- Reference: GDPR REC 4.1
- Organisation Issue No: V1.0
- Organisation Issue Date: 17th May 2021
Tympa Health Technologies Ltd (“TympaHealth”) values the personal information you provide to us and we wouldn’t want to use it in a way that you won’t expect. This Privacy Notice explains how we protect your privacy and how you can control how we use your personal information. If you want to change the way in which we use your data or if you have a question about how your personal information is used please contact us using the methods below:
Phone: +44 203 878 1390
Postal address: Tympa Health Technologies Ltd, Landmark, 33 Cavendish Square, London, W1G 0PW
The information you provide to us
In general, our services are intended for use by customer organisations who are authorised end user companies who act as the data controller for processing your data. As a result, for the personal information we collect and process we act as the data processor. This means it is primarily the customer organisations that control what personal information we collect through the services. Therefore if you are a patient of one of our customer organisations and have privacy related questions or concerns about the privacy practise or the choices the relevant customer organisation has made to share your information with us or any other Third Party, you should contact the relevant customer organisation or review their privacy notice.
Further information on how TympaHealth processes patient data can be found in our Patient Privacy Notice.
TympaHealth is not responsible for the privacy or security practices of its customer organisations, which may differ from those set out in this Notice.
If you are employed by one of our customer organisations you (or your team administrator) may provide certain personal information to us through the Services — for example, when you sign up for a TympaHealth account to access and use the Services, when you consult customer support or send an email or communicate with us in any way.
As a data processor, we process personal information about our customer organisations patients. This would include: patient names and appointment details, images of the inner ear, an examination description, and the patient ID. The patient privacy notice provides details on how this data is processed.
When you provide your information to us directly via our website, over the phone or face to face we only ask you to supply information that we need in order to provide the service you have requested. We will normally ask you to provide us with:
Your contact details including:
- Your Job Title
- The organisation you work for
- A work-related email address
- A work-related telephone number
- Account log in credentials
- Troubleshooting and support data
However, if you do business with us, we may also ask for further information about you or your company including finance details.
Information provided to us by other companies
Occasionally we may contact you using personal data provided to us by other companies. We take careful steps to ensure that they have permission from you to allow us to do this. If you feel this is incorrect, please let us know.
We occasionally supply data processing services to our clients who provide us with personal data of their customers. Any personal data provided to us in this manner has been collected under our clients’ privacy notices and we encourage you to read these to understand how they handle your personal data. Further information is available in our patient privacy notice.
Information provided to us via cookies
How we use your data
We use your personal information in a number of ways to:
- provide you with the service or information you have requested
- keep you informed and updated on relevant products you may be interested in
- improve our website and the range of services and products we provide
- provide you with useful information about our products and services
- administer your account
- manage event registrations and attendance
- assist our clients with data processing services
- for the avoidance of doubt, we do not store credit card details
Where permitted by the relevant customer organisation, and applicable law, we may leverage certain patient data collected through the operation of the Services for our internal purposes to develop and improve our services. For these purposes we will only use patient personal information in a de-identified form that does not specifically identify any particular patient. For example, we may leverage de-identified patient data to train our models and algorithms to better interpret the ear images captured from TympaHealth Systems, to make more consistent measurements and therefore to improve the functionality of our Services and outcomes.
On rare occasions a previously unidentified medical condition may be discovered during the course of conducting development work. When this occurs, the patients will be identified to provide further treatment. A detailed explanation of when this may happen and how we comply with data protection obligations whilst doing so can be found in the patient privacy notice.
Who we share your data with
We do not share or sell your data to any other company without your prior consent other than those processors we use for our business operations who process your data under our control.
We may share your information with subsidiaries, parent and associated companies.
Under some circumstances we may be required to disclose or share your information without your consent, for example if we are required to by the police, the courts or for other legal reasons.
How we keep your personal information safe
We take our obligations to keep your personal data safe and secure very seriously.
Within TympaHealth access to your personal information is strictly controlled on a ‘need to know’ basis. Staff members are only allowed access to your personal data if they have been sufficiently trained in data handling. We have specific technical controls in place to restrict access and these are monitored regularly.
How long we keep your personal information
We keep your personal information in line with our data retention policy. This means that we will remove data which have collected directly from you from our systems if we haven’t had any marketing response or direct contact with you for more than 36 months (this period typifies the maximum length of time that a contract could be in negotiation with us).
For data provided to us by our customer organisations, we are governed by their data retention rules as specified in their privacy notices.
In certain circumstances we have a statutory obligation to keep your personal information for a set period of time for example financial information (normally 6 years) for financial auditing purposes.
How to keep your personal information up-to-date
It is important for both you and us that your personal information is correct. If you believe this not to be the case please e-mail the amended details to email@example.com and we will contact you to verify your identity.
How you can find out about the information we hold about you
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us using the contact details in this policy.
We will get in contact to verify your identity and if we do hold information about you, we will:
- give you a description of it
- tell you why we are holding it
- tell you who it could be shared with
- let you have a concise and clear copy of the information
Our legal basis for processing your personal information
Much of our processing will be under the basis of “contractual obligation” in other words we need and use your personal information for providing the services your employer, as a customer organisation, has contracted with us to provide.
However when we are communicating with you regarding products and services you may be interested in receiving from us in the future our basis for processing is our “legitimate interest” as we are communicating with you in the context of your corporate activity and identity and not in relation to your private life. You will always be able to instantly unsubscribe from such messages using the link provided within the email.
Asking us to suppress or remove your personal information
Should you wish to not receive information from us in future then you can quickly action this by clicking the unsubscribe link you will find on our marketing e-mails or by sending your details to firstname.lastname@example.org and we will quickly suppress your data.
Should you further wish for us to remove your information entirely (and assuming we have no other obligation to keep it) then please let us know and we will do this — but we would encourage you to let us use it for suppression purposes only.
What to do if you have a complaint
If you have a complaint, please contact us at email@example.com and we will deal with your request promptly.
If you are still not satisfied with the way your complaint was handled, you can refer your complaint to UK Information Commissioner’s Office.
Security of the Site and Services
We take the security of your personal information very seriously. We use reasonable and appropriate administrative, physical, and technical safeguards to secure the personal information we process. Despite these safeguards and our additional efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third-parties will not be able to defeat our security, and improperly collect, access, steal, or modify your Personal Information.
If you are an employee of a customer organisation using our service, the security of the user profile you create to interact with the Services relies on your protection of your login credentials. You are responsible for maintaining the security of your login credentials, including your password and for any and all activities that occur under your account. You may not share your password with anyone. We will never ask you to send your password or other sensitive information to us in an email, though we may ask you to enter this type of information on a TympaHealth website, or mobile application interface.
Links to other websites
From time to time we may link our website directly to other sites. This privacy notice does not cover the links within our site linking to other websites and organisations. We encourage you to read the privacy statements on the other websites you visit.
Changes to this privacy notice
We keep our privacy notice under regular review. This privacy notice was last updated on 17/05/21
About TympaHealth Technologies Ltd
We are TympaHealth Technologies Ltd
Our company registration number is 11029091
Our office is registered at Office 402, Spaces, 4th Floor, Jubilee House, 213 Oxford Street, London W1D 2LF UK
Our VAT number is 314922319