Sonova Global Privacy Policy

A. GENERAL INFORMATION

Sonova AG is incorporated under the laws of Switzerland, with its registered address at Laubisrütistrasse 28, 8712 Stäfa, Switzerland. Sonova AG, acting as a data controller, is operating its business through its globally located affiliates (collectively referred to as “Sonova” or the “Company” or “we” or “our”), acting as independent or joint data controllers in regard to their specific customers, users of products, mobile applications and websites, contractors, and partners (“Data Subjects”).

The Company processes Personal Data in its day-to-day business. Therefore, this Global Privacy Policy (“Policy”) has been drafted and implemented in order to describe the Company’s practices regarding the use of Personal Data relating to its Data Subjects. Some of the Company’s products and services and certain services provided by this website may also have supplemental privacy policies that apply in addition to this Policy.

“Personal Data” or “Personal Information” means any information relating to an identified or identifiable natural person.

“Sensitive Personal Information” or “Special Categories of Personal Data” means any Personal Data that, once leaked or illegally used, may easily cause infringement upon the human dignity or harm to the personal or property safety of a natural person, including, depending on Applicable Laws, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation, financial account, personal whereabouts and other information of a natural person, as well as the Personal Information of minors.

“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Data Subjects” means any identified or identifiable natural person from whom or about whom information is collected and/or processed. For the purposes of this Policy, the term Data Subjects shall encompass customers, users of products, mobile applications and websites, contractors and partners.

“Data Controller” means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data. In conformity with Applicable Laws and relevant terminology, the term “Data Controller” as utilised in this Policy may be referenced with different terms, ensuring consistency with Applicable Laws, provided that the fundamental role remains unaltered. For example, but not limited to, in accordance with the application of the Personal Information Protection Law (PIPL) in China, this role may alternatively be referred to as the “Personal Information Processor”.

B. APPLICABLE LAWS

The Company undertakes to comply with the relevant applicable data protection laws (“Applicable Laws”) although certain requirements may vary from one country to another.

For example, but not limited to, the Company is committed to complying with the following laws, where applicable:

• The Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”)

• The Swiss Federal Act on Data Protection of June 19, 1992 (“FADP”), modified in 2020 and effective from September 2023

• The California Consumer Privacy Act of 2018 (“CCPA”), as amended by the California Privacy Rights Act of 2020 (“CPRA”)

• Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Public Law 104-191, Sections 261 through 264, as amended by the Health Information Technology for Economic and Clinical Health Act, as incorporated in the American Recovery and Reinvestment Act of 2009 (“HITECH”) and all applicable implementing regulations, including without limitation, the Standards for Privacy of Individually Identifiable Health Information, the Security Rule and Breach Notification Rule, codified at 45 C.F.R. Parts 160 and 164 (all such laws and regulations to be collectively referred to as “HIPAA”)

• The Personal Information Protection Law (“PIPL”), the Cybersecurity Law (“CSL”), the Civil Code, the Data Security Law (“DSL”) and other applicable laws and regulations, regulatory requirements and national standards (collectively, the “China Data Privacy Laws”)

C. PERSONAL DATA COLLECTED

The Company may process the following Personal Data:

• Identity data: last name, first name, alias, nationality, and date of birth

• Contact details: postal address, private phone number, private email address or emergency contact

• Social security number and insurance company

• Financial data: means of payment (including credit card or debit card number), financial institution and potentially banking information, IBAN, health insurer or insurance information

• Data relating to health, including weight, height, medical history, doctor’s prescription, hearing capacity, physical activity tracking (step count, exercise intensity, exercise minutes), fitness data (heart rate, energy expenditure, blood pressure)

• Data relating to the user behaviour on the website: browsing data, Internet Protocol (IP) address, cookies and other tracking tools

• Data relating to the products purchased: model, serial number, usage data

• Data relating to any accounts established by Data Subjects, including account access credentials (e.g., usernames, account numbers)

• Data relating to the services provided

• Data relating to the feedback the Data Subjects provide on our products and services, including comments and notes.

D. PURPOSES OF PROCESSING PERSONAL DATA

The Company relies on the following legal bases for processing Personal Data whereby other legal bases may be used depending on where the Data Subject is located and the Applicable Laws.

D.1 PROCESSING BASED ON CONSENT OF DATA SUBJECTS

Processing of Personal Data may be based on the consent of Data Subjects. The processing of Personal Data for this purpose may involve:

• Marketing purposes such as sending newsletters and information about products and services offered by the Company to leads/prospects and users of products, mobile applications and websites

• Creation of the Data Subjects’ account

• Performance of the online hearing test

• Profiling to send updates on products and services designed and tailored by the Company for the Data Subject, based on the Data Subject’s experiences, interests or preferences

• Allowing the Data Subjects’ participation to clinical studies, research or testimonial initiatives

• Enrolment in our communities via online forms

• Participation to competitions and raffles

• Participation in online surveys

• Participation in events, trainings, or webinars.

• Publication of comments in our platform: please note that if you freely decide to share your opinion on our blog’s content, the information you disclose in your comment, along with your name, will become public and, hence, can be read by the community for as long as the article will remain published and/or you will freely decide to delete it. Please be aware, we are not responsible for the personal information you choose to submit, and we have no responsibility to publish, take down, remove or edit any of your public comment.

For the processing of Personal Data indicated above, we will request specific, clear and informed consent at the contact point, ensuring compliance with Applicable Laws and consent related requirements.

D.2 PROCESSING BASED ON A CONTRACT

Processing of Personal Data may be based on the execution of a contract or pre-contractual measures with Data Subjects and may involve:

• Fulfillment of our contractual or pre-contractual obligations towards Data Subjects, including the technical operation and functionality of the products and services they have acquired

• Provision of after-sales services after the purchase of products and services

• Social Security / insurance processing, including billing the Data Subject’s insurance provider for any products or services acquired

• Administration and resolution of claims

• Advising and interacting with the Data Subject when the Data Subject contacts the Company, for example through contact forms, comment function, chat function, emails

• Contacting the Data Subject to reply to technical requests, complaints and inquiries the Data Subject may arise through our forms and to offer the Data Subjected the required support

• Contacting the Data Subjects to offer the Data Subjects or someone they represent the requested commercial assistance / services in order to make an appointment to try our products and services with the Hearing Care Professional or provider closest to the Data Subjects.

D.3 PROCESSING BASED ON LEGITIMATE INTEREST

To the extent allowed by local Applicable Laws, Processing of Personal Data may be based on the Company’s legitimate interest to improve our products and services, our Data Subjects’ experience and our internal processes. The processing of Personal Data for this purpose may involve:

• Conducting statistical/usage analysis

• Performing internal administrative functions

• Preventing fraudulent activity and improving security. For example, but not limited to, pursuant to the implementation of our Multi-Factor Authentication mechanism designed to enhance the security and protection of personal data, we will process your email address for the purpose of transmitting a randomly generated code to validate the completion of your login process

• Managing relationships with Data Subjects

• Evaluating the relevance of our products and services

• Analysing the website performance, to improve our services and our website functionality

• Marketing products or services offered by the Company to existing business partners, contractors, or vendors. Note that where necessary, Sonova shall secure Data Subjects’ consent before processing Personal Data for marketing purposes.

D.4 PROCESSING BASED ON OTHER BASES

The Company may also process Personal Data to respond to legal requirements and to comply with any Applicable Laws and their respective additional legal basis (where applicable).

Depending on the country where the Data Subject resides, our processing of certain Sensitive or Special Categories of Personal Data may require a different legal basis for processing or may benefit from special protection, particularly in terms of security and confidentiality measures implemented.

E. COOKIES AND OTHER TRACKING TOOLS

Cookies and other tracking tools are small files stored by most internet browsers to track visitor information and they enable Sonova to make its web-offering more relevant to you. During your visit to our website, Sonova may use four categories of cookies and other tracking tools, depending on the website concerned. Their retention period depends on each country and the relevant applicable law. Depending on the relevant applicable laws, we have supplemental cookie privacy notices that inform you about the cookies used by the website you are visiting.

We use cookies and other tracking tools in order to:

• Obtain information about your browser settings, domain name, internet service provider, your operating system, the date and time of access, location, type of device used to access our website and conduct system administration

• Get information about other websites you have visited or the type of searches you perform to refine your experience

• Prevent fraudulent activity and improve security

• Know and analyse your browsing preferences and the products you are interested in

• Associate your previous website behaviour after you have registered with your details on a Sonova website for business and technical purposes.

Some of the cookies and other tracking tools used by our websites are set by us, and some are set by third parties on Sonova’s behalf. Our use of cookies and other tracking tools from third parties enables tailored advertising, meaning that you may see advertisement for Sonova on other websites that you visit.

Depending on the website in question, we may use the following categories of cookies and other tracking tools:

• Strictly necessary cookies: these cookies are necessary for us to provide you with the basics functionalities of our website and cannot be switched off in our systems.

• Performance and analytical cookies: these cookies allow us to count visits and traffic sources in order to measure and improve the performance of our website.

• Functional cookies: these cookies are used to provide enhanced functionality and personalisation during your visit.

• Targeting or advertising cookies: these cookies may be set through our website by our advertising partners to build a profile of your interests and propose relevant adverts.

Each type of cookie reflects a specific purpose and, on our website, you can easily consent specifically to each purpose. By accepting all cookies, you will have a fully personalised web experience. We allow you to choose which types of cookies you accept or block, but it may impact your experience on the website and the services we offer (as mentioned above). You can use the service even in the case of a refusal to consent to some cookies, except where the refusal is for strictly necessary cookies. At any time, you can withdraw or modify your consent by going on the “Cookie Preferences” page.

The way to give your consent specifically to each purpose, or to accept all cookies will depend on the applicable laws concerning cookies in your country and be easily found and explained in the cookie banner.

If you are not interested in the advantages of our Cookies, the “Help” function of your browser can provide instructions on how to prevent Cookies or delete existing Cookies. Also, you can learn how to block all new Cookies on your browser and which configuration steps are required to receive a notification about new Cookies.

Helpful information on Cookies can be accessed on these websites: http://www.allaboutcookies.org/ or https://cookiepedia.co.uk.

Further details regarding the categories of cookies and other tracking tools collected by the website in question will be provided through the cookie banner and its dedicated cookie section.

F. SOCIAL MEDIA PLUGINS

Social media plugins are a part of certain web pages of Sonova and exist for social media providers (“Provider”); such as Facebook, Instagram, Twitter, LinkedIn, Google+, and YouTube. When you visit a page by clicking such a plugin your browser will connect to the respective social media server. At the same time, the Provider will know that you visited our website prior to landing on the social media site. If you are registered and have logged in with the relevant Provider, your visit can also be linked to your user account. Providers in general do not provide specific information about what data is transmitted in the use of their social media plugins.

Therefore, we have no definitive ability to verify the content and scope of the transmitted data or its use by such Providers. For further information about social media plugins, please consult the data protection stipulations of the relevant Provider. If you do not want a Provider to collect data on you through our website, please deactivate the plugin(s) in your web browser. If you wish to avoid a link to any existing user account, you must log out of the social media web page before your visit to our website.

G. THIRD PARTY LINKS

This Policy applies solely to the use of this website. We may provide you with links to third party websites that may be of interest to you. However, please be aware that Sonova is not responsible for the content and availability of such websites and cannot guarantee the privacy practices of such websites.

H. RETENTION OF PERSONAL DATA

Personal Data will not be kept longer than necessary for the above-mentioned purposes. This means that Personal Data will be deleted as soon as the purpose of the processing of Personal Data has been achieved. However, the Company may retain Personal Data longer if required by any Applicable Laws to protect or exercise our rights, to the extent permitted. At the end of the retention period, the Company may also need to archive Personal Data, to comply with Applicable Laws, for a limited period of time and with limited access. These retention periods may vary depending on the country where the Data Subjects reside and in accordance with Applicable Laws.

I. DISCLOSURE OF PERSONAL DATA

The Company may share Personal Data based on the Data Subject’s consent and/or on a relevant legal basis, with the following third parties:

• Business partners providing services on our behalf, such as for technical support, for marketing purposes or for other types of services delivery.

• Governmental authorities and public authorities, as far as this is necessary to provide any services that have been requested or authorised, to protect Data Subjects’ rights, or our or others’ rights, property or safety, to maintain the security of our services or if we are required to do so because of Applicable Laws, court or other governmental regulations, or if such disclosure is otherwise necessary in support of any legal or criminal investigation or legal proceeding.

• Individuals authorised by the Data Subject or by Applicable Laws to participate in the Data Subject’s care, including family, close friends or others.

Depending on Applicable Laws, we implement contracts with some third parties to ensure that Personal Data is processed based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures.

From time to time, it may be necessary to conclude such contracts within the Sonova group, with subsidiaries and affiliated companies, to fulfil regulatory requirements. For this purpose, Sonova subsidiaries and affiliates shall also be considered as “third parties”.

J. TRANSFERS OF PERSONAL DATA

The above-mentioned third parties, such as Sonova affiliates and subsidiaries, as well as business partners, public authorities, to whom we may disclose Personal Data, may be located outside of your country, potentially including countries whose data protection laws may differ from those in the country in which Data Subjects are located.

If Personal Data is processed within the European Union/European Economic Area, and in the event Personal Data is disclosed to third parties in a country not considered as providing an adequate level of protection according to the European Commission, the Company will ensure:

• The implementation of adequate procedures to comply with Applicable Laws, and in particular when a request for authorisation from the competent supervisory authority is necessary

• The implementation of appropriate organisational, technical and legal safeguards to govern the said transfer and to ensure the necessary and adequate level of protection under Applicable Laws

• If necessary, the implementation of Standard Contractual Clauses as adopted by the European Commission

• If necessary and depending on the country of the third party importing the data take additional measures such as completing a data transfer adequacy assessment and, when required, supplementary measures for the protection of the transferred Personal Data.

If Personal Data is not processed within the European Union/European Economic Area, and in the event Personal Data is disclosed to third parties located outside your country, the Company will ensure that appropriate safeguards are in place to protect Personal Data by implementing appropriate legal mechanisms. Those mechanisms may differ depending on the country and relevant Applicable Laws.

If a Data Subject’s Personal Data falls under the application of the revised FADP or PIPL and is subject to international transfers, the Data Subject will be informed of these transfers through supplemental privacy notices. Such notices will provide additional details and safeguards regarding the transfer of Personal Data outside of Switzerland or China respectively.

K. PERSONAL DATA SECURITY

The security of Personal Data is extremely important to us. We take all steps reasonably necessary to ensure that Personal Data is treated securely and in accordance with this Policy.

Sonova implements a variety of security measures in order to protect Personal Data from security incidents or unauthorised disclosure. These security measures are based on appropriate industry security standards and include, inter alia, access controls, passwords, encryption, and regular security assessments.

All employees who may process any Personal Data are required to undergo appropriate training in accordance with Applicable Laws to ensure compliance with data protection regulations.

We regularly review our information security procedures to consider appropriate new technology and methods.

L. PRIVACY RIGHTS RELATED TO PERSONAL DATA

Depending on the relevant Applicable Laws, Data Subjects have rights related to their Personal Data, such as the right to request access, rectification, erasure of their Personal Data, restriction of Processing, object to Processing, request data portability, to be informed and withdraw their consent for Processing of Personal Data based on their consent. Data Subjects may also object to automated individual decision-making if they are concerned about such Processing.

The exercise of relevant data subject rights shall be conducted in accordance with the legal timelines stipulated by Applicable Laws.

In addition, some Applicable Laws may provide instructions relating to the retention, communication and erasure of Personal Data posthumously.

To exercise these privacy rights, Data Subjects may contact us as described in the “How To Contact Us” section below. We may ask proof of identity in order to respond to the request. If we cannot satisfy the request (refusal or limitation), we will document our decision in writing.

The exercise of such rights is not absolute and is subject to the limitations provided by Applicable Laws. No individual shall be subject to retaliation or discrimination on the basis of exercising these rights.

Data Subjects may have the right to lodge a complaint with the local supervisory authority or the competent regulator if they consider that the processing of their Personal Data infringes Applicable Laws.

M. UPDATES TO THIS POLICY

We may update this Policy from time to time in order to reflect new or different privacy practices. In this case, we will post updated versions of this Policy on this page. A revised Policy will apply only to data collected after its effective date. We encourage Data Subjects to periodically review this page for the latest information on our privacy practices.

N. HOW TO CONTACT US

For any questions, comments, or concerns about this Policy, or in order to exercise the privacy rights permitted by Applicable Laws related to Personal Data, please contact our Data

Protection Officer at: Sonova AG

Attn: Data Protection Officer

Laubisruetistrasse 28

8712 Stäfa, Switzerland

+41 58 928 01 01

privacy@sonova.com

O. POLICY IDENTIFICATION SHEET & VERSION CONTROL

Sonova Policy Identification Sheet:

Policy Name

Global Privacy Policy

Effective Date

01 April 2025

Level in Policy Hierarchy

Key Policy (Level 2)

Scope and Target group

All Sonova employees, worldwide

MB Designation

Chief Executive Officer

Policy Owner

Group Compliance Officer

Version Control:

Version

Description of Change/Content

Released

2.00

Incorporated Web & Cookie Policy into this document and updated to reflect current law

1.4.2025

1.00

Initial release of the policy

1.2.2022
read more +

Local Neurosensory Privacy Policy

We are committed to protecting your privacy and being open and transparent about how we handle your personal information. This Privacy Policy outlines how we manage the personal information we hold about you in accordance with our obligations, under the Commonwealth Privacy Act 1988 (as amended) and the Australian Privacy Principles (APPs).

What you can expect

  • We will never sell your information to a third party.
  • We need information from you to be able to provide you with reliable results and your doctors with helpful advice.
  • We need your consent to collect information about you.
  • We will be fair in the way we collect information.
  • Most information is collected at the time of your initial appointment.
  • Neurosensory’s record systems are reliable and secure.
  • You may request access to information we hold about you.
  • You can discuss any concerns you may have about how we handle your information.

Why we collect personal information

Neurosensory is dedicated to its clients. We help our clients to manage hearing, balance, and communication impairments so that they may have a better quality of life.

Neurosensory collects personal information for the primary purpose of providing diagnostic and rehabilitation services and solutions, and, at times, for other secondary purposes such as research and marketing.

We may ask for other information voluntarily from time to time (eg through market research) to enable us to improve our services and consider the wider needs of our clients or potential clients and to participate in clinical research projects.

Types of personal information

The type of personal information we may collect includes (but is not limited to) your name, date of birth, gender, contact telephone number, mail and email addresses, referral information, Commonwealth Government references including your pensioner number, and, if relevant, Department of Veterans’ Affairs number, and payment details.

Some personal information we collect is “sensitive”.

“Sensitive information” may include information or an opinion about your hearing, balance, communication, and health condition and history.

Sources of information

We may collect your personal information:

  • When we have contact with you by telephone, text, fax, email, post or in person.
  • From your medical/health referrer (and their staff), and associated referral documents.
  • When you attend an appointment and complete a client information form, and provide details of your clinical history.
  • When you provide feedback to us on client satisfaction forms, or via email, fax or post.
  • From our website, when you request information about us, our products or services.
  • When you request us to complete applications on your behalf (eg online process of the Office of Hearing Services program).
  • When you apply for a position of employment with us.

Where it is unreasonable or impractical to collect personal information directly from you, or if we are otherwise permitted to do so, we may also collect personal information about you from other third parties (eg family members or guardians).

For promotional/marketing purposes, we may take photos of you, but only with your consent.

When you visit and browse our website, our website host may collect information for statistical, reporting and maintenance purposes. The information collected is used to administer and improve the performance of our website and will not be used to identify you.

Uses of personal information

We use your personal information to:

  • Provide diagnostic and rehabilitation services and solutions. This includes provision of our professional opinion concerning test results to your medical and/or other referrer/s.
  • Contact your medical/ health practitioners and providers to arrange appropriate referral/s and /or arrange appropriate appointments.
  • Assess your eligibility, and apply on your behalf, for the Australian Government Hearing Services Program (through the Office of Hearing Services).
  • Verify your claims with Medicare, private health insurers, relevant Government programs including Australian Government Hearing Services
  • Program and Department of Veteran Affairs, or a third party (eg WorkCover) should they be responsible for payment of your account.
  • Remind you of an upcoming appointment.
  • Order products from suppliers.
  • Review your ongoing needs.
  • Coordinate/ analyse your feedback to us.
  • Manage and respond to requests for information.
  • Manage complaints.

We may also use your personal information to:

  • Undertake clinical research. If we cannot de-identify your personal information, we will contact you to obtain your consent.
  • Conduct market research.
  • Improve service delivery.
  • Market services and products we think you may be interested in.

Management of your personal information

We take all reasonable steps to ensure that the personal information we hold is accurate, complete, relevant and up to date. We train our employees who handle personal information to respect the confidentiality and privacy of your information.

How we hold and secure your personal information

We hold your personal information in both paper and electronic form. We take reasonable steps to protect it from misuse, interference, loss and from unauthorised access, modification or disclosure. Our electronic records are stored securely, in Australia. We may need to retain records for a significant period of time to comply with our legal obligations. If we find that we have no further need for your personal information we may archive it in accordance with our record retention obligations or securely destroy all record of it.

If a data breach involving your personal information occurs, or we suspect that a data breach has occurred, whether the entity experiencing the data breach is Neurosensory or third parties we use, such as contractors or subcontractors, we will expeditiously conduct an investigation and assessment. Based on this assessment, we will determine whether any steps need to be taken by us to ensure your personal information is not accessed by unauthorised persons or whether we need to notify you with recommendations about the steps that you should take in response to the data breach. If there is a serious data breach we will tell you about any action we have taken, or we are intending to take, to prevent reoccurrence.

Disclosure of personal information

We will not disclose your personal information without your permission, unless we are required or authorised by law to do so. Depending on the nature of your engagement with us, we may disclose your personal information to:

  • Any person you request or consent to receiving the information. On rare occasions, this will include medical/health practitioners who are based overseas.
  • Your medical/health practitioners, hospitals and providers.
  • Your parents, guardians or family members, unless you advise us of a relevant reason to restrict this disclosure.
  • Suppliers to Neurosensory (eg manufacturers of hearing aids, ear moulds, cochlear implants or other implantable products or other related products.)
  • The Office of Hearing Services for assessing your eligibility, and processing your application.
  • Relevant officers of Commonwealth, State or Territory Governments (such as Departments of Health and Veterans’ Affairs, or Medicare).
  • We may also disclose your personal information to media outlets for marketing/promotional purposes, but only with your consent.

How to access, and correct your personal information, or to make a complaint

Under Privacy laws, you have the right to request access to your personal information and to request its correction. You also have the right to complain if you feel that your privacy has not been respected or that we have conducted ourselves inconsistently with this Privacy Policy.

To request access and/or correction to your personal information, to make a complaint, or for any other queries in relation to this Privacy Policy, please contact us by:

Email: info@nsu.com.au
Phone 1300 965 513, or
Post your request to:
Privacy Officer
Neurosensory
GPO Box 2925
Brisbane Qld 4001

Before we can consider the request we will verify your identity and may also clarify what information you require. On receipt of your request, we will respond as soon as possible, within 30 days, at the very most.

Ordinarily, we will give you full access to your personal information. However, there may be some legal or administrative reasons to deny access. If we refuse your request to access your personal information, we will provide reasons for the refusal.

If you do not wish to receive promotional or marketing material from us, you can contact us as per details above.

Complaints Process

If you have a complaint, we will investigate and notify you of the outcome of our investigation within a reasonable time. We will let you know if we can respond to the matter quickly or whether we need more time to investigate and resolve your complaint.

If you are not satisfied with our response you can contact the Commonwealth Government Privacy Commissioner.

read more +