Privacy Policy
This Privacy Notice covers the use of your personal data for the purpose of providing you with use of our website and keeping you up to date with new and upcoming activities carried out by us.
We at Tympa Health Technologies Limited take our responsibilities under both the General Data Protection Regulations and Data Protection Act 2018 very seriously.
You can be assured that your information will be used appropriately and in a lawful manner and always in line with data protection legislation and within the framework laid down by the Data Protection Officer.
We will store your data securely with appropriate safeguards in place to protect it against unauthorised or unlawful processing.
This privacy notice was last updated on 08 June 2022.
EMPLOYEES
What data do we collect & use?
We use data about you to fulfil our obligations to you as an employer, including ensuring that you are paid for your work and are protected in the workplace.
We do this because you have entered into a contract of employment with us.
We collect data from you, as well as creating data once you have been successful in a job application, this includes:
- Data that identifies you, basic details such as name, gender, date of birth.
- Contact data like address, telephone number, and email address.
- Financial data including bank and pension details, and national insurance number.
- Computer records, including email and messaging history relating to your work.
- Qualifications and employment history.
- Data relating to leave, including annual leave, maternity, paternity, adoption, and shared parental leave.
- Medical and health data, including sick leave, allergies or occupational health requirements.
- Images and photographs
We may also collect personal data about you from other people and organisations, such as:
- We request confidential references from referees that you have given to us, which contain data about you.
- We receive data from HMRC such as tax codes.
Do you share my data?
We share your personal data under specific and unique circumstances. When we do share data, we use as little as possible, and on a need to know basis.
- If you require emergency medical treatment we will share your personal data with health professionals to ensure you receive appropriate treatment
- We share your data with HMRC to ensure that you are taxed correctly
- Tympa Health Technologies Ltd shares data with companies who process the data on our behalf for purposes of paying expenses, pension contributions, salary payments.
How do you use the data you collect?
We use your personal data to fulfil our obligations to you as an employer, to ensure you are paid for your work, and that you are protected in the workplace.
This includes:
- Using financial data to make sure you are paid and taxed correctly.
- Using your data to manage your performance in fulfilling your contract with us.
- Understanding how we can support you if you have a disability or impairment.
- Ensuring that you are employed in a suitable environment.
- Assessing if you may present any risk to other individuals.
- Understanding the diversity of our workforce and complying with equality and diversity legislation.
- Ensuring that you receive adequate training for your role.
- Investigating incidents.
How long do Tympa Health Technologies Ltd. keep my data for?
We keep your personal data during your employment and we also retain the data when you leave Tympa Health Technologies Ltd. for an appropriate time. Employee data is kept for at least 6 years after you stop working for us. If you apply for a job with us and are unfortunately unsuccessful, we will erase your data within 6 months of the close of the recruitment process.
We keep your data to defend ourselves against any potential legal claims. We may keep anonymised data for longer than 6 years. Anonymised data cannot identify you and helps us better understand the colleagues that we have employed.
How do Tympa Health Technologies Ltd. comply with the law?
Data protection law requires organisations to have a legal basis for processing personal data.
- You have a signed a contract of employment with us and we use the data to fulfil that contract
- We can share your data with healthcare professionals in emergency situations where your life is at risk. This is known as a ‘vital interest’.
- We can use healthcare data for occupational medical care, and to assess your working capacity.
- We rely on a legitimate interest to collect and use data like confidential references, and employee feedback.
- We use images of you with consent.
CLIENTS/CUSTOMERS
We process a limited amount of personal data relating to the employees of our clients and partners that is separate from the data that we process as a data processor.
What data do you collect & use?
We use data about you to fulfil our obligations to you, including business communications with you, and the provision of services to users, this includes:
- Data that identifies you, basic details such as name, gender, date of birth.
- Contact data like address, telephone number, and email address.
Do you share my data?
The customer organisations that control what personal information we collect through the services. Therefore if you are a patient of one of our customer organisations and have privacy related questions or concerns about the privacy practise or the choices the relevant customer organisation has made to share your information with us or any other Third Party, you should contact the relevant customer organisation or review their privacy notice.
How do you use the data you collect?
We use your data to fulfil our contractual obligations, to ensure that you are able to use the services that TympaHealth provide.
How long do you keep my data for?
We keep your personal data for the duration of the contract to provide services, and 6 years after the end of the contract.
How do we comply with the law?
Data protection law requires organisations to have a legal basis for processing personal data. We rely on a legitimate interest to collect and use data like names and contact details so that we can liaise with you and fulfil our contractual obligations.
PATIENTS
The personal data about you that we would like to process is collected from customer organisations of Tympa Health Technologies Limited.
The personal data we collect will be used for the following purposes:
- To book and manage your appointments.
- To provide your healthcare.
- De-identified images and video (meaning that it is not possible to identify the patient) will be accessed by ear, nose and throat (ENT) specialists in order to improve the product and the quality of care provided to patients.
- In rare cases, ENT specialists may be provided with identifiable information on patients. This will only happen if, during one of these improvement reviews, the ENT specialist identifies a health issue that has not been picked up as part of the treatment provided to the patient. In this case, the images and video will be combined with identifiable patient data to allow the ENT specialist to contact the customer organisation and advise on treatment.
Our legal bases for processing the personal data:
In the legitimate interests of the customer organisation and Tympa Health Technologies Limited. To book and manage your appointments.
When processing is in the vital interests of the patient. To allow an ENT specialist to contact a Tympa Health Technologies customer upon identifying a previously overlooked health issue.
The special categories of personal data concerned are: Images and video of the ear collected by the otoscope.
VOLUNTEERS AND PATIENT INVOLVEMENT
What data do we collect & use?
We use data about you to fulfil our obligations to you, including communications with you, arranging meetings, and fulfilling your role with us, this includes:
- Data that identifies you, basic details such as name, gender, date of birth.
- Contact data like address, telephone number, and email address.
- Relevant medical data like allergies and access requirements.
Do you share my data?
We do not share your data unless you have provided consent..
How long do you keep my data for?
We keep your data for the duration of your agreement with us, and 3 years after the end of the agreement.
How do Tympa Health Technologies Ltd. comply with the law?
Data protection law requires organisations to have a legal basis for processing personal data. We rely on your consent to collect and use data like names and contact details so that we can liaise with you and fulfil our contractual obligations.
MARKETING AND COMMUNICATIONS
What data do you collect & use?
We collect data from you, this includes:
- Data that identifies you, basic details such us name and job title.
- Contact data like, telephone number, and email address.
- Institutions or companies that you may be associated with.
Do you share my data?
We do not share your data with third parties.
How do you use the data you collect?
We use your personal data to inform you to provide you with the opportunity to benefit from our services and the solutions we offer.
We use your personal data to inform you to provide you with the opportunity to benefit from our services and the solutions we offer. You can object to processing at any time by emailing: [email protected]
How do we comply with the law?
Tympa Health Technologies relies on our legitimate interest for processing this data.
Where did the data come from?
We collect data from you directly in the course of introductions. We also collect selected data from publicly available sources like LinkedIn where we think you will be interested in our services and work.
LEGAL AND REGULATORY OBLIGATIONS
We may receive requests for data from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.
When we receive these requests we will inform you as soon as possible. There are circumstances in which we cannot inform you that data is used or shared, because it may prejudice the work of law enforcement agencies and other organisations.
We may be required to use and keep personal data for legal reasons, such as the prevention, detection, or investigation of crime or fraud. We may also use personal data to meet our internal and external audit requirements, and data security purposes.
Data we process on behalf of NHS organisations and NHS organisations involved in commissioning of care:
Tympa Health Technologies are a data processor for several NHS organisations and entities, this means that we process data on behalf of these organisations and therefore rely upon Article 6 (1) e & Article 9 (2) h as the lawful basis.
We believe in the importance of privacy and want to make it as easy as possible for you to understand how your information is being used, and therefore recommend that in addition to reading this Privacy Notice that you visit the privacy notes of each organisation to ensure you are informed of how they are using your data.
YOUR RIGHTS
Under data protection law, individuals (data subjects) have a number of rights which are detailed below. Some of these only apply in specific circumstances and are qualified in several respects by exemptions in data protection legislation. We will advise you in our response to your request if we are relying on any such exemptions.
Access to personal data
You have a right to request a copy of the personal data that we hold about you. You should include adequate data to identify yourself and such other relevant data that will reasonably assist us in fulfilling your request. Your request will be dealt with as soon as possible.
Right to rectification (correction)
You can request us to rectify and correct any personal data that we are processing about you which is incorrect. We provide you with account settings and tools to access the data associated with your account.
Right to withdraw consent
Where we have relied upon your consent to process your personal data, you have the right to withdraw that consent. To opt out of marketing, you can use the unsubscribe link found in the email marketing communication you receive from us. For other marketing preferences you can contact us, providing details of services or marketing that you wish to opt-out.
Right of erasure (right to be forgotten)
You can request us to erase your personal data under certain circumstances, it is not a guaranteed or absolute right.
Right to data portability
This right allows you to obtain your personal data in an electronic format, where you have provided data to us with your consent, or where the data was necessary for us to provide you with our services or employment. You can request that the data be given in a format which enables you to transfer that personal data to another organisation. You may have the right to have your personal data transferred by us directly to the other organisation, if this is technically feasible.
Right to restrict processing of personal data
You have the right in certain circumstances to request that we suspend our processing of any or all your personal data. Where we suspend our processing of your personal data we will still be permitted to store your personal data, but any other processing of this data will require your consent, subject to certain exemptions.
Right to object to processing of personal data
You have the right to object to our use of your personal data which is used where we feel that we have legitimate interest. However, we may continue to process your personal data, despite your objection, where there are compelling legitimate grounds to do so or we need to process your personal data in connection with any legal claims.
GETTING IN TOUCH
Should you have any queries about the how your data is used, including a complaint for our data protection officer, then please contact us on [email protected]
Postal address: Tympa Health Technologies Ltd, Landmark, 33 Cavendish Square, London, W1G 0PW
You can also contact the ICO for further information or to make a complaint:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number.
Email ICO
Report a concern on the ICO website
