We collect and process personal data to:

• Communicate with you.
• Deliver and improve our services.
• Support your training and certification as a Tympa system user (as data controller).
• Fulfil healthcare provider instructions for patient referrals and related services (as data processor).
• Provide Ear and Hearing Health services, including assessment, treatment, aftercare, and record keeping (as data controller).

When acting as a data processor, we may engage carefully selected sub-processors who provide essential services such as secure cloud hosting and communications. Each sub-processor is bound by contractual obligations to protect your data and act only under our instructions. Our current list of sub-processors can be viewed in our sub-processor tab below.

“Personal identifiable information,” as used in this Privacy Notice is information that specifically identifies an individual, such as an individual’s name, address, telephone number, e-mail address, or other similar information that can be used to identify you.  Personal identifiable information also includes information about an individual’s activity on our website, including profile information and other identifiable information entered by you.  Personal identifiable information we collect is referred to in this Privacy Notice as “Personal Information.”

You have the right to be informed about the collection and use of your personal information.

When we collect personal information from you, we will provide you with privacy information at the time we collect your information.

Technical Information

When you use our website, we automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. We may also use “cookies” and other tracking technologies to enhance your experience and gather information about our website visitors.

Third Party Organisations

This means other organisations that we collect data from, but only when you have given them permission to do this. You may give these organisations permission at various times, for example when buying a product or joining certain membership organisations. The data we receive depends on your agreement with that organisation.

Call Recording and Storage

When you speak with TympaHealth by phone, we may record the call. This helps us manage your care, keep accurate records, and improve our services. Recordings are stored securely, only kept for as long as needed, and never used for marketing. You will always be told if a call is being recorded and can ask us not to record if you prefer.

Ear and Hearing Health Services
Where we provide Ear and Hearing Health to deliver safe and effective clinical care.

This may include:

• Full name, date of birth, and contact details
• Location of residence and next of kin information
• Medical history and relevant health information
• GP details
• Medication information
• Clinical notes and treatment records
• Otoscopy images and clinical images

This information can be collected directly from the patient, Care Home staff, family members,healthcare professionals, or other authorised representatives, where appropriate and lawful.

We only collect information that is necessary for the provision of care and in line with applicable healthcare and data protection laws.

We may process your personal information for our legitimate business needs. Rest assured; our intentions are always good. We collect your personal information because we need it to help us fulfil your requests, keep in touch with you, and offer you communications that are relevant to you.

This may include:

Presenting our Services to you
Providing you with information that you request from us
Notifying you with changes in the Services we offer
Allowing you to participate in any interactive features on the Services
Personalising your Services
Contacting you when necessary or requested
Verifying and validating your identify
Troubleshooting problems with the Services, as requested
Enforcing Terms of Service, and to detect and protect against error, fraud, and other unauthorised or illegal activities
To enable you to provide feedback on our Services and Products
Operating and improving the Services and
Evaluating or conducting a merger, divestiture, restructuring, reorganisation, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which Personal Information held by us about our consumers is among the assets transferred.

Promotional Offers From Us

We may use your information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

If you do not wish to have your e-mail address/contact information used by us to promote our own or third parties’ products or services, you can opt-out by clicking the unsubscribe link in the promotional email. This opt-out does not apply to information provided to us as a result of a product purchase, service experience or other transactions.

Communications

You may voluntarily sign up for periodic communications from us or a third-party affiliate.  We may send you promotional communications via email, including, but not limited to, newsletters, special offers, surveys and other news and information we think will be of interest to you. You may opt out of receiving these promotional emails at any time by following the unsubscribe instructions provided therein.

Training

To enable your enrolment and monitor your training progress towards achieving your otoscopy and microsuction certification using the Tympa system, we need to store your personal training record. This will allow us to track your progress and ensure that you are clinically safe to use the system to provide aural care services to your patients.

Referral for Audiology Service

As a data processor contracted by your ear and healthcare provider, we process your personal and medical data for the purpose of referring you to another organisation for audiology services.

The information shared includes only the data necessary for the referral, such as your contact details and relevant medical history. This data is transferred securely to the audiology provider to ensure you receive the appropriate care. We do not retain your data beyond the required period for this referral process and will take every precaution to protect your privacy throughout.

Provision of Ear and Hearing Health Services
When acting as a data controller for Ear and Hearing Health services, we process personal and special category (health) data for the following purposes:

• To assess ear and hearing health
• To provide clinical treatment (including wax removal and related procedures)
• To maintain accurate medical records
• To communicate with Car Home staff, GPs, audiologists, and other healthcare professionals involved in your care
• To manage safeguarding concerns where necessary
• To ensure patient safety and clinical governance
• To meet our legal and regulatory obligations

Our lawful bases for processing include:

• Article 6(1)(b) UK GDPR – performance of a contract (where applicable)
• Article 6(1)(e) – provision of healthcare
• Article 6(1)(c) – Legal obligation
• Article 6(1)(f) – Legitimate interests (where appropriate and balanced)
• Article 9(2)(h) – processing necessary for the provision of health or social care and treatment
• Article 9(2)(c) – where necessary to protect vital interests

Where required, we will rely on appropriate consent, particularly where an individual lacks capacity and a lawful representative provides authorisation in line with applicable legislation.

Third-Party Websites

Our website may contain links to other websites, including those of third parties or business partners.  While we seek to link only to websites that share our high standards and respect for privacy, we cannot be responsible for the privacy practices other websites use. By accessing other third-party websites or applications through our Service, you are consenting to the terms and privacy policies of those websites. It is possible that other parties may collect information about your online activities over time and across different websites when you use our Service.

Cookies

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category in your cookie settings.

The cookies that are categorised as “Necessary” are stored on your browser as they are essential for enabling the basic functionalities of the site.

We also use third-party cookies that help us analyse how you use this website, store your preferences, and provide the content and advertisements that are relevant to you. These cookies will only be stored in your browser with your prior consent.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Google Analytics

We may use Google Analytics to improve our website’s functions.  You can choose not to be included in Google Analytics by visiting https://tools.google.com/dlpage/gaoptout.

Legitimate Interests

Whenever we process data for legitimate interest purposes, we will ensure that we always keep your personal information rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so, please see the section(s) below on updating your preferences or unsubscribing.

Please bear in mind that if you object this may affect our ability to carry out the tasks above for your benefit.

Legitimate interests mean in the interest of Tympa Health Technologies Ltd in the way we carry out our work to enable us to give you the best service/products and the best and most secure experience.

For example, we have an interest in making sure that any marketing we send to you is relevant, so we may process your information to send you marketing that is of interest to you.

When we process your personal information for our legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. We will always ensure that your personal data will not be used where our interests are overridden by the impact on you unless we have your consent or are required by law.

Use of Anonymous Health Data

We value your privacy and are committed to protecting your personal information. In addition to using your data for the purposes outlined in this notice, we may also use anonymised health data for research and development purposes. This anonymous data helps us improve and innovate our products and services.

We may disclose Personal Information in the following circumstances:

• With your consent
• To prevent harm to you or others
• With contractors, service providers, and other third parties we use to support our Services
• With Care Homes, GPs, audiologists, NHS services, safeguarding authorities, and other healthcare professionals involved in your care where necessary
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganisation, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which information held by us is among the assets transferred
• To enforce any agreement, including any applicable Terms of Service
• To establish or exercise our right to defend against legal claims
• To law enforcement and other government authorities such as legislatures, courts, agencies, and litigants if we reasonably believe that such action is necessary to:
  • Comply with the law and the reasonable requests of governmental authorities
  • Comply with legal process
  • Respond to requests from public or government authorities, including public or government authorities outside your country of residence
  • Protect the security or integrity of the Services’ information systems; and/or
  • Exercise or protect our rights, privacy, safety or those of affiliates, clients, you, or others; and
  • If we reasonably believe disclosure is necessary or appropriate to protect the rights, property, or safety of Tympa Health Technologies Ltd or others

We do not sell or share your Personal Information with anyone else for marketing purposes.

We ensure that there are appropriate technical controls in place to keep your personal information safe and prevent unauthorised access to it. For example, our online forms are always encrypted (this prevents other people from accessing them) and our network is protected and checked often.

Electronic data and databases are stored on a secure cloud database, and we control who has access to them. Our staff receive data protection and cyber security training, and we have data protection policies and procedures in place that we adhere to at all times.

We regularly review who has access to information that we hold to ensure it is only accessible by trained staff.

Where we use external companies to collect or process personal data on our behalf, we undertake comprehensive checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they have collected or have access to.

However, no data protection procedures are entirely infallible. As a result, while we strive to protect your Personal Information, we cannot guarantee that it will be 100% secure Your transmission of your Personal Information to us is thus done entirely at your own risk.

How long personal information will be retained for depends on the type of information it is and what it is being used for.

Where we are processing your information for marketing purposes, we will continue to do so until such a time as you inform us that you wish to be removed from our marketing database.

If you ask us not to send you marketing emails, we will stop storing your email address for marketing purposes (although we will keep a record of your preference not to be emailed).

The time periods for which we keep information are stipulated in our data retention policy. We review our data retention periods for personal information on a regular basis.

Where we act as a data controller for Ear and Hearing Health services, we retain clinical records in accordance with healthcare regulatory requirements and our Data Retention Policy. Retention periods are based on legal, clinical and professional standards applicable to healthcare providers.

We continually review the information that we hold and delete anything that is no longer required.

Under data protection law, individuals (data subjects) have a number of rights which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.

Right to be Informed

You have the right to be informed about the collection and use of your personal data. This Privacy Notice is one of the company’s key methods for providing you with this information.

Right to Access Personal Data

You have a right to request a copy of the personal data that we hold about you. You should include adequate data to identify yourself and such other relevant data that will reasonably assist us in fulfilling your request. Your request will normally be responded to within one calendar month. (If we process your personal data on behalf of a Data Controller, you will need to request your information from them).

Right to Rectification (correction)

You can request us to rectify and correct any personal data that we are processing about you which is incorrect.

Right of Erasure (right to be forgotten)

You do not have an automatic right to have your personal information deleted. You do, however, have the right to request the deletion or removal of your personal information where there is no compelling reason for its continued processing. We will review each request on a case-by-case basis.

Right to Restrict Processing

You have the right in certain circumstances to request that we suspend our processing of any or all your personal data. Where we suspend our processing of your personal data, we will still be permitted to store your personal data, but any other processing of this data will require your consent, subject to certain exemptions.

Right to Data Portability

This right allows you to obtain your personal data in an electronic format, where the lawful basis for processing your information is consent or for the performance of a contract and, or where the data was necessary for us to provide you with our services or employment. You can request that the data be given in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation if this is technically feasible.

Right to Object to Processing of Personal Data

You have the right to object to your personal information being processed for direct marketing purposes (including profiling) and scientific/historical research and statistics. From the very first communication from us and every marketing communication we send after, you will have the right to object to marketing.

We will stop processing your personal information for direct marketing purposes as soon as we receive an objection from you.

Right to Complain to a Supervisory Authority

You can make a complaint or raise a concern about how we process your personal information by contacting our Data Protection Officer.

If TympaHealth is acting as a data processor on behalf of your healthcare provider, certain rights (such as access, rectification, or erasure) must be exercised directly with that provider, who is data controller. Where applicable, we will support them in fulfilling your rights.

Tympa Health Technologies Ltd
Landmark
33 Cavendish Square
London W1G 0PW

Email: [email protected]

If you are not happy with how we have handled your complaint, or you believe that your data protection or privacy rights have been infringed, you have the right to complain to the Information Commissioner’s Officer (ICO), which oversees the protection of personal data in the UK.

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.

Email ICO

Report a concern on the ICO website

In line with the General Data Protection Regulation (GDPR), Tympa Health Technologies Ltd has appointed DataRep as our Data Protection Representative in the European Union and European Economic Area (EEA). DataRep is available to EU/EEA data subjects who wish to exercise their GDPR rights or raise questions about how we handle personal data.

We have also appointed DataRep as our Legal Representative under the Digital Services Act (DSA) in the EU/EEA, so that EU & EEA individuals can contact them directly with any concerns, including the reporting of illegal content.

You can contact DataRep in the following ways (please quote “Tympa Health Technologies Ltd” in all communications):

Email: [email protected]

Webform: www.datarep.com/data-request

Post: Send to the most convenient of DataRep’s local offices in the EU/EEA (please mark all letters clearly for “DataRep”, not Tympa Health Technologies Ltd, or your inquiry may not be received).

Phone (for DSA-related inquiries): +353 (1) 919 8899 (you may be asked to confirm your request in writing).

For more information about your GDPR rights, please visit the European Commission website  or your national Data Protection Authority.

If you would like more detail on how DataRep handles the personal data required to perform these services, please see their privacy notice.