General Data Protection Policy
Our Commitment:
The EarGuru is committed to the protection of all personal and sensitive data for which it holds, responsibility as the Data Controller and the handling of such data in line with the data protection principles and the Data Protection Act (DPA). https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/
Changes to data protection legislation shall be monitored and implemented in order to remain compliant with all requirements. The Company Director (Mr S J Edwards) is responsible for data protection.
The EarGuru is committed, as a Limited Company, to ensuring that they are aware of data protection policies, legal requirements and will attend training when necessary. The requirements of this policy are mandatory for the EarGuru and any third party contracted to provide services to the EarGuru.
Notification:
Our data processing activities will be registered with the Information Commissioner’s Office (ICO) as required of a recognised Data Controller. Details are available from the ICO:
https://ico.org.uk/about-the-ico/what-we-do/register-of-data-controllers/
Changes to the type of data processing activities being undertaken shall be notified to the ICO and details amended in the register. Breaches of personal or sensitive data shall be notified immediately to the individual(s) concerned and the ICO.
Personal and Sensitive Data:
All data within the EarGuru’s control shall be identified as personal, sensitive or both to ensure that it is handled in compliance with legal requirements and access to it does not breach the rights of the individuals to whom it relates.
The definitions of personal and sensitive data shall be as those published by the ICO for guidance:
https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/
The principles of the Data Protection Act shall be applied to all data processed:
1. Processed fairly and lawfully
2. Obtained only for lawful purposes, and is not further used in any manner incompatible with those original purposes
3. Accurate and, where necessary, kept up to date,
4. Adequate, relevant and not excessive in relation to the purposes for which it is processed
5. Not kept for longer than is necessary for those purposes
6. Processed in accordance with the rights of data subjects under the DPA
7. Protected by appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage
8. Not transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection of the personal information
Fair Processing / Privacy Notice:
We shall be transparent about the intended processing of data and communicate these intentions via notification to all customers prior to the processing of an individual’s data. Notifications shall be in accordance with ICO guidance.
https://ico.org.uk/for-organisations/guide-to-data-protection/privacy-notices-transparency-and-control/
The intention to share data relating to individuals to an organisation outside of the EarGuru shall be clearly defined within notifications and details of the basis for sharing given. Any proposed change to the processing of individual’s data shall first be notified to them.
Data Security:
In order to assure the protection of all data being processed and inform decisions on processing activities, we shall undertake an assessment of the associated risks of proposed processing and equally the impact on an individual’s privacy in holding data related to them.
Risk and impact assessments shall be conducted in accordance with guidance given by the ICO:
https://ico.org.uk/for-organisations/guide-to-data-protection/principle-7-security/
https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2014/02/privacy-impact-assessments-code-published/
Security of data shall be achieved through the implementation of proportionate physical and technical measures. The company director (Mr S J Edwards) shall be responsible for the effectiveness of the controls implemented and reporting of their performance. The security arrangements of any organisation with which data is shared shall also be considered and these organisations shall provide evidence of the competence in the security of shared data.
Data Access Requests (Subject Access Requests):
All individuals whose data is held by us, has a legal right to request access to such data or information about what is held. We shall respond to such requests within 40 days and they should be made in writing to: Mr S J Edwards, Company Director.
A charge may be applied to process the request.
https://ico.org.uk/media/for-organisations/documents/1586/personal_information_online_small_business_checklist.pdf
Data Disposal:
The EarGuru recognises that the secure disposal of redundant data is an integral element to compliance with legal requirements and an area of increased risk. All data held in any form of electronic media shall only be passed to a disposal partner with demonstrable competence in providing secure disposal services. Paper assets will be shredded immediately. All data shall be destroyed or eradicated to agreed levels meeting recognised national standards, with confirmation at completion of the disposal process.
Disposal of IT assets holding data shall be in compliance with ICO guidance:
https://ico.org.uk/media/for-organisations/documents/1570/it_asset_disposal_for_organisations.pdf
EarGuru Privacy Statement
This Privacy Statement explains the information practices and policies of the EarGuru Ltd (EarGuru). It describes how we collect, use, and disclose information of: (a) individuals (i.e. our clients) and/or (b) any visitors to our website owned by the EarGuru, or used by the EarGuru to deliver our services.
For the purposes of this Privacy Statement, the terms “we”, “us” and “our” refer to EarGuru and “you” refers to you, anyone whose information we process for the purposes above.
This Privacy Statement does not reflect the privacy policies or practices of our clients or any other third party. The EarGuru is not responsible for the privacy policies or practices of any client, end-clients of clients or other third party.
About the EarGuru
The EarGuru is a Limited Company owned by Company Director (Registered company 11552542) providing hearing care services including micro suction wax removal, hearing tests and hearing solutions.
How We Collect, Use, and Share Information
We primarily collect, access, use, and share Personal Information where necessary for us to provide services to our clients and in the ordinary course of running our business, including through the receipt of communications such as emails, website enquiries and telephone calls.
“Personal Information,” means individually identifiable information that alone or when in combination with other information may be used to readily identify, contact, or locate a specific person, such as a name, address, phone number, username, email address, and password. It might also include information such as your IP addresses and/or other online identifiers and information related to your device (see "Cookies or Similar Technologies" section)
We may collect information, including Personal Information, in the following ways:
Information That You Provide To Us Voluntarily
General Contact Information. We will collect any Personal Information that you voluntarily provide to us when you visit the EarGuru Website, for example if you submit an enquiry via the EarGuru Website web form, or request additional information or contact from the EarGuru via email, you will provide us with certain Personal Information, which may include names, telephone numbers, address and email address. In addition, if you choose to communicate with us via a web form, email, or by telephone, we will keep a copy of our communication together with your email address or phone number and our responses.
Information That We Collect Automatically
Device-related Information. When you visit the EarGuru website, we may also collect device related information from the user’s device. This information may be considered "personal data" under GDPR. This information enables us to better understand the use of our EarGuru website. Some of this information may be collected using cookies and similar tracking technology, as explained further under the heading “Cookies or Similar Technologies” below.
Cookies or Similar Technologies
The EarGuru website use cookies. A "cookie" is a string of alphanumeric characters. The EarGuru’s website uses persistent cookies. A persistent cookie gets entered by your Web browser into the "Cookies" folder on your computer and remains there after you close your Web browser. Persistent cookies may be used by your browser on subsequent visits to the site. In order to provide more effective support, EarGuru websites may also use persistent cookies along with other information collected in our servers' files (e.g., IP Address, referring URLs, etc.). Each browser is different, so you should check your browser’s “Help” menu to learn how to change your cookie preferences. If you reject or block cookies, the EarGuru website may not function as intended.
Information That We Obtain From Third Party Sources
Commercially Available Information
The EarGuru may also collect information from third parties but only where we are legally permitted to collect the information. Such information may include names, addresses, telephone numbers and email addresses. The information the EarGuru collects from these sources is in order to provide hearing services as requested by the client.
How We Use Information Collected through Our EarGuru website:
To Serve Our Clients
We use the information we collect, including Personal Information, to provide our services to the clients on whose behalf we are acting.
To Serve You
We use the information we collect, including Personal Information, to respond to any request or query directed to us (for example through web forms or email), to provide you with our products and services and to manage our relationship with you. For example, we may respond to any enquiries or complaints you may have, endeavour to improve the services we provide.
How We May Disclose Information Collected through Our services and EarGuru website
We may share any information we collect, including Personal Information when this benefits the client, for example sharing their name to enable hearing aid purchases from third parties such as hearbuy.
As Required by Law and Similar Disclosures
We may access, preserve, and disclose information, including Personal Information, if we believe it is necessary: to comply with national security or law enforcement requests and legal process; to respond to your requests; to prevent or address fraud, security, or technical issues; or to protect our property or other legal rights or the rights or property of others, or to protect the vital interests of others.
Access, Integrity, Retention, and Choices
Access & Correction
If you wish to request access to, correction, or deletion of Personal Information you have submitted through the EarGuru website, you can contact the EarGuru at earguru@outlook.com if you are a resident in the European Union, you may have additional rights which we have set out below.
Data Integrity and Purpose Limitation
The EarGuru will use Personal Information only for the purpose of, or in ways compatible with the purposes for which it was collected.
Information Retention
We keep information we need to provide our services only so long as we have a valid business purpose, in accordance with applicable law. For example, to provide you with reminders about your hearing care such as services etc. When we have no ongoing legitimate business need to process your Personal Information, we will delete it.
User Choices
For those users who wish to stop receiving email, or wish to unsubscribe from various promotional communications from the EarGuru, please send an email to earguru@outlook.com with the specific details about the information you no longer wish to receive. When complete, you will receive an email confirming your updated preferences.
Security
We take steps to ensure that information is treated securely and in accordance with this Privacy Statement which include appropriate technical and organisational measures. These measures are designed to provide a level of security appropriate to the risk of processing of your Personal Information. However, neither the Internet nor any form of paper/electronic storage can be guaranteed to be 100% secure, and we cannot ensure or warrant the security of any information provided to us.
If you have any inquiries or complaints about our handling of your Personal Information you should first contact us at earguru@outlook.com and we will respond to your inquiry promptly. If we are unable to satisfactorily resolve your complaint, or we fail to acknowledge your complaint in a timely fashion, we have further committed to cooperate and comply with the panel of European data protection authorities (DPAs) For more information, please see the "Complaints and How To Contact Us" section below.
Legal Basis for processing your Personal Information
Our legal basis for collecting and using the Personal Information described above will depend on the Personal Information concerned and the specific context in which we collect it. However, we will normally collect Personal Information from you only where we need the Personal Information to perform services for our clients, where the processing is in our legitimate interests (provided these interests are not overridden by your data protection interests), or otherwise if we have your consent to do so.
If we ask you to provide Personal Information to comply with a legal requirement or to contact you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are and before doing so will ensure that we have considered your rights and interests.
If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us at earguru@outlook.com
Your Rights
We acknowledge individuals' rights in relation to their personal data under EU General Data Protection laws and have the following data protection rights which you may exercise at any time by using the contact details provided under the "Complaints and How to Contact Us" section below:
You may access, correct, update or request deletion of your Personal Information.
You can object to processing of your Personal Information, ask us to restrict processing of your Personal Information.
You have the right to opt-out of marketing communications we send you at any time by using our contact details below.
Similarly, if we have collected and process your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
You have the right to complain to a data protection authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the European Economic Area, Switzerland are available here [http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080])
We will respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Changes to This Privacy Statement
We may update this Privacy Statement to reflect changes to our information practices from time to time. If we decide to change this Privacy Statement, we will post the changes on this page so visitors to the EarGuru website and our clients are aware of our practices, and we will change the “Last Updated” date above. If we make a material change to our information practices, such as to how we use Personal Information, we will make reasonable efforts to provide notice on our website and/or through our clients and obtain consent to any such uses as may be required by law.
Complaints and How to Contact Us
If you have any questions, comments, or concerns about this Privacy Statement or our information practices, please email us at earguru@outlook.com