This Privacy Notice explains the data collection and data use of the SoundSleep mobile app (“SoundSleep”) developed by Passion for Life Healthcare (UK) Limited (“PFLH”)
Unless otherwise indicated PFLH is the Controller and the Processor of the data collected by SoundSleep.
If you are using SoundSleep we will collect and store the following information:
- Your email address
- Year of birth
- Self-reported (optional) data relating to things that could have affected your snoring (e.g. what you ate, drank, used to treat your snoring).
- Short audio recordings from each night’s analysis – examples of your snoring
- Data that describes the quantity, volume and time of snoring from each night.
It is our intention to ensure that data minimisation principles are met. That means we only collect data that is necessary for the correct functioning of SoundSleep and for the delivery of our associated services. It is therefore not possible to opt out of providing this data. Your consent for us to process your personal data for the specific purposes set out in this policy is the lawful basis on which we undertake the processing of that data. Consent to these uses can (only) be withdrawn by deleting your account (see below). If the purpose of data collection should change, you will be informed and consent re-obtained.
- To check the performance of SoundSleep.
- To provide you with in-app suggestions and information on your snoring and how to reduce it.
- To reply to your enquires or feedback or to notify you of a serious health risk of one of our products you have purchased.
- To document and investigate feedback on the use of our products including complaints.
- To conduct research into snoring e.g. possible causes, the efficacy of treatments, variation in sound patterns (NB data used for research is anonymised first).
If you have opted-in to receive Marketing communications from us;
- To send you information and offers relating to our products
- To send you invitations to participate in surveys, relating to our products
We will never share your personal data with third parties for marketing purposes. Every communication includes an opt-out link.
Your data will never be shared without your consent.
In the unlikely event of a data confidentiality breach we will notify you immediately and take every reasonable step to limit potentially damaging consequences of the breach.
Data will be stored and processed by PFLH. Anonymised data may also be processed and stored by Research Partners, meaning partners working with PFLH to conduct research on snoring and other sleep disordered breathing.
Research Partners will only have access to data required to undertake research. If data is to be processed by our Research Partners, the data will be provided to them in a format that protects your anonymity.
Although SoundSleep is not an EU Medical Device our data will be stored and processed by PFLH and its Research Partners for no longer than the time required by ISO 13485 2016 Medical Devices; “The organisation shall retain the records for a period of time at least equivalent to the lifetime of the Medical Device as defined by the organisations, but not less than two years from the date of the product release by the organisation or as specified by the relevant regulatory authority”. When this period of time has expired your data will be permanently erased from all the databases in which is stored.
All data is processed locally on your device. Most of the audio data processed locally on your device is analysed and deleted continuously throughout the night. From all the audio processed on your phone only short recordings of your snores are stored (locally and remotely on servers) along with the results of the analysis (times and volume of snores) and the other personal data defined above.
At PFLH we take your data and its security very seriously. The SoundSleep app is compliant with EU GDPR 2018 and other appropriate regulatory requirements. For processing and storage of your data we are using certified and secure cloud solutions from Google and Microsoft which use standardised protocols for encryption of data in transit and at rest.
App data is processed by Google on a Firebase server located in Western Europe and the location of the default bucket for the Firebase storage is also located in EU. Anonymised data exported from Firebase for research purposes and identifiable data exported for customer service purposes will be stored in Microsoft Sharepoint and Microsoft Dynamics respectively, inside the European Union. Data cannot be transferred to countries outside the European Economic Area without gaining written consent from PFLH. If any changes are required to the storage of your data and the location of the data centres where your data is stored, we will notify you accordingly.
Under GDPR you have the right to object to the processing of your personal data. You also have the right to request that you are not subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We welcome your correspondence on this or any other questions regarding our privacy notice or the use of your information. Please also contact us to report any knowledge of a child accessing the app and providing personal data, without parental consent.
You can contact our Data Protection officer by email [email protected] or by writing to:
PFLH Data Protection Officer
Passion for Life Healthcare (UK) Limited
HQ 5th Floor, Nicholas Street, Chester,
You will need to provide information that will help us confirm your identity. Once we have all the information to respond to your request we will provide the information to you as soon as possible and always within 1 month of receiving your request.
In accordance with The Data Protection Act and Privacy of Electronic Communication Regulation, you as a user you have the right to access, delete, rectify and move your data. When logging in your app account, you have access to your profile data and the reports about your snoring from every night’s analysis. If you don’t want your data to be processed anymore, you as a user have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Through SoundSleep you will also be able to make any changes required in order for your data to be correct and up to date.
If for any reason and after you have raised with our Data Protection Officer any concerns regarding your data, you have the right to lodge a complaint with your Local Supervisory Authority.
This notice will be updated from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements