Sound Horizons Privacy Policy

Version 1.0 (October 2025)

1. Introduction

Sound Horizons Ltd (“we”, “our”, “us”) provides online assessments and treatment for Auditory Processing Disorder (APD). We are committed to protecting the privacy and confidentiality of everyone who shares personal information with us, whether you are an adult patient, a parent or guardian of a child, or simply visiting our website.

This Privacy Policy explains how we collect, use, store, and protect your personal information, and your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Who We Are

Controller: Sound Horizons Ltd
Registered Address: Sound Horizons Ltd, 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE
Operational base: Cambridge, United Kingdom
Email: hello@sound-horizons.com
Representative: Nadia Abbott (Audiologist)

3. What Information We Collect

We collect information directly from you through our online platform (Splose) and website forms. The type of data depends on your interaction with us.

a) Website Visitors

Name and contact details submitted through our contact form.
Optional newsletter sign-up details (email address).
Technical data such as IP address, browser type, and device information (via cookies – see Section 13).

b) Adult Patients

Information provided in your Adult Intake Form:

Identity and contact details.
Health and auditory history, medical background, and GP information.
Assessment results and therapist notes.
Payment and billing information.

c) Children and Young People

Information provided in the Paediatric Intake Form:

Child’s personal details (name, DOB, school, background).
Parent/guardian contact information.
Developmental and health history.
Assessment results, reports, and recommendations.
Parental consent signature and date.

4. How We Collect Information

Directly from patients and parents/guardians via the Splose platform.
Through our website contact form or by email.
From referrers such as GPs or specialists (where authorised by you).
Automatically through website cookies or analytics (if enabled).

5. Lawful Basis for Processing

Adult Patients

Article 6(1)(b) – Performance of a contract with the patient.
Article 9(2)(h) – Provision of health or social care services under professional confidentiality.

Children and Young People

Article 6(1)(b) – Performance of a contract entered into with the parent or guardian on behalf of the child.
Article 9(2)(h) – Provision of health care services.
Parental/guardian consent is required before any service begins, ensuring understanding and permission for treatment; however, the legal basis for data processing is healthcare provision, not consent.

Website Enquiries

Article 6(1)(f) – Legitimate interests in responding to enquiries and maintaining business relationships.

Discovery Call Enquiries

Article 6(1)(a) – Consent (the individual has given clear consent for processing their information for this specific purpose).
Article 9(2)(a) – Explicit consent for processing special category data (where hearing-related information is shared).
When you complete a Discovery Call form on our website, we collect your name, contact details, and brief information about your hearing or auditory concerns. This information is used only to arrange your Discovery Call and respond to your enquiry. We do not use this data for marketing or any unrelated purpose.
If you do not proceed with an assessment or treatment after the Discovery Call, your information will be securely deleted within 3 months.

Marketing and Newsletters (optional)

Article 6(1)(a) – Consent (you may withdraw at any time by unsubscribing).

6. How We Use Personal Data

We use your information to:

Deliver auditory assessments and therapy services.
Communicate with you (and, for children, with parents/guardians).
Maintain accurate clinical and administrative records.
Process payments and manage appointments.
Respond to enquiries and provide support.
Meet legal, professional, and insurance obligations.
Improve services and maintain quality standards.
We never sell or share your information for marketing purposes.
We never sell or share your information for marketing purposes.

7. Special Category and Children’s Data

Health information and children’s records are treated with the highest level of confidentiality. Access is strictly limited to professionals providing care and authorised support staff. All records are stored in Splose and a secure cloud environment with encrypted access.

Additional safeguards include:

Password-protected systems and multi-factor authentication.
Parental control over access requests for children’s records.
Separate retention rules for child records (see Section 9).

8. Data Sharing and Third Parties

We only share personal information when necessary to deliver care or comply with law.

Typical recipients include:

Your GP or healthcare professional (when authorised by you).
IT service providers (e.g. Splose – practice management system, secure cloud storage, email hosting).
Payment platform (if used for transactions).
Regulators or insurers where legally required.
All third parties are bound by confidentiality agreements and data processing contracts consistent with UK GDPR.

9. Retention of Data

Adult records: kept for 7 years after the last treatment session.
Child records: kept until the child turns 18 + a further 7 years (25 in total).

Discovery Call form submissions: retained for up to 3 months, unless you proceed as a patient.
Website enquiries: retained for up to 12 months.
Financial records: retained for 6 years for accounting purposes.
After these periods, data is securely deleted or anonymised.

10. International Transfers

At present, Sound Horizons stores all data within the UK or EEA.
If future systems transfer data outside these regions, we will implement approved safeguards (such as UK Addendum to SCCs or adequacy decisions) and notify you before use.

11. Security Measures

We employ appropriate technical and organisational measures to protect your data, including:

Encryption at rest and in transit.
Role-based access controls and unique user logins.
Multi-factor authentication for Splose and cloud storage.
Regular software updates and security monitoring.
Encrypted back-ups and secure data deletion protocols.

12. Your Rights

Under the UK GDPR you have the right to:

Access your personal data.
Request correction of inaccuracies.
Request erasure (“right to be forgotten”) where lawful.
Restrict or object to processing.
Request data portability.
Withdraw consent (for consent-based processing).
Lodge a complaint with the Information Commissioner’s Office (ICO):

www.ico.org.uk | 0303 123 1113

Requests can be made by email to hello@sound-horizons.com.

13. Cookies and Tracking

Our website may use essential and optional cookies to enhance functionality and analyse traffic. If analytics or marketing tools (such as Google Analytics or Mailchimp) are activated in future, a cookie banner will be displayed and you’ll be able to manage preferences.
For further details, please see our Cookie Notice.

14. Data Storage and Location

All patient data is stored within Splose and a secure cloud environment with servers located in the UK or EEA.
Access is restricted to Nadia Abbott and authorised IT administrators only, on a need to know basis.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law or service delivery. The latest version will always be posted on our website and available upon request.

Last updated: October 2025.

16. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact:

Email: hello@sound-horizons.com

Post: Sound Horizons Ltd, Sound Horizons Ltd, 3rd Floor, 86-90 Paul Street, London, England, EC2A 4NE