Oto Privacy Policy

Privacy Policy | Oto Health

Download the full Privacy Policy (PDF)

This on-page version contains the core policy text only. Annexes and detailed third-party processor tables are available in the full PDF above.

Privacy Policy

Version History

DateVersionReason for ChangeAuthor
12/09/20241.0.0Initial generationEdmund Farrar
13/09/20241.1.0Section(s) updated: 1Edmund Farrar

Introduction

Oto Health Ltd respects the privacy of its customers, suppliers and partners. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. For employees, we have formulated a separate privacy policy, available upon employment and upon request.

This privacy policy pertains to processing by Oto Health Ltd by means other than through the use of cookies. Oto Health Ltd has formulated a separate cookie policy, which can be found on our websites: https://www.joinoto.com/

Definitions

Party responsible for processing personal data: Oto Health Ltd; registered address: 4th Floor, Silverstream House, 45 Fitzroy Street, United Kingdom; company registration number 12231154; Data Protection Officer George Leidig (george@joinoto.com) (the “Controller”).

Data Protection Authority: The Data Protection Authority of United Kingdom.

Data Protection laws:

  • For European citizens or residents, the EU GDPR 2018 and the EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy regulation);
  • For UK citizens or residents, the UK GDPR 2020, the UK Data Protection Act 2018 and the national laws of the countries where we operate.

Collection of data

Your personal data will be collected by Oto Health Ltd and its data processors.

Personal data means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Legal bases for processing

Oto Health Ltd processes personal data on one or more of the following legal bases:

  • The data subject has given consent to the processing of their personal data for one or more specific purposes.
  • Processing is necessary for the performance of a contract to which the data subject is party.
  • Processing is necessary for compliance with a legal obligation to which Oto Health Ltd is subject.
  • Processing is necessary in order to protect the vital interests of the data subject or of another natural person.
  • Processing is necessary for the purposes of the legitimate interests pursued by Oto Health Ltd or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Purpose of processing

Oto Health Ltd collects and processes personal data to:

  • Provide and improve our products and services;
  • Manage customer relationships;
  • Comply with legal and regulatory obligations;
  • Conduct marketing and promotional activities, where permitted by law;
  • Protect the security and integrity of our services and systems;
  • Respond to enquiries and provide customer support.

Retention period

Oto Health Ltd will retain personal data for no longer than is necessary for the purposes for which the personal data are processed, unless a longer retention period is required or permitted by law.

Rights of the data subject

In accordance with data protection laws, you have the right to:

  • Access your personal data and obtain information about how we process it;
  • Rectify inaccurate or incomplete personal data;
  • Erase your personal data in certain circumstances (“right to be forgotten”);
  • Restrict or object to the processing of your personal data;
  • Data portability – receive your personal data in a structured, commonly used and machine-readable format and transmit it to another controller;
  • Withdraw consent at any time, where processing is based on consent;
  • Lodge a complaint with a supervisory authority.

Security measures

Oto Health Ltd implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including, where appropriate, measures such as pseudonymisation and encryption of personal data, systems for ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services, and procedures for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures.

Contact

If you have any questions or concerns about this privacy policy or our data processing practices, please contact:

Data Protection Officer
George Leidig
Email: george@joinoto.com
Address: Oto Health Ltd, 4th Floor, Silverstream House, 45 Fitzroy Street, United Kingdom