PlenOptika, Inc.
Privacy Policy

Last Update: October 29, 2018

At PlenOptika, we take privacy issues seriously. This privacy policy is an outline of the ways in which we collect and use the personal information you provide, and describes the choices available to you and the rights that you have regarding our use of your personal information and how you can access and update this personal information. Personal information is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.
If you have any questions or concerns about our use of your personal information, then please contact us using the “Contact Us” details provided at the bottom of this privacy policy.

This privacy policy is divided into several parts:

Part 1 applies to information about visitors to our website, www.plenoptika.com. In this privacy policy, www.plenoptika.com is referred to as the “Website” and visitors to the website are referred to as “Website Users”.

Part 2 applies to information provided by our customers who use the device, Quicksee (“Quicksee” and our companion app (the “App”). In this privacy policy, Quicksee and the App will collectively be referred to as the “Product” and our customers will be referred to as “Customers”.

Part 3 applies to both the Website and our Product.

PART 1: THE WEBSITE

What information do you collect on your Website?

When you browse our Website, we receive information that helps us learn about your browser and operating system. There are ways to control your browser settings to indicate when we have set a cookie in your browser, and you have the ability to control our use of cookies and third-party analytics with respect to your use of Website (please see the section on cookies below). Please note that disabling certain cookies may prevent the Website from functioning properly. Your device may also have controls that determine the information collected. Browser and operating system information, if provided by you, helps us analyze trends in the aggregate and improve and administer our Website. If you consent to our use of cookies and third party analytics, this Information may include your IP address, your browser type, your internet service provider, the pages you viewed, your searches, your operating system and system configuration information, and date/time stamps associated with your usage.
Any information you choose provide on our Website will be stored. For example, if you register on our Website via the “Contact Us” form, we will use the information you provided on our Website (including name, email address, company name, phone number, state, country, type of organization, and any other data you include in the fields) for internal purposes to send you information about our Products, to respond to your questions, and send you newsletters or catalogues in accordance with your marketing and communication preferences, and/or to improve our web site and marketing efforts.
For the avoidance of doubt, this privacy policy also applies to any access of the Website via a mobile device.

How do you use information collected via the Website?

We use the information we collect to help our Website to create a better experience for you. We use the non-personal information that we collect for such purposes as: counting and recognizing visitors to the Website; analyzing how visitors use the Website; improving the Website; enhancing users’ experiences with the Website; enabling additional website analytics and research concerning the Website; and managing our business, and to comply with legal and/or regulatory requirements.
We may send you emails and newsletters about our Website, if you consent to receiving such emails by registering on our Website to be on the mailing list. These emails may include other updates, promotions and PlenOptika advertisements.
Please note that at this time we do not honor web browser Do Not Track (“DNT”) signals or other similar mechanisms.

How do you get my consent?

You provide your consent to our using information in accordance with this privacy policy when you enter your information into various fields. There is an indicator on each page that collects this information notifying you that the information will be used in accordance with this privacy policy.

How do I modify Information or withdraw my consent?

If you no longer wish for us to continue to collect your information, you may stop using the Website at any time. You may unsubscribe from our email mailing list by using the “unsubscribe” feature located at the bottom of the email you received from us.

Google Analytics

The Website uses Google Analytics to help collect and analyze certain information for the purposes discussed above. Google Analytics may set and/or access a cookie and/or web beacon. You may opt out of the use of cookies by Google Analytics here. Google’s privacy policy is located here https://policies.google.com/privacy and information about how Google uses partner information is located here: https://policies.google.com/privacy/partners. Google Analytics is governed by Google’s privacy policy (and not this policy), so we advise you to please read the privacy statements linked above.

Credit Card Payments via the Website

If you place an order via our online store, we will ask you for your name, phone number, e-mail address, shipping and billing address, and other information so we can fulfill your order. Please note that we use a third party payment service provider, and by providing this information to us, you are simultaneously providing the same information to our provider.

You understand that payment processing and storage of your credit card information are handled by Shopify, Inc. via Shopify Pay Services.  Shopify, Inc. in turn uses Stripe, Inc. to process payments.  All of the information that is provided to Shopify is also provided to Stripe. Shopify/Stripe will collect your credit card information and charge your credit card for the order, as further detailed below.

By using your credit card to make a payment on this website, you agree to comply with the terms and conditions set forth at https://www.shopify.com/legal/terms and https://pay.shopify.com/en/tos-privacy-policy#terms-of-service. Please review these terms and conditions, and please note that PlenOptika is not a party to these terms and conditions.

For more information about Shopify’s privacy practices, you should review https://www.shopify.com/legal/privacy and for more information about Stripe’s privacy practices, you should review https://stripe.com/us/privacy. Reviewing these policies will help you understand how these entities collect, use and safeguard the information you provide as part of a credit card transaction on our Website.

You agree to provide current, complete and accurate credit card and account information for all purchases made on our Website. You agree to make all payments for any order placed by you.

Neither Shopify nor Stripe is a bank or a money services business (“MSB”) nor do they offer banking or MSB services as defined by the United States Department of Treasury.

Shopify/Stripe may add or remove one or more types of cards as a supported payment card any time without prior notice to you, including, without limitation, any international credit cards. If you are paying for your order with a credit card issued outside of the United States, and such credit card is accepted by Shopify/Stripe, your purchase price may change with the exchange rate, and you may be charged a conversion fee by your bank or credit card.  Please contact your back or credit card company for more information regarding their specific policies for international purchases.

PlenOptika, Shopify and Stripe maintain commercially reasonable administrative, technical and physical procedures to protect all the personal information regarding that is stored in their servers from unauthorized access and accidental loss or modification. However, PlenOptika, Shopify, and Stripe cannot guarantee that unauthorized third parties will never be able to defeat those measures or use such personal information for improper purposes. You acknowledge that you provide this personal information regarding at your own risk.

Some or all of the payment services may be provided from systems located within the United States or countries outside of the United States. As such, your cardholder data  may be transferred, processed and stored outside of the United States and may be subject to disclosure as required by applicable law.

Social Media

The Website may links to third-party websites that incorporate comment and social media features, including, without limitation: Facebook, LinkedIn, Twitter, Google+ and YouTube. The Site may also contain a Facebook “like” button and a Facebook “share” button, A LinkedIn “share” button, and a Twitter “tweet” and “follow” button.
These features may collect Information including your IP address, which pages you visit on our Website, and may set a cookie to enable the feature to function properly. If you choose to use these features, you may disclose your Information not just to those third-party websites and services, but also to their users and the public more generally. Because these third-party websites and services are not operated by PlenOptika, PlenOptika is not responsible for the content or practices of those websites or services. The collection, use, and disclosure of your personal and non-personal information will be subject to the privacy policies of the third party websites or services, and not this privacy policy. We advise you to please read the third party privacy policies.

Cookies

PlenOptika uses cookies and similar tracking technologies on the Website. Cookies are small files that are placed on your browser or device by the Website.

There are two types of cookies: session cookies and persistent cookies.

A session cookie expires when you close your browser. Simply exiting your browser will remove all session cookies.

A persistent cookie remains on your hard drive for an extended period of time. For instance, when you return to our Site, cookies identify you and prompt the site to provide your username (not your password), so you can sign in more quickly. You can remove persistent cookies by following directions provided in your Internet browser’s “help” directory.

We use cookies to collect website navigational information so that our Website can remember you and provide you with the information you’re most likely to need. When you browse our Website, we receive Information that helps us learn about your browser and operating system. This information may include your IP address, standard information from your web browser (such as browser type and browser language), your internet service provider, the pages you viewed, your searches, links clicked, your operating system and system configuration information, and date/time stamps associated with your usage.

We also use information gained through cookies to compile statistical information about use of our Website, such as the time users spend at the site and the pages they visit most often. These statistics do not include Personal Information. This information helps us analyze trends in the aggregate and improve and administer our Website.

There are ways to control your browser settings to indicate when we have set a cookie in your browser, and you have the ability to control our use of cookies and third-party analytics with respect to your use of Site. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Your device may also have controls that determine the information collected. Each browser is a little different, so look at your browser’s “Help” menu to learn the correct way to modify your cookies. Please note that if you turn cookies off, some features will be disabled that make your Website experience more efficient, and some of our Website features may not function properly. If you would like more information about what cookies we use and how they are used, please contact us using the “Contact Us” details provided at the bottom of this privacy policy.

PART 2: THE PRODUCT

What is the Product?
PlenOptika provides Products intended to make eye care easy for anyone who needs it, including underserved and low-resource communities. QuickSee uses wavefront aberrometry to precisely determine low-order refractive errors, enabling highlight objective measurements anywhere.

For the avoidance of doubt, this privacy policy also applies to any access to the Product via a mobile device.

What information do you collect via the Product and how is this information used?

If you are a Customer, we will collect or use information as set forth in our agreement with you.  Please note that the App only collects information if it is connected to the internet.  The App can be used without internet connection.  Customers should review the applicable documentation to understand how to “opt out” of data collection via the App. If you have any questions about how we collect or use information in the provision of our Product please contact us using the “Contact Us” details provided at the bottom of this privacy policy.

The Product uploads the device log file to our server, and records:

• GPS coordinates of the mobile phone using the App

• Time, date, and location the Quicksee was paired to the App

• Current version of the software used by the Product, and configuration settings, available memory space and hardware specifics

• Information related to Quicksee startup, such as: serial number, initialized libraries, opened databases, paths, and, initialization messages.

On our web-server, the App allows us to view how many different mobile phones have downloaded or uploaded any content by providing a mac address and phone model information, however these mobile devices remain anonymous.

The App downloads a patient ID (with no personal information or personally identifiable data) and measurement file, and coverts its file format to Excel, and deletes the original file.  The App also downloads the log file that was on the QuickSee.  Please note that the measurement file and the log file are two distinct files.  PlenOptika only has access to the log file. Once a Customer downloads the measurement file, it is no longer shared with PlenOptika.  Patient names are not shared with PlenOptika.

What information do you collect about Customers using the Product and how do you use it?

In the agreement, you also consent that in order to provide the Product to you, we may collect information about how you use the Product, including your frequency of use and the actions you perform within the Product. If you use our Product, we will not collect or use information except as set forth in our agreement with you.

Collecting information about how our Customers use the Products helps us provide our Customers with better service, including understanding which features are the most interesting to our Customers.

We use Customer information to create a Customer’s account, to provide the Customer with Products it has ordered, to communicate with our Customers about Products purchased, to offer additional Products, to bill our Customers, and to fulfill the terms of any agreement we have with our Customers. We also use the information to the extent necessary to enforce our agreements and to prevent imminent harm to persons or property. Certain Information may be used for anti-fraud and anti-theft purposes. We will use Customer information to send out important notices, if necessary.

We use the non-personal information that we collect for such purposes as: analyzing how Customer use various features within the Products; improving the Products; enhancing users’ experiences with Products; creating new Products or improving our existing Products; and managing our business, and to comply with legal and/or regulatory requirements.

We may use information for internal research and data analysis to help with product development, and to help us create and improve our Product and for our own advertising and marketing purposes (but only in anonymized or aggregated form).

From time to time, we may also share anonymized and aggregated information about the Products, such as by publishing a report on trends in the usage of the Products.

How do you get my consent?

If you are a Customer of the Products, you consent when you execute an agreement with us, and by continuing to access or use the Products.

How do I modify Information or withdraw my consent if I am a Customer of the Product?

If a Customer wishes to change their personal information (i.e. contact info, username, password) they should feel free to contact us using the “Contact Us” details at the bottom of this privacy policy.

If a Customer no longer wishes to use the Product, the Customer may delete the App and stop using QuickSee. Please note that any such deactivation shall be performed in accordance with the terms and conditions of our agreement with you.

Use of the Products by our Customers

We do not control the content or type of data that our Customers use with the Product, except as set forth in our agreement with each Customer. The data provided by a Customer belongs to the Customer, and is used, disclosed and protected by them according to their privacy policy, not this privacy policy. We process information provided by our Customers as directed by each Customer, and in accordance with our agreement with the particular Customer. If you are a Customer, we will not use your data or content except as set forth in our agreement with you.

We acknowledge that you have a right to access your Personal Information. Please note that if data is provided by a Customer for use with our Product, that Customer controls the data. If you make a request to use to remove this data, we will notify our Customer, and also respond to you within a reasonable timeframe. Please also contact the Customer directly, yourself. Please note that we are not responsible for how our Customers use the data they store within the Product.

We may transfer information inputted into our Products to companies that help us provide our Products. Such transfers are addressed in our agreements with our Customers.

Data Retention Specific to the Product

With respect to information used to provide the Product to our Customers, PlenOptika will retain such information only as set forth in our agreement with the applicable Customer, for at least as long as needed to provide Product to the applicable Customer.

If you provide information to a Customer of ours as part of their use of the Product, that Customer decides how long to retain that personal information. If the Customer terminates their access to our Product, they may receive access to personal information stored within the Product pursuant to our agreement with them.

HIPAA Notice

The Federal Health Insurance Portability & Accountability Act of 2013, HIPAA Omnibus Rule require organizations to maintain the confidentiality of all healthcare records and other identifiable patient health information (PHI) used by or disclosed to us in any form, whether electronic, on paper, or spoken. HIPAA is a United States Federal Law that gives each individual significant rights to understand and control how his or her health information is used. Federal HIPAA Omnibus Rule and state law provide penalties for covered entities, business associates, and their subcontractors and records owners, respectively that misuse or improperly disclose PHI.

Please note that we do not collect PHI via our Website, but our Customer may collect PHI using our Products.  If and to the extent that information that is considered PHI under HIPAA is shared with us, it is shared with us in accordance with the terms of our Business Associate Agreement (“BAA”).  The BAA outlines the various ways that we may use the PHI, and the ways in which we are prohibited from using PHI. Please note that certain Customers may require the use of their own BAA, and such BAA may contain terms that are different from our online BAA. If you have questions about how a particular Customer shares PHI it collects with us or with other business associates, please contact the Customer directly, and review their privacy policies.

Data Processing Addendum

European Union General Data Protection Regulation 2016/679 (“GDPR”), EU Directive 95/46/EC, together with any national implementing laws in any Member State of the European Union and as amended, replaced, or superseded from time to time, including by the GDPR and laws implementing or supplementing the GDPR requires certain protections for specific types of information originating from a European Economic Area.

Please note that if you are a Customer, If and to the extent that information that is considered Personal Data (as defined by GDPR) under GDPR is shared with us, it is shared with us in accordance with the terms of our Data Processing Addendum (“DPA”). The DPA outlines the various ways that we may use the Personal Data. Please note that certain Customers may require the use of their own DPA, and such DPA may contain terms that are different from our online DPA. If you have questions about how a particular Customer shares Personal Data it collects with us, please contact the Customer directly, and review their privacy policies.

 

PART 3: APPLIES BOTH THE WEBSITE AND THE PRODUCT

IMPORTANT NOTICE: Although our Website can be viewed internationally and our Product can be used internationally, many of our computer systems are currently based in the United States. Therefore, please note that all personal information may be processed by us in the U.S.

For more details regarding how we collect, use, and disclose personal information from European Economic Area (EEA) visitors and the additional rights are available to EEA visitors in respect of this personal information, see below:

If you are a resident of the European Economic Area, you have the following data protection rights:

  • If you wish to correct or updateyour personal information, you can do so at any time by contacting us using the contact details provided under the “Contact Us” heading below.
  • In addition, you can object to processingof your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting us using the contact details provided under the “Contact Us” heading below.
  • Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consentat any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a data protection authorityabout our collection and use of your personal information. For more information, please contact your local data protection authority.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Legal Basis for Processing Personal Information for EEA Residents

If you are a from the EEA, our legal basis for collecting and using the personal information described in this privacy policy will depend on the personal information concerned and the specific context in which we collect it.

However, we will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal Information to comply with a legal requirement or to perform under an agreement we have in place with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not, as well as of the possible consequences if you do not provide your personal information (for example, if you do not provide your email address, you will not be added to our email list).

Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.

Here are some examples:

  • We process your personal information with your consent when you register on our Website; and when you agree to receive online direct marketing from us (via email by signing up on our Website via the Contact Us page).
  • We process your personal information as required by applicable law. Applicable law may require us to process your information: for tax purposes, to prevent/detect fraud, and in disclosures to law enforcement and other regulatory or government agencies as required by law.
  • We also process your personal information when it is in our legitimate interest to do so, and the legitimate interest is not overridden by your data protection rights. Here are some examples of our legitimate business interests:
    • Developing and maintaining relationships with our Customers and partners;
    • Understanding how our Customers use our Website and Products;
    • Improving our Website and Products
    • Understanding and responding to customer feedback;
    • Researching and analyzing the Products our customers want; and
    • Securing our business and Products.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, or regarding our legitimate interests, please contact us using the contact details provided under the “Contact Us” heading below.

Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA (as permitted by GDPR), or we will ask your consent.

EEA Resident Rights

You have the right to:

  • Ask us for a copy of your personal information
  • Correct personal information, erase personal information or to transfer it to other organizations (when technically feasible) at your request (see section titled use of the service by our customers).
  • Object to some processing and, where we have asked for your consent to process your personal information, to withdraw this consent.
  • Object to some processing where we have a legitimate interest in processing (as explained in the Legal Basis for Processing Personal Information for EEA Residents section above)
  • To restrict processing in certain circumstances (for example, where we can demonstrate that we have a legal requirement to process your Personal Information, it is possible that we may continue to do so).

We may ask you to verify your identity and to provide other details to help us to respond to your request.

If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Privacy Compliance Officer using the contact details provided under the “Contact Us” heading below.

What if I have questions about consent or your use of my information?

PlenOptika acknowledges that you have the right to access your personal information. Upon request PlenOptika will provide you with information about whether we hold any of your personal information. If you would like us to delete, update, or modify any of your Information, or if you have questions at any time regarding the continued collection, use, storage or disclosure of your Information, please contact us using the contact details provided under the “Contact Us” heading at the bottom of this privacy policy.

Prior Consent

Where the processing of your personal information is based on your previously given consent, you have the right to withdraw your consent at any time. You may also have the right to object to the processing of your Personal Data on grounds relating to your particular situation.

Required Disclosures

We may disclose your personal information:

  • in response to lawful requests by public authorities, including to meet national security or law enforcement requirements or as required by law, such as to comply with a subpoena, or similar legal process
  • when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, to protect our rights and property, or the legal rights or property of others,, investigate fraud, or respond to a government request, or
  • it would potentially mitigate our liability in an actual or potential lawsuit.

Data Retention

We retain personal information where we have an ongoing legitimate business need to do so (for example, to provide you the services, to respond to questions you may have, to enforce our agreements, and to resolve disputes). We will stop using the personal information when we no longer have a legitimate business need to do so.  If you request that we remove your personal information at an earlier date, we will do so provided we do not have a separate legal obligation to keep it (for example, a lawsuit involving the information).

If you have consented to receiving marketing communications (emails, etc.) from us, we will retain your personal information for a reasonable period of time from the date you last provided consent, unless you request that we remove it.

If we receive Information derived from cookies or other tracking technologies, we will retain that Information for a reasonable period of time from the date it was collected.

When we have no longer have legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Security

We take the security of information that we collect very seriously and therefore implement appropriate technical and organizational measures in order to protect it. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Web site, you can contact us using the “Contact Us” details provided at the bottom of this privacy policy.

Links to 3rd party sites

Our Website and Products may include links to other websites whose privacy practices may differ from those of PlenOptika. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Age of Consent

Our Website and Products are not directed at children. If a person under 13 submits information through any part of this Website or Products, and we learn the person submitting the information is under 13, we will attempt to delete this information as soon as possible.  If you are aware of a user under the age of 13, please contact us using the “Contact Us” details provided at the bottom of this privacy policy.

Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it. If we make changes to this privacy policy that materially change the way we use your previously-collected personal information, we will communicate with you either via e-mail or a prominent posting on the Website.

 

Contact Us

Any questions, complaints or general comments should be directed to:

 

Email: legal@plenoptika.com

 

Phone: +1 617 862 2203

 

Mailing address:

955 Massachusetts Ave

#339

Cambridge, MA 02139

ATTN: Shivang Dave