This Privacy Notice explains the data collection and data use notice of the SoundSleep System mobile app (“SoundSleep”) developed by Passion for Life Healthcare (UK ) Limited (“PFLH”)
Unless otherwise mentioned in the privacy notice PFLH is the Controller and the Processor of the data collected by the app.
If you are using our SoundSleep app we will collect and store the following information:
- Your email address
- Year of birth
- Self-reported (optional) data relating to things that could have affected your snoring (e.g. what you ate, drank, used to treat your snoring).
- 3 short audio recordings from each night’s analysis – examples of your snoring
- Data that describes the quantity, volume and time of snoring from each night.
It is our intention to ensure that data minimisation principles are met. That means we only collect data that is necessary for the correct functioning of the SoundSleep app and for the delivery of our associated services. It is therefore not possible to opt out of providing these data. Your consent for us to process your personal data for the specific purposes set out in this policy is the lawful basis on which we undertake the processing of that data. Consent to these uses can (only) be withdrawn by deleting your account (see below). If the purpose of data collection should change, you will be informed and consent re-obtained
- To check the performance of the SoundSleep app.
- To provide you with in-app suggestions and information on your snoring and how to reduce it (based on in-app rules, not generated by humans).
- To reply to your enquires or feedback or to notify you of a serious health risk of one of our products you have purchased.
- To document and investigate feedback on the use of our products including complaints.
- To conduct research into snoring e.g. possible causes, the efficacy of treatments, variation in sound patterns (NB data used for research is anonymised first).
It is not possible to opt out of these data uses because they are necessary for the correct functioning of the SoundSleep app and for the delivery of our associated services. Consent to these uses can only be withdrawn by deleting your account (see below).
If you have opted-in to receive Marketing communications from us;
- To send you information and offers relating to our products
- To send you invitations to participate in surveys, relating to our products
We will never share your personal data with third parties for marketing purposes. Every communication includes an opt-out link.
Under GDPR you have the right to restrict your data. Data collected by the app will not be shared or processed for any other reason than those outlined in this policy. Your data will never be shared without your consent.
In the unlikely event of a data confidentiality breach we will notify you immediately and take every reasonable step to limit potentially damaging consequences of the breach.
Data will be stored and processed by PFLH. Anonymised data may also be processed and stored by Research Partners, meaning partners working with PFLH to conduct research on snoring and other sleep disordered breathing.
Research Partners will only have access to data required to undertake research. If data is to be processed by our Research Partners, the data will be provided to them in a format that protects your anonymity.
PFLH has signed non-disclosure agreements with its Research Partners. Storing and processing of your data from our Research Partners falls under their privacy notice as well.
Your data will be stored and processed by PFLH and its Research Partners for the time required by ISO 13485 2016 Medical Devices; “The organisation shall retain the records for a period of time at least equivalent to the lifetime of the Medical Device as defined by the organisations, but not less than two years from the date of the product release by the organisation or as specified by the relevant regulatory authority”. When this period of time has expired your data will be permanently erased from all the databases in which is stored.
All data is processed locally on your device. Most of the audio data processed locally on your device is analysed and deleted continuously throughout the night. From all the audio processed on your phone only 3 short recordings of your snores are stored (locally and remotely on servers) along with the results of the analysis (times and volume of snores) and the other personal data defined above.
At PFLH we take your data and its security very seriously. The SoundSleep app is compliant with GDPR 2018. For processing and storage of your data we are using certified and secure cloud solutions from Google and Microsoft which use standardised protocols for encryption of data in transit and at rest.
App data is processed by Google on a Firebase server located in Western Europe and the location of the default bucket for the Firebase storage is also located in EU. Anonymised data exported from Firebase for research purposes and identifiable data exported for customer service purposes will be stored in Microsoft Sharepoint and Microsoft Dynamics respectively, inside the European Union. Data cannot be transferred to countries outside the European Economic Area without gaining written consent from PFLH. If any changes are required to the storage of your data and the location of the data centres where your data is stored, we will notify you accordingly.
More information regarding Firebase compliance with GDPR: https://firebase.google.com/support/privacy/
More information regarding compliance of MS Dynamics with GDPR here: https://docs.microsoft.com/en-us/dynamics365/get-started/gdpr/
Under GDPR you have the right to object to the processing of your personal data. You also have the right to request that you are not subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. We welcome your correspondence on this or any other questions regarding our privacy notice or the use of your information. Please also contact us to report any knowledge of a child accessing the app and providing personal data, without parental consent.
You can contact our Data Protection officer by email [email protected] or by writing to:
PFLH Data Protection Officer
Passion for Life Healthcare (UK) Limited
HQ 5th Floor, Nicholas Street, Chester,
You will need to provide information that will help us confirm your identity. Once we have all the information to respond to your request we will provide the information to you as soon as possible and always within 1 month of receiving your request.
In accordance with The Data Protection Act and Privacy of Electronic Communication Regulation, you as a user you have the right to access, delete, rectify and move your data. When logging in your app account, you have access to your profile data and the reports about your snoring from every night’s analysis. If you don’t want your data to be processed anymore, you as a user have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. Through SoundSleep app you will also be able to make any changes required in order for your data to be correct and up to date.
If for any reason and after you have raised with our Data Protection Officer any concerns regarding your data, you have the right to lodge a complaint with your Local Supervisory Authority. In the UK the supervisory authority is the Information Commissioner’s Office.
This notice will be updated from time to time to ensure it remains up to date and reflects how and why we use your personal data and new legal requirements