OXSIGHT LIMTED PRIVACY POLICY

Welcome to OxSight’s Privacy Policy (“Privacy Policy”). We are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose and protect your Personal Information and respect any rights you benefit from under UK data protection laws.

In this Privacy Policy “we”, “us” and “our” refers to OxSight Limited.

Your Personal Information is controlled by OxSight Limited a company registered in England under company number 10084672. Our registered office and principal place of business is at John Eccles House, Robert Robinson Avenue, Oxford Science Park, Oxford, England, OX4 4GP.

For the purposes of data protection law in the UK, OxSight is a controller of your Personal Information.

Definitions

By “Personal Information” (or “personal data” or “personally identifiable information”) we mean any information relating to an identified or identifiable individual. This is broader than just information of a personal or private nature, and includes information such as your name, date of birth, and e-mail address. Please see section below for what and how Personal Information is obtained from you.

By “Sensitive Personal Information” (or “sensitive personal information” or “special categories of data”) we mean any Personal Information relating to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data processed for the purpose of uniquely identifying that individual or data concerning health and medical conditions. It also includes information about an individual’s criminal offences or convictions, as well as any other information deemed sensitive under applicable data protection laws.

Scope of our Privacy Policy

Our Privacy Policy applies to all Personal Information we collect, use, share or otherwise process through our business activities, both online and offline, which display, link or refer to this Privacy Policy, including:

our website;
our official social media pages;
our e-mails;
any apps we may have;
our online and offline campaigns;
health organisations, opticians and clinics with whom we conduct clinical trials; and
your conversations or correspondence with our company representatives and agents.

Throughout this policy, we will refer to our online activities as “Sites” and to our offline activities as “Services”.

Our websites make use of cookies. For more information on this subject, please also consult our Cookies Policy.

Further, when using our Sites or Services, please always also read our Terms of Use.

Fair and lawful processing

We process your Personal Information for the below listed purposes on the basis of your consent, unless stated otherwise. In some cases, we may ask for your explicit consent for processing your Personal Information for a specific purpose.

We only collect, use, disclose or otherwise process your Personal Information where it is fair and lawful to do so.

In many cases providing your Personal Information to us is necessary for the performance of your contract with us; if you do not wish to provide your Personal Information to us, we may not be able to provide you with the products and services you have requested from us.

How do we obtain your Personal Information?

1. Personal Information obtained from you directly

Firstly, we may obtain your Personal Information from you directly, e.g. when you register or submit a consent form on our Sites, where we meet you at a trade event or fair, buy electronic glasses from us or from a clinic or opticians, fill out a survey, make a comment or enquiry, when you call our customer services team, post something on our social media pages, subscribe to direct marketing etc.

Personal Information collected this way may include:

name;
address;
e-mail address;
user name;
telephone number (and recordings when you call our customer support services line);
credit card or other payment information;
age;
date of birth;
gender;
information about your eyesight and medical condition(s) relating to your eyes;
other known medical conditions;
your mobility;
mobility devices you use;
your employment status;
information, feedback or content you provide regarding your marketing preferences;
user-generated content, posts and other content you submit to our Sites;
in limited circumstances, information about your family or other individuals that you have provided to us. In such cases, we assume that you have the authority to share any personal information you provide to us about them;
any other Personal Information you voluntarily provide us with directly.

2. Personal Information collected automatically

Secondly, some Personal Information may be collected automatically when you visit or use our Sites (and those of our third party service providers acting on our behalf), such as information collected by cookies and other technologies (such as web analytic tools and pixel tags) on our website. Please also consult our Cookies Policy for more information on how we make use of cookies and other automated means of data collection.

Personal Information collected this way may include:

information about your (mobile) device or your type of browser;
information about the way you use our website, such as details of the web pages you have viewed, the banners and the hyperlinks you have clicked, etc.;
whether you have opened e-mails sent by us to you;
the websites you have visited before arriving at our website;
your IP address;
the hyperlinks you have clicked;
your user name, profile picture, gender, networks and any other information you choose to share when using third party sites (such as when you use the “Like” functionality on Facebook or the +1 functionality on Google+);
your MAC address;
information you choose to share by using social media tools incorporated in our website or using your social media log-in details to access our website; and
information you share with us about your location.

We will only use that information where you have agreed that we can.

3. Personal Information obtained from other sources

Lastly, we may also collect Personal Information about you from other sources. These other sources may include:

clinicians who are involved in assessing the suitability of our products and services or the health of anyone who may wish to use our products and services;
our trusted business partners;
social media sites;
consumer research and health organisations;
carers, guardians or parents who are responsible for you and acting on your behalf (but this is always with your consent);
credit reference agencies; and
intermediaries that facilitate data portability.

For which purposes, may we use your Personal Information

We use your Personal Information for our following business purposes:

to carry out an initial assessment of the suitability of our products and services for you;
to understand the affordability of our products and services to you or any credit facility that you wish to apply for to pay for such products;
based on your contract with us, handling and managing your purchase, for instance to communicate to you with respect to your purchase, to process your payments, to deliver the purchased products and services, and to offer you the necessary customer service and after care services;
allowing you to participate in feedback and surveys;
allowing you to share information and ideas on our social media pages, forums, blogs and other communication channels, to participate in social sharing and to send messages to a friend through our Sites or the websites of our trusted business partners;
better understanding your needs and requirements in order to provide you with more relevant information, analyzing, assessments and evaluating our business activities, testing, developing and evaluating new products and improving our existing products and services, conducting market research and audits, identifying user trends and examining the degree of effectiveness of our marketing campaigns and degree of satisfaction of our customers;
telling you about our products and services, and sending you promotional materials (such as announcements relating to new products, promotions, savings programs, joint promotions and other programs) relating to our products, subject to your consent to such marketing where required by local law;
responding to your requests or enquiries;
dealing with any product complaints you report to us;
administering general record keeping; and
meeting legal and regulatory requirements.

Our use of your Personal Information is permitted by law because:

it is necessary for our legitimate interests in the effective delivery of information, assessments, services and products to you and in the effective and lawful operation of our business (in each case provided such interests are not overridden by your rights);

it is necessary for taking steps to enter into a contract with you for the products you purchase, or for carrying out our obligations under such a contract;

it is required to satisfy any legal or regulatory obligations that we are subject to; and

in limited circumstances and if required by law, you have agreed to us processing your Personal Information, such as when you opt in to marketing, or processing with your explicit consent in the case of Sensitive Personal Information, such as health and medical information.

We may create anonymous data records from Personal Information by excluding information (such as your name) that make the data personally identifiable to you. We use this anonymous data to analyse our products and services. We reserve the right to use such anonymous data for any purpose and disclose anonymous data to third parties, including but not limited to our research partners, in our sole discretion.

To whom we may disclose your Personal Information

1. Third party service providers

We may share your Personal Information with trusted third party service providers who work on our behalf, such as clinics, opticians, customer call support agents, consultants, accountants, business partner, marketing agencies, market research companies, software, data hosting and other IT service providers, authorised third parties selling OxSight products, payment processors, etc. These third party service providers are required not to use your Personal Information other than to provide the services requested by us or otherwise in accordance with our instructions.

2. Acquisitions

If another company acquires (part of) our company, business, or our assets, that company may acquire all or part of the Personal Information collected by us and will assume the rights and obligations regarding your Personal Information as described in this Privacy Policy. In the unlikely event of an insolvency, bankruptcy or receivership, your Personal Information may also be transferred as a business asset, subject of applicable law.

3. Disclosures

We may disclose your Personal Information if we believe in good faith that such disclosure is necessary for our legitimate interest or prudent in light of our obligations under applicable law:

in connection with any legal investigation;
to comply with relevant laws or to respond to court our authority orders, subpoenas or warrants served on us;
to protect or defend our rights in legal procedures; or
to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or the Terms of Use.

How we protect your Personal Information

We value the trust you place in us.

We have implemented appropriate technical and organisational measures to protect your Personal Information against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access and against all other unlawful forms of processing.

When collecting or transferring Sensitive Personal Information we use a variety of additional security technologies and procedures to help protect your information.

The Personal Information you provide us with is stored on computer systems located in controlled facilities which can only be accessed by a limited number of persons who have a need to know in order to carry out their tasks and any services requested by you.

When we process highly confidential information (such as credit card numbers) over the Internet, we protect it through the use of encryption using a Secure Barclaycard Terminal.

Your choices regarding direct marketing

We may periodically send you free newsletters, surveys, offers, and other promotional materials related to our products and services which we believe are useful for you, if you have consented (opted-in) to receive such messages via e-mail or any other electronic.

If you do not wish to receive such communications anymore, you will always have the opportunity to “opt out” by following the unsubscribe instructions provided in each of our direct marketing e-mails or by contacting us directly (please see our contact information at “how to contact us” below).

Where permitted under applicable law, we may send you service messages identifying any updates to our Privacy Policy (even where you have opted out of receiving marketing messages from us).

Your rights

You have the right to:

request a copy of Personal Information we hold about you;
ask that we restrict the way in which we use your Personal Information;
ask that we update the Personal Information we hold about you, or correct any Personal Information that you think is incorrect or incomplete;
ask that we delete personal data that we hold about you (the “right to be forgotten”);
withdraw consent at any time for the future to our processing of your Personal Information (to the extent such processing is based on consent);
object to our processing of your Personal Information (including for direct marketing purposes); or
request your personal data be transferred to you or another data controller (the “data portability” right).

If you would like to exercise these rights or understand if they apply to you, please click here to complete and submit an online request form. Alternatively, you can get in touch using the details set out at “how to contact us” below.

Complaints

If you are unhappy with the way we have handled your Personal Information or any privacy query or request that you have raised with us, you have a right to complain to your local data protection regulator.

How long we retain your Personal Information

We will only retain your Personal Information as long as reasonably required for the purposes as set out in this Privacy Policy or otherwise to comply with legal or regulatory requirements applicable to us.

When your Personal Information is processed:

for the performance of your contract with us, we retain your Personal Information for a period of 7 years following completion of a contractual order;

for meeting, legal and regulatory requirements, we retain your Personal Information as it is set out by the applicable law; and

In all other cases, we process your Personal Information, depending on the type, for up to 2 years from the date of our last interaction with you.

Transfers to other countries

Your Personal Information may be transferred to and processed in other countries where laws governing the processing of Personal Information may be less stringent than the laws in your country (including jurisdictions outside the European Economic Area).

In such cases, where required by local law we will ensure that there are adequate safeguards in place to protect your Personal Information. This adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved by the European Commission. Where we are legally required to do so, further details of these transfers and copies of these agreements are available from us on request.

To the extent required and valid under UK data protection laws, you consent to your Personal Information being transferred and processed this way.

How to contact us

We welcome your feedback. If you have any comments, questions or complaints regarding this Privacy Policy or our processing of your Personal Information, or would like to exercise any of the rights set out at “Your rights” above, you can contact us by sending an e-mail to [privacy@co.uk] or write to us at OxSight Limited, John Eccles House, Robert Robinson Avenue, Oxford Science Park, Oxford, England, OX4 4GP.

Changes to this Privacy Policy

This Privacy Policy was last modified on 18th June 2018. This document is a notice to you and not a contract between us. We may occasionally modify or amend it from time to time. When we make changes to this Privacy Policy, we will take steps to notify you of any changes where we are required to do so by applicable law.