Privacy Notice

Amplifon [UK] (hereinafter ‘Amplifon’ or the ‘Data Controller’) will process the personal data, including health data (hereinafter ‘Data’), you provide through the Amplifon’s official Application (the official name of the application is ‘Amplifon’ – hereinafter the ‘APP’) or on the online portal.

With regard to the Data received, Amplifon will:

• ensure the accurate recording, so that they correspond to what you have communicated or otherwise processed through the APP and/or the online portal;
• update it whenever you notify Amplifon of any changes;
• store it in a form that makes it possible to identify you only for as long as necessary for the purposes for which it was collected.

Amplifon has built a multichannel digital experience for users and customers of Amplifon, developing an APP and an online portal, which provide them with a list of tailor-made services and features. To be able to use the APP and the online portal, you can create a ‘MyAmplifon’ account with your Data, through which it is possible to access, via a unique profile, both the APP and the online portal.

However, you can decide to use the above-mentioned APP and/or online portal without creating a MyAmplifon account.

As such, the spectrum of the services available to you depend on (i) if you are/are not an Amplifon customer; (ii) if you have a MyAmplifon account and (iii) if you have carried out the so-called reconciliation: the process of matching the users’ digital profiles with their physical profiles in Amplifon's system in-store (i.e. the Data collected as a customer via the Amplifon’s stores). For instance, accessing of the statistics of the device is possible only if you are a customer and you have carried out the reconciliation.

As such, the Data provided will be processed for the following purposes:

• MANDATORY (legal basis: (i) your (mandatory) consent; (ii) processing necessary for the performance of a contract (iii) processing necessary to fulfil a legal obligation of the Data Controller – pursuant to Article 6, paragraph 1, letter b) and c), Article 9, paragraph 2, letter a), of the General Data Protection Regulation (the so-called ‘GDPR’ – hereinafter the ‘GDPR’):

A.     To allow the use of services offered through the APP and/or the online portal, such as:

a.      Access to all the Data and info (such as hearing device information and usage statistics) collected by Amplifon;
b.      adjusting remotely some technical parameters of the hearing aid;
c.      finding Amplifon stores by location;
d.      booking and managing an appointment;
e.      providing advice for better use of the hearing aid, personalised on the basis of actual use;
f.       making available additional services (If and/or when they are made available to you).

B.      To fulfil obligations under applicable laws or regulations or to comply with the instructions provided by the competent supervisory and control authorities/bodies.

• OPTIONAL (legal basis: your consent – pursuant to Article 6, paragraph 1, letter a), GDPR):

C.      For Amplifon to carry out promotional activities, which may include commercial communication or the sending of advertising materials, or direct selling, market research and monitoring of the level of satisfaction of the person concerned with the products sold by Amplifon through automated contact methods (i.e. banner, push notifications and so on);

D.     For Amplifon to carry out commercial profiling activities aimed at offering personalised solutions by analysing your behavior and your usage habits of the APP and/or the online portal, as well as the hearing aids (see paragraph 6, b. below).

Amplifon reserves the right to remove the Data received from its archives, if a check reveals these to be inaccurate, incomplete or out of date.

In addition, while preserving your anonymity and for the same purposes, Amplifon may use all the Data provided for statistical purposes.

The provision of Data requested by Amplifon is optional.

However, failure to provide Data for the purposes that are:

• Mandatory: would not allow you to use the services offered through the APP and/or the online portal;
• Optional: would not allow you to receive useful and helpful promotions about our products or to customise your experience to fit your specific individual needs.

Amplifon requires the following Data to be able to use the APP and /or the online portal:

• Common (personal) data: data that allow the direct identification of a person (name, surname, date of birth, tax code etc.).
• Special categories of (so-called ‘sensitive’ data) data: data that could reveal the state of health, particularly as concerns your hearing.
• Geolocation data: data that could pick up the location or movements of the data subject.

In order to process your sensitive data, we require your explicit consent, even for the above mandatory purposes, which can be freely revoked at any time but without prejudice to the lawfulness of processing prior to revocation.

o    If you have a MyAmplifon account, you can withdraw your consents given as follows:

• regarding mandatory data processing, you will be able to autonomously perform a deletion of the MyAmplifon account, accessing a dedicated section. For instance, in the APP, you can find the dedicated section at the bottom of the "Me" tab. Once started the process, you will have to acknowledge the service interruption (i.e. usage of the APP and the online portal) and confirm the action; once started the process, you will have to acknowledge the service interruption (i.e. usage of the APP and the online portal) and confirm the action;
• regarding optional data processing, you can manage this via the Preference Center available both on the APP and on the online portal.
• In any case, you can also write an email to [Amplifon UK at uk.privacy@amplifon.com and ask for the revocation of the mandatory and optional consents;

o    Otherwise, if you don’t have a MyAmplifon account, you can request the withdraw of the consents given as follows:

• regarding mandatory data processing, you can revoke the consent by the dedicated section of the APP; in any case, you can also write an email to Amplifon UK at uk.privacy@amplifon.com and ask for the revocation of the mandatory consent;
• regarding optional data processing, you have to write an email to Amplifon UK at uk.privacy@amplifon.com and ask for the revocation of the optional consents.

For the purposes described in paragraph 2 above, Data provided may circulate in the following areas:

A. Within Amplifon - Amplifon's employees or freelance staff may use your Data when they have:

a. been assigned a specific role as data manager, authorised persons, data processor or data controller;

b. have received appropriate instructions;

c. are bound by a confidentiality obligation.

In addition, Data may be used by third party companies that carry out related activities on behalf of Amplifon, such as:

• External consultants for legal assistance and advice in the handling of any disputes;
• Service companies (including IT companies): debt collection firms, management and archiving companies - including optical - of invoices, subjects that provide IT system management services, subjects that perform Data entry activities, and providers of cloud systems etc.;
• Public bodies or authorities and supervisory and control bodies that receive communications from Amplifon and, more generally, public or private bodies, qualifying as public officials or public service providers;
• Company of the same group (especially, the group mother company – Amplifon SpA).

The above subjects act as external data controllers or data processors, and they are monitored by Amplifon.

Pursuant to Articles 44 et seq. of the GDPR, Amplifon may transfer your Data to group companies in countries outside the European Union or the European Economic Area. In this case, Amplifon will apply contractual guarantees (such as the signing of standard contractual clauses approved by the European Commission) signed with the foreign company receiving the Data; these clauses guarantee an adequate level of protection of individuals’ fundamental right to data protection.

Your Data will never be published, displayed or made available to unknown parties.

Amplifon does not submit your Data to fully automated decisions, which have legal consequences or similar significant effect on your person, but rather it collects and analyses on real-time basis the Data, also via profiling of your habits, needs and lifestyle. This analysis is carried out by personnel or third party who are authorised and instructed to process the Data provided by you also through normal use of the APP and/or the online portal, as well as the hearing device.

In details, this analysis entails the processing of your Data, in order to:

a. Even through the real-time accessing by the hearing care professional to the Data furnished by you, provide maximum customisation, based on your real needs and lifestyle, on the noise of the environment surrounding you and taking account of interference from other factors that may affect the performance of our products (mandatory purpose – paragraph 2, A.). For example:

• Data about the usage of the device will allow the hearing care professional to check your progress and provide useful suggestions to optimise the device’s usage;
• if the Data collected reveal frequent use in environments with background noise that can hinder the understanding of conversations (such as restaurants or public places), our hearing care professionals can help optimise the device's filter functions, thus improving your ability to distinguish words and understand what is being said.

b. To analyse your behaviour, preferences and habits, in order to allow the Data Controller to perform promotional activities better targeted to your individual needs (optional purpose - paragraph 2, D.). For example, if the Data collected by the APP and/or the online portal shows that you normally use the hearing solution to watch TV, you may be offered a dedicated accessory to improve that particular listening experience.

The Data you have provided will only be retained for the time needed for the purposes for which it was obtained:

• Mandatory: corresponding to the duration of our contractual relationship with you, added to the time needed for Amplifon Group entities’ legal defense, and to fulfil traceability obligations under the applicable legislation on medical devices.
• Optional: for no more than 15 years from the granting of consent and/or the last purchase/test/store interaction, given the particular type of products and services offered by Amplifon and the continuing assistance relationship established with the customer, who can choose to revoke such consent at any time without prejudice to the lawfulness of processing prior to revocation.

In relation to the processing of your Data, the data subject has always the right to request from Amplifon to obtain:

• confirmation of the processing or non-processing of the Data provided concerning him or her;
• the access to the Data provided and information relating to the processing as well as request a copy of it;
• the rectification of inaccurate Data and have incomplete personal data completed;
• the erasure of Data concerning him or her where one of the grounds provided for by Article 17 of the GDPR applies;
• restriction of processing where one of the cases provided for by Article 18 of the GDPR applies;
• Data concerning him or her which he or she has provided to a controller in a structured, commonly used, machine-readable and interoperable format, and request their transmission to another controller, if technically feasible.
• Where Data is processed based on consent, you have the right to withdraw at any time the consent given, without affecting the lawfulness of any processing based on said consent and carried out before the withdrawal. Consent may be withdrawn by the modalities indicated in paragraph 3 of this Privacy Notice.

With reference to the processing of Data for the purposes under paragraph 2, C. of the Privacy Notice, in any communication sent for the purposes under this paragraph, the data subject will be informed of the possibility to object to the processing at any time.

In addition, we inform you that in the event of failure to reply or partial reply by the Data Controller to the above-mentioned requests, you will have the right to lodge a complaint or appeal with the Data Protection Authority, which in the UK is the Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

You may exercise your privacy rights in relation to Amplifon at any time, with no formalities, also through an authorised third party with a special proxy, communicating by means of:

Snail mail: Amplifon UK Limited Gateway House Styal Raod Manchester M22 5WY

Email: uk.privacy@amplifon.com

• The data controller is Amplifon UK Limited - with registered office at Gateway House, Styal Road, Manchester M22 5WY
• An updated list of data processors can be obtained from the DPO Amplifon UK Limited, Gateway House, Styal Road, Manchester, M22 5WY
• The Data Protection Officer of Amplifon UK Limited is Andrew Ratcliffe, who can be contacted at Amplifon UK Limited, Gateway House, Styal Road, Manchester, M22 5WY or via email to uk.privacy@amplifon.com