Consumer Health Data
Privacy Policy

Effective Date: June 30, 2024

This Washington Consumer Health Data Privacy Policy (“Privacy Policy”) supplements our Eyeconic Privacy Policy and is provided in accordance with the Washington My Health My Data Act (MHMDA). This Privacy Policy applies solely to (i) residents of the state of Washington and/or (ii) individuals whose consumer health data, (as defined under the MHMDA) is collected in the state of Washington (collectively “you” or “your”), and describes how consumer health data is collected, shared or used by Eyeconic Inc. (“Eyeconic”, “we” or “our”) when you visit the Eyeconic websites or purchase the eyewear products and related services we provide.

This Privacy Policy does not apply to personal information other than consumer health data subject to the MHMDA. Please see the Eyeconic Privacy Policy for information about the use and collection of personal information that is not consumer health data subject to the MHMDA.

This Privacy Policy does not apply to protected health information (“PHI”), as defined under the Health Insurance Portability and Accountability Act (“HIPAA”) that we may collect as a covered entity, or any of the exemptions set forth in the MHMDA. Please see our Notice of Privacy Practices for information regarding our collection and use of your PHI pursuant to HIPAA.

The terms used in this Privacy Policy have the same meaning given to them in the MHMDA.

Categories of Consumer Health Data We Collect

We only collect consumer health data from you as necessary to provide a product or service that you have requested from us, or with your consent to such collection for a specified purpose.

Examples of consumer health data we may collect from you when you visit the Eyeconic website or purchase the eyewear products and related services we provide may include:

  • Information about your health-related conditions or diagnoses, including your eyewear or contact lens prescription information.
  • Biometric data which may include facial mages, or images of your likeness when you use our virtual try-on tool.
  • Precise location information that could reasonably indicate your attempt to acquire or receive health services, products, or information, if you have location settings turned on.
  • Information that identifies a consumer seeking health care services.
  • Inferences or derived information based on the information listed above that we collect about you.

Categories of Sources of Consumer Health Data

We may collect consumer health data directly from you, from your interactions with our websites, products and services, from third parties and our affiliates, and from publicly available sources.

Why We Collect Consumer Health Data and How We Use it

We collect and use consumer health data as reasonably necessary to provide you with the products or services you have requested or authorized. This may include:

  • Providing our products and services to you, to communicate with you about your use of our products and services, to provide you with information about our products and services including information about vision care or health-related services, to provide you with resources and benefits that will help you to manage your heath, personalization of certain product features, ensuring the secure and reliable operation of the products and the systems that support them, troubleshooting and improving the products and other essential business operations that support the provision of the products or services (such as processing your payments, completing transactions you request, analyzing our performance).
  • To authenticate or confirm your identity.
  • To conduct research and development by administering surveys and questionnaires.
  • To protect the services and our business operations; to protect our rights or those of our stakeholders; to prevent and detect fraud, unauthorized activities and access, and other misuse; to conduct risk and security control and monitoring; where we believe necessary, to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Service as well as any additional terms specific to the Eyeconic websites.
  • To comply with the law and our legal obligations.
  • To consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping, and legal functions.
  • We may use consumer health data for other purposes for which we obtain your consent as required by law; for example, for advertising or marketing purposes.

Categories of Third Parties and Affiliates with Whom We May Share Consumer Health Data

We may share each of the categories of consumer health data described above to a third party or affiliate when such sharing is done for the purpose of providing you with the goods or services you have requested or with your consent.

Affiliates. We may share consumer health data with our parent company Vision Service Plan (“VSP”), any of our subsidiaries or affiliated companies, and any successors thereto in the normal course of providing eyewear products and related services, and to communicate with you about your vision care benefits if you are a VSP member. In this regard, your consumer health data may be shared with one of our affiliates for use in providing a service to you that you requested.
Vendors and service providers. We may share consumer health data with vendors and service providers that process such information as necessary to provide the products and services you have requested, perform services for us in connection with the Eyeconic websites, or our other business operations necessary for the provision of products and services to you. This may include sharing your consumer health data with certain vision insurance companies to confirm your vision insurance benefits.
Legal and similar disclosures. We may share consumer health data with law enforcement, the courts, our advisors, attorneys, and others who participate in the legal process, if we believe doing so is required or appropriate to comply with legal requirements and law enforcement requests (such as a court order or subpoena); comply with legal process (such as discovery); or protect your, our, or others’ rights, property, or safety.
Merger, sale, or other asset transfers. If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your consumer health data may be shared with the other parties and advisors involved under an obligation of confidentiality in connection with the negotiation of such transaction, and your consumer health data may be transferred as part of such a transaction (subject to compliance with applicable laws) in order to continue to provide you with the goods or services you have requested.

Your Privacy Rights

If you are a Washington resident and we collect, use, or share your consumer health data subject to the MHMDA, you may have the following rights, subject to certain exceptions set forth in the MHMDA.

  • Right to access – you have the right to know whether we are collecting, sharing, or selling your consumer health data; to access that consumer health data, including receiving a list of all third parties and affiliates and their contact information with whom we may have shared or sold your consumer health data.
  • Right to delete – you have the right to request that we delete certain consumer health data that we may have collected about you.
  • Right to withdraw consent – you make revoke any consent to the collection or sharing of your consumer health data that you may have provided to us, subject to certain exceptions.

How to Exercise Your Privacy Rights

You can make a request to exercise your right to access, deletion or withdrawal of consent by:

  • Calling us toll free at:
    • 1-855-EYECONIC (1-855-393-2664)

Please be aware that we will need to confirm your identity to process your request. We will only use the information you provide to verify your identity or authority to make the request. Making a verifiable request does not require you to create an account with us. We will provide responses to up to two requests per consumer annually, free of charge.

How to Submit an Appeal

If your request to exercise a right under the MHMDA is denied, you may appeal that decision by contacting us by emailing privacy@vsp.com. We will respond to your appeal in writing within 45 days of our receipt of your appeal. If your appeal is unsuccessful, you may contact the Washington State Attorney General at www.atg.wa.gov/file-complaint.