Notice on the use of your personal data
This Privacy Policy explains how, why and by who your personal data is being used in the Lea Health App (“the App” or “Lea”) and what your rights are in relation to such use.
1. THE ENTITY WHO IS RESPONSIBLE FOR THE PROPER AND SAFE USE OF YOUR PERSONAL DATA
The Lea brand is a brand owned by GN Hearing A/S.
The entity responsible for the use of your personal information (Under European Union Law formally called the data controller) is:
GN Hearing A/S, Lautrupbjerg 7, 2750 Ballerup, Denmark, company no. 55082715, email: info@gn.com and telephone number +45 45 75 00 00 (“the Company”, “we” or “us”).
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing questions in relation to this privacy policy. If you have any general questions s in relation to data protection, you are always welcome to contact the Company’s DPO by clicking on this link: https://privacyportal-eu.onetrust.com/webform/4c166da3-c2d4-4751-bbdb-9d0adf1bf864/b7d98407-0979-41ac-8134-388364d88f2d
You are also free to contact the DPO on this telephone number: +45 45 75 00 00.
2. THE TYPES OF DATA, THE PURPOSES OF USE AND THE LEGAL BASIS OF THE USE
We will only use your personal data when applicable law allows us to do so.
2.1 When you download and use the App we will collect your first name, your email and country to communicate with you and authenticate you in case of questions from your side. To the extent use of your personal data is governed by European Union law or other equivalent national regulation, you are hereby informed that the legal basis for collecting and use of said information is our legitimate interest cf. Article 6.1.(f) of the GDPR. We need to be able to identify you and we want to ensure your rights by complying with the rules and regulations where the App is downloaded.
2.2 We use your information such as type of hearing aid, your experience with using hearing aids, your feedback on hearing scenarios, your ratings and your completion of courses, provided you have given us your consent to do so. These types of information are necessary for Lea to function as intended and provide you with personalized and relevant features in Lea. To the extent use of your personal data is governed by European Union law or other equivalent national regulation, you are hereby informed that the legal basis for our use of your health data is consent, cf. Article 9.2. (a) of the General Data Protection Regulation (EU) 2016/679 (GDPR). Please note that your consent for this use is necessary and mandatory in order for the App to function.
2.3 We send you emails and notification in Lea with news about our products and services from GN Hearing A/S, provided you have given us your consent to do so. We personalize the news to you based on the information collected about you in Lea, i.e. your type of hearing aid, your experience with using a hearing aid, your feedback on hearing scenarios, your ratings and your completion of courses. To the extent use of your personal data is governed by European Union law or other equivalent national regulation, you are hereby informed that the legal basis for providing said news to you is your consent, cf. Article 6.1.(a) and Article 9.2. (a) of the GDPR. Please note that your consent for this use is NOT necessary or mandatory in order for the App to function.
2.4 We use your audio recordings and mental fitness scores made by you in your personal journal in Lea to for development and improvement of future products and services, e.g. related to mental fitness, provided you have given us your consent to do so. We share your recordings and mental fitness score with Sonde Health, 1 Washington Mall # 3072, Boston MA, US (“Sonde”). Sonde will also use the information exclusively for development and improvement of their products and services. To the extent use of your personal data is governed by European Union law or other equivalent national regulation, you are hereby informed that the legal basis for the research & development and transfer is your consent, Article 9.2. (a) of the GDPR.
2.5 When you activate the brain challenge, we collect information about your reaction speed and coordination, eye movement when performing the task and your ability to remember in order to test your cognitive ability, provided you have given your consent to us to do so. We use your phone camera to perform the Augmented Reality Test, to map the surroundings, where you place the virtual items and to measure your ability to remember, where you have placed the items. During the Augmented Reality test, no images of either camera are recorded, stored, or transmitted at any time. No device IDs, UDIDs, or any other information capable of re-identifying the user’s device is recorded, stored, or transmitted.
We use your front facing camera to measure your eye movement. The front facing camera on compatible devices is used through the TrueDepth API to register the eye movement of the user. We use your accelerator and gyroscope in your phone to measure your movements. When combining the different measurements, we can provide you with certain results about your ability to coordinate, to focus, to understand, your flexibility, your visual perception, your ability to plan and to remember. Only abstract statistical data of the eye movement is analyzed and no images of the user are stored or transmitted at any time.
We share your pseudonymized test measurements with Altoida Inc., 80 M Street SE. Suite 100 Washington, DC 20003 USA (“Altoida”) in order for us to provide you with the result of your test. No contact data is shared with Altoida.
We use the information collected and calculated during the test, such as your reaction speed and coordination, eye movement when performing the task and your ability to remember, in order to develop our products and services and share this information in a pseudonymized format with Altoida in order for Altoida to develop their products and services, provided you have given us your consent to do so.
To the extent use of your personal data is governed by European Union law or other equivalent national regulation, you are hereby informed that the legal basis for the research & development and transfer is your consent, Article 9.2. (a) of the GDPR.
2.6 We collect technical information about how the app is used and any issues with the use. We use an app ID (an ID number generated when you install the App) to collect information to be aggregated, e.g. number of sessions, session durations, operation systems, crashes, updates and region.
If you rate Lea or provide any comments in an app store, we use your app store username, ratings, comments and anything you choose to share with us or make public to respond to your comments and questions to understand how you regard the App in general. We may use your ratings and reviews to assist you when you require customer support or to follow up or guide you through our customer support process and to improve our products and services. To the extent use of your personal data is governed by European Union law or other equivalent national regulation, you are hereby in-formed that the legal basis for collecting and using said technical information and your ratings is our legitimate interest cf. Article 6.1.(f) of the GDPR. We strive continuously to improve our products to give you the best experience while ensuring data is aggregated, when possible, to minimize identifiable information about you as much as possible.
2.7 In order to ensure a better understanding of our users’ use of the App, to better understand the effects of our marketing and to direct relevant marketing to you we share your app usage data with certain platform providers, including social media platforms, i.e. Meta Platforms Ireland Limited (“Meta”) and Google Inc. (“Google”). This means for example that you will see adds from us on platforms, incl. social media provided by Meta and Google.
Further, when you visit our site on the platform providers, including social media platforms, we may receive information about you depending on what type of information you enter into our site, which may be your name, email, age, gender, country, job title, profile picture, interests, and other publicly available information provided that you have published all this information on your social media profile or posted it on one of our social media pages or send it as direct mail to us through our social media platforms.
This also means that we will be acting as joint controllers with Meta and Google, respectively.
We generally refer to the different social media platforms' privacy notices for more information about their processing of your personal data. Below you will find a listing of the platforms that we use and a reference to their privacy notices.
Meta: https://m.facebook.com/privacy/explanation/
Google: https://policies.google.com/privacy?hl=en-US
Please note that you can block the use of Meta and Google on your profiles with the providers:
Meta: https://www.facebook.com/help/search/?q=delete%20my%20data
Google: https://support.google.com/accounts/answer/465?hl=en&co=GENIE.Platform%3DDesktop
2.8 Otherwise, the personal data specified above will be processed and used solely for the purposes included herein and only to the extent necessary to fulfil these purposes, except where required or permitted by applicable legislation (e.g. tax or accounting regulation), regulations, public authorities, court orders.
SOURCES OF PERSONAL DATA
The Company collects your data from you and from platforms such as Meta and Google, cf. also above.
RETENTION POLICY
The Company will store your data until you withdraw your consent. The technical information concerning the App will be converted to aggregated and thus anonymous data no later than 180 days after collection.
RECIPIENTS OF PERSONAL DATA
The Company uses IT-partners such as hosting providers who only process your data in accordance with the instructions given by the Company.
The Company is a 100% owned subsidiary of the GN Group. In order for us to provide our services, we share personal information with relevant companies within the GN Group to the extent possible under applicable law. You can find more information about the GN Group here: www.gn.com
The Company also shares personal data with Meta and Google as joint controllers as described above.
As described above and only if you have given us your consent to us to do so, we share your information in your personal journal in Lea with Sonde Health, 1 Washington Mall # 3072, Boston MA, US (“Sonde”). Sonde will also use the information exclusively for development and improvement of their products and services
As described above and only if you have given us your consent to us to do so, we share your pseudonymized test measurements with Altoida Inc., 80 M Street SE. Suite 100 Washington, DC 20003 USA (“Altoida”) in order for Altoida to provide us with the result of your test and for Altoida to further develop their products and services. No contact data is shared with Altoida.
The IT partners, the GN group companies or other partners outlined above, may be established outside the European Economic Area. In such case the Company ensures compliance with the applicable legal requirements and use the standard contractual clauses adopted by the European Commission or any other contractual agreement approved by the competent authorities. Where necessary additional supplementary safeguards to ensure an adequate level of protection are implemented. You can request further information about our measures implemented to ensure an adequate level of data protection using the contact info outlined above.
UNINSTALLING THE APP
If you just uninstall the App, this will stop all future collection of personal data by us through the App, but we may still process personal data that was already collected via the App. If you wish to withdraw your consent to us doing this, please follow the steps set out in the paragraph below. You may uninstall the App by using the standard uninstall processes available on your mobile device or via the mobile app marketplace or network.
YOUR RIGHTS CONCERNING YOUR DATA
Data protection law provides you with certain rights in connection with the Company’s use of your data. In this regard you have the right to request access to your data, request your data to be rectified, deleted or restricted. When relevant you also have the right for data portability and the right to object against the use by the Company.
If the processing of your data is based on your consent, you may withdraw your consent at any time. However, please note that this does not affect the processing of your personal data prior to withdrawal of your consent. Please also be aware in case of withdrawal of any mandatory consents, the App will no longer function as intended.
If you wish to contact the Company about the use of your data, feel free to contact the Company by using this link https://privacyportal-eu.onetrust.com/webform/4c166da3-c2d4-4751-bbdb-9d0adf1bf864/f6b3adea-5764-4c6f-b962-07f8343d86ed. You are also free to contact us on telephone +45 45 75 00 00.
You have the right to file a complaint with your local supervisory authority or the Danish Data Pro-tection Agency, Denmark, email: dt@datatilsynet.dk / telephone +45 33 19 32 00. We would, how-ever, appreciate the chance to deal with your concerns before you approach the relevant data protection authority or other public authority, so please contact us in the first instance.
HEALTH DATA PRIVACY AND OPT-OUT
Any health-related data you volunteer to share shall be stored and encrypted on a dedicated server. When using the Lea Health application, all data you choose to share will be stored in a secure system per the Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy and security standards. You may stop sharing or request the deletion of your health information at any time.
ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS
If you are a California resident, California Civil Code Section 1798.83 permits you to request and obtain from us once a year, free of charge, information about the personal information, (if any) we dis-closed to third parties for direct marketing purposes in the preceding calendar year. If applicable, this information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and want to make a request, please use the contact info immediately above.
We do not sell and have not sold personal information in the preceding 12 months. We do not sell the personal information of minors.
You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
For any other information concerning our use of your data as a Californian resident please refer to the relevant parts this overall privacy policy.
CHANGES TO THIS NOTICE
This notice will be updated on a regular basis and when necessary due to changes in applicable law. The notice will always include information on the effective date of the latest version. If the changes of this notice are regarded as material and significant, you will be expressly informed hereof.