Last Update: October 29, 2018
Part 3 applies to both the Website and our Product.
PART 1: THE WEBSITE
What information do you collect on your Website?
Any information you choose provide on our Website will be stored. For example, if you register on our Website via the “Contact Us” form, we will use the information you provided on our Website (including name, email address, company name, phone number, state, country, type of organization, and any other data you include in the fields) for internal purposes to send you information about our Products, to respond to your questions, and send you newsletters or catalogues in accordance with your marketing and communication preferences, and/or to improve our web site and marketing efforts.
How do you use information collected via the Website?
We use the information we collect to help our Website to create a better experience for you. We use the non-personal information that we collect for such purposes as: counting and recognizing visitors to the Website; analyzing how visitors use the Website; improving the Website; enhancing users’ experiences with the Website; enabling additional website analytics and research concerning the Website; and managing our business, and to comply with legal and/or regulatory requirements.
We may send you emails and newsletters about our Website, if you consent to receiving such emails by registering on our Website to be on the mailing list. These emails may include other updates, promotions and PlenOptika advertisements.
Please note that at this time we do not honor web browser Do Not Track (“DNT”) signals or other similar mechanisms.
How do you get my consent?
How do I modify Information or withdraw my consent?
If you no longer wish for us to continue to collect your information, you may stop using the Website at any time. You may unsubscribe from our email mailing list by using the “unsubscribe” feature located at the bottom of the email you received from us.
Credit Card Payments via the Website
If you place an order via our online store, we will ask you for your name, phone number, e-mail address, shipping and billing address, and other information so we can fulfill your order. Please note that we use a third party payment service provider, and by providing this information to us, you are simultaneously providing the same information to our provider.
You understand that payment processing and storage of your credit card information are handled by Shopify, Inc. via Shopify Pay Services. Shopify, Inc. in turn uses Stripe, Inc. to process payments. All of the information that is provided to Shopify is also provided to Stripe. Shopify/Stripe will collect your credit card information and charge your credit card for the order, as further detailed below.
By using your credit card to make a payment on this website, you agree to comply with the terms and conditions set forth at https://www.shopify.com/legal/terms and https://pay.shopify.com/en/tos-privacy-policy#terms-of-service. Please review these terms and conditions, and please note that PlenOptika is not a party to these terms and conditions.
For more information about Shopify’s privacy practices, you should review https://www.shopify.com/legal/privacy and for more information about Stripe’s privacy practices, you should review https://stripe.com/us/privacy. Reviewing these policies will help you understand how these entities collect, use and safeguard the information you provide as part of a credit card transaction on our Website.
You agree to provide current, complete and accurate credit card and account information for all purchases made on our Website. You agree to make all payments for any order placed by you.
Neither Shopify nor Stripe is a bank or a money services business (“MSB”) nor do they offer banking or MSB services as defined by the United States Department of Treasury.
Shopify/Stripe may add or remove one or more types of cards as a supported payment card any time without prior notice to you, including, without limitation, any international credit cards. If you are paying for your order with a credit card issued outside of the United States, and such credit card is accepted by Shopify/Stripe, your purchase price may change with the exchange rate, and you may be charged a conversion fee by your bank or credit card. Please contact your back or credit card company for more information regarding their specific policies for international purchases.
PlenOptika, Shopify and Stripe maintain commercially reasonable administrative, technical and physical procedures to protect all the personal information regarding that is stored in their servers from unauthorized access and accidental loss or modification. However, PlenOptika, Shopify, and Stripe cannot guarantee that unauthorized third parties will never be able to defeat those measures or use such personal information for improper purposes. You acknowledge that you provide this personal information regarding at your own risk.
Some or all of the payment services may be provided from systems located within the United States or countries outside of the United States. As such, your cardholder data may be transferred, processed and stored outside of the United States and may be subject to disclosure as required by applicable law.
The Website may links to third-party websites that incorporate comment and social media features, including, without limitation: Facebook, LinkedIn, Twitter, Google+ and YouTube. The Site may also contain a Facebook “like” button and a Facebook “share” button, A LinkedIn “share” button, and a Twitter “tweet” and “follow” button.
There are two types of cookies: session cookies and persistent cookies.
A session cookie expires when you close your browser. Simply exiting your browser will remove all session cookies.
A persistent cookie remains on your hard drive for an extended period of time. For instance, when you return to our Site, cookies identify you and prompt the site to provide your username (not your password), so you can sign in more quickly. You can remove persistent cookies by following directions provided in your Internet browser’s “help” directory.
We also use information gained through cookies to compile statistical information about use of our Website, such as the time users spend at the site and the pages they visit most often. These statistics do not include Personal Information. This information helps us analyze trends in the aggregate and improve and administer our Website.
PART 2: THE PRODUCT
What is the Product?
PlenOptika provides Products intended to make eye care easy for anyone who needs it, including underserved and low-resource communities. QuickSee uses wavefront aberrometry to precisely determine low-order refractive errors, enabling highlight objective measurements anywhere.
What information do you collect via the Product and how is this information used?
The Product uploads the device log file to our server, and records:
• GPS coordinates of the mobile phone using the App
• Time, date, and location the Quicksee was paired to the App
• Current version of the software used by the Product, and configuration settings, available memory space and hardware specifics
• Information related to Quicksee startup, such as: serial number, initialized libraries, opened databases, paths, and, initialization messages.
On our web-server, the App allows us to view how many different mobile phones have downloaded or uploaded any content by providing a mac address and phone model information, however these mobile devices remain anonymous.
The App downloads a patient ID (with no personal information or personally identifiable data) and measurement file, and coverts its file format to Excel, and deletes the original file. The App also downloads the log file that was on the QuickSee. Please note that the measurement file and the log file are two distinct files. PlenOptika only has access to the log file. Once a Customer downloads the measurement file, it is no longer shared with PlenOptika. Patient names are not shared with PlenOptika.
What information do you collect about Customers using the Product and how do you use it?
In the agreement, you also consent that in order to provide the Product to you, we may collect information about how you use the Product, including your frequency of use and the actions you perform within the Product. If you use our Product, we will not collect or use information except as set forth in our agreement with you.
Collecting information about how our Customers use the Products helps us provide our Customers with better service, including understanding which features are the most interesting to our Customers.
We use Customer information to create a Customer’s account, to provide the Customer with Products it has ordered, to communicate with our Customers about Products purchased, to offer additional Products, to bill our Customers, and to fulfill the terms of any agreement we have with our Customers. We also use the information to the extent necessary to enforce our agreements and to prevent imminent harm to persons or property. Certain Information may be used for anti-fraud and anti-theft purposes. We will use Customer information to send out important notices, if necessary.
We use the non-personal information that we collect for such purposes as: analyzing how Customer use various features within the Products; improving the Products; enhancing users’ experiences with Products; creating new Products or improving our existing Products; and managing our business, and to comply with legal and/or regulatory requirements.
We may use information for internal research and data analysis to help with product development, and to help us create and improve our Product and for our own advertising and marketing purposes (but only in anonymized or aggregated form).
From time to time, we may also share anonymized and aggregated information about the Products, such as by publishing a report on trends in the usage of the Products.
How do you get my consent?
If you are a Customer of the Products, you consent when you execute an agreement with us, and by continuing to access or use the Products.
How do I modify Information or withdraw my consent if I am a Customer of the Product?
If a Customer no longer wishes to use the Product, the Customer may delete the App and stop using QuickSee. Please note that any such deactivation shall be performed in accordance with the terms and conditions of our agreement with you.
Use of the Products by our Customers
We acknowledge that you have a right to access your Personal Information. Please note that if data is provided by a Customer for use with our Product, that Customer controls the data. If you make a request to use to remove this data, we will notify our Customer, and also respond to you within a reasonable timeframe. Please also contact the Customer directly, yourself. Please note that we are not responsible for how our Customers use the data they store within the Product.
We may transfer information inputted into our Products to companies that help us provide our Products. Such transfers are addressed in our agreements with our Customers.
Data Retention Specific to the Product
With respect to information used to provide the Product to our Customers, PlenOptika will retain such information only as set forth in our agreement with the applicable Customer, for at least as long as needed to provide Product to the applicable Customer.
If you provide information to a Customer of ours as part of their use of the Product, that Customer decides how long to retain that personal information. If the Customer terminates their access to our Product, they may receive access to personal information stored within the Product pursuant to our agreement with them.
The Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule require organizations to maintain the confidentiality of all healthcare records and other identifiable patient health information (PHI) used by or disclosed to us in any form, whether electronic, on paper, or spoken. HIPAA is a United States Federal Law that gives each individual significant rights to understand and control how his or her health information is used. Federal HIPAA Omnibus Rule and state law provide penalties for covered entities, business associates, and their subcontractors and records owners, respectively that misuse or improperly disclose PHI.
Please note that we do not collect PHI via our Website, but our Customer may collect PHI using our Products. If and to the extent that information that is considered PHI under HIPAA is shared with us, it is shared with us in accordance with the terms of our Business Associate Agreement (“BAA”). The BAA outlines the various ways that we may use the PHI, and the ways in which we are prohibited from using PHI. Please note that certain Customers may require the use of their own BAA, and such BAA may contain terms that are different from our online BAA. If you have questions about how a particular Customer shares PHI it collects with us or with other business associates, please contact the Customer directly, and review their privacy policies.
Data Processing Addendum
European Union General Data Protection Regulation 2016/679 (“GDPR”), EU Directive 95/46/EC, together with any national implementing laws in any Member State of the European Union and as amended, replaced, or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR requires certain protections for specific types of information originating from a European Economic Area.
Please note that if you are a Customer, If and to the extent that information that is considered Personal Data (as defined by GDPR) under GDPR is shared with us, it is shared with us in accordance with the terms of our Data Processing Addendum (“DPA”). The DPA outlines the various ways that we may use the Personal Data. Please note that certain Customers may require the use of their own DPA, and such DPA may contain terms that are different from our online DPA. If you have questions about how a particular Customer shares Personal Data it collects with us, please contact the Customer directly, and review their privacy policies.
PART 3: APPLIES BOTH THE WEBSITE AND THE PRODUCT
IMPORTANT NOTICE: Although our Website can be viewed internationally and our Product can be used internationally, many of our computer systems are currently based in the United States. Therefore, please note that all personal information may be processed by us in the U.S.
For more details regarding how we collect, use, and disclose personal information from European Economic Area (EEA) visitors and the additional rights are available to EEA visitors in respect of this personal information, see below:
If you are a resident of the European Economic Area, you have the following data protection rights:
- If you wish to correct or updateyour personal information, you can do so at any time by contacting us using the contact details provided under the “Contact Us” heading below.
- In addition, you can object to processingof your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact Us” heading below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consentat any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authorityabout our collection and use of your personal information. For more information, please contact your local data protection authority.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Legal Basis for Processing Personal Information for EEA Residents
However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal Information to comply with a legal requirement or to perform under an agreement we have in place with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal information (for example, if you do not provide your email address, you will not be added to our email list).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
Here are some examples:
- We process your personal information with your consent when you register on our Website; and when you agree to receive online direct marketing from us (via email by signing up on our Website via the Contact Us page).
- We process your personal information as required by applicable law. Applicable law may require us to process your information: for tax purposes, to prevent/detect fraud, and in disclosures to law enforcement and other regulatory or government agencies as required by law.
- We also process your personal information when it is in our legitimate interest to do so, and the legitimate interest is not overridden by your data protection rights. Here are some examples of our legitimate business interests:
- Developing and maintaining relationships with our Customers and partners;
- Understanding how our Customers use our Website and Products;
- Improving our Website and Products
- Understanding and responding to customer feedback;
- Researching and analyzing the Products our customers want; and
- Securing our business and Products.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, or regarding our legitimate interests, please contact us using the contact details provided under the “Contact Us” heading below.
Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA (as permitted by GDPR), or we will ask your consent.
EEA Resident Rights
You have the right to:
- Ask us for a copy of your personal information
- Correct personal information, erase personal information or to transfer it to other organizations (when technically feasible) at your request (see section titled use of the service by our customers).
- Object to some processing and, where we have asked for your consent to process your personal information, to withdraw this consent.
- Object to some processing where we have a legitimate interest in processing (as explained in the Legal Basis for Processing Personal Information for EEA Residents section above)
- To restrict processing in certain circumstances (for example, where we can demonstrate that we have a legal requirement to process your Personal Information, it is possible that we may continue to do so).
We may ask you to verify your identity and to provide other details to help us to respond to your request.
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer using the contact details provided under the “Contact Us” heading below.
What if I have questions about consent or your use of my information?
Where the processing of your personal information is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.
We may disclose your personal information:
- in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as required by law, such as to comply with a subpoena, or similar legal process
- when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, to protect our rights and property, or the legal rights or property of others,, investigate fraud, or respond to a government request, or
- it would potentially mitigate our liability in an actual or potential lawsuit.
We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you the services, to respond to questions you may have, to enforce our agreements, and to resolve disputes). We will stop using the personal information when we no longer have a legitimate business need to do so. If you request that we remove your personal information at an earlier date, we will do so provided we do not have a separate legal obligation to keep it (for example, a lawsuit involving the information).
If you have consented to receiving marketing communications (emails, etc.) from us, we will retain your personal information for a reasonable period of time from the date you last provided consent, unless you request that we remove it.
If we receive Information derived from cookies or other tracking technologies, we will retain that Information for a reasonable period of time from the date it was collected.
When we have no longer have legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Links to 3rd party sites
Age of Consent
Any questions, complaints or general comments should be directed to:
Phone: +1 617 862 2203
955 Massachusetts Ave
Cambridge, MA 02139
ATTN: Shivang Dave