Data Privacy terms and conditions
Sonova USA and the account or customer or licensed hearing care professionals or together "the Parties" commit to comply with all legislations of the USA or of a State or Territory or local authority applicable to its performance of this Agreement, including, without limitation the Health Insurance Portability and Accountability Act (HIPAA), the Children’s Online Privacy Protection Rule (COPPA), the Federal Trade Commission Act (FTC Act), the Telephone Consumer Protection Act (TCPA), the California Consumer Privacy Act (CCPA).
The Parties also commit to act in accordance with the following data privacy terms and conditions.
Article 1 – Characteristics of Personal Data Processing
The Parties agree that the Processing of Personal Data, the purposes and means of which, shall have the following characteristics
Article 2 – General obligations of the Parties
The Parties undertake to:
- Ensure data subjects are informed about the collection, the processing and transmission of personal data and agree with it, as far as such information and agreement is legally required.
- Ensure that the personnel having access to or being involved in the Processing of Personal Data, by virtue of this Agreement, are bound by an obligation of confidentiality, and receive the necessary training in the protection of Personal Data;
- In the event of subcontracting the Processing activities, ensure that the sub-vendor complies with the obligations arising from the Contract and or our terms and conditions.
Article 3 – Rights of the Data Subjects
The Parties agree that:
- The Data Subjects concerned by the Processing of Personal Data are able to exercise their rights as provided for in the Personal Data Legislation with SONOVA or the HCP. In all cases, the Parties undertake to cooperate and inform each other of the requests made by the Data Subjects, so that they can provide an adequate response within the time limits laid down, in accordance with the applicable law.
Article 4 – Security of Personal Data
Each Party undertakes to:
- Use or disclose the Data only as permitted by this agreement or as required by law.
- Use appropriate safeguards to prevent use or disclosure of the Data other than as permitted by this Agreement or required by law.
- Guarantee a level of security of Personal Data, in its respective area of responsibility, in accordance with the applicable law;
- Implement appropriate technical and organizational measures such as:
a) Pseudonymization and encryption of Personal Data;
b) Means to ensure the continued confidentiality, integrity, availability and resilience of the Processing systems and services;
(c) Means to restore the availability of and access to Personal Data in a timely manner in the event of a physical or technical incident;
(d) Have a procedure to regularly test, analyse and evaluate the effectiveness
Article 5 – Personal Data Breach
In the event of a Personal Data Breach, the Parties undertake to cooperate and to inform each other as soon as possible.
The Party concerned by the Personal Data Breach will carry out an investigation and an analysis in order to determine the consequences of the Personal Data Breach. In this regard, the Party concerned will implement as soon as possible the measures necessary to remediate the Personal Data Breach and to comply with applicable laws.