Updated on July 10, 2023
Introduction and Data Controller
This Privacy Statement (‘Statement’) is issued by, and the data controller of your personal data is, Advanced Ophthalmic Systems Ltd, a company registered in England and Wales (company number 12874125) whose registered office is at The Old Rectory, Church Street, Weybridge, Surrey, KT13 8DE (referred in this Statement as ‘we’ ‘us’ and ‘our’). You can contact us by post at the address above (for the attention of the Data Protection Officer) or by email at dpo@aos-hub.com
We respect your privacy and your rights to control your personal information. This Statement explains who we are, the personal information we collect from you, how long we hold it, and how and why we collect, store, use and share it. Personal information (also known as “personal data”) is any information that can be used to identify you or that we can link to you. It does not include data where the identity has been removed (anonymised data). The Statement also explains your rights in relation to the personal information we collect from you and how to contact us or the regulator in the event you have a complaint.
Our principal guidelines are simple. We keep the personal information we collect to a minimum, and we will be clear about the personal information we collect and why. From our customer’s perspective, we collect a small amount of information to enable us to provide a better service and some of this information is required to register and activate the products purchased from us.
The Statement does not deal with the personal information we collect about our employees and job applicants, but we provide separate privacy notices for these persons. In addition, it does not deal with personal data we process on behalf of our customers (who are controllers of that personal data) and you should refer to those customers’ own privacy notices for details of such processing.
What is the GDPR?
We protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation 2016 (‘GDPR’) (which is a regulation intended to strengthen and unify data protection for everyone within the European Union) and the UK Data Protection Act 2018.
When do we collect personal information, what do we collect and why?
We may collect personal information about you as follows:
If you make contact with us via the ‘Contact Us’ page on this website, whether for a request or to leave feedback, or if you sign up for our newsletters, we will collect the following personal information from you:
- Name and email address;
- Phone number;
- Geographical location;
- Type of user (e.g. whether you are a clinician or student);
- Type of account holder (e.g. Professional or Basic user);
- Your company/institution; and
- Such other information you choose to share with us.
We use this personal information to
- Deal with your enquiry or to send you the newsletters you have requested.
- On the basis that we have a legitimate interest in doing so (i.e. in order to pursue and develop our business), provided such interests are not overridden by your rights or interests.
- In order to perform a contract with you (including by responding to and dealing with your enquiry).
- Providing product and technical support.
- If you do not provide certain personal data, we may be unable to respond fully to your enquiry. We may also need to process your personal data to comply with certain legal or regulatory requirements.
This website uses cookies and if you accept the use of cookies, we may automatically collect technical data about your equipment, browsing actions and patterns. For more information about the cookies we use, please see our cookie policy.
Personal information collected during product purchase
We only make sales to business customers (such as opticians, hospitals, clinicians, and educational institutions) but in the course of doing so we will collect personal information, limited to business contact details, from the individuals within those organisations (including those individuals who are registered to use our products).
This contact information comprises the following and will be captured during the registration process prior to either downloading a trial product or purchasing a licensed product:
- Name and email address;
- Phone number (optional);
- Address of the organisation which the individual represents; and
- Preferred method(s) of communication.
After purchasing an AOS product, the licence information will be sent to the relevant user(s) via automated email. Once the product is activated the system requests the user login using their signup details. It is essential that this information is provided, otherwise the product cannot be used.
We use the personal information collected during the product purchase process on the basis that we have a legitimate interest in doing so (i.e. to process the purchase being made by your organisation in accordance with our contractual obligations to our customer), provided such interests are not overridden by your rights or interests. We may also need to process the personal data to comply with certain legal or regulatory requirements.
Personal information collected in the course of providing product support
We also collect business contact details (as described above) from the individuals within our customers’ organisations who are nominated representatives for the purposes of product support.
Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing this information are:
We have a contractual obligation.
Anonymised Media
In addition to storing media captured using the AOS App as processor on behalf of our customers, we separately store such media for our own purposes (i.e. for product development, research, statistical and benchmarking purposes) as a data controller. The media stored by us as controller are separately stored on a fully anonymised basis (so they cannot be associated with you) and contain no personally identifiable information. We may continue to store and use this data at all times, including if you cease to be a customer of our customer or you ask us to delete it, and may use this information indefinitely without further notice to you.
Where your consent is required
We do not normally rely on consent to the processing of personal data. However, if we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you specifically to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting us at dpo@aos-hub.com.
Automated decision making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Where do we store your personal information and how is it kept secure?
We are based in the UK and all our services are provided in the UK. We store your personal information on servers based in the UK and the EU.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or accidentally disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Links to other websites
Our website may, from time to time, contain links to other websites which may be of interest to you. If you follow a link, please note that the other website will have its own privacy policy and you should check this before you submit any personal information to that website. We are not responsible and accept no liability for the content of other websites or their use of your personal information.
Who do we share your personal information with?
Except as set out in this section, we do not share personal information with third parties. Please see the section below for more information.
External Third Parties
We will not disclose personal data we hold about you to any third party except as set out below. We will only disclose personal data which we hold about you to these third parties in connection with the purposes set out above.
AOS uses a network of agents and distributors in the marketing and selling of our products. As outlined above, the personal information (namely business contact details) of individuals within our customers’ organisations may be shared with these distributors for the purpose of providing our products and services to our customers and in accordance with this Statement, and where legally required.
We may also share personal data with other third parties including:
- service providers acting as processors who provide IT, payment and system administration services;
- professional advisers acting as processors or controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance, accounting and other professional and/or advisory service providers; and
- third parties to whom we may choose to sell, transfer or merge parts of our business or our assets, or a successor in interest in the unlikely event of our insolvency, winding up or liquidation. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
All third parties are required to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third-party service providers (such as IT and system administration service providers) to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Legal and Regulatory Disclosures
To comply with our legal and regulatory obligations, we may share your personal information with third parties if a legally compliant request for the disclosure of personal information is made. If you have any questions about this, you should contact support@aos-hub.com before using this service.
How long do we keep your personal information?
We will not retain your personal information for longer than necessary for the purposes set out in this Statement. Different retention periods apply for different types of personal information. We will keep your personal information for the following periods of time at a maximum:
Circumstances in which personal information is collected | How long do we keep it? |
Personal information collected on our website | For the duration of your enquiry. |
Personal information collected during product purchase | For the term of your subscription or until you are no longer the account representative (whichever is sooner). |
Personal information collected in the course of providing product support | 7 years after termination of your subscription or until you are no longer the account representative (whichever is sooner). |
We recognise that, within organisations, individual personnel may change from time to time. Where an individual ceases to be the representative / contact for the organisation prior to the expiry of the timeframes set out above, we will delete that individual’s data when we are notified of such departure or change.
When it is no longer necessary to retain your personal information, we will delete it or, in certain circumstances we will anonymise it (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Our website is not intended for children
We do not provide services to children and our website is not intended for children. Although visitors of all ages may navigate through our website, we do not intentionally collect personal information from those under the age of sixteen. If, following a notification by a parent or guardian, or discovery by other means, a child under sixteen has been improperly registered on our website by using false information, we will cancel the registration and delete the records.
Your rights in relation to the personal information we hold
You have the right to:
- Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (please see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any timewhere we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
For further information on each of these rights, including the circumstances in which they apply, please contact us or see the guidance from the UK Information Commissioner’s Office on individuals’ rights under the General Data Protection Regulation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).
Managing your Personal Information with us
We want to be sure that we keep only the most up-to-date information about you in our records so please let us know if your personal details change at any time. If you believe that your contact information needs to be updated or corrected, e-mail us at dpo@aos-hub.com.
If you are a user of an AOS product and have an account with us, your personal information is also editable by you in the Administration page. You will have created a login (your email address) and password when registering during the purchase or trial process. You may remove any of the non-required information but, as above, it is imperative we retain your name and email for your product to function.
Questions about this Statement and Complaints
If you have any questions about this Statement or if you would like further information, or wish to complain, about our privacy practices you may contact us in any of the following ways:
- Post: Data Protection Officer, The Old Rectory, Church Street, Weybridge, Surrey KT13 8DE, UK.
- Email: dpo@aos-hub.com
You have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy about the way in which we collect and use your personal information: www.ico.org.uk/concerns or telephone 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Updates to this Statement
This Statement is effective from 10 July 2023. We may modify or update this Statement from time to time, including, when necessary, when regulations demand it, or to reflect customer feedback and changes to our products or services. When we do, changes we make will be posted on this page and, where appropriate, notified to you in writing. Please review this page regularly to see any changes or updates to this policy.
Cookie Policy
This website uses cookies to better your experience while visiting the website. Where applicable this website uses a cookie control system allowing you on your first visit to the website to accept the use of cookies on your computer/device.
Cookies are small text files sent between your web browser and our server. Cookies collect information about your web browser and provide us with information about the way you use our website. This helps us to ensure our website performs optimally throughout your visit.
This website uses the following categories of cookies:
- Functional cookies.These cookies allow our website to remember choices you make while browsing and to personalise your experience. We may store your geographic location in a cookie for instance, to ensure that we show you the website relevant to your area, for instance, for product pricing.
- Analytics cookies.We use analytics cookies, like those offered by Google Analytics, to help us understand things like how long a visitor stays on our website, what pages they find most useful. Visit the Google Analytics page to learn more.
- Necessary cookiesare essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
Cookie Name | Purpose | Category (see list above) | Essential / Non-Essential | Expiry |
_ga | Google Analytics – Used to distinguish users. | Analytical | Non-Essential | 2 Years |
_gid | Google Analytics – Used to distinguish users. | Analytical | Non-Essential | 2 Years |
_gat | Used to throttle request rate | Functionality | Essential | 1 Minute |
vuid | This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website. | Analytics | Non-Essential | 2 years |
cookie_notice_accepted | Track cookie consent | Functionality | Essential | 1 month |
We will only place cookies on your browser if you consent to us doing so. When you visit our website for the first time you will see a ribbon towards the top of the homepage providing information about the cookies we use and inviting you to consent to us placing them on your browser.
By clicking the ‘Accept’ button you consent to us placing cookies on your web browser or hard drive and, in relation to the Google Analytics cookies, to Google, Inc processing the information collected by the cookies in the manner and for the purposes set out in the webpage referred to above.
Third Party Cookies
Please note that the following integrated third-party services may also use cookies, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third-party cookies are likely to be analytical cookies or performance cookies or targeting cookies:
- Vimeo
To deactivate the use of third-party advertising cookies, you may visit the consumer page to manage the use of these types of cookies https://www.aboutcookies.org.uk/managing-cookies/.
Withdrawing consent and turning cookies off
If you wish to withdraw your consent, you will need to delete the cookies from your web browser. You may be unable to log into our website or use some of its functionality if you do this. Further details on cookies (including how to turn them off) can be found at www.allaboutcookies.org.