Privacy Policy.

Prestige Hearing is an independent audiology practice operating across three clinics in South Wales:

• Cardiff: 43 Merthyr Road, Whitchurch, Cardiff CF14 1DB
• Bridgend: 1 Prince Road, Kenfig Hill, Bridgend CF33 6ED
• Newport: The Eye Centre, 177 Caerleon Road, Newport NP19 7FX

• Phone: 029 2240 1110
• Mobile: 07782 491061
• Email: louise@prestige-hearing.co.uk
• Website: www.prestige-hearing.co.uk

For the purposes of UK data protection law, Prestige Hearing is the Data Controller responsible for your personal data.

We may collect and process the following personal data:

Identity Data

• Full name
• Date of birth
• Gender

Contact Data

• Home address
• Email address
• Telephone numbers

Health Data (Special Category)

• Hearing test results and audiograms
• Medical history relevant to hearing and ear health
• Details of existing hearing aids or ear conditions
• Tympanometry results
• Earwax removal treatment records
• GP details (where relevant)
• Medication information relevant to hearing care

Financial Data

• Payment card details (processed securely, not stored by us)
• Finance agreement details (where applicable)
• Billing address

Technical Data (Website)

• IP address
• Browser type and version
• Device type
• Pages visited and time spent
• Referral source (how you found our website)
• Cookie data (see Section 9)

Communications Data

• Enquiry and contact form submissions
• Appointment booking details
• Email and SMS correspondence
• Feedback and reviews

We collect personal data through:

• Direct contact: when you book an appointment, complete a contact form, call us, or email us
• Clinical consultations: information you provide during appointments
• Online booking system: via our Timely booking platform (bookings.gettimely.com/prestigehearing/book)
• Website: automatically via cookies and analytics tools when you visit our website
• Third parties: referrals from GPs, NHS, or other healthcare professionals (with your consent)

We use your personal data for the following purposes:

Clinical Care (Legitimate Interest / Legal Obligation)

• Providing audiology services and treatments
• Maintaining accurate clinical records
• Communicating appointment details and reminders
• Following up on treatments and aftercare
• Making referrals to other healthcare professionals where appropriate

Business Operations (Legitimate Interest)

• Managing appointments and scheduling
• Processing payments and finance agreements
• Responding to enquiries and complaints
• Improving our services based on feedback

Legal Compliance

• Meeting our obligations under healthcare regulations
• HCPC registration requirements
• Maintaining records as required by law
• Responding to lawful requests from regulatory bodies

Marketing (Consent)

• Sending appointment reminders and follow-up communications
• Sending promotional offers and service updates (only with your explicit consent)
• You may withdraw consent at any time by contacting us or clicking unsubscribe

We will never sell your personal data to third parties or use it for purposes incompatible with those stated above.

Under UK GDPR, we rely on the following legal bases:

• Contract — processing necessary to provide our services
• Legal Obligation — compliance with healthcare and regulatory requirements
• Legitimate Interests — running our practice effectively and communicating with patients
• Consent — marketing communications and non-essential cookies
• Vital Interests — emergency situations where data sharing is necessary to protect health
• Special Category Data (Health) — processing under Article 9(2)(h) UK GDPR for healthcare provision

We may share your personal data with:

Clinical Partners

• GPs and NHS services (with your consent or where clinically necessary)
• Specialist referral services
• Hearing aid manufacturers for warranty and support purposes only

Service Providers (Data Processors)

• Timely (appointment booking software) — privacy policy at gettimely.com
• Google (analytics and maps) — privacy policy at policies.google.com
• Email and SMS service providers
• Secure payment processors

We require all third parties to respect the security of your personal data and to treat it in accordance with UK data protection law. We do not allow service providers to use your data for their own purposes.

Legal Requirements

• Regulatory bodies including HCPC where required
• Law enforcement agencies where legally obligated
• Courts or tribunals where required by law

We will never share your data for commercial purposes or sell it to third parties.

We retain your personal data for the following periods:

Clinical Records

• Adult patients: 8 years from last treatment (NHS guidelines best practice)
• Children's records: until age 25, or 8 years from last treatment if longer
• Deceased patients: 8 years from date of death

Financial Records

• 7 years from transaction date (HMRC requirements)

Contact and Enquiry Data

• 2 years from last contact if no appointment taken
• Deleted upon request if no ongoing clinical relationship

Marketing Data

• Until you withdraw consent or unsubscribe

Website Analytics

• 26 months (Google Analytics default)

After retention periods expire, data is securely deleted or anonymised.

Under UK GDPR you have the following rights:

Right of Access

Request a copy of the personal data we hold about you (Subject Access Request). We will respond within 30 days. Requests can be made by emailing louise@prestige-hearing.co.uk

Right to Rectification

Request correction of inaccurate or incomplete data we hold about you.

Right to Erasure ("Right to be Forgotten")

Request deletion of your personal data where there is no legitimate reason for continued processing. Note: clinical records may be exempt where retention is required by law.

Right to Restrict Processing

Request that we limit how we use your data in certain circumstances.

Right to Data Portability

Request a copy of your data in a structured, machine-readable format to transfer to another provider.

Right to Object

Object to processing based on legitimate interests, including direct marketing. We will stop processing immediately upon receipt of an objection to marketing.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling in our clinical or business processes.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at:

• Email: louise@prestige-hearing.co.uk
• Phone: 029 2240 1110
• Post: Prestige Hearing, 43 Merthyr Road, Whitchurch, Cardiff CF14 1DB

We will respond within 30 days. We may need to verify your identity before processing your request.

Our website uses cookies to improve your experience. Cookies are small text files stored on your device.

Essential Cookies (Always Active)

• Session management
• Security tokens
• Booking system functionality

These cannot be disabled as they are necessary for the website to function.

Analytics Cookies (Consent Required)

• Google Analytics — tracks pages visited, time on site, and how you found us
• Used to improve our website and understand visitor behaviour
• No personally identifiable information is collected

Marketing Cookies (Consent Required)

• Used to show relevant advertising if applicable
• Track effectiveness of any paid advertising

Managing Cookies

• Our cookie consent banner (shown on first visit)
• Your browser settings
• Google Analytics opt-out: tools.google.com/dlpage/gaoptout

Withdrawing cookie consent does not affect any clinical services.

We take the security of your personal data seriously and implement appropriate technical and organisational measures including:

• Encrypted data storage and transmission (SSL/TLS)
• Password-protected clinical record systems
• Restricted access to patient data (need-to-know basis)
• Regular security assessments
• Staff training on data protection
• Secure disposal of physical records
• Incident response procedures

In the event of a data breach that is likely to affect your rights and freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours as required by law.

Some of our third-party service providers (including Google) may process data outside the UK or European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place including:

• Standard Contractual Clauses approved by the ICO
• Adequacy decisions
• Binding Corporate Rules

We provide services to children aged 7 and above (earwax removal) and adults for all other services.

For patients under 18

• A parent or guardian must consent to treatment
• Clinical records are retained until the patient's 25th birthday or 8 years from last treatment
• Marketing communications are never sent to under-18s
• We do not knowingly collect data from children for marketing purposes

For website visitors

• Our website is not directed at children under 13
• We do not knowingly collect data from children under 13 through our website

If you have concerns about how we handle your personal data, please contact us in the first instance:

• Email: louise@prestige-hearing.co.uk
• Phone: 029 2240 1110

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

• Information Commissioner's Office
• Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
• Phone: 0303 123 1113
• Website: ico.org.uk

We review this privacy policy regularly and may update it to reflect changes in our services, legal requirements, or data practices.

When we make significant changes we will:

• Update the "Last Updated" date at the top of this policy
• Notify existing patients by email where appropriate
• Display a notice on our website

We encourage you to review this policy periodically.

For any data protection queries, Subject Access Requests, or to exercise your rights:

• Data Controller: Prestige Hearing
• Email: louise@prestige-hearing.co.uk
• Phone: 029 2240 1110
• Post: 43 Merthyr Road, Whitchurch, Cardiff CF14 1DB

For general enquiries about our services: www.prestige-hearing.co.uk