Privacy policy.

1. About This Privacy Policy

1.1 This policy sets out, as a business, how we process data both inside the business and on the Website. This document is primarily for clients, subscribers, website visitors and people who wish to contact us about our services.

1.2 We are committed to protecting your privacy and complying with our data protection obligations under the Data Protection Act 2018 (the DPA 2018), the UK General Data Protection Regulation 2016/679 (the UK GDPR) and any other applicable UK legislation (together, Data Protection Law).

1.3 When you interact with us or use the Website, we act as the data controller of your personal data. This means we are responsible for processing and deciding how to use your personal data. This privacy policy explains the types of personal data we may collect about you when you interact with us, why we collect it, what we use it for and what rights you have over it. Personal data is any information about an identifiable person. Processing is anything we do with your personal data, including using, storing, sharing and deleting it.

2. Contact Information

2.1 If you have any concerns or want further information about our use of data or this policy in general, use the details below to contact us;

Contact Name: Hina Khan

Address: 30 Mount Close, Mount Close, High Wycombe, Bucks, England, HP12 3PE

Website: https://www.hearwegoaudiology.co.uk/

Email Address: hearwego.beaconsfield@gmail.com

3. Who Do We Collect Information From?

3.1 We collect information from;

  • Visitors to our Website

  • Subscribers to our email list

  • Clients/customers and their guardians (when required)

  • Suppliers and contractors

  • Contacts (Network)

4. What Information Do We Collect?

4.1 If you visit the Website, we may collect your IP address. This information is kept for a year.

4.2 If you are a client who receives a service from us, we will collect personal and sensitive information about you to provide our service. This includes;

  • Your name and contact details

  • Date of Birth

  • Gender

  • Payment information

  • Limited medical information

5. Who has access to your material?

5.1 In addition to our own employees, we also work with an outsourced support team that provides various services to our business, such as virtual assistants, web designers, IT support, etc. Please note that these support services have limited access to your data and will only access it when necessary to provide their services to us. For instance, our accountant needs to see the invoice to manage the books when we invoice you.

5.2 Your information and advice are held in strict confidence. Our team is bound by confidentiality clauses and their data usage is monitored and restricted.

5.3 We restrict who can export or download data held to a limited number of individuals authorised to back up data.

5.4 If you want to know who is on our team, please email and ask us. Our outsourced team fluctuates depending on what we are building and who is working on it.

6. How long do we keep your information?

6.1 We keep your data as long as we have to and always do this in line with data protection laws. We don’t want to keep your data any longer than we need to.

6.2 We store information securely; we mainly keep this digitally on our protected devices; we may also keep paper records for a certain period of time, but don’t worry, we’ll keep these secure. Full information can be found here in our retention schedule.

7. How Will We Use Your Personal Data?

7.1 We use most personal information following ‘contract’, ‘consent’ and ‘legitimate interests’; this includes considering benefits to the customer, HearWeGo Audiology and our trusted partners…but don’t worry, we balance your privacy rights to ensure that the benefits pass privacy tests before using personal information in this way!

7.2 Where appropriate to do so, we will ask for your consent to ensure we are clear on your choices.

7.3 We may also use information to fulfil a transaction or contract. For example, if you purchase glasses, we’ll handle payment information and address details to deliver what we promised!

7.4 We might need to pass certain information on to the NHS if we find that you need additional treatment or advice; we’ll mostly do this after talking this through with you; in severe & rare cases, this might be done to protect you (where it is in your vital interests).

7.5 We always need to follow the law, so there may be some cases where we are legally required to share information with statutory partners and ombudsman – these are official Organisations like the Police. We’ll tell you more about this in the ‘who we share information with’ section.

7.6 We might occasionally fulfil public tasks on behalf of the NHS to provide audiology & optical services; this will be in line with our legal obligations under the Opticians Act 1989, the NHS Hearing Loss Action Plan, the NHS Act 2006, the Equality Act 2010 and the Health & Social Care 2012. Of course, we’ll process your information following Data Protection Laws and the Privacy and Electronic Communications Regulations (PECR).

8. How Do We Share Your Personal Data?

8.1 When we share personal data, we do so under the Data Protection Laws. Where necessary, we may share specific personal data with employees, contractors, consultants or advisers to facilitate sales and general commercial purposes.

8.2 We may also provide third parties with aggregated but anonymised information and analytics about our customers. Before doing so, we will ensure that it does not identify you.

8.3 We also may need to share information externally for legal reasons. These include the HMRC and the Police in connection with a police investigation.

9. Sharing Information

9.1 We endeavour to keep as much data within the UK/EU as possible; however, there may be times when this is impossible. Where the platforms we use are outside of the UK or not in a country with adequate regulations, we will assess if the transfer is necessary to perform our service under the contract and that the data transfer comes under a restricted transfer.

9.2 Where we are legally required to do so, information is shared. On occasion, we may not be allowed to tell you of information being shared.

9.3 A complete list of the information can be requested by using the email above.

10. Your Rights

10.1 We respect your privacy rights and will respond to requests for access or control over information about you under the Data Protection Law. We may require you to verify your identity before we take any action.

10.2 Depending on the reason we have your personal data, you have a right to:

  • access the personal information we hold about you (commonly known as subject access);

  • request that we correct or complete personal information we hold about you that is inaccurate or incomplete;

  • request that we erase your personal information in some circumstances or object to our processing it;

  • restrict how we use your personal data in certain circumstances;

  • request that we provide you with copies of your personal information in a machine-readable format or transfer it across different services and

  • We have asked for your consent to process your data to withdraw this consent.

10.3 These rights are limited in some situations under Data Protection Law – for example, where we can demonstrate that we are under a legal obligation to process your data.

10.4 If you wish to exercise any of these rights, please contact us.

Your right to object

10.5 You have a right to object to our processing of your personal data and ask us to stop doing so. If we are processing your personal data for direct marketing purposes (which includes profiling to the extent that it is related to such direct marketing) and you object to this, we will stop processing your personal data immediately.

10.6 If our processing of your personal data is in the public interest or under our legitimate interests and you object to this, we will stop processing your personal data unless we have compelling reasons which override your interests or our use of your personal data is for the establishment, exercise or defence of legal claims.

10.7 Your personal data will only be kept for as long as necessary for our purposes. Specific retention periods are set out in the table at the end of this policy.

10.8 At the end of the specified retention periods, your personal data will either be securely destroyed or anonymised unless we must keep it to comply with our legal obligations.

11. Data Protection Principles

11.1 We process your personal data under the following principles:

  • We process your personal data lawfully, fairly and in a transparent way;

  • we collect your personal data for specified, explicit and legitimate purposes; any further processing we do is compatible with the original purposes for which we collected it;

  • we only process personal data that is adequate, relevant and limited to what is necessary to achieve the goal for which it is processed;

  • we take reasonable steps to ensure that all personal data is accurate and kept up to date where necessary;

  • we do not store personal data in a form that identifies you for any longer than is required for our processing; and

  • we process personal data securely and in a way that protects against unauthorised or unlawful processing, accidental loss, destruction or damage.

11.2 When we ask for your personal data, we will tell you whether you are required by law or contract to provide it and what will happen if you do not provide it.

11.3 Any request for consent to processing your personal data will be made directly to you and will include information about why we require the personal data and what will be done with it.

12. What Is Our Lawful Basis For Processing?

12.1 We will only process personal data when we have a lawful basis for processing. The table at the end of this policy sets out the legal basis we rely on for each data type we process.

12.2 We will choose one of the lawful bases in the UK GDPR to justify how we use your personal data. These are:

  • Consent: You have given consent to processing your personal data for one or more specific purposes. As detailed above, you can withdraw your consent at any time.

  • Contract: The processing is necessary to perform a contract with you or to take steps at your request before entering into a contract.

  • Legal obligation: We must process your personal data to comply with a legal obligation.

  • Vital interests: The processing is necessary to protect your or another person's vital interests.

  • Public interest: Processing is necessary for performing a task in the public interest or the exercise of some official authority.

  • Legitimate interests: Processing is necessary for legitimate interests pursued by us or someone else, except where such interests are overridden by your interests or fundamental rights and freedoms requiring the protection of your personal data.

13. How to complain

13.1 If you have any concerns about our use of your personal information, you can make a complaint to us by using the contact details above.

13.2 We hope to satisfy any queries about how we process your data. However, if you have unresolved concerns, you also have the right to complain to data protection authorities (in the UK, the Information Commissioner’s Office)

The ICO’s address: Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

14. Policy review

14. We update and review this policy at least annually or when required due to changes in practice and legal updates. An updated version of the Website will make reasonable efforts to bring any material changes to your attention.

Date reviewed: 04/10/2024

Policy changes: New Policy

Date completed and ratified:

Updated by: Hina Khan

Version: 1