Patient Privacy Policy

Patient Privacy Policy

1. Scope

Patients of Tympa Health Technologies Ltd’s customers whose personal data is collected.

2. Responsibilities

2.1 The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to Tympa Health Technologies Limited collecting/processing their personal data.

2.2 All employees/staff of Tympa Health Technologies Limited who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and, where necessary, securing their consent to the  processing of their data.

3. Privacy notice

3.1 Who are we?

Key terms:

Tympa Health Technologies Limited: Us.

Customers: Organisations using the Tympa product to provide healthcare to patients.

Patient/you/data subject: Individuals receiving healthcare from the customer organisation.

Tympa Health Technologies Limited is an audiology technology company that makes smart otoscopes. These otoscopes come with iOS and Android apps that include hearing test screening questions, can collect videos and assist with hearing healthcare. Tympa Health Technologies Limited processes data on behalf of customer organisations providing healthcare to patients.

Our Data Protection Officer can be contacted directly here: 

Email: info@tympahealth.com 

Phone: +44 203 878 1390

Postal address: Tympa Health Technologies Limited, Office 402 – Spaces, 4th Floor, Jubilee House, 213 Oxford Street, London, W1D 2LF

3.2 Data processing

The personal data about you that we would like to process is collected from customer organisations of Tympa Health Technologies Limited.

Our legal bases for processing the personal data:

The special categories of personal data concerned are:

For processing activities requiring consent, you may withdraw consent at any time by contacting the customer organisation that is providing your healthcare. If this is not possible, consent can also be withdrawn by contacting Tympa Health Technologies Limited using the details listed under ‘Who are we?’ above.

3.3 Disclosure

Tympa Health Technologies Limited will pass your personal data to the below third party as part of the service provided to our customers.

Google Cloud Storage: Database storage for data collected to provide treatment for patients.

3.4 Retention period

Tympa Health Technologies Limited will process personal data for as long as a customer organisation continues using Tympa Health Technologies Limited’s services. It will store the data for a maximum of seven years in the case of deidentified images and video that have been used for research.

3.5 Your rights as a data subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

All of the above requests will be forwarded on should there be a third party involved (as stated under ‘Disclosure’ above) in the processing of your personal data.

3.6 Complaints

If you wish to make a complaint about how your personal data is being processed by Tympa  Health Technologies Limited (or third parties as described under ‘Disclosure’ above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Tympa Health Technologies Limited’s Data Protection Officer.

Supervisory authority contact details:

The Information Commissioner’s Office (ICO) can be contacted at the below link. 

Make a complaint | ICO (https://ico.org.uk/make-a-complaint/)

Data Protection Officer contact details:

Email: info@tympahealth.com Phone: +44 203 878 1390

Postal address: Tympa Health Technologies Limited, Office 402 – Spaces, 4th Floor, Jubilee House, 213 Oxford Street, London, W1D 2LF

3.7 How we use your information

Personal data

Under the GDPR, personal data is defined as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

How we use your information

This privacy notice tells you how we, Tympa Health Technologies Limited, will collect and use your personal data for making our service available to customers that provide you with medical treatment.

Why does Tympa Health Technologies Limited need to collect and store personal data?

In order for your healthcare provider to administer treatment, we need to collect personal data necessary for providing services to them. We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. 

Tympa Health Technologies Limited will request your specific consent to process images and video collected by the otoscope.

Will Tympa Health Technologies Limited share my personal data with anyone else?

We may pass your personal data to third-party service providers contracted to Tympa Health Technologies Limited in the course of dealing with you. Any third parties that we may share your data with are obliged to keep your details securely, and to use them only as part of the service we provide to our customers. When they no longer need your data to fulfil this service, they will dispose of it in line with our procedures. If we wish to pass your sensitive personal data to a third party, we will only do so once we have obtained your consent, unless we are legally required to do otherwise.

How will Tympa Health Technologies Limited use the personal data it collects about me?

We will process (collect, store and use) the information you provide in a manner compatible with the GDPR. We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices, such as images or videos used as part of medical research. Personal data may be held for longer than these periods depending on individual business needs.

If you wish to know more about our retention and disposal procedures, please contact our Data Protection Officer using the details found under ‘Who are we?’ at the start of this notice. 

Under what circumstances will Tympa Health Technologies Limited contact me?

In normal circumstances, you will only be contacted by your healthcare provider (i.e. our customer). Communications will be related to the treatment you are receiving. 

Can I find out the personal data that Tympa Health Technologies Limited holds about me?

Your healthcare provider is the controller for the data processed by Tympa Health Technologies Limited. As such, they will be better placed to provide assistance regarding personal data held about you. If they are not able to answer your query then, at your request, we can confirm what information we hold about you and how it is processed. If we do hold personal data about you, you can request the following information:

Document owner and approval

The Data Protection Officer/GDPR Owner is the owner of this document and is responsible for keeping it up to date.

We keep this privacy notice under regular review. This privacy notice was last updated on 17 May 2021.