Effective date: 25/06/2020
Our use of any individually identifiable health information you provide is subject to the requirements of the United States’ Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the European General Data Protection Regulation 2016/679 (“GDPR”).
1. Purposes of Data Processing, Legal Bases, Legitimate Interests and Categories of data
We collect, store and process data exclusively in accordance with valid legal stipulations and only as much as this is necessary for the fulfillment of the contract obligations between ourselves and you. This comprises of:
- Identity Data, which includes name, date of birth, gender, and webcam data. The only reason for collecting webcam data during the eye exam is to help us to provide you with accurate results. Through your webcam, we check the conditions of the room, measure your pupillary distance and verify that instructions are followed correctly.
- Contact Data when you create an account, which includes email address, phone number, and home address.
- Health Data, which includes information provided by you regarding your health conditions (e.g. pregnancy, diabetes, and eye surgery) and information collected from your previous glasses and contact lens prescription. When you perform our online eye test, you disclose certain information about yourself by (1) answering a series of questions to determine whether you are eligible to participate in the online eye test (the “Health Questionnaire”), (2) performing a series of tasks to help licensed optometrists or ophthalmologists (each an “eye care professional”) determine whether to issue you an updated prescription, and (3) communicating with us or our eye care professional in connection with your use of the Services (see more information about health data in section 2.1).
- Financial Data, which includes details about your payment status. We use Stripe as a payment processor and do not store payment information ourselves (stripe is an independent personal data administrator and acts as a payment service provided by Stripe Inc., which allows users to make online payments). Payment processing services enable us to process payments by credit card, bank transfer or other means. To ensure greater security, we only share the information necessary to execute the transaction with the financial intermediaries handling the transaction. Some of our services may also enable the sending of timed messages to you, such as emails containing invoices or notifications concerning the payment.
- Technical Data, which includes your internet protocol (IP) address, your login data, browser type, operating system and platform, and other technology on the devices you use to access this website;
- Profile Data, which includes your email address and password for any accounts set up to access our services, purchases or orders made by you and feedback responses;
- Usage Data, which includes information about how you use our website, products and services;
- Marketing and Communication Data, which includes your preferences in receiving marketing from us and our third parties and your communication regarding reminders to finish or redo the test, promotions and informational emails.
All of the above processing of your personal data is conducted on the basis of your consent (Art. 6 Para. 1 lit. a) GDPR). As far as the processing is based on your consent, you have the right to withdraw your consent at any time. To exercise this right you can contact us at any time by email at [email protected]
1.2 Health information
“Health Information or Personal data concerning health” is information that relates to your past and present health or vision conditions (including medications, ailments, and prescriptions) that is derived from your use of our online eye test. Some Health Information may be subject to laws and regulations, including HIPAA and GDPR. Your health information is important to us in order to guarantee that you are eligible to undergo the online eye test and to support our eye care professional on the decision to whether or not issue a new prescription. Like any other personal data processed by us, the legal basis for processing your health information is Art. 6 Para. 1 lit. a) GDPR as the collection of the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
In order to facilitate your use of our online eye test and to help an eye care professional determine your need for an eyewear prescription, we may collect the following information when you use the Service:
- your name, age, email address, username, or other personal information or health information contained in your easee account;
- answers and written information that you submit during the Health Questionnaire.
- your answers to actions taken during the test;
- health Information prepared by an eye care professional who provides you Services.
- any other information that you submit to us in connection with your Health Questionnaire, the test, the prescription check, or the validation service, including information exchanged in emails, texts, chats, or calls between you and easee.
In addition, we may use or disclose your health information to send appointment confirmations and reminders, and communicate with other providers, such as your eye doctor.
2. How do we collect your data?
2.1 Data uploaded by you
You directly provide us with most of the data we collect. Thereby, all the identity data, contact data, health data, financial data and profile data are uploaded by you (see section 2). We will not process any personal data of yours without first asking for your consent (Art. 6 Para. 1 lit. a) General Data Protection Regulation). We collect data and process data when you:
- Register online or place an order for our services;
- Voluntarily complete a customer survey or provide feedback on our message board or via email;
- Use our online eye test;
- Upload your visual acuity or prescription information manually or through an old prescription.
2.2. Information we automatically collect:
- Information from cookies and other technologies
- Web logs and Usage information
We record certain information and store it in log files when you interact with our Services. This information may include device and browser information, operating systems details, device type, internet protocol (IP) address, URLs of referring/exit pages, and search terms.
- Through your computer
We may collect information about your approximate location from your IP address. Your location information is necessary to confirm your location while using the Services, so we can be sure that your results are reviewed by an eye care professional from your region.
3. How do we protect your data?
We have put in place appropriate technical and organizational security measures to prevent your data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. All online interaction with our services is protected with SSL/TLS.
In order to help secure your personal information, access to your data on our website is password-protected, and sensitive data is protected by encryption when it is exchanged between your web browser and our website. To protect any data you store on our servers, we also regularly audit our system for possible vulnerabilities and attacks.
However, it is your responsibility to protect the security of your login information. Please note that e-mails and other communications you send to us through our website are not encrypted, and we strongly advise you not to communicate any confidential information (including medical histories or financial information) through these means.
We will keep backups containing your data for at most 90 days. Additionally, we will irretrievably remove any personal information from our systems and keep anonymized log data for statistical and forensic purposes.
4. How do we use your information?
Some ways we may use your information include:
- to provide, personalize, and improve our Service;
- to provide you with the prescription services;
- to communicate with you, including to respond to your comments or questions, and to send you updates about your prescription;
- to help us improve the customer experience;
- to provide you information, recommendations, and marketing materials about our products and Services (see section 6 and 7);
- Images of you: when you submit a photo, webcam pictures, or other image of you, we don’t share those images with any third parties, but we may use them to assess the conditions of the room, measure your pupillary distance and verify that instructions are followed correctly.
We may use your health information and personal information to determine the vision correction that you need, and for quality assurance, internal testing and analysis, and to make improvements to the Services. Also, to communicate with you through our customer service, including replying to any questions you might have, we may use your health and personal information. In addition, we may use your health information and personal information to remind you to renew your prescription, or to send your old prescription before we can issue a new one.
If you receive an eyewear prescription as a result of your use of our online eye test, we will email you a copy of the prescription and/or add the prescription information to your easee account. If the eye care professional determines that you are not eligible for an updated eyewear prescription through our online eye test, then we will notify you.
5. Processing of your Data for Advertising and Informational Purposes
In addition to processing your data for the purpose of delivering the service, we also use your data in order to exchange information with you concerning your test, including reminders to redo the test, promotions and informational emails. Also, we might email you with special offers regarding our services and products.
We offer you the possibility of registering for our newsletter. The processing of your electronic contact data for this purpose is thus affected solely on the basis of your consent (Art. 6 Para. 1 lit. a) GDPR). You may revoke your declared consent at any time with future effect without giving any reasons. For this purpose, you can contact us via [email protected] and we will reply as soon as possible.
As a customer of easee you will receive emails. This way you will remain informed of the service provision and of any new offers and services that might be valuable to you. All communication through this channel will include an option to unsubscribe from this service.
Please be aware that if you unsubscribe, we will no longer be able to inform you of your vision status in the future. We will use your information only for the above purposes or a purpose closely linked to this. This way, your information will never be used unexpectedly.
7. Sharing your data with third parties
We make sure that any data shared with our partners remains secure and that you give us your consent before we disclose this information.
We will share your personal data with third parties where required by law, where it is necessary to administer our relationship with you or complete our obligations under a contract with you, or where we have another legitimate interest in doing so, as providing you with a service you have expressed interest in. This is the case, for example, when we share your test results with a partner you are willing to acquire eye accessories from, using, therefore, our services in order to first renew your glasses or contact lens prescription.
All our third-party partners are required to take appropriate security measures to protect your personal information. We only permit third-party service providers to process your personal data for specified purposes and in accordance with our instructions. To the extent reasonably possible, we will ensure all third-party providers that have access to your personal data, will act in accordance with relevant data privacy laws. In any case, if we share your information, we do so only as described below.
- With an eye care professional: If you decide to purchase a prescription, we will share your health and personal Information with one or more eye care professionals, who will evaluate the results of your health questionnaire and eye test.
- With our business partners: We may work with business partners such as optical retailers. Therefore, we may provide products or services to you jointly with our business partners. When we do this, we will clearly show you that a business partner is associated with your transaction, and we will only share information with them that is related to your transaction and in accordance with your request to share with that partner.
- For legal purposes: We reserve the right to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with any applicable law.
- With contractors: we may share your information with contractors that help us to provide you with our services, including, for example, payment processing and website-related services, such as web hosting.
- With healthcare providers: Depending on the country you live, we may share your information with your health insurance in order to process your claim and so that we can complete the payment process.
8. No information from children
If you are under the age of 16, please do not attempt to register with us at this Site or provide any personal information about yourself to us. If we learn that we have collected personal information from a child under the age of 16, we will promptly delete that information.
9. EU citizens: what are your personal data protection rights?
- The right to access – You have the right to request copies of your personal data from us. Therefore, we will provide the information once a year, free of charge, on whether personal data concerning you is being processed or not, and if so, what information is being processed.
- The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request that we complete the information you believe is incomplete.
- The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
- The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
- The right to object to processing – You have the right to object to our company’s processing of your personal data, under certain conditions.
- The right to data portability – You have the right to request that our company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our [email protected]
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our website, we may collect information from you automatically through cookies or similar technology.
10.1. What type of cookies do we use?
Functional cookies – we use these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
Advertising cookies – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.
10.2. How to manage cookies?
You can set your browser to not accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
12. Where do we store your data
If you provide us with personal information, your data will be stored in Europe, regardless of the country you live in. Therefore, by using and accessing our Services, users who reside or are located in countries outside of the European Union agree and consent to the transfer and processing of personal information on servers located outside of the country where they reside.
14. How to contact us