Eyeconic Privacy and Security Policy
Protected Health Information
Eyeconic will have some information, e.g., your prescription, that may
be considered “protected health information” (“PHI”) under the federal Health Insurance Portability and Accountability
Act (“HIPAA”). Your eye care provider (“ECP”), not Eyeconic, is obligated by HIPAA to provide you with a "Notice of
Privacy Practices" regarding how your PHI will be treated. As between you and Eyeconic, this Policy covers any PHI that
Eyeconic has as well as non-PHI. As between Eyeconic and your ECP (and/or other service providers), Eyeconic and the
service providers may be obligated to comply with “business associate” agreements. Under those, your PHI will be used
to facilitate the sales to you of contact lenses and prescription glasses, and to document and enforce those transactions.
Eyeconic and other service providers may also make other legitimate and lawful uses of your PHI, such as to: contact
your ECP to confirm your prescription is accurate and up to date, use PHI to fulfill legal obligations, allow some
government regulators access to PHI, or follow your or your ECPs instructions or authorizations in regard to usage
of PHI. The business associate agreements are subject to change and if there is ever a conflict between this
Policy and the applicable agreement, the business associate agreement will control.
Eyeconic will have some information, e.g., your prescription, that
may be considered “protected health information” (“PHI”) Eyeconic does not send you e-mail or postal mail that is
primarily intended to advertise or promote commercial products or services (“Direct Marketing Materials“ or “DMM”).
Accordingly, there is no need for you to “opt out” of receiving DMM. We may send (by e-mail or postal mail)
“transactional or relationship” messages as defined in the U.S. “CAN-SPAM Act of 2003” or its regulations, which
are related to the fact that you do or have done business with Eyeconic. We may also communicate with you as allowed
by law or this Policy, including responding to your inquiries of us via any means, e.g., by phone, e-mail or letter.
Information About Our Privacy and Security Practices
Information we collect that does not personally identify you:
- The Site collects information that does not personally identify you ("NonPII"), which is commonly collected
on the Internet. For example, we collect: the name of the domain and host for your Internet access, e.g., AOL,
MSN; your computer's Internet address, browser software, and operating system; dates and times of access or
actions; and the Internet address you left before reaching us. We use "cookies" or other technological mechanisms
to collect this kind of information. You may set your browser to warn you that cookies are in use, or to block
track of the contents of the items you initially select for ordering and to allow you to enter your password
less frequently during a session. Most browsers are set to accept cookies. If yours is not and if you want to
place an order, you will need to go to your browser user preferences to enable cookies.
- We use NonPII for ordinary business purposes, such as to measure Web page flow and also to customize
features or improve the Site. Generally, we do not share NonPII with unaffiliated third parties other than
our service providers but reserve the right to do so.
Information we collect that does personally identify you:
- Outside of Non-PII, we ordinarily collect the types of personally identifying information listed in Category
Information, depending upon your activities at our Site. Click on the link to “Category Information” to see those
categories. Some of the information is collected from you during your use of the Site. We also collect public and
Non-PII from third parties for various purposes, including, without limitation, to help us gain comfort that we
are dealing with you instead of someone posing as you, to effect or document a transaction, or to share with
persons with whom we are allowed to share such information.
- We generally will not:
- rent or sell your name and address (postal or e-mail) to unaffiliated third parties as part of our general
“customer list,” except as part of an actual or potential financing or corporate transaction (such as a merger,
sale of assets, or the like); or
- disclose your credit card or other payment method information (subject to the below principles).
The above assumes, of course, that no fraud or other harm is suspected–if it is, we may disclose information
consistent with applicable law and in a manner we believe to be appropriate.
- Subject to applicable law and except for what we have said we generally will not do, we reserve the right
to use, disclose, share, sell, retain and otherwise deal with (collectively “disclose”) all information collected
via the Site, internally or to third parties, for any lawful purpose or to prevent harm to us or others. For
example and without limitation, in our discretion we may disclose information:
- to your ECP,
manufacturers, service providers and others in order to deal with orders, requests and questions from you or
your ECP or related matters; to personalize or enhance transactions; to verify, process, store, enforce,
investigate and/or collect actual or potential transactions etc.; and to assist or respond to any of the forgoing
or our consultants (such as auditors and lenders etc.);
- to government regulators, law enforcement authorities or alleged victims of identity theft, including voluntary disclosures;
- about any matter relating to the Site, transactions, products;
- as required or allowed by law. We reserve the right (but do not undertake a duty) to notify you of court orders,
subpoenas or other legal process (if allowed). If you do not want us to respond to legal process compelling us to
disclose your information, you need to seek a valid order permitting us to refuse to disclose it and serve the
order on us at least 3 business days before the response deadline; and
- not listed in this Policy but which is not prohibited by law from being disclosed.
We do not purport to have listed all possible disclosures that we might make—this Policy is intended to help
you understand our general practices. This Policy is not a promise that your information will never be disclosed
except as described herein. For example, third parties may unlawfully intercept or access information
transmitted to or contained on the Site, technologies may malfunction or not work as anticipated, or
someone might access, abuse, or misuse information, despite a lack of permission. Although we use what
we believe to be commercially reasonable practices to protect your privacy, that does not mean, and you
should not expect it to mean, that your information or communications will always be private or protected.
Perfection does not exist on or off the Internet.
- We generally will retain information for as long as required, allowed or for as long as we believe it useful,
but do not undertake retention obligations. We may dispose of information in our discretion without notice, subject to applicable law.
You may review the information in Eyeconic and update it by editing your profile
with the appropriate information online. We may keep a record of all information even if it is changed or deleted, and we
may use or disclose it to your ECP and/or for any lawful purpose. You may not change information that is relevant to the
existence or integrity of a transaction or that we are required to keep, and we reserve the right to determine what
information may be changed. Also, you may not change information regarding previously submitted orders or claims.
Information about security:
- For transactions involving credit or debit cards, we will use secure socket layer (SSL) encryption to protect
the transmission of credit card information through our Site.
- Your e-mails to us are not necessarily secure against interception and you should not include sensitive
information in those e-mails—we generally will not ask for your credit or debit card number, password, prescription
or other sensitive information in an e-mail, and you should assume that if you get such a request, it might be fraudulent.
- Except for the SSL transmissions, the Site is not encrypted. However, access to the Site and to your user data is
restricted by your password. You are responsible for ensuring the security of your password.
- Neither humans, passwords, nor security systems, including encryption, are foolproof or necessarily work as intended.
Furthermore, people can commit intentional crimes, make mistakes, or fail to follow policies. Although we take what
we believe are commercially reasonable security precautions, we do not guaranty the security of information and you
agree to do what you reasonably can to help promote security (such as by not sharing your password with anyone).
We are required in some circumstances, e.g., if you are a resident of California and other conditions are met, to
disclose a breach of the security of personal data held by us. We may give that notice when required, either by
posting it on the Site or by giving notice at your e-mail address on file with us, as permitted by law.
You agree to check the Site periodically, particularly if you use spam filters, which can sometimes mischaracterize and block e-mails.
Like you, Eyeconic is concerned about the safety of children. Eyeconic has
no intention of collecting personal information from children under the age of 13. Any transactions on our Site conducted
for children ages 13 – 18 should only be conducted under the supervision of that child’s parent or guardian. However,
if you give your password to your child, then it could become an issue. If a child has provided his or her personal
information, a parent or guardian may so inform us by e-mailing firstname.lastname@example.org or calling 1-877-478-7553
toll free, and we will use commercially reasonable efforts to delete that child’s personal information from our database
(subject to applicable law and this Policy). For more information about children’s privacy on the Internet, please see
Information about enforcement of our Policy:
This Policy is part of the Terms of Service for Eyeconic. As a contract,
those Terms (and this Policy) are binding. If you think Eyeconic is in default, you may contact us at our Legal Notices
Information about: Legal Notices; Identity Theft:
- Notices Generally. You supply us with your e-mail address when you place an order on our Site. At our option and
except as otherwise stated in our Terms, we may give you notice by e-mail, including notices required to be given by law.
We also reserve the right to instead post notice on the Site and/or to give notice by postal mail or any other legal means.
When we provide notice other than by posting it, we will use one of the addresses you gave us.
- Legal Notices. Subject to applicable law and this section, you:
- agree that we may send you legal notices by e-mail or by posting such notices on the Site. You agree to keep us
apprised of your current e-mail address and to check for posted notices (if any) on the Site; and
- acknowledge that there is only one of you but we facilitate several services and receive many e-mails, and not all
employees are trained to deal with every kind of communication. Accordingly, you agree to send us all legal notices,
including (but not limited to) any notices relating to identity theft or breach, by mailing them to Eyeconic, Inc., 10875
International Drive, Suite 200, Rancho Cordova, CA 95670 (“Our Legal Notice Address”). If you send your notice by certified mail,
return receipt requested, the post office will send you proof of our receipt upon delivery to us. If a law, nevertheless,
requires us to accept e-mail notice, call us at 1-877-478-7553 for our address established for receipt of such notices (if any).
- Identity Theft. If you or any other person believes they are a victim of identity theft and are therefore
entitled by law to request information from your/their ECP or us, write us at our Legal Notice Address and also provide
all Required Information . We will supply, without charge, the information legally required to be disclosed that
we then have, subject to applicable law and reserving all rights and defenses.
Amendment of this Policy:
We reserve the right to change this Policy in our discretion in accordance
with the provisions in the Terms regarding amendments.
We use data collection devices such as “cookies” on certain pages of the Site
to assist in the administration and service of the Site. "Cookies" are small data files that a Web site puts on your computer's
hard drive to remember something about you when you later use that site. For example, cookies can be used to customize pages
based on your browser type. Other technological mechanisms are also used, such as small bits of "gifs" code that goes by various
names, e.g., "one-pixel gifs".
(Categories applicable to all users are marked with an x; categories applicable
only to persons who make purchases are checked—exceptions can apply.)
||First and last name
||Physical address (including street/city)
||Social security number
||Other identifier such as to recognize a password or
permitting physical or online contacting of you
||One of the above that is maintained in combination
with other personally identifiable information for you
||Age or date of birth
||Names of children
||Electronic mail or other addresses of children
||Number of children
||The age or gender of children
||Political party affiliation
||Medical prescription (for contact lenses)
||Drugs, therapies, or medical products or equipment used
||The kind of product purchased
||Your preferences for products, programs or services and
participation in any of our surveys or promotions etc. (including info you provide through them)
||Real property purchased, leased, or rented
||Credit card number
||Other payment method identifier (e.g., ACH)
||Bank or investment account, debit card, or credit card balance
||Information pertaining to your creditworthiness, assets,
income, or liabilities.
||All information described in our Policy or that you
otherwise provide us, including in any e-mail you send us.
**We reserve the right to add, delete or alter categories from time to time.