A. ABOUT THIS POLICY
We are committed to providing you with professional and valuable products and services whilst safeguarding your privacy.
This Data Privacy Policy (also “Policy”) outlines when, why and how we collect, use and otherwise handle (collectively “process”) personal information about our customers (including opticians), potential customers, consumers and users of our websites (“Data Subjects”).
“Personal Data” is any information relating to you, which can be used to personally identify you, either directly or indirectly. We will process your Personal Data, as described in this Data Privacy Policy and as described when we collect data from you. Our Privacy Policy must be read together with any other legal notices or terms and conditions provided or made available to you when we collect data from you (or at a later stage) or that are available on other pages of our websites.
In this Data Privacy Policy
- references to “we”, “us” or “our” means CooperVision Limited and/or the Affiliates (defined below); and
- references to “you” and “your” are to the Data Subjects.
Where you use our websites, we will process your Personal Data collected by using cookies in accordance with our Cookie Policy. Please click here to view our Cookie Policy.
B. WHO IS RESPONSIBLE FOR YOUR DATA?
CooperVision Limited, with its head office at: Delta Park, Concorde Way, Segensworth North, Fareham, Hampshire, PO15 5RL, registered in the companies register maintained by Companies House, under company number 03685161 “CooperVision”) is the data controller of your Personal Data.
We can be contacted at by email: dpo@coopervision.com or by post using the address set out above.
Where CooperVision shares Personal Data with CooperVision Affiliates (“Affiliates”, which means our subsidiaries, our ultimate holding company and its subsidiaries), the Affiliates are also data controllers as explained in this Data Privacy Policy. Details of the Affiliates, including their locations, are listed here.
C. WHAT PERSONAL DATA DO WE PROCESS AND WHY?
We set out below a table below which provides a non-exhaustive list of the types of Personal Data that we collect, the purposes for which that Personal Data is processed and the legal basis we rely upon to process such Personal Data.
Data Subject category | Type of information | Purposes of processing | Legal basis of processing |
---|---|---|---|
Customers (including opticians, stores staff) |
|
|
|
Potential customers |
|
|
|
Consumers (including participants in promotional events and individuals participating in educational events) |
|
|
|
Users of our websites |
|
|
|
Our business purposes – we will also use your Personal Data for our internal business purposes (our legitimate interests) such as:
- record keeping, statistical analysis, internal reporting and research purposes;
- to investigate any complaints you make;
- to provide evidence in any disputes or anticipated disputes between you and us;
- for the detection and prevention of fraud, manual (non-automated) credit checking, other criminal offences and for risk management purposes;
- for business and disaster recovery (e.g. to create back-ups);
- to ensure network and information security;
- to host, maintain and otherwise support the operation of our websites, including to customise various aspects of our websites to improve your experience;
- for document and data retention/storage;
- to protect the rights, property, and/or safety of CooperVision , any of its Affiliates, its personnel and others; and
- to ensure the quality of the services we provide to our clients and other Data Subjects.
We believe the risk to your data protection rights in connection with Personal Data that we process on the basis of our legitimate interests is not excessive or overly intrusive.
We may be required to process your personal information to comply with our legal requirements, to enable us to fulfil the terms of any contract that we have with or in preparation of us entering into a contract with you.
D. HOW AND WHEN DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?
This section describes with whom we may share your Personal Data.
- Data sharing within CooperVision group
CooperVision may share your Personal Data with its Affiliates (details of the Affiliates, including their locations, are listed here:
- where we need to do so in order to provide the products and/or services or information that you have requested; for example, we may transfer your Personal Data to CooperVision Limited in the UK for central support services; or
- for the purposes of IT support and maintenance; or
- internal governance and administration; or
- if you consent to us doing so (e.g. when you give us consent for marketing communications with Affiliates); or
- to comply with our legal or regulatory obligations; for example, we may transfer your personal data to CooperVision Inc. in US which hosts our database of product and patient regulatory information.
- Data sharing with service providers
We also share your Personal Data with our third party service providers, whom we engage to provide various services, which include but are not limited to:
- delivery of our products (e.g. couriers);
- marketing and advertising services (e.g. marketing agencies, interactive agencies, e-mailing solution providers);
- our websites (e.g. hosting and maintaining our websites); and
- IT services and solutions (e.g. providing data storage, assisting us with database management).
- Data sharing with other recipients
We may also share your Personal Data with:
- our accountants, auditors, lawyers or other professional advisers when we ask them to provide us with professional advice;
- any other third party if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property and/or safety of CooperVision, any of its Affiliates, its personnel and others;
- any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation;
- police and other law enforcement agencies in connection with the prevention and detection of crime; or
- investors and other relevant third parties in the event of a potential sale or other corporate transaction related to CooperVision and/or any of its Affiliates.
E. INTERNATIONAL TRANSFERS OF PERSONAL DATA
The transfer of your Personal Data to and between the Affiliates, service providers or other recipients may involve your Personal Data being sent outside of the European Economic Area (“EEA”). Where we transfer personal data outside of the EEA we will implement appropriate and suitable safeguards to ensure that such Personal Data will be protected as required by applicable data protection law. For example where your Personal Data is transferred to CooperVision Affiliates, the safeguards which we typically put in place are the European Standard Contractual Clauses as permitted by data protection law and in particular Article 46(2) of the General Data Protection Regulation 2016/679.
You can request further details about the safeguards that we implement by contacting our Data Protection Officer at: dpo@coopervision.com.
F. HOW LONG DO WE STORE PERSONAL DATA?
It is our policy to retain your Personal Data for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfilment of an agreement with you). However, we may be obliged to store some Personal Data for a longer time, taking into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements);
- the establishment, exercise or defence of legal claims (e.g., for the purposes of a potential dispute).
If you would like to find out how long we keep your Personal Data for a particular purpose, you can contact us at: dpo@coopervision.com.
For more information on how long cookies are stored, please refer to our Cookie Policy.
G. HOW DO WE PROTECT YOUR PERSONAL DATA?
We implement technical and organisational security measures to protect your Personal Data against the risk of loss, misuse, or unauthorised alteration or destruction. Such measures may include the use of firewalls, encryption (where appropriate), access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your Personal Data. Where appropriate, we may also make backup copies and use other such means to prevent accidental damage to or destruction of your Personal Data.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you online we will use a recognised online secure payment system.
H. YOUR RIGHTS
The following section explains your data protection rights that you can exercise. The rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. You can exercise these rights using the contact details set out in Section I (How to Contact Us).
- The right to be informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data. This is why we are providing you with the information in this Data Privacy Policy and in any legal notices or terms and conditions provided to you.
- The right of access – you have the right to receive a copy of your Personal Data that we hold about you, subject to certain exemptions.
- The right to rectification – you can ask us to take measures to correct your Personal Data if it is inaccurate or incomplete (e.g. if we have the wrong name or address for you).
- The right to erasure – this is also known as the ‘right to be forgotten’ and, in summary, enables you to request the deletion or removal of your Personal Data in certain circumstances. For example (i) where your Personal Data is no longer necessary in relation to the purposes for which they were collected or otherwise used; (ii) if you withdraw your consent and there is no other legal ground which we are able to rely on for the continued use of your Personal Data; (iii) if you object to the use of your Personal Data (as set out below); (iv) if we have used your Personal Data unlawfully; or (v) if your Personal Data needs to be erased to comply with a legal obligation.
- The right to restrict processing – You have the right to suspend our use of your Personal Data in certain circumstances. For example (i) where you think your Personal Data is inaccurate and only for such period to enable us to verify the accuracy of your Personal Data; (ii) the use of your Personal Data is unlawful and you oppose the erasure of your Personal Data and request that it is suspended instead; (iii) we no longer need your Personal Data, but your Personal Data is required by you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the use of your Personal Data and we are verifying whether our grounds for the use of your Personal Data override your objection.
- The right to data portability –You have the right to obtain Personal Data that you have provided to us in a structured, commonly used and machine-readable format and for it to be transferred to you or another organisation, where it is technically feasible. The right only applies where the use of the Personal Data you provided was with your consent or for the performance of a contract with you, and when the use of your Personal Data is carried out by automated (i.e. electronic) means.
- The right to object – You have the right to object to the use of your Personal Data in certain circumstances. For example (i) where you have grounds relating to your particular situation and we use your Personal Data for our legitimate interests (or those of a third party); and (ii) if you object to the use of your Personal Data for direct marketing purposes.
- The right to withdraw consent – where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time.
- The right to object to a decision which is based solely on automated processing - You have the right in certain circumstances not to be subject to a decision which is based solely on automated processing without human intervention.
- The right to complain to the relevant data protection authority - You have the right to complain to the relevant data protection authority, which is, in the case of CooperVision Limited, the Information Commissioner's Office, where you think we have not used your Personal Data in accordance with data protection law. The ICO's contact details are: Information Commissioner's Office, Wycliff House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.
We will generally respond to your request within one month of receiving your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.
We will not charge you for such communications or actions we take, unless:
-
you request additional copies of your Personal Data undergoing processing, in which case we may charge for our reasonable administrative costs, or
-
you submit manifestly unfounded or excessive requests, in particular because of their repetitive character, in which case we may either charge for our reasonable administrative costs or refuse to act on the request.