Speak to our team: +353 (1) 253 1448 for Ireland & Europe or +44 20 3807 7449 for UK.

Skip to content

Refer Your Patient: Data Sharing Terms

In order to refer your patient for a tinnitus assessment with Ótologie using this service, you will need to read and agree to the data sharing terms using the form below. You will then be presented with a patient referral form to submit.

Alternatively, the patient can submit their own appointment request at www.otologie.com/how-to-book/




1.1 Definitions:

Appropriate Safeguards” the measures set out in Article 46 of the GDPR; 
Appropriate Technical and Organisational Measures” the appropriate technical and organisational measures referred to in Data Protection Legislation (including, as appropriate, the measures referred to in Article 32(1) of the GDPR); 
Controller or Data Controller” has the meaning given to such term in GDPR; 
Data” any data or information, in whatever form, including but not limited to images, still and moving, and sound recordings; 
Data Importer” has the meaning given to that term in Clause 6.2; 
Data Protection Legislation” the Irish Data Protection Acts 1988 to 2018, GDPR and any other applicable law or regulation relating to the Processing of Personal Data and Special Category Data and to privacy (including the E-Privacy Directive and the 2002/58/EC and the European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011, as such legislation shall be supplemented, amended, revised or replaced from time to time and all guidance and codes of practice issued by the DPC from time to time; 
Data Subject” any patient of the HCP who is referred to Neuromod through the Programme and whose Personal Data is shared on this basis for the purposes of the Data Subject availing of the Services; 
Designated Party” has the meaning given to that term in Clause 4.3.1; 
DPC” Office of the Data Protection Commissioner, Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland; 
EEA” the states that are contracting parties to the Agreement on the European Economic Area from time to time; 
GDPR” Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing the Directive 95/46/EC (General Data Protection Regulation), and any amendments made thereto; 
HCP” or “Healthcare Professional” the healthcare professional, consultant, audiologist, acousticians, consultant otolaryngologist, ENT (ear, nose and throat) surgeons, general practitioners, psychologists, psychotherapists and speech therapists or other referring party who or which is referring a Data Subject to Neuromod through the Programme pursuant to these Terms; 
Jointly Controlled Data” the Personal Data and/or Special Category Data provided by the HCP to Neuromod through and shared/accessed by the Parties on the Website for the purposes of the Programme; 
Neuromod” Neuromod Devices Limited, a private company limited by shares registered under Part 2 of the Companies Act, 2014, incorporated under the laws of Ireland having registered number 653075 and having its registered office at The Digital Hub, Unit J, Digital Court, Rainsford Street, Dublin 8, D08 R2YP Ireland; 
Parties” Neuromod and the HCP (and each of them a “Party”); 
Personal Data” has the meaning given to such term in GDPR; 
Personal Data Breach” any “personal data breach” as defined in the GDPR in respect of the Personal Data which is caused by the Researcher; 
Processing” has the meaning given to such term in Data Protection Legislation, and “Processed” and “Process” shall be interpreted accordingly; 
Processor or Data Processor” has the meaning given to such term in GDPR; 
Programme” the patient referral programme operated by Neuromod through the Website; 
Restricted Transfer” any transfer of Personal Data to countries outside of the EEA which are not subject to an adequacy decision by the European Commission under Article 45 of the GDPR, where such transfer would be prohibited by Data Protection Legislation; 
Services” the development, manufacture and marketing of medical devices, including the commercialisation of neuromodulation technologies; 
Special Category Data” has the meaning given to such term in GDPR; 
Standard Contractual Clauses” the contractual clauses dealing with the transfer of Personal Data outside the EEA, which have been approved by (i) the European Commission under Data Protection Legislation, or (ii) by the DPC or an equivalent competent authority under Data Protection Legislation or such replacement form as may be so approved from time to time; 
Terms” these data processing terms; and 
Website” the Neuromod website, www.neuromoddevices.com

1.2  Interpretation 

1.2.1  The following definitions and rules of interpretation apply in these Terms, which, unless the context requires otherwise, includes the Recitals and any Appendices.

1.2.2  Clause and paragraph headings shall not affect the interpretation of these Terms.

1.2.3  Unless the context otherwise, requires, words in the singular shall include the plural and in the plural shall include the singular.

1.2.4  A reference to a company or agency shall include any company, corporation or other body corporate, wherever and however incorporated or established.

1.2.5  A reference to a statue or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision. 

1.2.6  Any words following the terms includingincludein particular or for example or any similar phrase shall be construed as illustrative and shall not limit the generality of the related general words. 

1.2.7  Unless the context otherwise requires the reference to one gender shall include a reference to the other genders. 


2.1  In connection with the provision of the Services, Neuromod has established the Programme with the purpose of facilitating the HCP to refer Data Subjects to Neuromod through the Website for assessment for treatment. The collaboration between the Parties for the purposes of sharing the Personal Data and Special Category Data related to Data Subjects involves the Processing of Jointly Controlled Data (as defined below) by each Party as joint Data Controllers.  

2.2  To ensure the secure, correct and lawful Processing of the Shared Data under Data Protection Legislation, the Parties have agreed to the terms and conditions as set forth in these Terms. 

2.3  These are stand-alone Terms (independent to any other agreement which may be in place between the Parties) solely for the purposes of regulating the sharing and Processing of Jointly Controlled Data between the Parties; as such, it does not incorporate commercial business terms established by the Parties (if any) under separate commercial arrangements. 


3.1  Each Party shall be responsible, as joint Controller, for its own Processing of the Jointly Controlled Data, which means that the Parties jointly determine the purposes and means of Processing of the Jointly Controlled Data. Each Party must fully comply with its respective obligations as joint Controller under Data Protection Legislation in respect of the Jointly Controlled Data. These Terms constitute the Parties’ joint Controller arrangement referred to in Article 26 of GDPR. 

3.2  No Party shall be construed as a Processor in relation to another Party, unless the conditions for Processing of the Jointly Controlled Data change so that one Party Processes Personal Data on behalf of and on the instructions of another Party and in which case the Parties will enter into a data processing agreement for the purposes of Article 28 of GDPR which shall apply to such Processing. 

3.3  The Parties shall not be construed as independent Controllers in respect of the Jointly Controlled Data unless the conditions for Processing of the Jointly Controlled Data change so that the Parties independently of one another determine the purposes and means of Processing the Jointly Controlled Data.  

3.4  Notwithstanding Clause 3.3, the Parties shall remain independent Controllers in respect of Personal Data and/or Special Category Data which each of them collects directly from Data Subjects for their own purposes, namely, in respect of the HCP, for the purposes of treating the Data Subject and in respect of Neuromod, for the purposes of providing the Services to the Data Subject or otherwise. 


4.1  The Parties will inform one another as soon as possible of any requests from Data Subjects regarding access to, portability, rectification or erasure of Jointly Controlled Data, or restriction of or objection to the Processing of Jointly Controlled Data. Each Party shall, to the extent that such a request affects the Processing of Jointly Controlled Data by the other Party, provide reasonable assistance to that other Party to enable compliance with Data Protection Legislation.  

4.2  Notwithstanding the foregoing, each Party shall remain responsible itself, in respect of Jointly Controlled Data held by it, for dealing with requests received by it from Data Subjects who are exercising their rights in respect of such Jointly Controlled Data. Each Party may inform Data Subjects making any such requests that the other Party may also hold Personal Data relating to that Data Subject, and the other Party shall then deal with any request made directly to it by Data Subjects. 

4.3  In relation to each processing activity to which these Terms apply, Parties shall:  

4.3.1  designate which Party (the “Designated Party”) will take primary responsibility for complying with the obligations (under Article 26 of GDPR) to provide the information set out in Articles 13, 14 and 26(1) and (2) of GDPR to Data Subjects; and  

43.2  document the details of the Designated Party in relation to each Processing activity. 


5.1  Each Party shall notify the other immediately if it becomes aware of, or suspects: (i) any breach of these Terms; or (ii) a Personal Data Breach which is likely to affect or invoke the other’s obligations under Data Protection Legislation, or (iii) any situation or envisaged development that shall in any way influence, change or limit the Processing of the Jointly Controlled Data. Each Party shall document all Personal Data Breaches in accordance with Data Protection Legislation and fully cooperate with the other Party to ensure compliance with Data Protection Legislation. Each Party shall use reasonable endeavours to mitigate any damage suffered by a Data Subject in these circumstances. 

5.2  Neither Party shall retain or process Personal Data or Special Category Data for longer than is necessary to carry out the purposes for which it was collected. 

5.3  The Parties undertake to have in place Appropriate Technical And Organisational Security Measures to:  

5.3.1  prevent unauthorised or unlawful processing of the Personal Data and/or Special Category Data and the accidental loss or destruction of, or damage to, the Personal Data and/or Special Category Data; and   

5.3.2  ensure a level of security appropriate to the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage and the nature of the Personal Data and/or Special Category Data. 


6.1  Where Parties act as joint Controllers, a Restricted Transfer may only be made where there are Appropriate Safeguards in place with regard to the rights of Data Subjects (including but not limited to the Standard Contractual Clauses, binding corporate rules, or any other model clauses or transfer mechanisms approved by the DPC). 

6.2  Any Party which is entering into the Appropriate Safeguards with a recipient of the Personal Data and or Special Category Data (a “Data Importer”) shall comply with the guidance of any relevant regulatory authority on Restricted Transfers in particular with respect to the use of Standard Contractual Clauses and any additional or supplementary measures required to be taken in the context of any such Restricted Transfers, including but not limited to the requirement to carry out risk assessments and to adopt mitigating measures to ensure essentially equivalent protection for Data Subjects in the jurisdiction of the Data Importer.  

6.3  Clauses 6.1 and 6.2 shall not apply to a Restricted Transfer if other compliance steps (which may include, but shall not be limited to, obtaining explicit consents from Data Subjects) have been taken to allow the relevant Restricted Transfer to take place without breach of applicable Data Protection Legislation. 

6.4  In the event that (i) either party is required to enter into the Standard Contractual Clauses in accordance with this Clause 6, and (ii) there is any conflict or ambiguity between any provision contained in these Terms and any provision contained in such Standard Contractual Clauses, the Standard Contractual Clauses shall take precedence in respect of such conflict (other than in respect of legislative references, etc. which have been updated pursuant to Data Protection Legislation since the date of approval of such Standard Contractual Clauses). 


These Terms shall be governed by and construed in accordance with the laws of Ireland, and shall be subject to the exclusive jurisdiction of the Irish courts. 

More information about Ótologie and the treatment plan.

Ótologie is a centre of excellence for tinnitus treatment with qualified audiologists who can assess and prescribe the Lenire device and treatment plan. After you submit the patient’s contact information, they will receive an email from Ótologie to schedule their introduction call. 

lenire treatment plan

Introduction Call

15 mins

The purpose of this call is to learn a little bit more about the patient’s tinnitus, the severity of it and how it impacts the patient’s life. We’ll discuss if Lenire can help and answer any queries.

Following this call the patient can opt for an online tinnitus assessment via video call or an in-person assessment, at Ótologie’s clinic at The Hermitage, Dublin.

Tinnitus Assessment

45 mins

The tinnitus assessment will determine if Lenire is a suitable treatment option for the patient or if another treatment is recommended.

The assessment consists of a clinical evaluation including a review of the patient’s medical, audiological, and tinnitus history. A suite of audiological tests will be conducted by our specialist audiologist, along with a set of subjective tinnitus measurements (if this is an online video assessment, the patient will have obtained an audiometric evaluation from a registered audiologist).

If further examination is required, Ótologie may refer the patient to an appropriate healthcare provider.

If Lenire is recommended as a treatment, a member of our team will discuss the device and treatment plan with the patient, providing all of the relevant information including the payment plans available.

Fitting Appointment

45 mins

This is when the patient gets started with the Lenire device. If the patient is visiting the clinic in-person we’ll provide the device on the day. If the patient has booked an online fitting, the device will be shipped out and the appointment will take place once it has arrived. The purpose of this appointment is to ensure that the patient has a detailed understanding of how the device works and how to use it effectively at home.

The device will be configured to the patient’s hearing profile (based on information gathered at the tinnitus assessment) and the Tonguetip® will also be calibrated accordingly. The patient will get a detailed overview of the Lenire system, its various components and how to safely store and clean the device.

During the session, the patient will also be asked to use the device under the supervision of a member of our team. This is to ensure the configuration is comfortable and the patient is confident using Lenire.

Follow Up Appointments

45 mins

During the treatment, we’ll schedule at least two follow up appointments to assess the patient’s progress. These can be online via video call or in-person at the clinic.

Typically, the first will take place after 6 to 12 weeks of using Lenire. A team member will review any changes in the audiological or tinnitus history and how the patient is managing the treatment. If necessary our audiologist may repeat audiological or tinnitus tests. The current treatment plan will be reviewed and the device may be reconfigured and Tonguetip® recalibrated. The next follow up appointment will take place after another 6 to 12 weeks and the above measures will be repeated.

Click to access the login or register cheese