Privacy & Security

Sycle goes above and beyond to ensure your data is safe and secure. We work with our partners at IBM to deliver the very best data security to our customers. Together we maintain, backup and protect all patient data and financial information.

  • Privacy Policy

    Our commitment to privacy

    In pursuing our mission to facilitate the delivery of better hearing to the world, Sycle may collect, use and share personal information. This may be through use of our websites or via communications with us. We want you to understand what personal information we collect, how we use it, with whom we share it, how we endeavor to protect it, how you can access and/or correct it, and, finally, how to contact us if you have any questions or concerns.

    This Privacy Policy applies to the websites and communications provided by Sycle. This Privacy Policy does not govern Sycle’s collection and use of personal information in its provision of the Sycle Practice Management Service to hearing professionals. The Sycle Practice Management Service is governed by its Master Service Agreement and Terms of Use.

    What personal information does Sycle collect?

    Personal information provided by you.

    When you interact with Sycle, you may provide us with your personal information. For example, you may provide your name, contact details, and company information when registering for a Sycle demo account, requesting additional information via our websites, or at events or trade conferences. Additionally, your name, email address and comments will be collected if you choose to comment on stories posted on the Sycle Blog.

    Personal information automatically collected through your use of our websites.

    When you visit our websites, your computer or mobile device may send certain analytic data to us such as your IP address, your browser version, the version of the app you are using and any errors encountered.

    How does Sycle use personal information?

    We use personal information to provide, maintain and improve our products and services. For example, we use personal information:

    • to analyze website traffic, performance, and reliability
    • to improve the content, functionality, and usability of our websites and communications
    • to assess market interests and trends
    • to detect and protect against security threats
    • in the course of assessing employment applications and throughout our recruitment process

    We also use personal information to support our marketing and promotional efforts, including:

    • to invite you to participate in surveys and provide feedback to us
    • to contact you with offers and other information we believe will be of interest to you
    • to provide you with a personalized experience when you use our websites
    • to create a profile from the interactions we have with you to help us understand what information you might be interested in receiving

    You can always unsubscribe from promotional communications either via the unsubscribe links within the communications or by contacting us via one of the methods described at the end of this Privacy Policy.

    When do we share personal information and with whom?

    Within Our Corporate Group.
    Sycle is a wholly-owned subsidiary of Cochlear Limited and may share personal information with Cochlear Limited and its other affiliates (the “Cochlear Group”). Members of the Cochlear Group will use and share your personal information only as set forth in this Privacy Policy.

    With Our Service Providers.
    We share personal information with organizations that provide or perform services to or on behalf of Sycle; for example, companies that provide website support services, or that help us market our products and services. Our service providers are required by contract to protect the confidentiality of the personal information we share with them and to use it only to provide services to us.

    Business Transactions.
    Your personal information may be transferred to a company that has acquired the stock or assets of Sycle; for example, as the result of a sale, merger, reorganization or liquidation. If such a transfer occurs, the acquiring company’s use of your personal information will still be subject to this Privacy Policy and the privacy preferences you’ve expressed to us.

    Legal/Government Requests and the Protection of Sycle and Others.
    We may disclose personal information when we, in good faith, believe disclosure is appropriate to:

    • comply with the law (or court order or subpoena);
    • comply with lawful requests from public and governmental authorities;
    • prevent or investigate a possible crime, such as fraud or identity theft; or
    • protect the rights, property or safety of Sycle, the Cochlear Group, our users or others.

    How does Sycle use cookies, social media plug-ins, and similar technologies?

    Cookies are small files that your internet browser stores to help websites keep track of information between visits. Our websites use cookies to help us:

    • understand which of our web pages you visit, how often and from what types of devices;
    • gather and remember information about your browsing devices and preferences;
    • personalize elements of our websites based on your browser, device, country, and language; and
    • gather information about the website you came from and other sites you have visited to help categorize your browsing into a market segment for market analysis; and
    • provide you with more relevant content, promotional communications, and advertisements.

    As an example, when you visit our websites, cookies help us identify what you search for, what content you visit, and how frequently you return. Although the information we collect via cookies does not directly identify you, once you register on our websites we may associate your prior and future activity on our websites and apps with the contact details you have provided.

    Some of the cookies used by our websites are set by us, and some are set by third parties on our behalf. Our use of cookies from third parties enables interest-based advertising that may cause you to be shown advertisements from Sycle on other websites that you visit.

    We use Google Analytics to obtain statistical data about the use of our websites and apps, and Google Adsense and Google DoubleClick for managing and placing advertisements (together “Google Services”). Google Services allow your usage to be correlated across multiples devices, such as across your mobile phone and desktop computer. Click here to learn more about Google Analytics or prevent it from collecting information about your visit to our websites, or visit http://myaccount.google.com to control your advertising experience across Google Services.

    If you do not want cookies set, you can configure your internet browser to reject cookies. Doing so may prevent certain features of our websites from working as intended. To learn more about cookies and similar technologies, visit http://allaboutcookies.org. You can also opt-out of interest-based advertising via industry-operated websites by visiting http://www.networkadvertising.org/choices, http://www.aboutads.info/choices, and http://www.youronlinechoices.com (for European residents).

    Social Media Plug-ins

    In addition to cookies, we have also implemented social media plug-ins from social networks like Facebook and Twitter so that you can share things from our websites with your online friends and connections. With every visit to our sites which include a plug-in, your browser will connect to the Facebook and/or Twitter servers. If you are logged in to the Facebook and/or Twitter services while you are visiting our websites, they may associate your browsing on our website with your respective user account.

    Where is personal information processed and stored?

    Sycle is headquartered in San Francisco, California, but with key facilities and personnel in Canada and elsewhere in the United States. Your personal information may be transferred to, processed and stored anywhere Sycle, the Cochlear Group or their respective service providers operate. To the extent that personal information is collected from EU/EEA residents and transferred to countries which may have lower legal standards for the protection of personal information, Sycle will take steps to protect and otherwise process it in accordance with EU standards of data protection.

    For how long will Sycle retain personal information?

    Sycle will only keep personal information in an identifiable form for as long as it is necessary to fulfil the purpose for which it was originally collected or any additional uses you have agreed to after that, we will either delete the information or de-identify it so that it is no longer associated with you.

    How does Sycle help secure personal information?

    Sycle has implemented appropriate administrative, technical and organizational measures to help protect personal information from misuse, loss, and unauthorized access or disclosure. Our security measures include appropriate access control, encryption (where appropriate) and regular security assessments.

    How can you access, correct or delete personal information?

    We respect your right to make choices about how we collect, use and share your personal information. Whenever we collect your personal information, we take steps to help ensure that it is accurate, complete, and up-to-date. But we understand that your personal information and your privacy preferences may change over time.

    Contact us via one of the methods listed below in order to access, correct, amend or delete your personal information within Sycle’s control. To help protect your privacy and security, we will take reasonable steps to verify your identity before providing you with access to your details or correcting, amending or deleting our records. If you have questions related to the personal information Sycle handles on behalf of audiology clinics or other hearing professionals, please direct your question to the specific clinic or professional.

    How can you raise questions or concerns about this policy or about how Sycle handles your personal information?

    Should you wish to access your information, change your contact preferences, or raise any questions or concerns about this Privacy Policy or how we handle your personal information, please email privacy@sycle.net or write to us at:

    Sycle
    Attn: Privacy Officer
    480 Green Street
    San Francisco, CA 94133
    USA

    Although we will strive to address any questions or concerns you may have, you also have the right to directly contact your local privacy or data protection regulator.

    What happens when this policy changes?

    We may need to update this policy from time-to-time for a variety of reasons, including changes in laws, regulations and our business practices. When we make a change, we’ll post our updated privacy policy 30 days before it becomes effective to help ensure that you are aware of what’s new.

    Thank you

    We appreciate you taking the time to read this policy. We know that you are placing your trust in Sycle when you choose to share your personal information with us and we intend to use it responsibly as we continue to facilitate the delivery of better hearing to the world.

  • Cookies

    When you interact with the Sycle.net website we strive to make the experience easy and meaningful. When you come to our website, our web server sends a cookie to your computer. Cookies are files that web browsers place on a computer’s hard drive and are used to tell us whether customers and visitors have visited the Site previously. Standing alone, cookies do not identify you personally. They merely recognize your browser. Unless you choose to identify yourself to Sycle.net, either by responding to a promotional offer, opening an account, or registering for a 30-day Test Drive, you remain anonymous to Sycle.net. Cookies come in two types: session and persistent-based. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. Sycle.net only uses session cookies. Session cookies help us verify your identity after you’ve logged in, and they are required in order to use the Sycle.net application. Users who disable their web browser’s ability to accept cookies will be able to browse our website, but will not be able to successfully use the Service.

  • Security

    Our Site has security measures in place to help protect against the loss, misuse, and alteration of the Data under our control. When our Site is accessed using Microsoft Internet Explorer versions 5.0 or higher, Secure Socket Layer (SSL) technology protects information using server authentication to help ensure that Data is safe, secure and available only to you. Sycle.net hosts the Site in a secure server environment that uses a firewall and other advanced technology to prevent interference or access from outside intruders. Finally, Sycle.net provides unique usernames and passwords that must be entered each time a customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.

  • Security Measures

    Security measures include the following:

    • Expert team of experienced, professional engineers and security specialists
    • Round-the-clock protection of data and systems
    • Continuous deployment of proven, up-to-date firewall protection, SSL encryption, and other security technologies
    • Ongoing evaluation of emerging security developments and threats
    • Complete redundancy throughout the entire Sycle.net Online Infrastructure architecture

    Physical Security: Our production equipment is collocated at an IBM Data Center that provides:

    • 24-hour physical security
    • Enforcement of fingerprint and body weight verification for all facility access
    • Solid, steel-reinforced concrete building
    • Redundant electrical generators and data center air conditioners v
    • Emergency diesel generators
    • Other backup equipment designed to keep servers continually up and running Data Encryption: Sycle.net leverages the strongest encryption products to protect customer data and communications, including 128-bit SSL certification and 2048-bit RSA public keys.

    User Authentication: Users access Sycle.net only with a valid username and password combination, which is encrypted via SSL while in transmission. An encrypted session ID cookie is used to uniquely identify each user. For added security, the session key is automatically scrambled and re-established in the background at regular intervals.

    Application Security: Our comprehensive application security model prevents one Sycle.net customer from accessing another’s data. This security model is reapplied with every request and enforced for the entire duration of a user session.

    Internal Systems Security: Inside of the perimeter firewalls, systems are safeguarded by network high-performance web proxies, access control lists, non-routable IP addressing schemes, and more. Exact details of these features are proprietary.

    Database Security: Sycle database servers are not exposed to the internet. All Sycle database servers reside on a separate private network that can only be accessed by the Sycle application. All Sycle administration is through individual, monitored administration logins.

    Server Management Security: All data entered into the Sycle.net application by a customer is owned by that customer. Sycle.net employees do not have direct access to the Sycle.net production equipment, except where necessary for system management and administration, monitoring, backups and customer support at the behest of the customer.

    Business Continuity and Disaster Recovery: All networking components, SSLaccelerators, load balancers, web servers, and application servers are configured in a redundant configuration. All customer data is stored on multiple database servers with full business continuity fail-over. Data is backed up nightly and stored to a secure offsite facility. In the event of catastrophic failure, data can be restored within a maximum of 24 hours.

  • HIPAA

    HIPAA (Health Insurance Portability and Accountability Act of 1996) is a regulation designed to protect confidential healthcare information through improved security standards and federal privacy legislation. It defines requirements for storing patient information before, during, and after electronic transmission. It also identifies compliance guidelines for critical business tasks such as risk analysis, awareness training, audit trail, disaster recovery plans, and information access control and encryption.

    The HIPAA regulation has three main components that apply to “covered entities” (a covered entity is any provider of healthcare services that charges the government or insurance for their services):
    Standard Transaction Code Sets
    Patient Information Privacy
    Patient Information Security (both electronic and physical records)

    To learn more about HIPAA, please visit:
    http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html http://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act