Privacy Policy (California Consumers)
CONTENTS OF THIS POLICY
- WHO WE ARE
- ABOUT THIS POLICY
- WHAT TYPE OF PERSONAL INFORMATION DO WE COLLECT?
- HOW DO WE USE YOUR INFORMATION?
- HOW AND WHEN DO WE SHARE PERSONAL INFORMATION WITH THIRD PARTIES?
- HOW LONG DO WE STORE PERSONAL DATA?
- HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
- CHILDREN’S PRIVACY
- YOUR RIGHTS
Access to Specific Information and Data Portability Rights
Deletion Request Rights
Exercising Access, Data Portability, and Deletion Rights
Response Timing and Format - NON-DISCRIMINATION
- CHANGES TO THIS POLICY
- HOW TO CONTACT US
WHO WE ARE
Eye Care Prime provides eye care doctors with an affordable suite of integrated patient relationship management/commerce and digital marketing solutions to grow their practice, improve office efficiency, and optimize appointment capacity.
In this California Privacy Policy, Eye Care Prime, LLC may refer to itself as “we”, “us” or “our”, and doing so may also include our related companies.
ABOUT THIS POLICY
We are committed to providing Services that help eye care practitioners grow their business. To do this we may obtain personal information about consumers, including those of you residing in California. Although this information helps us to serve you, we take pride in safeguarding your privacy.
The California Consumer Privacy Act of 2018 (CCPA) is a law related to protecting the privacy of consumers who reside in the State of California. This California Privacy Policy is a notice to you that describes when, why and how we collect, use and otherwise handle personal information of California consumers.
You can also find our general privacy policy.
This California Privacy Policy also applies to consumer-related personal information we receive through your use of third-party sites or platforms (for example, via our applications developed by third-parties) where your information may be provided. While those third-party sites or platforms may have their own privacy policies, the information we collect is covered by our privacy policy. Any privacy choices you have made on the third-party site or platform will not apply to our use of the information we have collected directly through our applications.
Please also keep in mind that our sites and applications may contain links to other sites not owned or controlled by us. We encourage you to be aware when you leave our sites or applications and to read the privacy policies of other sites that may collect your personal information.
“Personal Information” is any information relating to you, which can be used to personally identify you, either directly or indirectly. Examples include an individual’s name, postal address, email address, and telephone number – though these may not be the only types of information that you provide or that we collect. Additional details of the information covered by this policy are described in the “WHAT PERSONAL INFORMATION DO WE COLLECT?” section of this California Privacy Policy.
“Services” are the services that we provide.
WHAT PERSONAL INFORMATION DO WE COLLECT?
The types of personal information we collect is described below. Sometimes we collect anonymous information so that you are not personally identified. Also, and we may use personal information and anonymous information to create aggregate information.
Here is a list of the categories of personal information (and an indication of what we collected during the last 12 months):
| Categories of Information | Examples | Collected |
| Identifiers | Your name(s), an alias or unique personal/online identifier (such as user name or login name), address, email address, username, internet protocol (IP) address. | Yes |
| Additional Identifiers | Your signature: photograph; voice, physical characteristics or description; social security number (or portions thereof); state identification card number; insurance policy number; bank account number, credit card number, debit card number, or any other financial information; medical information (including your contact lens prescription) or health insurance information. | Yes |
| Characteristics of Protected Classifications Under California or Federal Law | Age (over 40), race, religion, gender, national origin, or sexual orientation. | No |
| Commercial Information | Records, dates and locations of Services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies. | Yes |
| Biometric information | Height; Weight. | No |
| Internet or Other Electronic Network Activity information (“Electronic Information”) | Browsing history; search history; information regarding a consumer’s interaction with an internet website, application, or advertisement; cookies; IP address of your device, information about the operating system and/or app you are using; unique device identifiers; pages that you navigate to and links that you click; your preferences and settings. | Yes |
| Geolocation Data | Location information collected by a browser or inferred by IP addresses, mobile device signals. | Yes |
| Sensory Information | Audio, electronic, visual, thermal, olfactory, or similar | Yes |
| Professional or employment-related information | Job titles; location of employment or workplace; work history | No |
| Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)) | Schools attended; grades; qualifications; resumes | No |
| Inferences Drawn From Personal Information | Consumer type; potential purchasing behavior. | Yes |
Personal information does not include:
- Publicly available information from government records
- Deidentified or aggregated consumer information
- Information excluded from the CCPA’s scope, like:
- health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
- personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
HOW DO WE USE YOUR INFORMATION?
We use personal information for some general purposes. The information allows us to provide you with Services and customer support, to bill you for Services you request, to market products or services which we think may be of interest to you, or to communicate with you for other purposes. The types of general uses include:
- providing and maintaining our Services
- notifying you about changes to our Services
- providing customer support
- record-keeping, statistical analysis, internal reporting and research
- hosting, maintaining and otherwise supporting the operation of our websites and other communication platforms, and helping to customize your and improve your experience with our websites and other platforms
- ensuring the quality of the Services we provide to you
- detecting, preventing and addressing technical issues
- investigating, resolving or otherwise addressing complaints made by you or any disputes between you and us
- detecting and preventing fraud or other criminal offenses
- risk management
- business and disaster recovery (e.g. to create back-ups)
- network and information security
- document and data retention/storage
We also use Identifiers, Additional Identifiers, Commercial Information, Electronic Information, Geolocation Data to help us establish and maintain a relationship with you, through things like:
- allowing you to participate in interactive features of our Service when you choose to do so
- creating an account(s) with us or for identification purposes
- your request us to provide Services to you
- communicating with you, including with non-marketing materials or marketing materials about our company or our Services, and to provide you with email alerts or other notices concerning our Services, events or news that may be of interest to you
- linking your profile on a third-party site or platform with any account(s) with us
- fulfilling orders, including direct delivery of contact lenses
- processing a payment at your request or on your behalf
- confirming your authorization of transactions
- providing patient communications through Prime Nexus, mobile commerce (like subscription-based ordering) though lensferry® and digital marketing through reach and premier
When you use our websites, or third-party platforms or applications, we collect Identifiers, Additional Identifiers, Electronic Information and Geolocation Data about your usage of the service for:
- personalize your experience with us
- enabling your use of the services available on our sites, applications or platforms
- contacting you about our Services or other news that may be of interest to you
Cookies are small pieces of information sent to your browser and stored on your computer’s hard drive. We use information collected by cookies to help improve the contents of our websites and to compile aggregate statistics about people using our site for our internal usage statistics and market research purposes. When installed, cookies collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. You can set your browser to notify you when you receive a cookie, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website.
We use Geolocation Data to identify where you are contacting us from. Geolocation Data may be collected from your computer, your devices, your telephone, and your use of applications or platforms.
We may be required to collect your personal information to comply with our legal requirements, to enable us to fulfil the terms of any contract that we have with or in preparation of us entering into a contract with you.
HOW AND WHEN DO WE SHARE PERSONAL INFORMATION WITH THIRD PARTIES?
Personal information that you provide to use by enrolling in a Service through your eye care professional may be shared back to the eye care professional as part of the Services we provide. We may also share your Personal Information with members of our corporate group (here are details of our Affiliates) in order to provide the Services or information that you have requested. We may also share your information with other members of our corporate group for the purposes of IT support and maintenance, internal governance and administration, and to comply with our legal or regulatory obligations.
We will not share your personal information with a third party outside our corporate group, except:
- when you permit us to do so
- where you have instructed us to share your personal information with third-party sites or platforms, such as social networking sites (Please note that once we share your personal information with another company, the information received by the other company is controlled by that company and becomes subject to the other company’s privacy practices)
- when parties perform services on our behalf, like Services delivery, marketing and advertising, customer service, IT services and solutions (e.g. providing data storage, assisting us with database management) or rebate fulfillment. These companies are prohibited from using your personal information for purposes other than those requested by us or required by law
- when we share your personal information with third-parties in connection with the sale of a business; to enforce our Terms of Use or rules; to ensure the safety and security of you or others; to protect our rights and property and the rights and property of you and others; to comply with legal process; or in other cases if we believe in good faith that disclosure is required by law.
- When we share personal information for analytics or remarketing activities as described below.
We may also share your personal information with:
- our accountants, auditors, lawyers or other professional advisers when we ask them to provide us with professional advice
- any other third party if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, or to protect the rights, property and/or safety of our company, any of our Affiliates, its personnel and others;
- any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation;
- to protect the safety of any person, to address fraud, security, or technical issues, or to protect our rights or property or the rights or property of those who use our services. However, nothing in this California Privacy Policy is intended to limit any legal defenses or objections that you may have to a third-party’s, including a government’s, request to disclose your personal information.
Although we may in the future, use personal information to perform certain Analytics and Behavioral Remarketing activities (as described on our general privacy page), we do not currently have any features or services that perform such activities. If we develop those features or services in the future, we will update this California Privacy Policy.
We do not (and during the last 12 months, we did not) share sell, rent, or trade personal information with third-parties for their commercial purposes.
HOW LONG DO WE STORE PERSONAL DATA?
It is our policy to retain your personal information for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfilment of an agreement with you). However, we may be obliged to store some personal information for a longer time, taking into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements);
- the establishment, exercise or defense of legal claims (e.g., for the purposes of a potential dispute)
If you would like to find out how long we keep your personal information for a particular purpose, you can contact us at: eyecareprime@coopervision.com.
HOW DO WE PROTECT YOUR PERSONAL INFORMATION?
We implement technical and organizational security measures to protect your personal information against the risk of loss, misuse, or unauthorized alteration or destruction. Such measures may include the use of firewalls, encryption (where appropriate), access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your personal information. Where appropriate, we may also make backup copies and use other such means to prevent accidental damage to or destruction of your personal information.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you online we will use a recognized online secure payment system.
We do not support Do Not Track (“DNT”) under the California Online Protection Act (CalOPPA). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.
You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.
Children’s Privacy
Our Services do not address anyone under the age of 18 (“Children”).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with Personal Information, please contact us. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.
YOUR RIGHTS
The CCPA grants you certain rights that you can exercise. This section explains those rights and how to exercise them.
Access to Specific Information and Data Portability Rights
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify you as the person whose information is being requested (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you
- The categories of sources for the personal information we collected about you
- Our business or commercial purpose for collecting or selling that personal information
- The categories of third parties with whom we share that personal information
- The specific pieces of personal information we collected about you (also called a data portability request)
- If we sold or disclosed your
personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained
Deletion Request Rights
You have the right to request us to delete any of your personal information that we collected and retained, subject to certain exceptions. Once we receive and verify you as the person whose information is being requested (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide Services that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
- Debug products to identify and repair errors that impair existing intended functionality
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.)
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
- Comply with a legal obligation
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:
- Calling us toll-free at (866) 575-3937, or
- Making a request using this form
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
Before assessing any of your requests, we may request additional information in order to verify your identity. If you do not provide the requested information and, as a result, we are unable to identify you, we may refuse to action your request.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We will consider and respond to a verifiable consumer request within forty-five (45) days of its receipt. However, if we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will provide requested personal information in a structured, commonly used and machine-readable format and for it to be transferred to you or another organization, where it is technically feasible.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
NON-DISCRIMINATION
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you services.
- Charge you different prices or rates for services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of services.
- Suggest that you may receive a different price or rate for services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that might result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.
CHANGES TO THIS POLICY
We may revise this California Privacy Policy from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised California Privacy Policy.
HOW TO CONTACT US
If you wish to request further information regarding this California Privacy Policy or the way we use your personal information you can contact: eyecareprime@coopervision.com.