We value your privacy
We care about your privacy and recognize the importance of privacy to you. This Privacy Policy describes our practices in connection with personal data (defined below)that we or our service providers may collect, use or disclose when you use our medical device, visit our website, mobile sites, applications, software and other services that we offer (collectively, the “Services”), operated and controlled by us, Akuos Pte. Ltd.(Company Registration No. 201710706N), a private limited company incorporated under the laws of the Republic of Singapore with its registered address at 114 Lavender Street, #10-84, Singapore 338729 (the “Company” or “we”). This Privacy Policy should be read in accordance with the Company’s Terms and Conditions available at akuos.com/privacy.
By using the Services, you (“you”or “your” shall mean the party disclosing personal data or our target audience who may include individuals or businesses whom we interact with including patients, healthcare providers, audiologists, suppliers, contractors or consultants) are deemed to have read, understood and accepted our practices in this Privacy Policy. We are not responsible for the privacy practices of any third-party websites that may be linked to our Services. It is your responsibility to check this webpage periodically to see if any terms have been changed or modified. Your continued use of the Services constitutes your acceptance of any updates to this PrivacyPolicy.
This Privacy Policy is drafted in accordance with the Personal DataProtection Act 2012 (“PDPA”) under Singapore law and is intended for use in Singapore and, where applicable, other countries or regions which provide the same level of protection for personal data that is comparable to the standards of the PDPA.
The PDPA recognizes the rights of individuals to protect their personal data (including rights of access and correction) and the requirement for organizations to collect, use or disclose personal data for legitimate and reasonable purposes. Accordingly, this Privacy Policy outlines the personal data that we collect, how it may be used, how it is stored and retained, whom it may be transmitted to as well as our and your responsibilities in relation to such uses and disclosures. We recommend that you read this Privacy Policy and our Terms and Conditions carefully before disclosing any personal data to us or using the Services.
The information we collect
We collect personal data when you create an account to use the Services.
“personal data” or “personal information” means data, whether true or not, about an individual who can be identified –
(a) from that data; or
(b) from that data and other information to which the organization has or is likely to have access
If you choose not to provide us with the information requested, you may not benefit from certain features of the Services or participate in a particular activity and your use of the Services may be limited. Alternatively, you may login to your account using your e-mail or Google account.
The personal information we collect from you may include but are not limited to the following and you will be informed what information is required and what information is optional:
(a) General identification information such as full name, nationality, email address, billing/residential address, shipping address and contact number;
(b) Demographic information including age or gender;
(c) Audiometric records such as your recent hearing test;
(d) Geolocation data such as the location of your device(e.g. IP address);
(e) Digital and calibration data including electronic network activity information such as the data we receive when you use theServices, preferred settings and credentials, devices purchased and registered, device configuration settings, preferences when using the Services, and other related information for data analytics such as environmental noise levels, battery charging habits and usage habits.
We will only collect information that is reasonably necessary for us to provide you with theServices. We collect such information only when we ask you for it and you provide it, and through technology that collects information automatically, such as cookies or other similar technologies. We will not be responsible for relying on inaccurate or incomplete data arising from your failure to notify us of any changes or inaccuracies in your personal data that was provided to us.
We collect information in several ways, such as:
(a) From our website: you may have an opportunity to send us information about yourself (e.g. when you create an account/when you fill out a registration form/survey). You may choose to personalize your user-experience on the Services in which case we may collect information about your visits to our website, including the URL clickstream, products you viewed or searched for, length of visits to certain pages and page interaction which may be collected automatically through the use of cookies.
(b) We may collect information when you contact us for information on our products, applications and Services, provide feedback or complaints or otherwise in the course of providing technical assistance or responding to product or service queries.
Sensitive information
We do not collect audio, visual or similar information such as photographs, videos or voice recordings. Unless specifically requested for, we ask that you do not send us or disclose to us any sensitive personal information such as passport/national identification card numbers, social security numbers, credit card numbers, information related to racial or ethnic origin, political opinions, sexual orientation, criminal background on or through the Services or otherwise to us.
Automatic information collection
We may collect certain information automatically through the use of cookie-less tracking technology when you use the Services, and the information may be collected in the following ways:
(a) Through your browser
This may include your Media Access Control (MAC) address, computer type (Windows orMac), screen resolution, operating system name and version, and Internet browser type and version.
(b) IP address
YourIP address, along with the time of the visit and pages visited, is identified and logged automatically in our server log files whenever you visit theServices. Collection of IP addresses is standard practice and is done automatically by many online services. The IP address collected may be use for diagnosing server problems and administering the Services.
(c) Mobile device
If you access the Service through a mobile device, we may collect information on it such as smartphone device brand and type to understand how you use the Service.
How we use your information
We may use your personal information only for purposes permitted by applicable laws and for the purpose for which it is collected, which generally includes the following:
(a) To assist you in setting up an account to use theServices;
(b) To identify and verify your identity when you access and use the Services or engage with us;
(c) To facilitate the sale, distribution or provision of the device or Services when you request for the same;
(d) To conduct clinical trials (with your consent) to enhance, improve and optimize your experience when you use the device orServices; or
(e) To comply with regulatory requirements, where applicable.
By using theServices, you expressly authorize and consent to us gathering, reviewing, retaining and where reasonably required, transmitting your personal information to our intermediary companies and entities for the proper and reasonable purpose of them storing and using the data responsibly and in accordance with the PDPA. When you provide personal information on or through the Services, the information may be sent to servers located outside of Singapore. In such an event, we will take appropriate steps to ascertain that the foreign recipient organization of the personal data is bound by legally enforceable obligations that are in-line with the requirements under the PDPA.
We may also use your personal information to:
(a) Ensure that the content on the Services is presented in the most effective manner for you and understand your interests;
(b) Provide the Services to you and contact you on the same;
(c) Provide you with updated product information with respect to the device, apps and Services;
(d) Improve the functionality and usage of the Services;
(e) Prepare customer lists for market research;
(f) Resolve or track status of issues on our Services and to guide the development of new products and services;
(g) Allow you to participate in features of the Services;
(h) Identify the types of devices you use so that we can optimize our systems;
(i) Communicate with you by email or other chosen means to send relevant notifications about our activities, developments and services that may be of interest to you;
(j) Contact you and notify you about changes to theServices that we offer (except where you have expressly requested for us not todo so);
(k) Ensure that you comply with our terms and conditions and the applicable law; and
(l) Send you important notifications that you will require to use device and the Services.
Protection of Personal Data Collected
Personal data collected by the Company are stored in information systems adopted by the Company, which include, but is not limited to cloud storage systems. We adopt commercially reasonable security measures to safeguard personal data collected. Some of the security measures adopted include, but are not limited to Apple’s TouchID, Apple’s FaceID, Google’s biometric security features and controls (e.g. Google’s autofill feature for use with Android and Google Chrome), One-Time Password (OTP), Two-FactorAuthentication (2FA), and other security measures such as :
(a) Engaging reputable third-party cloud system service providers to host our cloud storage systems and ensuring integration is properly done;
(b) Employing an in-house Information Technology team to ensure security of our storage systems and information communication systems;
(c) Checking that the third-party cloud system service providers that we engage adopt robust security measures that include configuring their cloud services to only allow access by whitelist IP addresses, periodically auditing configurations and security controls to ensure that servers or programs that host their cloud storage systems remain secure despite increasing sophistication of data breach threats;
(d) Adopting processes within the Company’s information communication systems, and checking with our cloud system service providers, to ensure that the organization has security measures against malware and phishing attempts. For example, theCompany uses advanced protection services such as Microsoft 365 advanced protection and Google Protection service for cloud-based email server to protect incoming mail, and the Company uses Multi-Factor Authentication to secure administrator accounts against phishing attempts and malware that may compromise administrator credentials; and
(e) Protecting cloud access keys or other database access keys by limiting user access based on the roles and functions within the organization, periodically rotating, resetting or reconfiguring critical keys, storing access keys in private folders.
The Company adopts measures and procedures that are aligned with guidance from the Personal Data ProtectionCommission. However, we do not guarantee that data breaches will not occur despite the adoption of commercially reasonable security measures that include the measures set out above.
With whom we share your information
We do not share your personal information with others except as indicated in this PrivacyPolicy or when we inform you and give you an opportunity to opt out of having your personal information shared. We may share personal information with:
(a) Service providers: We may share information, including personal information, with third parties that perform certain services on our behalf. These services may include, without limitation, storage of personal information on a cloud service (such as Firebase), server hosting, marketing and supporting our notification service functionality. These service providers may have access to personal information needed to perform their functions but are not permitted to disclose or use such information for any other purposes.
(b) We may allow third party service providers, advertising companies, advertisement networks, merchandising companies and other third parties to display advertisements and brands on the Services. These companies may use tracking technologies, such as cookies or web beacons, to collect information about users who view or interact with their advertisements.
(c) We do not provide any non-anonymized personal information to third parties. We will adhere strictly to the provisions in the PDPA in relation to any disclosure and dissemination of information to any third parties.
We may disclose your information, including personal information in response to a subpoena or similar investigative demand, a court order, or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights, to defend against legal claims, or as otherwise required by law.
Cross-border transfer
Your personal information may be transferred, stored or processed in any country where we have facilities or service providers. By using our Service or by providing consent to us (where required by law), your information may be transferred to countries or territories outside Singapore, including Australia or the EuropeanUnion, which may provide for different data protection rules than in Singapore.We will ensure that the use and disclosure of personal information transferred offshore is dealt with in accordance with this Privacy Policy, and we will not transfer your personal data to a country or territory outside Singapore that does not provide protection of personal data that is comparable to the protection under the PDPA.
Retention of information
We retain different types of information for different periods of time for as long as needed or permitted for the purpose(s) for which it was obtained. Generally, we determine retention periods by the length of time for which we have an ongoing relationship with you and provide the Service to you; whether there is a legal obligation to which we are subject; or whether retention is advisable having regard to legal considerations (such as applicable statutes of limitations or regulatory investigations).
For example, if we collect your personal information for the purposes of marketing analytics, we may store it for a period of one year. If, for example, your account on the Service is suspended or blocked, we will keep your data for a period between two to ten years to prevent them from circumventing the rules applying to our Services, after which we shall cease to retain your personal data.
Third-party sites
There are a number of places on our Services where users may click on a link to access other websites that do not operate under this Privacy Policy. For example, if users click on an advertisement (news and promotions) on our Services, they maybe taken to a website that we do not control. These third-party websites may independently solicit and collect information, including personal information, from the users and, in some instances, provide us with information about the users’ activities on those websites. You are advised to consult the privacy statements of all third-party websites that you visit. The availability of, or inclusion of a link to, any such site or property on the Service does not imply endorsement of it by us or by our affiliates.
How we protect personal information
We use reasonable physical, administrative and technical measures to help safeguard and secure your personal information from unauthorized access, collection, use, copying, modification, disposal and disclosure. However, no system can be completely secure. Therefore, we cannot guarantee that your personal information, activities while you use the Services, or other communications will always remain secure. If you have a reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you have with us has been compromised), please immediately contact us below.
We do not keep personal information for longer than it is required, and we destroy or permanently anonymize personal information that we no longer need, where permitted.
Use by minors
Although ourServices are for a general audience, we restrict the use of the Services to individuals aged 18 and above. By proceeding with the use of the Services or the Device, you warrant that you are either aged 18 or above, or you are the legal guardians of individuals below 18. It is your sole responsibility to provide your correct birth date. Where you are setting up your account to use or access the Services as a parent or legal guardian, you are required to provide your personal data and the personal data of your charges and we shall be entitled to assume that all personal data provided is true and accurate. We will take appropriate steps to delete any personal data of persons less than 12years of age that has been collected on or through the Services without verified parental consent, or consent from a legal guardian, upon learning of the existence of such personal data.
No Third-party Rights
This PrivacyPolicy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the Services.
Individuals in the European Economic Area
We acknowledge that the European Union General Data Protection Regulation (“GDPR”) will apply if we process or hold any personal data of individuals located at or residing in the European Economic Area (“EEA”) or if we offer goods or services to individuals in the EEA (“EU Individuals”).
We understand that we may lawfully process personal data if consent is provided by the EUIndividual for the processing for specific purposes, if it is necessary for the performance of a contract of if it is necessary for our compliance with a legal obligation.
We understand that personal data must be processed lawfully, fairly and transparently, be collected and applied only for specified, explicit and legitimate purposes, must be limited to only what is required, must be accurate, not be kept in personally identifiable form for longer than is necessary and must be secured and protected pursuant to the GDPR.
We acknowledge and agree that the GDPR affords EU Individuals with rights such as:
(a) Right to access and obtain a copy of the EUIndividuals’ personal data, including the purposes of processing and who the personal data has been disclosed to;
(b) Right to rectify inaccurate personal data concerning the EU Individual;
(c) Right to erasure of personal data concerning the EUIndividual in certain circumstances;
(d) Right to restriction of processing of personal data in certain circumstances, such as where the accuracy of the personal data is contested, or the processing is unlawful;
(e) Right to data portability by receiving personal data concerning the EU Individual or data which has been provided to us, in a structured, commonly used and machine-readable format, and the right to transmit that data to another organization;
(f) Right to object to the processing of personal data in certain circumstances, including for the purposes of direct marketing; and
(g) Right not to be subject to automated decision-making(including profiling) where this has a legal effect on the EU Individual or significantly affects him.
We agree that we will act on a request from an EU Individual without undue delay (within one month). We will maintain records of how we process personal data, acknowledge the need to conduct data protection impact assessments and the need to apply careful consideration in the adoption and engagement of our data processors.
Contact us
If at any time you would like to access, review, correct, update, restrict, or delete your personal data, or if you would like to enquire about our privacy practices, please contact us by:
· Email to our Data Protection Officer: privacy@akuos.com
· Post to: 114Lavender Street, #10-84, Singapore 338729
We will endeavour to respond to your request as soon as reasonably practicable and no later than one (1) month after receipt. If circumstances cause any delay in our response, you will be promptly notified and provided a date for our response. Your withdrawal of consent to our collection, use and disclosure of personal information may mean that we will not be able to continue with the existing relationship with you and the contract that you have with us may be terminated.
Please note that while you may have a right to access your personal data, there are some circumstances where we are not permitted to give you access to it under the PDPA (for example, we will not accommodate are quest to access, change or delete personal data if we believe that doing so would violate any law or legal requirement).
Updates to this Privacy Policy
As part of our efforts to ensure that we properly manage, protect and process your personal data, we will review our policies, procedures and processes from time to time.We reserve the right to amend the terms under this Privacy Policy at our absolute discretion. We will notify you of any changes to this Privacy Policy by way of email or by a pop-up notification when you access the website, app orServices to help ensure that you are always aware of the information that we collect, how we use it, and in what circumstances, if any, that we share it with other parties.
You are encouraged to visit the Services from time to time to ensure that you are well informed of our latest policies in relation to personal data protection. Your use of the Service following any changes means that you accept the revisedPrivacy Policy. This Privacy Policy was last updated on Thursday 11th August 2022.
