GDPR Compliance Policy

1. Purpose and Scope
This policy applies to all personal data processed by Hear 4 The Long Term Ltd in connection
with our services, including:
• Website visitor data.
• Client and staff data collected through our products and services.
• Anonymised data used for research purposes.

2. Legal Bases for Processing
We process personal data based on the following lawful grounds:
• Consent: When individuals provide consent, such as opting to receive test results via
email.
• Contractual Necessity: To fulfill contractual obligations with our clients.
• Legal Obligations: To comply with applicable laws and regulations.
• Legitimate Interests: To improve our products and services and conduct research using
anonymised data.

3. Data Subject Rights
Under the GDPR, individuals have the following rights regarding their personal data:
• Right to Access: Obtain a copy of their data.
• Right to Rectification: Correct inaccurate or incomplete data.
• Right to Erasure: Request deletion of their data (where applicable).
• Right to Restrict Processing: Limit how their data is used in certain circumstances.
• Right to Data Portability: Receive their data in a structured, commonly used format.
• Right to Object: Oppose the processing of their data for specific purposes.
• Right to Withdraw Consent: Revoke previously given consent at any time.
Requests can be made by contacting us at sales@h4tlt.co.uk, and we will respond within one
month.
 

4. Data Security
We employ robust technical and organisational measures to protect personal data, including:
• Encryption of data stored on our servers.
• Secure access controls for client-specific data, such as password-protected accounts.
• Regular audits and updates to security systems.

5. Data Retention
• Personal data collected through our services is retained for the duration of the client
relationship and for three years thereafter, unless otherwise requested.
• Anonymised data may be retained indefinitely for research purposes.

6. Data Breaches
In the event of a data breach:
• We will assess the scope and impact of the breach immediately.
• Notify affected individuals and the Information Commissioner’s Office (ICO) within 72
hours if required.
• Take steps to mitigate the breach and prevent future occurrences.

7. Accountability and Governance
We maintain records of all processing activities and ensure compliance through:
• Designating a responsible person for data protection within the company.
• Conducting regular training for staff on GDPR compliance.
• Implementing data protection impact assessments for high-risk processing activities.

8. Third-Party Processors
Where third-party processors are used (e.g., hosting providers), we ensure they meet GDPR
compliance standards and enter into data processing agreements.

9. Updates to This Policy
This GDPR Compliance Policy may be updated periodically to reflect changes in laws or our
operations. The updated policy will be posted on our website with a revised “Effective Date.”

10. Contact Us
For questions or concerns regarding this policy or our data protection practices, please contact:
Hear 4 The Long Term Ltd, Unit 15, Whitwick Business Centre, Leicestershire LE67 4JP Email: markashmore@h4tlt.co.uk