Last Updated: MARCH 2020
Optical Academy, a company organized under the laws of the State of New Jersey(together with its subsidiaries, affiliates, and/or related companies) (“Company”, “our”, “we” or “us”), provides its customers and potential customers (“you”, “User”, “your”) with access to its websites located at www.optistyles.com www.optical-academy.com and www.youropticalshop.com (“Website”) and if applicable, to its mobile application (the “App” and together with the Website, the “Properties”), through which we provide personally tailored offers for eyecare and eyewear products and associated services (“Services”).
- WHAT INFORMATION DO WE COLLECT?
Personal information is individually identifiable information, namely information that identifies an individual or may with reasonable efforts or together with additional information we have access to, enable the identification of an individual, or may be of a private or sensitive nature relating to an identified or identifiable natural person. Identification of an individual also includes the association of such individual with a persistent identifier such as a name, an identification number, persistent cookie identifier etc. Personal information does not include information that has been anonymized or aggregated; provided, that, such information can no longer be used to identify a specific natural person.
We collect personal information from you when you use or interact with our Platform, including:
- Personal Information you provide to us when you use our Platform. We collect personal information from you and any devices (including mobile devices) you use when you: use or access our Platform, register for an account with us, provide us information on a web form or other text field, update or add information to your account, or through correspondence that you exchange with us from time to time. More specifically, we collect and use the following categories and types of personal information when you use our Platform:
- Contact information such as your name, email and physical addresses, or telephone number when you complete our online form, register for an account with us or otherwise when you update your accounts details.
- Information you provide during a transaction, or other transaction-based content that you generate or that is connected to your use of the Platform as a result of a transaction you are involved in such as your eyeglasses prescription.
- Other content that you generate, or your account activities (e.g., adding items to your shopping cart, adding items to your saved items list, etc.).
- The contents of your interaction with our customer support or sales departments, which may include text/video/audio recording and transcripts of such communications.
- Financial information (such as credit card or bank account numbers), which is processed by our third-party services providers as further detailed below and to which we generally have no access.
- Shipping, delivery, postage, billing and other information used to transact and deliver through the Platform, and where applicable, information required to clear customs (such as Tax ID or other identification numbers).
- Information you voluntarily provide to the Platform to personalize your Platform interface, such as age, preferred language, preferences etc.
- Usage Data. You may also provide us information through your use of certain tools, features and applications that we make available to you through the Platform such as chats with support representatives, uploading your picture through use of our “Try on” feature, or when you otherwise communicate with us via the Platform. One such feature is our proprietary “Prescription Scanner” which allows Users to scan their prescription glasses in order to extract the optical parameters of their prescription, and to receive various measurements associated with their prescription (e.g., sphere (power), cylinder (astigmatism), and axis. We also offer Users a tool to determine the distance between pupils (in millimeters rounded to 0.5mm) (“PD”) by analyzing a picture uploaded to the Platform.
- Information Mandated by Applicable Law. Information we are required or otherwise authorized to collect under applicable laws to authenticate or identify you or to verify the information we have collected from you via our Platform.
- Impression Information. Information about your impressions of, and reactions to, advertisements that appear on the Platform that we receive from devices (including mobile devices) and software you use when you access our Platform. This information may include the following: Device ID or unique identifier, device type, ID for advertising, unique device token, operating system, information regarding your clicks, views and engagement with our advertisement and Services, information concerning your traffic to and from the Platform, your referral URL, ad data, your IP address, your web log information, and your location information, including location information from your mobile device or as can be derived from your IP address.
- Personal information collected from other sources. We may also collect personal information about you from third parties who have represented to us that they have obtained your consent for such provision of information or that you have freely and publicly provided. For example, we may collect and use demographic and other information that is publicly available and information from credit bureaus, to the extent permitted by applicable law.
PLEASE NOTE THAT ANY INFORMATION YOU POST OR DISCLOSE USING HASHTAGS, WILL BECOME PUBLIC AND MAY BE AVAILABLE TO OTHER USERS AND THE GENERAL PUBLIC.
- Device Information: We collect information from and about the computers, phones, and other web-connected devices you use that integrate with our Properties and Services, and we combine this information across different devices you use. For example, we use information collected about your use of our Services on your phone to better personalize the content or features you see when you visit or use our Properties on another device, or to measure whether you took an action on your phone on a different device. Information we obtain from these devices includes:
- Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
- Device operations: information about operations and behaviors performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).
- Identifiers: unique identifiers, device IDs, and other identifiers.
- Device signals: Bluetooth signals, and information about nearby Wi-Fi access points, beacons, and cell towers.
- Data from device settings: information you allow us to receive through device settings you turn on, such as access to your GPS location, camera or photos.
- Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, and information about other devices that are nearby or on your network.
- WHY WE COLLECT AND PROCESS PERSONAL INFORMATION
- Advertising: To the extent we’re permitted to do so under applicable law, to display or send to you marketing and advertising material and general and personalized content and advertisement via the Platform, email, postal mail, telephone, mobile devices and/or when you visit other sites, and to track and analyze the effectiveness and relevance of such material.
- With your consent: We ask for your agreement to process your information for specific purposes and you have the right to withdraw your consent at any time. For example, we ask for your consent to send you our marketing offers and communications.
We may also access and use your information for any of the following internal purposes:
- To provide and improve our Platform and its various functions and features and to manage our business;
- To send you updates, notices, notifications, announcements, and additional information related to the Platform;
- To be able to manage your account and provide you with customer support and technical assistance;
- To create cumulative statistical data and other cumulative information and/or other conclusive information that is non-personal, in which we might make use, in order to operate and improve our Platform;
- To verify your eligibility and deliver prizes in connection with promotions and referral programs we may hold from time to time;
- To comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.
- THE “TRY-ON” FEATURE/BIO-METRIC DATA
Our services offer a “Try On” feature, allowing you to upload a photo of your choice and combine it, manually (by dragging the frame depiction) with a photo a one or more of the eye-ware frames available on our Properties. This allows you to get an impression of the possible look of such eye-ware onto the subject photograph. Depending on the applicable laws that governs an end user who uses the Try On feature, a portion of the information collected through your usage of the “try -on” feature may be considered “bio-metric data”. If consent is required to collect, store and use the data that we collect from you, then we expressly rely on the fact that you will only use the “try-on” feature if you consent to our collection of your bio-metric data, unless we have some other lawful basis upon which to collect the data. We only use the ”Try-On” related-data, including without limitation, the potential bio-metric data that we collect from you to determine your lens prescription. We store your bio-metric data securely in our database. If you do not proceed with the purchase of prescription lenses and/or contact lenses within 90 days from your use of the “try-on” tool, we will delete your bio-metric data from our systems. Notwithstanding, we will not retain your bio-metric data for longer than 3 years from our first collection of same. We will not sell, lease, trade or otherwise profit from your bio-metric data, nor will any of our vendors who have access to such data be permitted to do so.
- WHERE DO WE PROCESS AND STORE USER’S PERSONAL INFORMATION?
Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service providers in various locations around the world, including, without limitation, the United States. Any and all personal information that we collect from our users is maintained in secured cloud storage environments provisioned by third party cloud providers.
It’s our policy, irrespective of the jurisdictions wherein our Users are located, to maintain all User-supplied data in secure environments provisioned by third parties that : (i) have assured us of the safeguards which they implement to protect your privacy, or (ii) hold and process such information on our behalf either in jurisdictions which have been determined to ensure an adequate level protection by the EU Commission, and in the case of U.S., includes certification under the EU-US Privacy Shield framework.
We utilize standard contract clauses , rely on the European Commission’s adequacy decisions about certain countries, as applicable, and obtain your consent for these data transfers to the United States and other countries.
- TO WHOM WE SHARE PERSONAL INFORMATION
We may share your personal information with third parties (or otherwise allow them access to it) only in the following manners and circumstances:
- Third Party Services: We partner with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting, data and cyber security services, fraud detection and prevention services, merchant processing, shipping, postal and delivery services, website and mobile app functionality, manufacturing services, e-mail and text message distribution and monitoring services, advertising, affiliation and related analytics services, customer support and call center services, as well as our business, legal and financial advisors, and others (collectively, “Third Party Service Providers”). Each such Third-Party Service Provider may receive or otherwise have access to your personal information through your use of our Services, and may only use your personal information for such purpose(s) as expressly authorized by us. Such disclosure or access is strictly subject to the recipient’s or user’s undertaking of confidentiality and appropriate safeguards obligations, as well as the prevention of any independent right to use your personal information, subject to applicable law.
- Governmental/Law Enforcement Agencies and Legal Requests or Duties: We may disclose or otherwise allow access to Personal Information pursuant to a legal requirement or request, such as a subpoena, search warrant or court order, or in compliance with applicable laws and regulations. Such disclosure or access may occur with or without notice to you, if we have a good faith belief that we are legally required to do so, or that disclosure is appropriate in connection with efforts to investigate, prevent, or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing.
- Protecting Rights and Safety: We may share your personal information with others, with or without notice to you, if we believe in good faith that this will help protect the rights, property or personal safety of our Company, of any of our Users, or any members of the general public.
- YOUR RIGHTS
You can make choices regarding our collection and use of the personal information you share with us. You can control your personal information that we have obtained by emailing the Company at email@example.com. By way of example, you may request (i) access to the personal information we’ve collected from/about you, (ii) that updates are made to your personal information, (iii) that we cease using your personal information to contact you, and (iii) we delete the personal information about you in our records. We will undertake to respond to your request within 30 days of receipt thereof. In some cases, your ability to access or control your personal information will be limited, as required or permitted by applicable law. If that should happen, the Company will notify you accordingly. How you can access or control your personal information will also depend on which Services you use. For example, if you ask us to delete your personal information, we may not be permitted to do so if you’ve made a purchase via our Platform. We will retain your information for as long as your account is active or as needed to provide you access to the Services. We will also retain and use your information as necessary to comply with our legal obligations, resolve disputes, and to enforce our agreements.
For the removal of doubt, we expressly reserve the right to transfer, share or otherwise use non-personally identifiable information (e.g., anonymous, aggregated information) in our sole discretion and without the need for further approval.
- DIRECT MARKETING
By registering to our Services and/or providing us with your e-mail address or any other contact information (including without limitation through any form on our Website), you hereby agree that we may contact you for the purpose of informing you regarding our products and services which may interest you, and in order to send to you other marketing material. You may withdraw your consent by sending us written notice by email to the following address: firstname.lastname@example.org or by pressing the “Unsubscribe” button contained in the promotional communications you receive. Please note that the Company may also contact you with important information regarding your use and interaction with our Services. For example, we may notify you (through any of the means available to us) of changes or updates to our Services, payment issues, service maintenance, etc. You will not be able to opt-out of receiving such service messages.
We are required by law to maintain the privacy of Protected Health Information (“PHI”) and to provide you with notice of our legal duties and privacy practices with respect to PHI. PHI is information that may identify you and that relates to your past, present, or future physical or mental health or condition, the provision of health care products and services to you or payment for such services. This Notice describes how we may use and disclose PHI about you, as well as how you obtain access to such PHI. This Notice also describes your rights with respect to your PHI. We are required by HIPAA to provide this Notice to you.
- Treatment. We may use and disclose your PHI to provide and coordinate the treatment, medications and services you receive. For example, we may disclose PHI to pharmacists, doctors, nurses, technicians and other personnel involved in your health care. We may also disclose your PHI with other third parties, such as hospitals, other pharmacies and other health care facilities and agencies to facilitate the provision of health care services, medications, equipment and supplies you may need. This helps to coordinate your care and make sure that everyone who is involved in your care has the information that they need about you to meet your health care needs.
- Payment. We may use and disclose your PHI in order to obtain payment for the health care products and services that we provide to you and for other payment activities related to the services that we provide. For example, we may contact your insurer, pharmacy benefit manager or other health care payor to determine whether it will pay for health care products and services you need and to determine the amount of your co-payment. We will bill you or a third-party payor for the cost of health care products and services we provide to you. The information on or accompanying the bill may include information that identifies you, as well as information about the services that were provided to you or the medications you are taking. We may also disclose your PHI to other health care providers or HIPAA covered entities who may need it for their payment activities.
We may also use and disclose your PHI without your prior authorization for the following purposes:
- Business Associates. We may contract with third parties to perform certain services for us, such as billing services, copy services or consulting services. These Third Party Service Providers, referred to as Business Associates and/or Business Associate Subcontractors, may need to access your PHI to perform services for us. They are required by contract and law to protect your PHI and only use and disclose it as necessary to perform their services for us.
- To Communicate with Individuals Involved in Your Care or Payment for Your Care. We may disclose to a family member, other relative, close personal friend, or any other person you identify, PHI directly relevant to that person’s involvement in your care or payment related to your care. Additionally, we may disclose PHI to your “personal representative.” If a person has the authority by law to make health care decisions for you, we will generally regard that person as your “personal representative” and treat him or her the same way we would treat you with respect to your PHI.
- Food and Drug Administration (“FDA”). We may disclose to persons under the jurisdiction of the FDA, PHI relative to adverse events with respect to drugs, foods, supplements, products and product defects, or post-marketing surveillance information to enable product recalls, repairs, or replacement.
- Worker’s Compensation. To the extent necessary to comply with law, we may disclose your PHI to worker’s compensation or other similar programs established by law.
- Public Health. We may disclose your PHI to public health or legal authorities charged with preventing or controlling disease, injury, or disability, including the FDA. In certain circumstances, we may also report work-related illnesses and injuries to employers for workplace safety purposes.
- Law Enforcement. We may disclose your PHI for law enforcement purposes as required or permitted by law for example, in response to a subpoena or court order, in response to a request from law enforcement, and to report limited information in certain circumstances.
- As Required by Law. We will disclose your PHI when required to do so by federal, state or local law.
- Health Oversight Activities. We may disclose your PHI to an oversight agency for activities authorized by law. These oversight activities include audits, investigations, inspections, and credentialing, as necessary for licensure and for the government to monitor the health care system, government programs and compliance with civil rights laws.
- Judicial and Administrative Proceedings. If you are involved in a lawsuit or a dispute, we may disclose your PHI in response to a court or administrative order. We may also disclose your PHI in response to a subpoena, discovery request, or other lawful process instituted by someone else involved in the dispute, but only if efforts have been made, either by the requesting party or us, to first tell you about the request or to obtain an order protecting the information requested.
- Fund raising. As permitted by applicable law, we may contact you to provide you with information about our fundraising programs. You have the right to “opt out” of receiving these communications and such fundraising materials will explain how you may request to opt out of future communications if you do not want us to contact you further for fundraising efforts.
Your Health Information Rights:
- Obtain a paper copy of the Notice upon request. You may request a copy of our current Notice at any time. Even if you have agreed to receive the Notice electronically, you are still entitled to a paper copy. You may obtain a paper copy at the site where you obtain health care services from us or by contacting email@example.com.
- Request a restriction on certain uses and disclosures of PHI. You have the right to request additional restrictions on our use or disclosure of your PHI by sending a written request to firstname.lastname@example.org. We are not required to agree to the restrictions, except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, is not otherwise required by law, and the PHI pertains solely to a health care item or service for which you, or a person on your behalf, has paid in full.
- Inspect and obtain a copy of PHI. With a few exceptions, you have the right to access and obtain a copy of the PHI that we maintain about you. If we maintain an electronic health record containing your PHI, you have the right to request to obtain the PHI in an electronic format. To inspect or obtain a copy of your PHI, you must send a written request to email@example.com. You may ask us to send a copy of your PHI to other individuals or entities that you designate. We may deny your request to inspect and copy in certain limited circumstances. If you are denied access to your PHI, you may request that the denial be reviewed.
- Request an amendment of PHI. If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to firstname.lastname@example.org. You must include a reason that supports your request. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it.
- Receive an accounting of disclosures of PHI. With the exception of certain disclosures, you have a right to receive a list of the disclosures we have made of your PHI, in the six years prior to the date of your request, to entities or individuals other than you. To request an accounting, you must submit a request in writing to email@example.com. Your request must specify a time period.
- Notification of a Breach. You have a right to be notified following a breach of your unsecured PHI, and we will notify you in accordance with applicable law.
To use our Platform, you must be over the age of sixteen (16). Therefore, we do not knowingly collect personal information from minors under the age of sixteen (16) and do not wish to do so. Any purchase of products through our Properties that is intended for a child under sixteen (16) years of age, must be carried out by his/her legal guardian within such legal guardian’s account, and without providing us any personal information of such child.
We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Services. If we learn that we have collected personal information from a child under sixteen (16) years, we will delete that information as quickly as possible. If you believe that we might have any such information, please contact us at firstname.lastname@example.org.
We take great care in implementing and maintaining the security of our Platform. We employ industry standard procedures and policies to ensure the protection of personal information, and to prevent unauthorized use of any such information. Among other means we use Secure Socket Layer (SSL) technology, which creates an encrypted link between our web server and your browser, and provides a secured path of communication to ensure the information remains protected and private. Please note however, that regardless of the measures we take and the efforts we make, we cannot and do not guarantee the absolute protection and security of any personal information.
Our Properties may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites may have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites
HAVE ANY QUESTIONS?
By contacting us, and accessing the Platform, you warrant and agree that you are free to do so, and that you are not providing us with information which violates any third party intellectual or privacy rights.
We use certain monitoring and tracking technologies, including ones offered by third party service providers to collect and process the personal information we specified above. These technologies are used in order to maintain, provide and improve our Platform on an ongoing basis, in order to provide a better experience to our Users and to provide our customers and potential customers with more relevant advertisements of our Services. For example, these technologies enable us to: (i) keep track of and apply our Customer’s and Potential Customers’ Services and Website preferences and authenticated sessions, (ii) better secure our Services by detecting abnormal behaviors, (iii) identify technical issues and improve the overall performance of our Services, (iv) monitor and analyze our ads’ performance (v) create and monitor analytics relating to use of our Services, and (v) deliver to you targeted advertisements that are more tailored to you based on your browsing activities and inferred interests.
WHAT ARE COOKIES
- Cookies are a small text file that is stored on your device to help websites and mobile apps remember things about you. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. To learn more about cookies, visit https://www.allaboutcookies.org/
- Single Sign-on allows you to log in to certain websites or mobile applications using sign-in services provided by third parties, such as Facebook or Google. These services will authenticate your identity and provide you the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form.
- Strictly Necessary Cookies: Because these cookies are essential to operate our website, there is no option to opt out of these cookies.
- Targeting and Advertising Cookies:
- You can opt out of interest-based targeting provided by participating ad servers through the Network Advertising Initiative at www.networkadvertising.org/managing/opt_out.asp or the Digital Advertising Alliance at www.aboutads.info/
- You may be able to change your device settings (on your iPhone, iPad or Android) to control whether you see online interest-based ads
- You can learn more about your options by visiting www.youradchoices.com or www.youradchoices.eu
- Other Cookies:
- You can follow the instructions provided by your website or mobile browser (usually located within the “Help”, “Tools” or “Edit” facility) to modify your cookie settings.
DELETING ALL WEB BROWSER COOKIES
All of the Web browser cookies we use are stored on Users’ browser local memory. Therefore, by deleting such cookies from your local memory, we will not be able to associate any information we have about you, unless you login to our Platform as a registered user.
DO NOT TRACK
We do not currently commit to responding to your browsers’ ‘Do Not Track’ signals with respect to our Platform, in part, because no common industry standard for ‘Do Not Track’ has been adopted by regulators, including no consistent standard of interpreting a user’s intent. We are committed to monitoring the developments around ‘Do Not Track’ and the implementation of a standard.