Data Privacy Policy
This Data Privacy information explains when and why MED-EL and its branch offices (henceforth referred to as ‘we’, ‘us’, ‘our’) collect personal data, how we use such data and how we protect such data and your associated rights. We process and transfer your personal data on a legal basis only, in particular to fulfill contractual requirements, for legitimate interests or based on your consent. The purpose and the legal basis are mentioned separately for all functions of our mobile application.
Who is responsible for data processing?
The responsible controller is:
MED-EL Elektromedizinische Geräte Gesellschaft m.b.H.
Fürstenweg 77a 6020 Innsbruck AustriaThe responsible data protection officer can be contacted directly via [email protected] or by adding ’attn. Data Protection Officer’ to the postal address above.
Which data is processed and which sources does this data come from?
We process personal data which we receive from you via your registration for and use of the AudioKey app.
Your personal data includes:
- Name
- Email address
- Date of birth
- Demographic information such as address, postal code
- Data about your MED-EL audio processor such as serial number, ear side
Your rights
If you have any questions regarding this policy, please contact your local MED-EL Office or the Data Controller set forth above. You have the right of access, the right to rectification, erasure, restriction of processing, data portability and the right to object. Where data processing requires your consent, you can withdraw your consent to future use at any time. You also have the right to file a complaint with the relevant data protection authority.
Who receives your data?
Data can be passed on within the MED-EL group. Only branch offices, departments or employees required to guarantee proper processing have access to the respective relevant parts of your data.
Personal data provided through different MED-EL services and applications can be aggregated and linked within MED-EL to determine and personalize service and product offers.
If a Guardian role is activated, this person can access app settings and functions as described in the section ‘Guardian roles’ below.
Transmission of data to third parties:
MED-EL uses third parties (‘data processors’) to provide a high quality of service. These third parties, or providers, must have signed the corresponding data protection agreements and offer sufficient guarantees under applicable law before the commencement of their collaboration with us. Whenever possible, we select cooperation partners who are based or have their servers within the European Union (EU).
In order to be able to offer you certain services, we commission third-party providers with headquarters or servers outside the EU.
For countries which do not guarantee an adequate level of data protection according to Art. 45 GDPR, we use the EU standard contractual clauses as a suitable guarantee, and examine additional security measures, data protection regulations and certifications to ensure a GDPR-compliant level of protection of your data (see: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj).
Update and changes
Updating your personal data takes place primarily on the basis of your direct feedback or changes you performed within the AudioKey app.
Retention period
Your data will be deleted as soon as storage is no longer required (e.g., fulfilling legal retention requirements, generation, execution or defense of legal requirements). We may also anonymize your data instead of deleting it. In this case, any information suitable to determine your identity will be irrecoverably deleted.
You can personally delete your data directly via the app, either for one device or your complete account.
Anonymized data may be used for statistics, research, product improvement and regulatory purposes according to Art. 6 (1) lit. f) and Art 89 GDPR.
Is there an obligation to provide data?
For registration to the AudioKey app via myMED-EL, we require registration data. Provision of any further data and technical information depends on your consent or the features you would like to use in the AudioKey app (e.g., geolocation for the ‘Find My Processor’ function).
Is my data used for automated decision-making including profiling?
We do not use automated decision-making, pursuant to Art. 22 GDPR.
Security
We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect within the AudioKey app.
Links to other websites
The AudioKey app may contain links to other websites or mobile applications which might be of interest for users. Please note, however, that once you have followed these links to leave the AudioKey app, we may not have any control over that specific other website or mobile application. Therefore, we are not responsible for your privacy or protection of any data provided whilst visiting such sites, and such sites are not governed by this privacy statement. You should exercise caution and study the privacy statement applicable to the website or mobile application in question.
For which purposes and on which legal basis does data processing take place?
Registration
You can register to the AudioKey app via myMED-EL. For registration, you have to provide the following data to us: first name, email address and country. Additionally, we process this optional data if you decide to provide it: last name, profile picture, address, postal code, date of birth.
For authentication, MED-EL uses the Auth0 software component, a service of Okta, Inc., located in 100 First Street, San Francisco, CA 94105, United States. This requires the transfer of your email address and password to provide a secure login process. See https://www.okta.com/privacy-policy/ and https://auth0.com/docs/secure/data-privacy-and-compliance for more information.
If you use the AudioKey app in the demonstration mode, we do not process any personal data.
Purpose:
Registration to the AudioKey app, statistical evaluation and research.
Legal basis:
Performance of a contract - Art. 6 (1) lit. b) GDPR, Legitimate Interest - Art. 6 (1) lit. f) and Art. 89 GDPR - Statistical Evaluation and Research.
Connection of MED-EL audio processors
You can connect MED-EL audio processors to use the AudioKey app as a remote control and to see information about your connected MED-EL audio processors. In order to connect MED-EL audio processors, you have to provide some data about them (e.g., audio processor type, serial number, configured ear side).
Purpose:
Connection of MED-EL audio processors for using remote control capability via AudioKey app.
Legal basis:
Performance of a contract - Art. 6 (1) lit. b) GDPR.
Guardian roles
In the AudioKey app, you can define three different Guardian roles:
Administrator: get notifications about the person under care, use all app functions and manage the audio processor of the person under care; act as a main manager for the person under care, update user profiles, add or remove other guardian users and maintain permission levels; access to any data provided about the person under care.
Controller: get notifications about the person under care and access the main app functions (e.g., Listening Settings, MyStats, Find My Processor) of the managed user.
Observer: get notifications (e.g., connection of new audio processor) about the person under care.
The notification function uses Firebase Cloud Messaging, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.
This service is used to send push messages or so-called ‘in-app messages’ (messages displayed within the respective app). In this case, the device is assigned a pseudonymized push reference, which serves as the destination for the push messages or in-app messages. This function can be deactivated and re-activated in the device settings at any time. See https://firebase.google.com/support/privacy/ for more information about the Firebase data privacy.
Purpose:
Support of a person under care as a Guardian, Controller or Observer via the AudioKey app.
Legal basis:
Performance of a contract - Art. 6 (1) lit. b) GDPR.
Find My Processor
Using the ‘Find My Processor’ function, you can search for a lost or misplaced processor. Depending on the device used, this function uses either the Google Maps or Apple Maps map service via an API. To use these location services, it is necessary to save your IP address. This information is generally transmitted to a server in the USA and stored there. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, or Apple Inc., One Apple Park Way, Cupertino, CA 95014, United States. For further information about data protection, see https://www.google.de/intl/de/policies/privacy/ for the Google data protection declaration, see https://www.apple.com/legal/internet-services/maps/terms-en.html for the or Apple Maps Terms of Use, and see https://www.apple.com/legal/privacy/en-ww/ for the Apple Privacy Policy.
‘Find My Processor’ only works if you grant the app access to your location data. You can activate and de-activate this function directly in the settings of the AudioKey app anytime.
Purpose:
Search for a lost processor.
Legal basis:
Performance of a contract - Art. 6 (1) lit. b) GDPR.
Audio Processor Usage Data
For audio processors supporting this functionality, we retrieve data from your hearing device (e.g., number of boots, operation time) in a pseudonymized form.
In case you would like to use the optional function ‘MyStats’, we do require your consent to collect the audio processor usage data. You can withdraw your consent at any time by changing your selection directly in the app.
Purpose:
MED-EL uses the data to analyze product performance, service and reliability in order to provide user statistics and improve the user experience of the AudioKey app as well as future mobile applications. Additionally, pseudonymized data can be used for statistics, research and regulatory purposes.
Legal basis:
Consent - Art. 6 (1) lit. a) and 9 (2) lit. a) GDPR, Legitimate Interest - Art. 6 (1) lit. f) and Art. 89 GDPR Statistical Evaluation and Research and Regulatory Purposes.
Moblie Application Usage Data
Given your prior consent, anonymized application usage data is collected (e.g., the frequency of use of the software, individual functions, malfunctions of the software, model, version and status information of the component, as well as the model, operating system, language and country of the device are documented) via Microsoft App Center Analytics, a service of Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, United States. For further information on data protection, please see https://www.microsoft.com/en-us/trustcenter/privacy/%E2%80%AF. You can withdraw your consent at any time by changing your selection directly in the app.
Purpose:
To analyze product performance, service and reliability data and to improve user experience of the AudioKey app as well as future mobile applications.
Legal basis:
Consent - Art. 6 (1) lit. a) and 9 (2) lit. a) GDPR, Legitimate Interest - Art. 6 (1) lit. f) and Art. 89 GDPR Statistical Evaluation and Research and Regulatory Purposes.
Change Information
This data protection information will be updated as soon as the respective mobile application changes or other reasons dictate such updates. The valid version is always available in the mobile application. Release date of current version: 1.10.2024
