Privacy Policy / Terms and conditions
Privacy / Terms and Conditions
Privacy Policy
We take your privacy very seriously. Please read this privacy policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
We collect, use and are responsible for certain personal data about you. We do this so that we can provide you with safe care and treatment. We will also use your information so that we can check and review the quality of the care we provide. This helps us to improve our services to you.
When we collect and use your personal data we are subject to all applicable Isle of Man data protection legislation and the General Data Protection Regulation as applied to the Isle of Man (GDPR) in respect of personal data.
Key terms
It would be helpful to start by explaining some key terms used in this policy:
We, us, our
Privateaudiologyiom
Our data protection officer
Dr Stephen Griffiths
Personal data
Any information relating to an identified or identifiable individual
Special category personal data
Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
Genetic and biometric data (when processed to uniquely identify an individual)
Data concerning health
Data subject
The individual who the personal data relates to
Personal data we collect about you
The table below sets out the personal data we will or may collect in the course of providing medical services.
Personal data we will collect
Personal data we may collect depending on why you have instructed us
Your name, address, telephone number
Information to enable us to check and verify your identity, eg your date of birth or passport details
Electronic contact details, eg your email address and mobile phone number
Information relating to the matter in which you are seeking our advice or medical services
Information about your health and wellbeing, past and current medical conditions, past and current treatment and care.
Your bank and/or building society details
Your employment status and details
Your employers details (if we are providing occupational health services or providing them with a medical report)
Your health insurer where applicable
We collect and use this personal data to provide medical services to you. If you do not provide personal data we ask for, it may delay or prevent us from providing those services.
How your personal data is collected
We collect most of this information from you, direct or via our secure online patient portal, however, we may also collect information:
from publicly accessible sources;
directly from a third party, eg:
health and care business partners and sub-contractors such as those providing pathology services, sexual health services, scans, clinical photographs and X-rays, as well as pharmacies, your GP, Consultants, Manx Care, the UK NHS, your care providers in other countries;
our trusted sub-contractors who provide technical support, payment services, advertising and analytics support. This could be confirmation of payment for your health and care services and information about your browsing behaviour on our websites and supporting applications
patient due diligence providers;
from a third party with your consent, eg:
health and care business partners and sub-contractors such as those providing pathology services, sexual health services, scans, clinical photographs and X-rays, as well as pharmacies, your GP, Consultants, Manx Care, the UK NHS, your care providers in other countriesyour bank or building society, another financial institution or advisor;
consultants and other professionals we may engage in relation to your matter;
your employer and/or trade union, professional body or pension administrators;
other doctors, medical and occupational health professionals;
your insurers;
via our website—we use cookies on our website (for more information on cookies, please see our cookie policy)
via our information technology (IT) systems, eg:
via our case management, document management and time recording systems;
through automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, email and instant messaging systems;
How and why we use personal data
Under data protection law, we can only use your personal data if we have a proper reason, eg:
where you have given consent;
to comply with our legal and regulatory obligations;
for the performance of a contract with you (the provision of medical services) or to take steps at your request before entering into a contract; or
for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your personal data, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
The table below explains what we use your personal data for and why.
What we use your personal data for
Our reasons
Providing services to you
To perform our contract with you for the provision of medical services or to take steps at your request before entering into a contract, and to help you with any payments or refunds you may require relating to the provision of those medical services
Preventing and detecting fraud against you or us
For our legitimate interest, ie to minimise fraud that could be damaging for you and/or us
Conducting checks to identify our patients and verify their identity
Other activities necessary to comply with professional, legal and regulatory obligations that apply to our business, eg under health and safety law or rules issued by our professional regulator
To comply with our legal and regulatory obligations
To protect other people, including healthcare staff, children or others with safeguarding needs, from the risk of harm
To comply with our legal and regulatory obligations
To enforce legal rights or defend or undertake legal proceedings
Depending on the circumstances:
—to comply with our legal and regulatory obligations;
—in other cases, for our legitimate interests, ie to protect our business, interests and rights
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies
To comply with our legal and regulatory obligations
Ensuring business policies are adhered to, eg policies covering security and internet use
For our legitimate interests, ie to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training and quality control
For our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you at the best price
Ensuring the confidentiality of commercially sensitive information
Depending on the circumstances:
—for our legitimate interests, ie to protect trade secrets and other commercially valuable information;
—to comply with our legal and regulatory obligations
Statistical analysis to help us manage our business
For our legitimate interests, ie to be as efficient as we can so we can deliver the best service to you at the best price
Preventing unauthorised access and modifications to systems
Depending on the circumstances:
—for our legitimate interests, ie to prevent and detect criminal activity that could be damaging for you and/or us;
—to comply with our legal and regulatory obligations
Protecting the security of systems and data used to provide services
To comply with our legal and regulatory obligations
We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, ie to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us
Updating and enhancing patient records
Depending on the circumstances:
—to perform our contract with you or to take steps at your request before entering into a contract;
—to comply with our legal and regulatory obligations;
—for our legitimate interests, eg making sure we can keep in touch with our patients about existing and new services
Statutory returns
To comply with our legal and regulatory obligations
Ensuring safe working practices, staff administration and assessments
Depending on the circumstances:
—to comply with our legal and regulatory obligations;
—for our legitimate interests, eg to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you
Marketing our services and those of selected third parties to existing and former patients
For our legitimate interests, ie to promote our business to existing and former patients
Credit reference checks via external credit reference agencies
For our legitimate interests, ie to ensure our patients are likely to be able to pay for our services
External audits and quality checks
Depending on the circumstances:
—for our legitimate interests, ie to maintain our accreditations so we can demonstrate we operate at the highest standards;
—to comply with our legal and regulatory obligations
To share your personal data with members of our group and third parties that will or may take control or ownership of some or all of our business (and professional advisors acting on our or their behalf) in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale or in the event of our insolvency
In such cases information will be anonymised where possible and only shared where necessary
Depending on the circumstances:
—to comply with our legal and regulatory obligations;
—in other cases, for our legitimate interests, ie to protect, realise or grow the value in our business and assets
How and why we use your personal data—Special category personal data
Certain personal data we collect is treated as a special category to which additional protections apply under data protection law:
personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership;
biometric data (when used to uniquely identify an individual);
data concerning health
Where we process special category personal data, we will also ensure we are permitted to do so under data protection laws, eg:
we have your explicit consent;
the processing is necessary to protect your (or someone else’s) vital interests where you are physically or legally incapable of giving consent;
the processing is necessary to establish, exercise or defend legal claims;
the processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or pursuant to contract with a health professional;
the processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices.
How and why we use your personal data—sharing
See ‘Who we share your personal data with’ for more information on the steps we will take to protect your personal data where we need to share it with others.
Marketing
We will use your personal data to send you updates (by email, text message, telephone or post) about our services, including exclusive offers, promotions or new services.
We have a legitimate interest in using your personal data for marketing purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you marketing information. If we change our marketing approach in the future so that consent is needed, we will ask for this separately and clearly.
You have the right to opt out of receiving marketing communications at any time by:
contacting us at privateaudiologyiom@protonmail.com
using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts.
We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations outside PrivateAudiologyIOM for marketing purposes.
Who we share your personal data with
We routinely share personal data with:
third parties we use to help deliver our services to you, eg health and care business partners and sub-contractors such as ENT Consultants, Manx Care, the UK NHS, your care providers in other countries and Medical Insurance providers
We or the third parties mentioned above occasionally also share personal data with:
other third parties we use to help us run our business, eg marketing agencies or website hosts (this will be limited to the sharing of your name, address, telephone number, and your electronic contact details, eg your email address and mobile phone number – not special category data);
third parties approved by you;
our insurers and brokers (not special category data);
our bank (not special category data);
your insurers;
our and their professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations
law enforcement agencies, courts, tribunals, health agencies and regulatory bodies to comply with our legal and regulatory obligations
other parties that have or may acquire control or ownership of our business (and our or their professional advisers) in connection with a significant corporate transaction or restructuring, including a merger, acquisition or asset sale or in the event of our insolvency—usually, information will be anonymised but this may not always be possible. The recipient of any of your personal data will be bound by confidentiality obligations
Safeguarding
Sometimes we need to share information so that other people, including healthcare staff, children or others with safeguarding needs, are protected from risk of harm.
Where your personal data is held
Personal data may be held at our offices and those of our third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).
Some of these third parties may be based outside the European Economic Area.
How long your personal data will be kept
We will not keep your personal data for longer than we need it for the purpose for which it is used.
As a general rule, if we are no longer providing services to you, we will delete or anonymise your account data after seven years unless there is a legal requirement to maintain it for longer. However, different retention periods apply for different types of personal data and for different services.
Following the end of the of the relevant retention period, we will delete or anonymise your personal data.
Transferring your personal data out of the Isle of Man
Countries outside the Isle of Man have differing data protection laws, some of which may provide lower levels of protection of privacy.
It is sometimes necessary for us to transfer your personal data to countries outside the Isle of Man. In those cases we will comply with applicable Isle of Man laws designed to ensure the privacy of your personal data.
Your rights
You have the following rights, which you can exercise free of charge:
Access
The right to be provided with a copy of your personal data
Rectification
The right to require us to correct any mistakes in your personal data
Erasure (also known as the right to be forgotten)
The right to require us to delete your personal data—in certain situations
Restriction of processing
The right to require us to restrict processing of your personal data—in certain situations, eg if you contest the accuracy of the data
Data portability
The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object
The right to object:
—at any time to your personal data being processed for direct marketing (including profiling);
—in certain other situations to our continued processing of your personal data, eg processing carried out for the purpose of our legitimate interests unless there are compelling legitimate grounds for the processing to continue or the processing is required for the establishment, exercise or defence of legal claims.
Not to be subject to automated individual decision making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you
The right to withdraw consent
If you have provided us with a consent to use your personal data you have a right to withdraw that consent easily at any time
Withdrawing a consent will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn
For more information on each of those rights, including the circumstances in which they apply, please contact us (see ‘How to contact us’ below) or see https://www.inforights.im/.
If you would like to exercise any of those rights, please:
email, call or write to us—see below: ‘How to contact us’; and
provide enough information to identify yourself and any additional identity information we may reasonably request from you;
let us know what right you want to exercise and the information to which your request relates.
Keeping your personal data secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your personal data will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
Please contact us if you have any queries or concerns about our use of your personal data (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.
You also have the right to lodge a complaint with:
the Information Commissioner in the Isle of Man;
a relevant data protection supervisory authority in the EEA state of your habitual residence, place of work or of an alleged infringement of data protection laws in the EEA.
The Isle of Man’s Information Commissioner may be contacted at https://www.inforights.im/.
Changes to this privacy policy
This privacy policy was published on 2nd January 2024
We may change this privacy policy from time to time, when we do we will inform you via publishing the updated policy on our websites at www.privateaudiologyiom.im
How to contact us
You can contact us and/or our Data Protection Officer by post, email or telephone if you have any questions about this privacy policy or the information we hold about you, to exercise a right under data protection law or to make a complaint.
Our contact details are shown below:
Our contact details
Audiology Private Patients, Nobles Hospital, Douglas IM4 2RJ
privateaudiologyiom@protomail.com
07624 335547
Terms and Conditions
1. Definitions
1.1.Buyer: the person who buys or agrees to buy the goods from the Seller.
1.2.Conditions: the terms and conditions of sale as set out in this document.
1.3.Goods: the articles which the Buyer agrees to buy from the Seller.
1.4.Price: the price for the Goods, inclusive of VAT and Carriage
1.5.Seller: means Dr Stephen Griffiths, Consultant Audiologist, Private Audiology Patients
1.6.Terms: the terms and conditions set out in this document;
1.7.We/Our/Us: Dr Stephen Griffiths, Consultant Audiologist
1.8.Event outside Our Control: We will not be liable or responsible for any failure to perform, or delay in performance of, any of our obligations under these Terms that is caused by an Event outside Our Control: An Event outside Our Control means any act or event beyond our reasonable control. Where an Event outside Our Control occurs, we will contact you as soon a reasonably possible to notify you and our obligations will be suspended for the duration of the Event outside
Our Control. You may choose to cancel the contract if the Event outside Our Control continues for longer than 14 days.
2. Conditions
2.1.These Conditions shall form the basis of the contract between the Seller and the Buyer in relation to the sale of Goods, to the exclusion of all other terms and conditions including the Buyer’s standard conditions of purchase or any other conditions which the Buyer may purport to apply under any purchase order or confirmation of order or any other document.
2.2.All orders for Goods shall be deemed to be an offer by the Buyer to purchase Goods from the Seller pursuant to these Conditions.
2.3.Acceptance of delivery of the Goods shall be deemed to be conclusive evidence of the Buyer’s acceptance of these Conditions.
2.4.These Conditions may not be varied except by the written agreement of The Seller.
2.5.These Conditions represent the whole of the agreement between the Seller and the Buyer. They supersede any other conditions previously issued.
3. Goods
3.1.The quantity and description of the Goods shall be as set out in the Seller’s confirmation of order.
4. Our contract with you
4.1.These are the terms and conditions upon which we supply Goods to you. Please ensure that you read these Terms carefully, and check that the details on the invoice and in these Terms are complete and accurate.
5. Price
5.1.The price for the Goods and Services will be on the invoice. Our prices may change from time to time. Unless otherwise specified by or agreed in writing with us, the price for the Goods is payable at the time of sale.
6. Statutory Registration
6.1.All Hearing Aid Dispensers and Clinical Audiologists must be registered with the Health & Care Professions Council and are required to follow their standards of conduct, performance and ethics.
7. Faulty Goods
7.1.As a consumer, you have legal rights in relation to Goods that are faulty or not as described. We are under a legal duty to supply Goods in accordance with this contract. Advice about your legal rights is available from your local Citizen’s Advice Bureau or Trading Standards office. Nothing in these Terms will affect those legal rights.
8. Third Party Manufacturer’s Guarantee
8.1.The Goods come with a manufacturer’s guarantee for the period as detailed on the invoice. This guarantee is in addition to your legal rights in relation to the Goods that are faulty or not as described.
9. VAT
9.1.Professional and dispensing services are exempt from VAT. The price of the hearing instruments and other products include VAT at the standard rate.
10. Returns and Warranties
10.1.Peace of Mind returns policy: It’s important that you’re happy with your hearing device prescription. If you’re not completely satisfied or change your mind, you can return them within 90 days. We are unable to accept returns after
the specified time. If you decide to return your hearing device within the specific time, a charge of up to £150.00 will be levied on the return to cover the administration cost. We will give you a refund for products that are returned without damage. If possible, please retain the packaging/boxes and batteries that came with your hearing instrument. You can return any product within the prescribed period, even if you have used it- as long as there is no physical damage. This does not affect your statutory rights. Your hearing aid package includes follow up appointments at 2, 4 and 12 weeks,
hearing tests at 12 and 24 months and unlimited fine tuning appointments (in person, by phone or remote assistance) for the period of the manufacturer’s warranty. The manufacturer warranty can be extended at the point of order for
additional cost.
10.2.Nothing in these conditions will affect your statutory rights relating to faulty or mis-described goods.
10.3.Hearing device warranty: The manufacturer warranty covers your hearing device(s) against malfunction, breakdown and faulty workmanship for 24 months. Repairs or re-shells required due to misuse, accidental damage or loss of hearing aid are not covered by the warranty and will be chargeable. In addition, faults due to unauthorised repairs, wax or moisture are not covered by the guarantee. You are strongly advised to insure your devices for loss or accidental damage. Many household contents policies will cover hearing aids but the onus is on the policy holder to check and arrange this
11.Personal Information
11.1.We will not give your personal data to any third party without your consent.
12..General
12.1.This contract is between you and us, no other person has any rights to enforce its terms. Each of these terms operates separately. If any court or relevant authority decides that any of them are unlawful, the remaining paragraphs will remain in full force and effect. These Terms are governed by Manx law. You and We both agree to submit to the nonexclusive jurisdiction of the Manx courts.
13. Concerns
13.1 If you have concerns that we have not addressed satisfactorily, you can contact the regulatory body being the HCPC.
When contacting them, you should quote my registration number HAD004257
14. Contact us
Phone: 07624 335547 email: privateaudiologyIOM@protonmail.com
Post: Audiology Private Patients, C/O Dr Stephen Griffiths, Consultant Audiologist, Nobles Hospital, Douglas, IM4 4RJ