Last updated: July 24th, 2024

This Privacy Notice describes how your personal data, including special categories of personal data, are collected and processed, related to the use of your Hearing Devices (“HD”). In this context, this Privacy Notice covers the processing of your personal data carried out via the “Unitron Remote Plus” Application (“Mobile App”) with all related technology to access or otherwise use the Mobile App as described below. The processing of your personal data complies, according to your country, with local law requirements, including the Swiss Federal Data Protection Act (“FDPA”), the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("GDPR"), the Health Insurance Portability and Accountability Act of 1996 ("HIPAA") for your personal data qualified as Protected Health Information (PHI), or the Cyber Security Law of People’s Republic of China (“PRC”) and the Personal Information Protection Law of PRC.

This Privacy Notice may be updated from time to time. In this case, we will inform you that this Privacy Notice has been modified and the “last updated” date on top of this document will be modified. We recommend that you periodically review the latest version of this Privacy Notice.

Sonova AG, Laubisrütistrasse 28, 8712 Stäfa, Switzerland (www.sonova.com), (“Sonova”) acts as a Controller for some of the processing listed in the following section.

Your Hearing Care Professional (“HCP”) also acts as Controller for some of the processing described in the section below.

For some other personal data processing listed in the section below, both act as Joint controllers insofar as they pursue common interests and have decision-making power over these processing.

Sonova, acting as Controller, processes your personal data for the following purposes:

Based on your consent (those processing are not mandatory and will occur only if you agree and consent to it):

  • Insights – Ratings / Submit ratings on your hearing experience: HD usage data (e.g., active program, program sequence, battery state of charge, Bluetooth state, ambient balance, acclimatization setting, etc.), Other data (rating, notification type), Data Subject UID (unique anonymous patient ID for insights data), Fitting data (HD fitting state), Free form text fields (rating comment), Time stamp (rating submission time), Other product UID (Mobile App instance ID), Other product type and settings (Mobile App version, mobile platform, mobile language), Network address & identifiers (B2C token, notification token), Geolocation information (approximate mobile device location such as city/region/country).
  • Analytics (not applicable for China) / Monitor the performance of the HD and Mobile App to understand your demographics and preferences in using the Mobile App: Mobile App usage data (e.g. adjustments, program name personalization, onboarding time, acceptance of privacy notice, etc.), Other product UID (Google Analytics tracking ID), Other product type and settings (e.g. OS name/version, mobile device model, mobile device language, Mobile App version), Network address & identifiers (IP address), Time stamp, Other product UID (Mobile App instance ID), Geolocation information (approximate mobile device location such as city/region/country) (Sonova will not store your location and will not be able to track you in any way).


Based on the performance of your contract
 (those processing are mandatory as they are necessary to improve your hearing experience and to ensure the proper functioning of your HD and the Mobile App):

  • Pair & Connect HDs, HD Status and Adjustments / Ensuring your HD and Mobile App are functioning as intended and allow you to make adjustments to your HD: Medical device type and settings (HD model number, type), Medical device UID (HD serial number), HD usage data (classification of ambient sound, battery state of charge, HD wearing time, usage logging), Other data (HD volume, HD program).


Based on our legal obligation
 (under the Medical Device Regulation, we, as a manufacturer, must set up a monitoring system that enables the collection and analysis of data about the quality, performance and safety of our medical devices):

  • Crashlytics (not applicable for China) / Collect crash and error reports on the Mobile App to ensure correct operation and security (post-market surveillance): Crash and error data (Mobile App exceptions, errors and crash information), Other product type and settings (e.g., OS name/version, mobile device model, mobile device language), Performance data (e.g., connection with HD, technical log of Mobile App events); Network address & identifiers (IP address), Time stamp, Other product UID (Mobile App instance ID), Session ID (connection ID – random ID regenerated for every Bluetooth connection); Medical device type and settings (HD model).


Based on our legitimate interest:

  • Insights – Coach (not applicable for China) / Send you reminders to help you benefit from your HD: Network address & identifiers (B2C token, Notification token), Other product type and settings (e.g. Mobile App version, mobile platform, mobile language), Medical device type and settings (supported notification types, HD type, side, battery type, firmware version), HD usage data (e.g., supporter programs, toggle sequence, classification mapping, average wearing time, adjustments, acclimatization state, etc.), Medical device UID (HD serial number), Fitting data (e.g., program names, HD product name, acclimiatization information), Time stamp (date of last fitting, data collection time, data submission time), Data subject UID (unique anonymous patient ID), Other product UID (Mobile App instance ID), Other data (notification type), Geolocation information (approximate mobile device location such as city/region/country),


Sonova and your HCP, actings as Joint controllers, process your personal data for the following purposes:

Based on your consent:

  • Insights – Collecting answers via satisfaction survey emails / The answers you provided via satisfactions survey emails will help us improving our products and services: Satisfaction questionnaire answers, such as level of satisfaction, areas of concern, likelihood of recommending HCP, how helpful Coach feature is, detailed satisfaction ratings, free form text fields (satisfaction comment), Data subject UID (unique anonymous patient ID).

 

Based on our legitimate interest:

  • Insights – Sending satisfaction survey emails / Send you satisfaction survey to collect your feedback and improve our products and services: Email address, Name.

Your HCP, acting as Controller, processes your personal data for the following purposes:

Based on the performance of your contract:

  • Insights - Asynchronous distance support / Adjust your HD fitting remotely: Other product UID (ID for HD pair), Fitting data (configurable offsets, adaptive feature values), Session date/time (time created, time applied, time acknowledged), Session data (remote session version, type of session, state of fitting session), Free form text fields (comments in session), Data subject UID (unique anonymous patient ID), Network address & identifiers (B2B login token).

 

Based on your HCP’s legitimate interest:

  • Insights – Success Check and Success Check emails/ Share your data with your HCP via the Fitting Software and via emails to inform and help you with your HD: Name, HD usage data (ratings, usage statistics, your adjustments, survey responses), Medical device type and settings (HD product name, version, brand, battery type, device type), Fitting data (fitting session information, program structure), Time stamp (date of last fitting), Medical Device UID (HD serial number), Data subject UID (unique anonymous patient ID).

Your personal data will be processed according to the instructions we provide to our employees who have received the necessary training in data protection and are subject to an obligation of confidentiality.

Your personal data may also be disclosed to:

  • Other companies in our group of companies, such as our subsidiaries, all of which are required to protect personal data in accordance with applicable privacy and data protection laws;
  • Our business partners, contractors and third-party service providers. These third parties only process personal data that are strictly necessary for the services they provide to us, according to our instructions and in compliance with our privacy and security requirements.
  • Other organizations and public bodies, supervisory and control authorities, including law enforcement agencies, as may be required by law.


By using the Mobile App, only personal data that are strictly necessary for the following purposes are shared:

Microsoft Corporation - Microsoft Azure (Netherlands) or for China 21Vianet Group, Inc (China)provide cloud infrastructure hosting our services.

  • Purpose of disclosure: Fitting the HDs remotely, allow you to submit ratings on your hearing experience, allow you to access and see your lifestyle data in the Mobile App.
  • Categories of personal data shared: Other product UID (ID for HD pair), Fitting data (configurable offsets, adaptive feature values), Session date/time (time created, time applied, time acknowledged), Session data (remote session version, type of session, state of fitting session), Free form text fields (comments in session), Data subject UID (unique anonymous patient ID), Network address & identifiers (B2B login token), HD usage data (ratings, usage statistics, your adjustments), Other data (HD state), Name (optional), Email address, Fitting data (HD fitting state), Medical device type and settings (HD product name, version, brand, battery type, device type), Other product type and settings (e.g. mobile version, mobile platform).


Google LLC - Firebase Analytics (USA)
: analytics. (not applicable for China)

  • Purpose of disclosure: Monitor the performance of the HD and the Mobile App to understand your demographics and preferences in using the Mobile App.
  • Categories of personal data shared: Mobile App usage data (e.g. adjustments, program name personalization, onboarding time, acceptance of privacy notice, etc.), Other product UID (Google Analytics tracking ID), Other product type and settings (e.g. OS name/version, mobile device model, mobile device language, Mobile App version), Network address & identifiers (IP address), Time stamp, Other product UID (Mobile App instance ID), Geolocation information (approximate mobile device location such as city/region/country).


Google LLC - Firebase Cloud Messaging (USA):
 remote configuration and push notifications. (not applicable for China)

  • Purpose of disclosure: Send you Coach notifications to help you benefit from your hearing aids.
  • Categories of personal data shared: Network address & identifiers (B2C token, Firebase cloud messaging token), HD usage data (ratings submission).


Google LLC – Firebase Crashlytics (USA):
 crashlytics. (not applicable for China)

  • Purpose of disclosure: collect crash and error reports on the Mobile App to ensure correct operation and security (post-market surveillance).
  • Categories of personal data shared: Crash and error data (Mobile App exceptions, errors and crash information), Other product type and settings (e.g., OS name/version, mobile device model, mobile device language), Performance data (e.g., connection with HD, technical log of Mobile App events); Network address & identifiers (IP address), Time stamp, Other product UID (Mobile App instance ID), Session ID (connection ID – random ID regenerated for every Bluetooth connection); Medical device type and settings (HD model).


Before we disclose any personal data to other third parties than those listed above, we will explicitly ask you for your consent. However, if we are obliged to disclose personal data without your consent, we will only disclose personal data that are strictly necessary for that purpose to fulfil our legal obligations.

Please note that some of the above-mentioned third parties can be located outside your country. Therefore, your personal data may be transferred to countries that do not provide the same level of protection of personal data as your own country. In such cases, we undertake to:

  • implement adequate procedures to comply with applicable law;
  • adopt appropriate organizational, technical and legal safeguards in order to ensure an adequate level of protection of the personal data transferred;
  • implement, if necessary, and according to applicable law, standard contractual clauses as adopted by the European Commission and/or the relevant supervisory authority;
  • depending on the country of the importing third party, take additional measures such as conducting a transfer impact assessment.

Sonova will retain your personal data for a minimal period proportional to the time required to fulfil the purposes outlined in Section 2. This is the case for personal data processed based on the performance of the contract. In the event applicable law or other regulations require a longer retention period, we will apply the longer retention period in order to fulfill our legal obligations.

For personal data processed based on your consent:

  • Insights: if you decide to deactivate the processing all personal data will be deleted.
  • Google Firebase Analytics: it is not possible to identify you with data collected for this processing, for any further questions please refer to their retention policy.


All other data submitted by you (ratings, questionnaire, usage, etc.) are deleted after 7 years if they are no longer required for the purposes referred in section 2.

Your personal data processed by HCPs, such as for Asynchronous distance support processing, will be retained according to HCPs policy and applicable laws. For more information on their specific retention periods, please contact your HCP.

Within the framework of the collection and processing of your personal data, and as per applicable law, you may have the right to request access, rectification, erasure of your personal data, or restriction of processing. In addition, you may object to the processing, request data portability and withdraw your consent at any time. According to your country, you may have other rights such as providing instructions for how your personal data should be processed posthumously. Under HIPAA you may also have the right to request an accounting of disclosures of your personal data, and the right to receive a paper copy of the notice of privacy practices upon written request.

You may exercise your rights by using the contact details in the “How to contact us” Section below, or you should contact your HCP if your rights concern personal data processed for the purpose of asynchronous distance support.

Please note that the exercise of such rights is subject to the limitations provided by applicable law.

If you consider that the processing of your personal data infringes applicable law then you may also lodge a complaint with the local supervisory authority or the competent regulator.

The Mobile App may contain links to other websites or content belonging to or originating from third parties or links to websites and features in banners or other advertising. Such external links are not investigated, monitored, or checked for accuracy, adequacy, validity, reliability, availability or completeness by Sonova. Therefore, please note that the Mobile App does not disclose any personal data to those third parties and their websites and that we are not responsible in any way of personal data processed by them.

For example, this is the case with the Works with Unitron screen which gives you access to a list of 3rd party lifestyle and wellness-oriented applications that are therefore not under Sonova’s responsibility.

In the event of questions about this Privacy Notice, or the processing of your Personal Data, please contact our Data Privacy Team at privacy@sonova.com.