This Privacy Notice explains the data collection and data use of the SoundSleep mobile app (“SoundSleep”) developed by Passion for Life Healthcare (UK) Limited (“PFLH”)
Unless otherwise indicated PFLH is the Controller and the Processor of the data collected by SoundSleep.
If you use SoundSleep we will collect and store Personal Data; this means:
- Identity Data includes your username and where applicable any unique user ID we may assign you.
- Contact Data includes email address and any communication we have had with you (including emails, phone calls, voicemail, and conversations you may have had with our support team).
- Technical Data includes your IP address, browser type and version, time-zone setting and location, operating system and platform, and other information related to the devices you use to access the website.
- Self-reported data relating to things that could have affected your snoring (e.g. what you ate, drank, used to treat your snoring).
- Short audio recordings from each night’s analysis – examples of your snoring and sleep breath events
- Data that describes the quantity, volume and time of snoring and sleep breathing evens from each night.
We also collect, store and share Aggregated Anonymous Data. This means data drawn from Personal Data from all SoundSleep users, but it does not reveal your identity and it cannot be linked or traced back to you personally; for example demographic data, statistical data and audio data. Aggregated Anonymous Data helps us to understand more about how people sleep and what the data supplied by you means. Aggregated Anonymous Data is a key tool for developing algorithms that help us interpret your data and advise and support you.
It is our intention to ensure that data minimisation principles are met. That means we only collect data that is necessary for the correct functioning of SoundSleep and for the delivery of our associated services. It is therefore not possible to opt out of providing this data if you wish to use SoundSleep.
How do we obtain your consent to collect your Personal Data?
Your consent for us to process your Personal Data for the specific purposes set out in this policy is the lawful basis on which we undertake the processing of that data. Consent to these uses can only be withdrawn by you asking us to delete your account (see below). If the purpose of data collection should change, you will be informed and consent re-obtained.
We obtain your consent when you download, install, complete registration with and use SoundSleep. In our Terms of Service, we ask for your agreement to use your data in accordance with this Privacy Policy and you give your agreement by completing the registration process for this app. If you are not in agreement DO NOT CLICK “I AGREE” or register an account.
How do we use your Personal Data?
- To check the performance of SoundSleep.
- To provide you with suggestions and information based on your data.
- To reply to your enquires or feedback.
- To document and investigate feedback on the use of our service including complaints.
- To conduct research into sleep, sleep breathing, snoring and the human body.
We will never share your Personal Data with third parties for marketing purposes.
Your data will never be shared without your consent.
In the unlikely event of a data confidentiality breach, we will notify you immediately and take every reasonable step to limit potentially damaging consequences of the breach.
Who is processing your data?
Personal Data will be stored and processed by PFLH.
Anonymised Aggregate Data may also be processed and stored by Research Partners. Research Partners means partners working with PFLH to conduct research on sleep, sleep breathing, snoring and the human body.
Research Partners will only have access to data required to undertake research. If data is to be processed by our Research Partners, the data is only provided to them in a format that protects your anonymity.
For how long do we store and process data?
Data will be stored and processed by PFLH and its Research Partners for no longer than the time required by ISO 13485 2016 Medical Devices; “The organisation shall retain the records for a period of time at least equivalent to the lifetime of the Medical Device regulation as defined by the organisations, but not less than two years from the date of the product release by the organisation or as specified by the relevant regulatory authority”. When this period of time has expired your Personal Data will be permanently erased from all the databases in which is stored.
Where is data stored and processed?
All data is processed locally on your device. Most of the audio data processed locally on your device is analysed and deleted continuously throughout the night. From all the audio processed on your phone only short recordings of your snores and sleep breathing events are stored (locally and remotely on servers) along with the results of the analysis (times and volume of snores and time of sleep breathing eve) and the other personal data defined above.
Personal Data is stored by Google on a Firebase server located in Western Europe and the location of the default bucket for the Firebase storage is also located in EU. Anonymised Data exported from Firebase for research purposes and identifiable data exported for customer service purposes will be stored inside the European Union. Data cannot be transferred to countries outside the European Union without gaining written consent from PFLH. If any changes are required to the storage of your data and the location of the data centres where your data is stored, we will notify you accordingly.
At PFLH we take your Personal Data and its security very seriously. SoundSleep is compliant with EU GDPR 2018 and other appropriate regulatory requirements. For processing and storage of your data we are using certified and secure cloud solutions from Google and Microsoft which use standardised protocols for encryption of data in transit and at rest.
Your data protection rights
As a data subject, depending upon the lawful basis we are relying on, you have a number of rights, in accordance with the UK GDPR and EU GDPR. These rights relate to all Personal Data, as defined in this policy, but does not apply to Aggregated Anonymous Data, as similarly defined. The rights are:
| Your right | What does it mean? |
| Right to access | You have the right to access and receive a copy of your Personal Data. This is sometimes referred to as submitting a “data subject access request”. |
| Right to data portability | This right relates to moving or copying your Personal Data from one data controller to another. |
| Rights to rectify | You have the right to update, correct or complete your personal data. |
| Right to object | You have the right to object to or ask us to restrict the processing of your personal data, including for the purposes of direct marketing. |
| Right to be forgotten | Subject to certain exceptions, you are entitled to have your Personal Data deleted, at any time. From time to time, we may be required to retain data for example to comply with a legal obligation, or exercise or defend legal claims. If you wish to have your Personal Data deleted please contact us. |
| Right to withdrawal of consent | You have the right to withdraw your consent to us processing or holding your Personal Data at any time by asking us to delete your account. |
Contacting us
Under UK GDPR and EU GDPR you have the right to object to the processing of your Personal Data. You also have the right to request that you are not subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We welcome your correspondence on this or any other questions regarding our privacy notice or the use of your information. Please also contact us to report any knowledge of a child accessing the app and providing personal data, without parental consent.
You can contact our Data Protection officer by email [email protected] or by writing to:
PFLH Data Protection Officer
Passion for Life Healthcare (UK) Limited
HQ 5th Floor, Nicholas Street, Chester,
CH1 2NP
United Kingdom
You will need to provide information that will help us confirm your identity. Once we have all the information to respond to your request, we will provide the information to you as soon as possible and always within 1 month of receiving your request.
If for any reason and after you have raised with our Data Protection Officer any concerns regarding your data, you have the right to lodge a complaint with your Local Supervisory Authority.
Changes to this privacy notice
This notice will be updated from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements.