020 7486 1053
multilingual-flags
020 7486 1053
multilingual-flags Multilingual

Harley Street Hearing Group Privacy Policy

This privacy policy applies to the Harley Street Hearing Group, which includes: Harley Street Hearing, North London Hearing, Hampstead Hearing and Musicians’ Hearing Services.

1. Patient Confidentiality

Aim:
To provide and maintain an environment where all information and disclosures regarding patients and patient care are kept confidential and within legal parameters at all times. These procedures comply with the Data Protection Act 1998, Access to Medical Records Act 1990, and UK General Data Protection Regulation (UK GDPR).

Policy:
Harley Street Hearing does not discuss patient information outside of its employment unless explicit consent has been provided. All staff members sign a confidentiality agreement upon commencement of employment to ensure strict adherence to this policy.

All records are stored electronically on a secure patient management system. Paper records are destroyed once digitised, ensuring compliance with data retention policies. Any records required to be kept under current legislation are retained for the prescribed period.

2. Records Management

The Data Protection Officer ensures the secure management, handling, and destruction of records in compliance with UK GDPR.

Use of Information:
In addition to maintaining records for audiological care, data may be used for the following:

  • Communication with medical consultants and doctors
  • Correspondence with approved family members (with prior consent)
  • Service improvement assessments
  • Processing insurance claims with patient authorisation
  • Providing product/service information only with patient consent
  • Processing necessary financial transactions related to audiological services

3. Patient Feedback and Review Requests

Why we collect feedback
To improve our services, Harley Street Hearing may invite patients to provide feedback on their experience. We use trusted third-party review platforms to collect and manage this feedback.

What Data Is Shared?
We may share your name, email address, and/or phone number with our review provider so they can send a single email or SMS requesting a review. No medical information or appointment details are shared.

Who Do We Share This With?
We currently use On Spire, a third-party provider that assists us in collecting and managing reviews. If data is transferred outside the UK, appropriate safeguards are in place.

What Is the Legal Basis for This?
We process personal data for review collection under Legitimate Interest to improve services and ensure patient satisfaction. Patients have the right to object to this processing at any time.

How Can You Opt Out?
You can opt out of review requests at any time by clicking the opt-out link in the email/SMS or by emailing [email protected]

4. Ordering of Products and Hearing Aids with Manufacturers

Why We Share Your Data

When you order a hearing aid or any other audiological product through Harley Street Hearing, we work with trusted manufacturers to ensure you receive the correct device or product suited to your needs. This requires sharing limited personal information with the manufacturer.

What Data Is Shared?

We share the minimum necessary patient data required for processing orders, which may include:

  • Name (to associate the order with the correct patient)
  • Audiological measurements (to ensure correct device specifications, where applicable)
  • Hearing aid model and customisation preferences
  • Prescription details (if applicable)

What Is the Legal Basis for This?

We process this data under Contractual Necessity (Article 6(1)(b) UK GDPR), as it is essential to fulfil your order.

How Long Is Your Data Retained?

  • We retain order records for the duration of your warranty period and in accordance with regulatory requirements. Manufacturers may also retain order records for product servicing and warranty validation purposes.

Can You Opt Out?

Since this data processing is necessary to fulfil your order, opting out would mean we cannot place an order with the manufacturer. However, you have the right to:

  • Request details of what data was shared
  • Request correction of any errors in your order data
  • Request deletion of your data from the manufacturer’s records (subject to warranty and legal retention periods)

5. Data Shared with Third-Party Platforms

To facilitate patient communication, appointment bookings, and service updates, we use the following third-party platforms to store and manage data:

  • Mailchimp – For email communications and newsletters (marketing emails require explicit opt-in consent).
  • Text Anywhere – For sending SMS messages (including an opt-out option in each message).
  • SJ Media – Stores contact details from the Google “Book Online” function.
  • Monday.com – Stores our medical database and patient contact form submissions.
  • Heidi Health – Used to support the management of patient records, bookings, and related communications.

All third-party providers comply with UK GDPR and have strict security measures in place to protect patient data. Where marketing emails are sent, patients must explicitly opt in before receiving communications. Opt-out links are available in all marketing emails and SMS messages.

6. Heidi Health

We use Heidi Health, a secure digital health platform, to support the management of patient records, bookings, and related communications. Heidi Health acts as our data processor and processes personal data only on our instructions.

Information recorded in Heidi Health may include your contact details, medical history, clinical notes, and treatment information. This data is stored securely and is accessible only to authorised members of our team for the purpose of providing care, managing appointments, and related administration.

All patient data is stored within the UK. In some cases, data may be processed within Europe, but only after it has been deidentified and encrypted. No identifiable patient data is used for model training or any other purpose beyond the delivery of our clinical services.

Heidi Health applies appropriate technical and organisational measures to protect your data and complies with UK data protection law. We do not permit Heidi Health to use your information for marketing.

7. Musicians’ Hearing Health Scheme

For patients applying to the Musicians’ Hearing Health Scheme, we may share necessary details with the hub locations throughout the UK to facilitate the provision of services.

What Data Is Shared?

We may share:

  • Name (to verify eligibility for the scheme)
  • Contact details (to arrange appointments at local hubs)
  • Audiological information relevant to the service being provided

Who Do We Share This With?
We share data with authorised scheme hubs across the country that are responsible for providing hearing health services to musicians. These hubs comply with UK GDPR and maintain strict data protection measures.

7. International Data Transfers

If a third-party review provider or product manufacturer is based outside the UK, we ensure your data is protected through Standard Contractual Clauses (SCCs) or other UK GDPR-approved data transfer mechanisms.

8. Individual Rights for Patients

Patients have the right to:

  • Access their data upon request.
  • Correct any inaccuracies in their records.
  • Object to their data being used for review requests.
  • Request deletion of personal data from third-party platforms and scheme providers.

To exercise any of these rights, please contact our Data Protection Officer (DPO), Nicci Aylott, at [email protected]

Last updated: October 2025