third parties as an essential part of being able to provide our services to you. Please be assured we do not sell personal data, and do not provide personal data to list providers for the purposes of marketing.

Examples of third parties we work with to be able to provide our services to you, on our behalf include:

  • Operational companies such as delivery couriers who may deliver products or deliver communication to you on our behalf.
  • Product suppliers who make or provide the products we sell to you.
  • Third parties who we use to help us update your contact information to keep your data accurate.
  • IT and data companies who help support our websites and other business systems.
  • Other medical professionals including medical doctors, or the NHS and third parties appointed by the NHS.
  • Public bodies who have the legal right to have access to the information e.g., the police, social services etc.

Transfer of personal data to third countries

Our main operations are based in the UK and your personal information is generally processed, stored and used within the UK and other countries within the European Economic Area (EEA). In certain instances, it may be necessary to transfer your personal information outside the UK/EEA, for example, where our suppliers and partners provide maintenance support, or where Cloud Services or hosted technologies are situated outside of the UK/EEA. If the recipient of the personal data is situated in a third country that has not been approved as adequate by the relevant regulator, we will ensure that the required safeguards and level of security are implemented.

Changes/Updates

Technology and data privacy best practice are continually evolving areas. We reserve the right to revise this notice from time to time in consequence. Changes will be incorporated on this page. Please review it periodically.

The last update was May 2023.

Latest News