About this notice
House of Hearing takes the privacy of personal data seriously and we are committed to the security of, and transparency around, how we handle personal data. This notice is intended to inform you about the types of personal data we process, how we collect it and our legal bases for doing so. It also informs you of your rights in relation to personal data we may hold about you and how you can contact us should you have any queries or concerns about this.
When we refer to ‘House of Hearing’ or ‘we’ (or ‘our’ or ‘us’) we are referring to House of Hearing Ltd and its wholly-owned subsidiary Northern Audiology Ltd. Our head office is 2b Stafford Street, Edinburgh, EH3 7AU.
For UK and European data privacy purposes when we act as a controller of personal data we do so either as House of Hearing Ltd (registered in Scotland number SC048184) or as Northern Audiology Ltd (registered in England number 10518239).
For our customers, when you engage with us through our Morpeth branch the data controller for your personal data will be Northern Audiology Ltd; when you engage with us through any of our branches in Scotland the data controller will be House of Hearing Ltd.
How we collect your data
We obtain personal data only directly; for example, directly from our customers when they engage with us for audiological goods and services, directly from our employees when they either apply to, or start, work with us and directly from our suppliers and other business partners in the course of normal commercial interactions to procure goods and services from them.
We do not obtain personal data indirectly from third parties.
What personal data we process and why
We process personal data in respect of the following broad categories of individuals:
- Suppliers and other business partners
Personal data that we collect from you directly is used only in the course of delivering goods and services to you. We will only collect data from you that is relevant to the service, or the goods, being delivered. This may include some or all of the following:
- Identification and contact data (name, address, email, telephone number, etc)
- Other personal details that may be considered relevant during the course of our consultations and audiological assessments with you
- Physical health data relevant to audiological assessment and, rarely, mental health data only if considered relevant to audiological assessment
- Physical health data that we generate with you (audiograms and other records of hearing tests and assessments)
- Financial information (bank details, card payment details etc) for the payment of good and services delivered
We will add your name and postal address to our mailing list unless you tell us not to (see ‘Marketing’ below).
We consider our lawful basis for processing the types of personal data above to be the fulfilment of our contract with you to deliver goods and/or services to you.
If you have given us your email address, we will only use that to communicate with you specifically in relation to matters to do with you as a customer. We will not use your email for marketing.
Your health data
We recognise your health data as ‘Special Category Data’ and as such we take extra special care to protect that. Your health data is protected internally and only staff and employees of House of Hearing that have a valid reason to see your health data can do so. Except for data processed within our Clinic Management Systems we do not share your data with any external third parties, unless there is a medical requirement to consult with another medical professional, in which case you would be informed and your data would be shared and handled securely at all times.
We consider that the additional condition that enables us to process your health data, as set out in Article 9 of the GDPR, is the provision of aural health care (diagnosis and treatment) that we deliver to you. The supervisory body for these services is the HCPC (http://www.hcpc-uk.co.uk).
We process your data within our Clinic Management Systems in order to provide effective services to you. Your data is managed securely and in accordance with GDPR rules. The systems we use are as follows:
House of Hearing customers (Scotland)
Client Management System : Blueprint OMS
Data is hosted in the UK. Please see the following links for further information …
Northern Audiology customers (Morpeth)
Client Management System : Strato CMS
Data is hosted in Ireland. Please see the following links for further information …
Link to compliance statement: http://stratoblog.auditdata.com/strato-and-gdpr-compliance/
Link to Privacy Notice: https://www.auditdata.com/security-and-compliance/privacy
Link to Security Statement: https://www.auditdata.com/security-and-compliance/security
Data Processing Agreement: https://www.auditdata.com/security-and-compliance/data-processing-agreement
How long do we keep your data?
We will retain your data for as long as is necessary having regard to the purpose for which it was collected and in accordance with all applicable UK laws. Thereafter we will only retain your data if we have a continuing legal requirement to do so. For example, Health information may need to be retained for a period of time after you have ceased to be a House of Hearing customer in order to fulfil our obligations to the NHS, regulatory or similar bodies, and financial details in relation to payments for goods and services must be kept for six years as dictated by HMRC. You also have the right, under UK Data Protection legislation, to formally request that you wish your data to be removed from our systems (see the end of this notice for further details).
Several times a year we send out a newsletter to our customers and other contacts on our mailing list. We do this as a way to keep you informed about our products and services as well as to give you news and updates about what is going on at House of Hearing. For this we will use your name and postal address. We have a legitimate interest in marketing our services as a normal and expected activity in running a business, and we make every effort to do this in the most informative way and with the minimum amount of intrusion. You have the right to opt out of receiving our newsletter and to be removed from our mailing list at any time; to do so, please contact us either in writing or by email (see contact details at the end of this notice).
We process personal data in respect of prospective, current and former employees. This privacy notice addresses only prospective employees; current and former employees are the subject of an internal privacy notice.
For prospective employees we only process personal data that is given to us directly by the individual. We do not use recruitment agencies or any other means of obtaining personal data through third party channels.
Typically, the personal data provided to us by a prospective employee will be their CV and personal contact details, and potentially passport information and right to work checks, as well as any data collected during the interview stage. We will process this data on the legal basis of contract, albeit that this is prior to, but nevertheless essential for, any future contract of employment.
The Company seeks information from third parties only with your consent, such as references supplied by former employers.
Some special categories of personal data, such as information about health or medical conditions, may be processed to carry out responsible and legal employer obligations to support you as an employee in your workplace.
Personal data obtained during recruitment will be retained on the company Intranet for a period of six months for unsuccessful applicants and thereafter will be securely disposed of. For successful applicants we will retain personal data obtained during recruitment for six months or until the probationary period is successfully completed; thereafter only data relevant to their ongoing employment will be retained and any other data will be securely disposed of.
Personal data obtained during recruitment will be shared with our external HR Consultants, Magenta HR, with whom we have put in place a formal agreement for their processing of personal data under our control. When data is shared with Magenta HR it is done so securely and with appropriate security and privacy safeguards put in place. Their Privacy Notice can be viewed at http://www.magentahr.com/ .
The Company employs permission-based access controls across all of its systems to ensure the security of all employee-related personal data.
Suppliers and other business partners
We process contact details for individuals who work for our suppliers and other business partners. Typically, such data will comprise of name, email, telephone number(s) (direct dial and mobile) and business address. We use this data in order to procure goods and services and to fulfil our contractual obligations entered into and also on the basis of legitimate interest in the normal course of business. Where an individual is in business as a sole-trader we may also hold details of their bank account, which we use solely for the purpose of making payment for their goods and services supplied.
Who is your personal data shared with?
We may disclose your data to our affiliated organisations and subsidiaries, and to service providers who render services to us or you on our behalf (all of which are contractually obligated to act only on our instructions and in accordance with applicable data protection laws, including GDPR). We may also disclose your information if required by law, requested by law enforcement authorities or to enforce our legal rights; for example, HMRC have the right to inspect our records for Tax and VAT compliance purposes.
Details of data transfers to third countries
We do not transfer data outside of the EU.
Our website at https://www.houseofhearing.co.uk/ does not collect or process personal data in any automated way.
When you contact us through our website your details are not stored by the website; the details that you enter are simply processed by sending an email to us, the content of which is securely stored on our internal email system. We will only use the details you provide to us for the purpose of responding to your enquiry.
A cookie is a small text file that’s placed on your computer or mobile device when you visit a website. Some of these are persistent cookies (they remain on your hard drive for an extended period of time) and some are session ID cookies (they expire when you close your browser).
We use a small number of cookies on our website for the purposes of using Google Analytics to help us understand the web traffic we get on our website. The cookies we use do not contain any personal information about you, they are simply an identifier used for analytics.
House of Hearing recognises that your personal data belongs to you and we do our best to use it in ways that you are happy with.
You can control whether or not you receive marketing email from House of Hearing by letting us know directly. You can either write to us or send us an email to : firstname.lastname@example.org
You also have a range of rights depending on our use of your data:
- You can ask us for a copy of the information we have about you
- You can ask us to correct any incorrect data we have about you
- You can ask us to delete your data
- You can ask for your data in a common, machine-readable format
- You can object to any processing we do on the basis of legitimate interests
- You can ask us to restrict the processing of your data
You can exercise any of these rights by contacting us either in writing or by email to : email@example.com
We will acknowledge your request and let you know the next steps. In most cases we will need to verify your identity before actioning your request.
Your right to lodge a complaint
You have the right to lodge a complaint with the UK Information Commissioner’s Office (https://ico.org.uk/ ) or the supervisory authority in your country of residence or place of work.
Last updated : 23 May 2018