Privacy & Security

Purpose and Scope

In pursuing our mission to facilitate the delivery of better hearing to the world, Sycle and its affiliated companies (“we,” “our,” “us”) may collect, use and disclose Personal Information about Sycle customers and users of Sycle services. This privacy policy explains what Personal Information Sycle collects, uses, and discloses about Sycle customers, and our purposes for doing so. It also explains how we endeavor to protect this information, what rights you have, and how to contact us if you have any questions or concerns. If you are unable to access this privacy policy due to a disability, please contact us at privacy@sycle.net and we will provide you with it in an alternative format. This policy does not apply to information healthcare providers enter about their patients into our Audiology Office Management Systems (the “Service”). We process that information on behalf of our customers, the healthcare providers. You can contact your healthcare provider for information about their privacy practices. If you engage with Sycle, this policy will govern our use of your Personal Information, and you agree to be bound by our website Terms of Use.

Jurisdiction-Specific Privacy Supplemental Policies

This Privacy Policy outlines our general privacy policies and is supplemented with jurisdiction-specific details in certain cases. If you are in one of the following jurisdictions, please see the applicable supplement:

Australia
Canada
European Union, Iceland, Liechtenstein, Norway and the United Kingdom

Collection of Personal Information

Personal Information Provided by You We collect Personal Information when you engage with us, including through use of our website, through communications with us, and through use of our Service. The Personal Information we collect may include your name, contact details including email address and phone number, company information, financial information, and other information you choose to provide. Personal Information Automatically Collected When you access or use our website, communicate with us, or use our Service, Personal Information may automatically be collected using browser navigation tools such as cookies, pixels, and other similar technologies. Information collected may include IP address, browser version, device, date and time of visit, location, website features viewed, operating system, and any errors encountered. Personal Information Input by Our Customers Our healthcare provider customers may provide us with Personal Information of their employees for purposes of provisioning access to the Service. Personal Information Received from Third Parties We may receive Personal Information from third parties including customer lead generation vendors.

Use of and Purpose for Collecting Personal Information

We use Personal Information for the following reasons:

To fulfill and respond to requests and inquiries and to contact you for administrative or other communications.
To provide, maintain and improve our products and services, including to analyze website traffic, performance, and reliability; to improve the content, functionality, and usability of our websites and communications; to assess market interests and trends; to detect and protect against security threats.
To support our marketing and promotional efforts, including to invite you to participate in surveys and provide feedback to us; to contact you with offers and other information we believe will be of interest to you; to provide you with a personalized experience when you use our websites; to create a profile from the interactions we have with you to help us understand what information you might be interested in receiving.
As necessary or appropriate under applicable law, to meet legal and regulatory requirements, including to comply with legal process and to respond to requests from public and government authorities; to enforce our Terms of Use; to protect our operations; to protect our rights, privacy, safety or property, and/or those of our affiliates, you or others; to allow us to pursue available remedies or limit the damages that we may sustain; to protect against fraud, and suspicious or other illegal activities.

We may combine or aggregate any Personal Information we collect for any of the above purposes.  We may also anonymize your Personal Information in such a way that you may not be re-identified by us or any other organization. We may use such anonymized information for any lawful purpose.

Text-Messaging Activity

If you provide your mobile number to us, and consent to receive SMS messages regarding user credentials, customer support, and other transactional details, you understand that your consent is not a condition to take part in, or purchase, anything. Message frequency may vary, and standard data charges may apply. You can opt out of marketing messages at any time by responding with “STOP” to the message we sent.

Disclosure of Personal Information

We disclose Personal Information as described below:

Within Our Corporate Group: Sycle is a wholly-owned subsidiary of Cochlear Limited and may share Personal Information with Cochlear Limited and its other affiliates (the “Cochlear Group”). Members of the Cochlear Group will use and share your Personal Information only as set forth in this Privacy Policy.
With Our Service Providers: We share Personal Information with organizations that provide or perform services to or on behalf of Sycle; for example, companies that provide website support services, or that help us market our products and services. Our service providers are required by contract to protect the confidentiality of the Personal Information we share with them and to use it only to provide services to us.
Business Transactions: Your Personal Information may be transferred to a company that has acquired the stock or assets of Sycle; for example, as the result of a sale, merger, reorganization or liquidation. If such a transfer occurs, the acquiring company’s use of your Personal Information will still be subject to this Privacy Policy and the privacy preferences you’ve expressed to us.
Legal/Government Requests and the Protection of Sycle and Others: We may disclose Personal Information when we, in good faith, believe disclosure is appropriate to comply with the law (or court order or subpoena); comply with lawful requests from public and governmental authorities; prevent or investigate a possible crime, such as fraud or identity theft; or protect the rights, property or safety of Sycle, the Cochlear Group, our users or others.

All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties, except as provided in this paragraph. We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Information, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages.

Cookies, Social Media Plug-Ins, and Similar Technologies

Cookies are small files that your internet browser stores to help websites keep track of information between visits. Our websites use cookies to help us:

Understand which of our web pages you visit, how often and from what types of devices;
Gather and remember information about your browsing devices and preferences;
Personalize elements of our websites based on your browser, device, country, and language;
Gather information about the website you came from and other sites you have visited to help categorize your browsing into a market segment for market analysis; and
Provide you with more relevant content, promotional communications, and advertisements.
As an example, when you visit our websites, cookies help us identify what you search for, what content you visit, and how frequently you return. Although the information we collect via cookies does not directly identify you, once you register on our websites, we may associate your prior and future activity on our websites and apps with the contact details you have provided.

Some of the cookies used by our websites are set by us, and some are set by third parties on our behalf. Our use of cookies from third parties enables interest-based advertising that may cause you to be shown advertisements from Sycle on other websites that you visit. We use cookies associated with Google Analytics, Microsoft Corporation, and HubSpot, Inc. to obtain statistical data about the use of our websites and apps, and Google Adsense and Google DoubleClick for managing and placing advertisements (together “Google Services”). Google Services allow your usage to be correlated across multiples devices, such as across your mobile phone and desktop computer. Click here to learn more about Google Analytics or prevent it from collecting information about your visit to our websites or visit http://myaccount.google.com to control your advertising experience across Google Services. If you do not want cookies set, you can configure your internet browser to reject certain cookies. Doing so may prevent certain features of our websites from working as intended. To learn more about cookies and similar technologies, visit http://allaboutcookies.org. You can also output of interest-based advertising via industry-operated websites by visiting http://www.networkadvertising.org/choices, http://www.aboutads.info/choices, and http://www.youronlinechoices.com (for European residents).

Social Media Plug-ins

In addition to cookies, we have also implemented social media plug-ins from social networks including Facebook, Instagram, LinkedIn, YouTube, and Twitter so that you can share things from our websites with your online friends and connections. With every visit to our websites which include a plug-in, your browser will connect to the social network servers. If you are logged in to the social network services while you are visiting our websites, they may associate your browsing on our website with your respective user account. For more information, see our Cookie Policy.

Transfers and Storage of Personal Information

Sycle is headquartered in Lone Tree, Colorado, but has key facilities and personnel in Canada and elsewhere in the United States. You acknowledge that your Personal Information may be transferred to, processed, and stored anywhere, except as may be restricted by law.

Retention of Personal Information

Unless otherwise agreed to in writing, or as required by law, Sycle will retain Personal Information in an identifiable form for as long as it is necessary to fulfill the purpose for which it was originally collected. When the retention period ends, we will either delete the information or anonymize it so that it is no longer associated with you. For more information, please see our Customer and Patient Retention Policy.

Security of Personal Information

Sycle has implemented reasonable security arrangements including appropriate administrative, technical and organizational measures to help protect Personal Information from misuse, loss, and unauthorized access or disclosure. Our security measures include appropriate access control, encryption (where appropriate), and regular security assessments. For more information see our Security Policy. If you are a customer, please contact your account administrator, contact Sycle Support at support@sycle.net, or see your jurisdiction-specific supplement to submit a request.

Third-Party Privacy Practices

Our website may contain links to third parties’ websites. Please note that we are not responsible for the privacy practices of those, or any, third parties.

Minors

We do not knowingly or intentionally target children 13 years of age or younger, nor do we intentionally collect or maintain data about anyone under the age of 13.

How to Contact Sycle

Should you wish to contact Sycle or if you have any questions or concerns about this Privacy Policy or how we handle your Personal Information, please email privacy@sycle.net or write to us at: Sycle Attn: Privacy Officer 10350 Park Meadows Drive Lone Tree, CO 80124 USA If you are a patient and have questions related to the Personal Information Sycle handles on behalf of clinics or other hearing professionals, please direct your question to the specific clinic or professional.

Changes to this Privacy Policy

We may update this policy from time-to-time at our own discretion. When we make a change, we will post our updated privacy policy to our website with a new “last updated” date. We encourage you to review this policy regularly to be aware of any changes.

AUSTRALIA PRIVACY SUPPLEMENT

Last Updated: July 14, 2023 This supplement applies only to information collected, used and disclosed about individuals residing in Australia, and supplements the information contained in the Sycle Privacy Policy. It provides information required in accordance with the Australia Privacy Act. Rights of Data Subjects under Australian Law Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. If you wish to exercise any of the rights set out below you may contact us in writing. The Australia Privacy Act offers individuals the rights to:

Access your Personal Information;
Correct or update any of your Personal Information that is inaccurate;
In addition, where we rely on consent to process your Personal Information, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

In the ordinary course, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). If an exceptional circumstance applies, we will notify you and provide you with an opportunity to respond. We respond to all legitimate requests within one month. Occasionally it may take us longer than a month to fully respond to your request, and in this case, we may extend the timeframe, but we will notify you and keep you updated if this is the case. Should you wish to make an individual right request, you may email privacy@sycle.net, or write to us at: Sycle Attn: Privacy Officer 10350 Park Meadows Drive Lone Tree, CO 80124 USA

CANADA PRIVACY SUPPLEMENT

Last Updated: July 14, 2023 This supplement applies only to information collected, used and disclosed about individuals residing in Canada, and supplements the information contained in the Sycle Privacy Policy. It provides information required in accordance with the Personal Information Protection and Electronic Documents Act (“PIPEDA”), Alberta’s Personal Information Protection Act, British Columbia’s Personal Information Protection Act, and Quebec’s Act Respecting the Protection of Personal Information in the Private Sector. Rights of Data Subjects under Canadian Law Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. If you wish to exercise any of the rights set out below you may contact us in writing. PIPEDA and the other Provincial laws referenced above offer individuals the rights to:

Access your Personal Information;
Correct or update any of your Personal Information that is inaccurate;

In addition, where we rely on consent to process your Personal Information, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. In the ordinary course, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). If an exceptional circumstance applies, we will notify you and provide you with an opportunity to respond. We respond to all legitimate requests within one month. Occasionally it may take us longer than a month to fully respond to your request, and in this case, we may extend the timeframe, but we will notify you and keep you updated if this is the case. Should you wish to make an individual right request, you may email privacy@sycle.net, or write to us at: Sycle Attn: Privacy Officer 10350 Park Meadows Drive Lone Tree, CO 80124 USA

EUROPEAN UNION, ICELAND, LIECHTENSTEIN, NORWAY AND THE UNITED KINGDOM PRIVACY SUPPLEMENT

Last Updated: July 14, 2023 This supplement applies only to information collected, used, and disclosed about individuals residing in the European Union, Iceland, Liechtenstein, or Norway (the “EEA”) or the United Kingdom, and supplements the information contained in the Sycle Privacy Policy. It provides information required in accordance with Article 13 of the European Union General Data Protection Regulation 2016/679 (the “GDPR”) and the UK General Data Protection Regulation. Sycle has designated the following representative who is responsible for overseeing questions in relation to this Policy: Attn: Privacy Officer 6 Dashwood Lang Road, Bourne Business Park, Addlestone, KT15 2HJ, United Kingdom +44 1932 26 3400 Lawful Bases for Processing We collect Personal Information about you for a variety of purposes based on the specific legal grounds described in the table below:

Purpose for Collection	Lawful Basis
Delivering information, content, products, or services that you request or purchase	To perform a contract or fulfill our obligation to provide products or services to you Our legitimate interests
Providing marketing communications about our products and services, or those of third parties, that may be of interest to you	Your consent Our legitimate interests
Understanding how you use our products, services, and website in order to improve and further develop our products and services and the content, features, performance, and support available through our website	Our legitimate interests
Providing legal or service-related notices about our products, services, and website	To perform a contract with you Our legitimate interests To comply with a legal obligation
Detecting, preventing, and responding to fraud, intellectual property infringement, violations of our website Terms of Use, violations of law, or other misuse of the website	Our legitimate interests To comply with a legal obligation
Protecting our rights or the rights, property, and safety of others	Our legitimate interests To comply with a legal obligation
Complying with laws and regulations, judicial and administrative orders, or lawful requests from governmental authorities	To comply with a legal obligation
Fulfilling our contractual relationship with you, including carrying out our obligations and exercising our rights	To perform a contract with you Our legitimate interests To comply with a legal obligation

We process the Personal Information of visitors to our website, those who communicate with us, and those who use our Service who are located in the EEA or the UK for the purposes set out in the table above. Where more than one purpose is listed, please contact us if you would like to know the specific legal basis which applies in connection with your specific enquiry. We have provided further information on the legal bases we generally rely on below:

Contractual Necessity – We will process your Personal Information where necessary for us to meet our contractual commitments to you.
Legitimate Interests – This means our general interest in conducting and managing our organization to enable us to provide you with the best products and give you the best service. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). Our specific legitimate interests include:
- Administering our operations;
- Providing high quality customer service;
- Developing our products and services, and what we charge for them;
- Defining types of customers for any new products or services;
- Understanding how our website is being used;
- Developing and growing our operations;
- Ensuring cybersecurity;
- To enhance protection against fraud, spam, harassment, intellectual property infringement, crime, and security risks; and
- To meet our obligations and enforce our legal rights.
Consent – In accordance with applicable law, we may seek your consent or explicit consent to process Personal Information collected on our website or otherwise provided by you. We may do so, for example, in relation to our marketing and promotional activities.
Compliance with Laws and Regulations – We will process your Personal Information where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

Rights of Data Subjects under GDPR Under certain circumstances, you have rights under data protection laws in relation to your Personal Information. The GDPR offers individuals the rights to:

Access your Personal Information;
Correct or update any of your Personal Information that is inaccurate;
Restrict or limit the ways in which we use your Personal Information;
Object to the processing of your Personal Information;
Request the deletion of your Personal Information; and
Obtain a copy of your Personal Information in an easily accessible format.

In addition, where we rely on consent to process your Personal Information, you have the right to withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent. In the ordinary course, you will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). We respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we may extend the timeframe by up to two further months but we will notify you and keep you updated if this is the case. Should you wish to make an individual right request, you may email privacy@sycle.net, call +1-888-881-7925, or write to us at: Sycle Attn: Privacy Officer 10350 Park Meadows Drive, Lone Tree, CO 80124 USA You may also contact our Data Privacy Officer by calling +44 1932 26 3400, or by writing to: Attn: Privacy Officer 6 Dashwood Lang Road, Bourne Business Park, Addlestone, KT15 2HJ, United Kingdom We may transfer your Personal Information outside the EEA or the UK where the transfer is:

to a country or territory deemed to provide an adequate level of protection by a relevant government authority (e.g. the European Commission or the UK government),
pursuant to standard contractual clauses approved by a relevant government authority (e.g. the European Commission or the UK government), or
in exceptional cases only, under a specific derogation recognized under applicable data protection law, including the GDPR.

You may contact us for additional information on data transfers outside of the UK or the EEA. If you have any complaints regarding our privacy practices, you have the right to make a complaint with your national data protection authority. However, we would appreciate the opportunity to address any concern you have so please contact us in the first instance. A list of EU supervisory authorities is available here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm The relevant UK supervisory authority is the UK Information Commissioner’s Officer: https://ico.org.uk/

1. Introduction

Cookie Policy

Our website, https://sycle.com (hereinafter: “the website”) uses cookies and other related technologies (for convenience all technologies are referred to as “cookies”). Cookies are also placed by third parties we have engaged. In the document below we inform you about the use of cookies on our website.

2. What are cookies?

A cookie is a small simple file that is sent along with pages of this website and stored by your browser on the hard drive of your computer or another device. The information stored therein may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.

3. What are scripts?

A script is a piece of program code that is used to make our website function properly and interactively. This code is executed on our server or on your device.

4. What is a web beacon?

A web beacon (or a pixel tag) is a small, invisible piece of text or image on a website that is used to monitor traffic on a website. In order to do this, various data about you is stored using web beacons.

5. Cookies

5.1 Technical or functional cookies

Some cookies ensure that certain parts of the website work properly and that your user preferences remain known. By placing functional cookies, we make it easier for you to visit our website. This way, you do not need to repeatedly enter the same information when visiting our website and, for example, the items remain in your shopping cart until you have paid. We may place these cookies without your consent.

5.2 Statistics cookies

We use statistics cookies to optimize the website experience for our users. With these statistics cookies we get insights in the usage of our website. We ask your permission to place statistics cookies.

6. Placed Cookies

7. Consent

Depending on the country from which you access our website, when you visit our website for the first time, we may show you a pop-up with an explanation about cookies and providing you with the ability to accept all cookies, reject all cookies except necessary cookies, or to customize your cookie preferences. If you click to accept all cookies, then you consent to us using all cookies and plug-ins as described in the pop-up and this Cookie Policy. You can make changes to your cookie preferences at any time by making selections below. You can also disable the use of cookies via your browser, but please note that if you disable all cookies, our website may no longer work properly.

8. Enabling/disabling and deleting cookies

You can use your internet browser to automatically or manually delete cookies. You can also specify that certain cookies may not be placed. Another option is to change the settings of your internet browser so that you receive a message each time a cookie is placed. For more information about these options, please refer to the instructions in the Help section of your browser.

Please note that our website may not work properly if all cookies are disabled. If you do delete the cookies in your browser, they will be placed again after your consent when you visit our websites again.

9. Your rights with respect to personal data

You have the certain rights with respect to your personal data. For more information on your rights, please see the Sycle Privacy Policy and any applicable jurisdiction-specific supplement.

To exercise these rights, please contact us. If you have a complaint about how we handle your data, we would like to hear from you, but you also have the right to submit a complaint to the supervisory authority (the Data Protection Authority). For more information about submitting a complaint, please see the Sycle Privacy Policy and any applicable jurisdiction-specific supplement.

10. Contact details

Should you wish to make an individual right request, please email privacy@sycle.net, call 1-888-881-7925, or write to us at:

Sycle
Attn: Privacy Officer

10350 Park Meadows Drive, Lone Tree, CO 80124 USA

You may also contact our Data Privacy Officer by calling +44 1932 26 3400, or by writing to:

Attn: Privacy Officer

6 Dashwood Lang Road, Bourne Business Park, Addlestone, KT15 2HJ, United Kingdom

This Cookie Policy was synchronized with cookiedatabase.org on August 30, 2022.

Security

Last Updated: July 14, 2023

Our website has security measures in place to help protect against the loss, misuse, and alteration of the data under our control. When our website is accessed using Microsoft Internet Explorer versions 5.0 or higher, Secure Socket Layer (SSL) technology protects information using server authentication to help ensure that data is safe, secure, and available only to you. Our website is hosted in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Finally, our website provides unique usernames and passwords that must be entered each time a customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of data.

Security Measures

Security Measures

Security measures include the following:

Expert team of experienced, professional engineers and security specialists
Around-the-clock protection of data and systems
Continuous deployment of proven, up-to-date firewall protection, SSL encryption, and other security technologies
Ongoing evaluation of emerging security developments and threats
Complete redundancy throughout our entire website Online Infrastructure architecture

Physical Security

Our production equipment is collocated at an IBM Data Center that provides:

24-hour physical security
Enforcement of fingerprint and body weight verification for all facility access
Solid, steel-reinforced concrete building
Redundant electrical generators and data center air conditioners v
Emergency diesel generators
Other backup equipment designed to keep servers continually up and running Data Encryption: our website leverages the strongest encryption products to protect customer data and communications, including 128-bit SSL certification and 2048-bit RSA public keys.

User Authentication

Users access our website only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.

Application Security: Our comprehensive application security model prevents customers from accessing another customer’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.

Internal Systems Security: Inside of the perimeter firewalls, systems are safeguarded by network high-performance web proxies, access control lists, non-routable IP addressing schemes, and more. Exact details of these features are proprietary.

Database Security: Sycle database servers are not exposed to the internet. All Sycle database servers reside on a separate private network that can only be accessed by the Sycle application. All Sycle administration is through individual, monitored administration logins.

Server Management Security: All data entered into our application by a customer is owned by that customer. Sycle employees do not have direct access to production equipment, except where necessary for system management and administration, monitoring, backups and customer support at the behest of the customer.

Business Continuity and Disaster Recovery: All networking components, SSL accelerators, load balancers, web servers, and application servers are configured in a redundant configuration. All customer data is stored on multiple database servers with full business continuity fail-over. Data is backed up nightly and stored to a secure offsite facility. In the event of catastrophic failure, data can be restored within a maximum of 24 hours.

HIPAA (Health Insurance Portability and Accountability)

HIPAA (Health Insurance Portability and Accountability Act of 1996) is a regulation designed to protect confidential healthcare information through improved security standards and federal privacy legislation. It defines requirements for storing patient information before, during, and after electronic transmission. It also identifies compliance guidelines for critical business tasks such as risk analysis, awareness training, audit trail, disaster recovery plans, and information access control and encryption.

The HIPAA regulation has three main components that apply to “covered entities” (a covered entity is any provider of healthcare services that charges the government or insurance for their services):
Standard Transaction Code Sets
Patient Information Privacy
Patient Information Security (both electronic and physical records)

To learn more about HIPAA, please visit:
http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html
http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act