(a) Personal Data You Provide. When you register or otherwise interact with the Site, we may ask that you provide us with certain personal data to facilitate your use of the Site.
Members: Personal data we collect may include your name, personal or work-related email address, postal address, contact information, date of birth, gender, VSP user ID, employer’s name, benefit entitlements, bank account details, name and relationship of other persons with benefit entitlements such as your partner or children (“dependents”). In addition, you may be required to provide us with sensitive personal data related to your or your dependent’s health, such as your eye-care diagnosis and details about the eye-care treatment received and products purchased.
Eye-Care Professionals: Personal data we collect may include your name, practice name, address and contact information (incl. email address), professional details such as your certification/qualification, VSP user ID, bank account details, billing information, details of the services and products you provided to our members and foreign language capability (if applicable).
Non-Registered Users and Visitors: Any visitor of our Site can access the publicly available areas of our Site without the need to login or provide any personal data. Some features may allow us to collect personal data relating to your use of the Site (see paragraph 2(b) below) and information provided by you in comments and feedback regarding the Site. If you want to access the restricted non-public area of the Site, you will also be required to create a username and password to establish an account.
All Users: Some of the information we ask you to provide is identified as mandatory, and some as voluntary. If you do not provide the mandatory data where requested, we may not be able to provide you with the products and services you require or you may not be able to fully utilize and view the Site.
(a) Use by the Company. We collect, use, store and share your personal data (as further specified in paragraph 2) to facilitate the use of the Site and for the purposes more particularly described below:
Members: To manage, administer, coordinate and review the enrolment and provision of your entitlements and related services, verify your eligibility and coverage, process and administer your claims, make payments in relation to covered products and/or services subject of a claim. Within this context we may also liaise with your eye-care professional and receive or disclose certain of your personal data, including sensitive personal data in relation to your or your dependent’s health.
Eye-Care Professionals: To manage, administer, coordinate and review the provision of our member’s entitlements and related services and to process and administer claims you submit on our member’s behalf and to reimburse you in relation to covered services and/or products subject of that claim. Further purposes may include quality assessment and improvement, performance evaluations and conducting claim- and payments audits.
(b) Third Party Service Providers. We sometimes hire or partner with other companies to provide part of the services on our behalf, such as sending communications, customer service, hosting our software, performing analytics, conducting research and surveys or maintaining, delivering or hosting the Site. We will only provide those companies with your personal data that they need to perform their obligations to us. We shall require them to process your personal data in strict accordance with our instructions and implement adequate technical and organizational security measures to prevent unauthorized access to or disclosure of your personal data.
(c) Affiliate Sharing. Subject to the terms of this Privacy Notice, in the normal course of performing our services, and as permitted by applicable law, the Company may share your personal data with any of its affiliates or subsidiaries.
(d) Other Sharing. Your personal data may also be disclosed to third parties during negotiations for a transfer of all or part of our business and may be transferred by us as part of that business.
(e) Sharing of De-Identified Personal Data. Personal data that is collected by our Company may be shared with unaffiliated third parties for their own research and publication, product enhancement, or product development purposes or to conduct research and publish reports on our behalf, to help improve and expand our product and service offerings, to provide general statistics and analysis regarding the consumption or delivery of our products and services, and to help improve or maintain our service quality. Personal data shared as described in this paragraph shall be de-identified and/or aggregated before being disclosed to such third parties.
(f) Required Disclosures. We reserve the right to disclose your personal data, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (1) comply with laws, legal process, or government or regulatory requests; (2) protect and defend our rights or property or one the Site; and, (3) protect the safety and security of our users, this Site, or the public.
VSP Vision Care – UK LTD is a wholly-owned subsidiary of Vision Service Plan, a US not for profit-corporation. Vision Service Plan hosts and operates our IT infrastructure and this Site. For the purposes described in this Privacy Notice, your personal data will be transferred, processed and stored in the United States. Data protection laws in the United States may not offer the same level of protection as in the EEA. We will ensure that adequate technical and organizational security measures within the meaning of UK law shall apply.
If you want to exercise your right to see a copy of the personal data that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact us with enquiry topic “Privacy/Data Protection”, or alternatively send a signed letter to the address listed below. We will comply with all statutory time periods in responding to any requests. We may, however, limit access to your personal data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by applicable law. To protect your privacy and security, we may take reasonable steps to verify your identity before responding to your request.
We strive to employ appropriate technical and organizational security measures to protect your personal data. Access by you to your personal data is available through the Site after you provide your unique VSP Login ID (username and password) selected by you. We recommend that you do not divulge your password to anyone. We employ internal policies pursuant to which only selected individuals have access to the data on the server. Your personal data is encrypted at rest and the Site encrypts all communications between our server and client using secured socket layer (SSL) technology. Please be advised, however, that no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure, and we cannot guarantee that your personal data will always be secure.
You must be at least 18 years old to access and use this Site. We shall not knowingly collect personal information from visitors that are under 13 years of age.
We may change this Privacy Notice from time to time, and if we do we’ll post any changes on this Site. If you continue to use the Site after those changes are in effect, you agree to the revised Privacy Notice, provided that we will not retroactively change how we handle your personal data without your consent. If the changes are significant, we may provide more prominent notice or get your consent as required by law.
If you have any questions about this Privacy Notice or our practices, please contact us by e-mail or regular mail.
VSP Vision Care – UK LTD
Attn: Privacy/Data Protection
The Broadgate Tower Third Floor
20 Primrose Street
London EC2A 2RS
You also have the right to contact the UK Information Commissioner's Office (ICO) in respect of any complaints in relation to this Privacy Notice or how your personal data has been used. The ICO’s contact details are:
Information Commissioner's Office