How we keep your personal information safe
Max Hearing Ltd t/a Hearing Wales (incorporating B&E Morgan) (47-48 the Grove, Uplands, Swansea, SA2 0QR) is registered as a company in England and Wales (no 08124185). This Privacy Notice replaces earlier versions and is prepared in line with General Data Protection Regulation (GDPR) guidance that will apply from 25 May 2018.
What information do we collect?
We collect data on the basis of “legitimate interest” and “special category – provision of health care”. We collect personal information. Personal information is any information that can be used to identify you. This information may include your name, postal address, email address, telephone or mobile number or date of birth. We also collect your audiology data. We use this to provide you with the information, treatment, products or services in which you are interested.
As a client of Hearing Wales the data comes from you.
Keeping your information up to date
To make sure we always have the most up-to-date information about how to contact you, we may also, from time to time, update your records to reflect any changes to your personal information.
This information may come directly from you, or it may come from a third party that we consider is legitimate and trustworthy and in circumstances where it is appropriate and where you will have had a clear expectation that your details would be passed on for this purpose.
How long will we keep your information?
We will retain your data for only as long as it is reasonably necessary. We hold information relating:
- Request for a quote only 2 years
- Fulfilment of a hearing aid order or 10 years from sale or dealing of a complaint if later.
- Battery replacement service 2 years
- General enquiry 2 years
We are required to hold certain data for legal and statutory reasons such as for VAT purposes.
The law allows you to withdraw your consent to any particular usage of your data at any time without needing to specify a reason. You can withdraw your consent by emailing our customer care team on email@example.com or calling 0800 313 4304.
How we store your information
Your information is stored securely on our servers and within the UK and European Economic Area (EEA) only. It is not stored outside these areas. It is kept in line with the GDPRs security principle We ensure that:
- the data can be accessed, altered, disclosed or deleted only by those we have authorised to do so (and that those people only act within the scope of the authority given to them);
- the data we hold is accurate and complete in relation to why we are processing it; and
- the data remains accessible and usable.
How we use your information.
- To obtain pricing for replacement hearing aids
This may include using your personal information to help gather a quote for replacement hearing aids.
- To arrange for an audiologist to test your hearing or fit new hearing aids and provide aftercare
This may include using your personal information to identify an appropriate audiologist to assist you for the term of your new hearing aids.
We will not rent or sell your personal information to other organisations for use by them in any way, including in their own direct marketing activities.
However, where you have given us permission to contact you, we may pass on your information to external service providers to contact you on our behalf. This would be audiologists for example or occasionally manufacturers.
How will we contact you?
We will contact you regarding your quote or purchase. We will also contact you with information on advancements in hearing aid technology or developments. If you wish us to stop contacting you completely you can request this by contacting our customer care team on firstname.lastname@example.org or calling 0800 313 4304.
How we use your debit or credit card information
We take payments in person or over the phone. We do not collect this data over the internet or email. We are PCI compliant and use Payment Card Industry compliant providers to handle the transactions. We do not store any payment data, once the payment has gone through all information is immediately destroyed.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If you make a request around any one of those points we will consider it in accordance with all data protection laws and regulations. No administrative fee will be charged to handle the request provided it does not become excessive. You can make a request by contacting email@example.com or write to us at the address above. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
Making a complaint
If you have any questions about of data policy or our data practices please email firstname.lastname@example.org or calling 0800 313 4304 or write to us at the address above and we will be delighted to help. Please also use this address if you wish to make a complaint.
You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe your data has been processed in a way that does not comply with the GDPR. You can do so by calling the ICO helpline on 0303 123 1113 or via their website https://ico.org.uk/.