📧 How to Exercise Your Rights

To exercise any of these rights, please contact us:

What to include in your request:

• Your full name and contact details
• Details of your request and which right you're exercising
• Proof of identity (to protect your data security)
• Any relevant reference numbers (appointment dates, invoice numbers)

We will respond to your request within 1 month (extended to 3 months for complex requests).

🔒 Security Measures

We take data security extremely seriously and implement appropriate technical and organizational measures to protect your personal information:

💻 Electronic Data Security

• Encryption: All digital records are encrypted both in transit and at rest
• Password Protection: Strong passwords and multi-factor authentication on all devices and systems
• Secure Cloud Storage: UK-based, GDPR-compliant cloud storage providers
• Access Controls: Only authorized personnel can access records
• Regular Backups: Encrypted backups stored securely
• Anti-Virus & Firewall: Up-to-date security software on all devices
• Secure Networks: Use of VPN and secure Wi-Fi connections

📄 Physical Data Security

• Locked Storage: Paper records stored in locked filing cabinets
• Secure Premises: Access-controlled storage locations
• Confidential Waste: Shredding of all paper records before disposal
• Device Security: Mobile devices encrypted and password-protected

👥 Organizational Measures

• Staff Training: All staff trained in GDPR compliance and data protection
• Confidentiality Agreements: Signed by all personnel
• Clear Procedures: Documented data handling and security policies
• Regular Reviews: Security measures reviewed and updated regularly
• Incident Response Plan: Procedures for data breach management

⚠️ Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

• Notify the ICO within 72 hours of becoming aware
• Inform you without undue delay if the breach poses a high risk
• Provide details of the breach, its likely consequences, and measures taken
• Take immediate action to contain and remedy the breach

Prevention is our priority. We implement robust security measures to prevent data breaches occurring in the first place.

🍪 How Our Website Uses Cookies

Our website (www.clearearcheer.co.uk) uses cookies and similar technologies to improve your browsing experience.

What are cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve functionality.

Types of Cookies We Use:

• Essential Cookies: Required for the website to function (e.g., contact forms, booking system)
• Analytics Cookies: Help us understand how visitors use our site (e.g., Google Analytics)
• Preference Cookies: Remember your settings and preferences

📌 For full details, see our separate Cookie Policy

Managing Cookies

You can control and delete cookies through your browser settings. However, disabling certain cookies may affect website functionality.

💳 How We Handle Payment Data

Zanda Health Online Booking Portal

When you book via our Zanda portal (clientportal.uk.zandahealth.com/clientportal/clearearcheer):

• Payments are processed securely by Zanda Health
• We do NOT store your card details - these are handled by Zanda's secure payment gateway
• Zanda provides us with: Payment confirmation, booking reference, receipt
• For Zanda's data handling practices: Zanda Privacy Policy

On-Site Card Payments

• Card payments on-site are processed via our secure mobile card reader
• We do NOT store your full card details
• The payment processor tokenizes your card data for security
• You receive an instant receipt via email or SMS

Bank Transfers & Cash

• Bank transfers: We record transaction reference and amount only
• Cash payments: We provide a written receipt

📱 Your Zanda Health Account

When you use our online booking portal, you create an account with Zanda Health.

Data Zanda Collects:

• Your name, email, phone number
• Appointment details and booking history
• Payment information (securely processed)
• Clinical notes (entered by us after your appointment)

Your Zanda Account Features:

• ✅ Log in to view and manage appointments
• ✅ Update your contact details
• ✅ Access your appointment history
• ✅ Control your account settings

Data Sharing with Zanda:

• Zanda shares your booking details with us so we can provide your service
• We add clinical notes to your Zanda record after appointments
• Zanda acts as a data processor on our behalf

Exercising Your Rights:

You can exercise your GDPR rights through both:

• Zanda Health (for your account data)
• Clear Ear Cheer (for your clinical records)

📧 Email Marketing (Opt-In Only)

We will ONLY send you marketing emails if you have explicitly opted in.

Marketing may include:

• Special offers and promotions
• New service announcements
• Ear care health tips and advice
• Seasonal reminders (e.g., hearing aid battery checks)

Service-Related Communications (NOT Marketing)

We may contact you regarding essential service matters without your marketing consent:

• Appointment confirmations and reminders
• Aftercare instructions
• Service changes or cancellations
• Safety recalls or important clinical updates
• Payment reminders

These communications are necessary for service delivery (legitimate business interest) and do not require marketing consent.

Unsubscribe Anytime

👶 Special Protections for Under-18s

If you are under 18 years old, we require consent from a parent or legal guardian to:

• Provide treatment
• Process your personal and health data
• Store your clinical records
• Take clinical photographs

⚠️ Important for Children (6-17 years):
Due to insurance limitations, we can only provide ear health checks and digital otoscopy for children. We cannot perform earwax removal for under-18s. If treatment is needed, we will provide a GP referral letter with video evidence.

Extended Retention for Children's Records:

Children's clinical records are kept until their 25th birthday or 8 years after last treatment (whichever is longer), in line with healthcare record-keeping standards.

🛡️ Our Safeguarding Responsibilities

We take safeguarding extremely seriously. If we suspect abuse, neglect, or exploitation of a vulnerable adult or child, we have a legal duty to report our concerns.

We may report concerns to:

• Local safeguarding authority
• Care home management (if applicable)
• Police (in serious cases)
• Care Quality Commission (CQC)

⚠️ Important: In safeguarding situations, we may share your personal information without your consent if necessary to protect you or others from harm. This is permitted under GDPR as a legal obligation and vital interest.

📝 Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other operational needs.

When we make changes:

• We will update the "Last Updated" date at the top of this page
• Changes will be posted on our website immediately
• For significant changes, we will notify you by email or prominent website notice
• Continued use of our services after changes constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Other Complaints Routes

For complaints about our clinical service (rather than data protection):

• HCPI (Our Professional Body): For professional conduct concerns
• Care Quality Commission (CQC): For care quality concerns
• NACAS: For insurance-related matters

Contact details for these organizations available on request.

📞 Get in Touch

For any questions about this Privacy Policy or to exercise your rights:

We aim to respond to all privacy-related queries within 2 working days.