Privacy Policy

Last updated: 1 April 2025

Burotec Limited ("Burotec", "we", "us", "our") is committed to protecting and respecting your privacy. This policy explains how we collect, use and protect personal data in connection with the Tinnitus Masker app and website at tinnitusmasker.burotec.co.uk.

The data controller is Burotec Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.

We are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully. If you have any questions, contact our Privacy Officer at privacy@burotec.co.uk.

What Information We Collect

We may collect the following categories of personal data:

Contact and enquiry data — name and email address when you contact us directly
Newsletter subscription data — email address when you subscribe to our mailing list via the website
Technical and usage data — IP address, browser type, operating system, pages visited, session duration, and device information, collected automatically when you visit our site or use our services
Analytics and advertising data — aggregated and pseudonymised data collected via third-party tools (see Third-Party Services below)

We do not collect sensitive personal data (as defined under UK GDPR) through the Tinnitus Masker app or website.

How We Use Your Information

We use your personal data for the following purposes and on the following legal bases:

To respond to enquiries and provide support — legal basis: legitimate interests / contract
To send newsletters and product updates (only where you have subscribed) — legal basis: consent. You may withdraw consent and unsubscribe at any time using the link in any email we send.
To analyse site traffic and improve the website — legal basis: consent (via cookie banner) for analytics cookies; legitimate interests for aggregate, anonymised analysis
To measure the effectiveness of our advertising — legal basis: consent (via cookie banner)
To comply with legal obligations — legal basis: legal obligation

Cookies and Tracking

We use cookies and similar tracking technologies on this website. When you first visit, you are presented with a cookie consent banner that allows you to accept or decline non-essential cookies. You can update your preferences at any time by clearing your cookies and revisiting the site.

The categories of cookies we use are:

Essential cookies — required for the site to function. No consent required.
Analytics cookies — used to understand how visitors use the site (see Google Analytics below). Only set with your consent.
Marketing cookies — used to measure advertising effectiveness (see Meta Pixel below). Only set with your consent.

For more information on managing cookies, visit www.aboutcookies.org.

Third-Party Services

We use the following third-party services that may process personal data on our behalf:

Google Analytics 4 (Google LLC)

We use Google Analytics 4 to analyse website traffic and usage. We have implemented Google's Consent Mode v2, which means Google Analytics will not set tracking cookies or collect personal data unless you have consented to analytics cookies. When consent is not given, Google Analytics operates in a cookieless, anonymised mode. Google may process data on servers outside the UK; Google LLC participates in the UK-US Data Bridge framework. You can opt out via Google's Ads Settings.

Meta Pixel (Meta Platforms Ireland Limited)

We use Meta Pixel to measure the effectiveness of our advertising on Facebook and Instagram. The Meta Pixel is only initialised after you have consented to marketing cookies. Meta may process data on servers outside the UK; Meta participates in the UK-US Data Bridge framework. You can manage your ad preferences at facebook.com/ads/preferences.

Apple App Store & Google Play

If you download the Tinnitus Masker app, Apple and Google collect data in accordance with their own privacy policies as part of the app store download process. We do not control or receive that data.

Newsletter Subscriptions

If you subscribe to our newsletter, we will store your email address and use it solely to send you updates about Tinnitus Masker, including new features, sounds, and tips. We will not share your email address with third parties for marketing purposes. You can unsubscribe at any time using the link included in every email, or by contacting us at privacy@burotec.co.uk. The legal basis for this processing is your consent.

Disclosure of Your Personal Information

We do not sell or rent your personal data. We may share it in the following limited circumstances:

With third-party service providers who process data on our behalf (such as those listed above), under appropriate data processing agreements
In the event of a sale, merger or transfer of the business, with the acquiring party, provided they agree to honour this policy
Where required by law, court order or a regulatory authority of competent jurisdiction
As aggregate, anonymised statistics with no personally identifying information

International Data Transfers

Some of our third-party service providers (including Google and Meta) process data outside the UK. Where this occurs, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or reliance on the UK-US Data Bridge, to provide a level of protection equivalent to UK GDPR.

Security & Storage of Data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. All data is stored on secure servers. While we maintain these safeguards, no transmission over the Internet can be guaranteed to be completely secure.

Retention of Data

We retain personal data only for as long as is necessary for the purposes set out in this policy, or as required by law:

Newsletter subscriptions — retained until you unsubscribe or request deletion
Enquiry and support data — retained for up to 3 years from last contact
Analytics data — retained in accordance with Google Analytics retention settings (default 14 months)
Financial and business records — retained for 6 years as required by HMRC regulations

Your Rights Under UK GDPR

You have the following rights regarding your personal data:

Right of access — to request a copy of the personal data we hold about you (subject access request)
Right to rectification — to request correction of inaccurate or incomplete data
Right to erasure — to request deletion of your data where there is no longer a lawful basis to retain it
Right to restrict processing — to request that we limit how we use your data
Right to data portability — to receive your data in a structured, machine-readable format
Right to object — to object to processing based on legitimate interests or for direct marketing
Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, contact us at privacy@burotec.co.uk or in writing to: F.A.O. Privacy Officer, Burotec Limited, 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ.

We will respond to subject access requests within one calendar month of receipt. There is no charge for making a request. We may ask you to verify your identity before responding.

Complaints

If you believe we have not handled your personal data in accordance with this policy or applicable law, please contact us in the first instance at privacy@burotec.co.uk. We will acknowledge your complaint promptly and aim to provide a full response within one calendar month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at any time: ico.org.uk/concerns or by calling 0303 123 1113.

Changes to This Policy

We may update this policy from time to time. The date at the top of this page indicates when it was last revised. We recommend reviewing it periodically. Significant changes will be communicated where practicable.

Contact

For any questions, comments or requests regarding this privacy policy, please contact our Privacy Officer at privacy@burotec.co.uk.