Data Protection

Data privacy is a fundamental right of individuals to know and to decide what personal data about them is collected, used and shared.

  • We should take every step to ensure the privacy of our Recipients, business partners, customers and employees
  • Personal data is any information relating to an identified or identifiable person


Basic Principles

We must collect personal data fairly and lawfully

  • Legal Justification: Prior to collecting and using personal data we must have a legal justification
    • Legal permission or obligation
    • Legal contract
    • Consent

We must process personal data responsibly

  • Purpose Limitation: We must process data only for the purposes indicated at the time of collection
  • Confidentiality: We may only share, disclose, transfer, permit access to or publish personal data within Sonova or to 3rd parties if we are authorized to do so and only on a strict “need to know” basis.
  • Be aware that there are limitations to cross-border access & transfers of data (always reach out to Legal or Compliance)
  • Data Quality: We must ensure that personal data stored in our systems is accurate and up to date.

Standards when collecting, processing and sharing personal data

Rules when engaging a service provider

  • Prior to engaging a  service provider who will be processing personal data on our behalf please consult Legal or Compliance
  • Understand what information they need
  • Verify that they can protect the data (and abide by applicable laws)
  • Enter into a written agreement

Document our data processing activities

  • Accountability: Each of us is personally accountable and responsible for maintaining a record of processing activities under our own responsibilities, describing what personal data we hold and where we hold it. Also, it must be transparent how and why we use the data and who has access to it.
  • Documentation: We must accurately and completely document all documenting processing activities; and assess the risk to the privacy of individuals posed by such activities when we start to design or plan a new project, process or product, that involves the processing of personal data.

What should we do in case of a data incident

  • Data incident means that someone received improper or unauthorized access to collected, personal data held by or under the responsibility of Sonova
    • Examples = loss of a laptop, mobile device, disk, USB stick or paper files  
  • What should we do if there is a data incident: