Privacy and terms

Explains what information we collect and why, how we use it, and how to review and update it.

Update: Nov 2nd, 2020

Privacy Statement

Introduction and Data Controller

This Privacy Statement (‘Statement’) is issued by, and the data controller of your personal data is, Sparca Limited, trading as Advanced Ophthalmic Systems or AOS, a company registered in England and Wales (company number 09201648) whose registered office is at The Old Rectory, Church Street, Weybridge, Surrey, KT13 8DE (referred in this Statement as ‘we’ ‘us’ and ‘our’). You can contact us by post at the address above (for the attention of the Data Protection Officer) or by email at support@sparcacorp.com or support@aos-hub.com.

We respect your privacy and your rights to control your personal information. This Statement explains who we are, the personal information we collect from you, how long we hold it, and how and why we collect, store, use and share it.  Personal information (also known as “personal data”) is any information that can be used to identify you or that we can link to you. It does not include data where the identity has been removed (anonymised data). The Statement also explains your rights in relation to the personal information we collect from you and how to contact us or the regulator in the event you have a complaint.

Our principal guidelines are simple. We keep the personal information we collect to a minimum, and we will be clear about the personal information we collect and why. From our customer’s perspective, we collect a small amount of information to enable us to provide a better service and some of this information is required to register and activate the products purchased from us.

The Statement does not deal with the personal information we collect about our employees and job applicants, but we provide separate privacy notices for these persons. In addition, it does not deal with personal data we process on behalf of our customers (who are controllers of that personal data) and you should refer to those customers’ own privacy notices for details of such processing.

What is the GDPR?

We protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation 2016 (‘GDPR’) (which is a regulation intended to strengthen and unify data protection for everyone within the European Union) and the UK Data Protection Act 2018.

When do we collect personal information, what do we collect and why?

We may collect personal information about you as follows:

Personal information collected on our website

If you make contact with us via the ‘Contact Us’ page on this website, whether for a request or to leave feedback, or if you sign up for our newsletters, we will collect the following personal information from you:

  • Name and email address;
  • Phone number;
  • Geographical location;
  • Type of user (e.g. whether you are a clinician or student);
  • Type of account holder (e.g. Professional or Basic user);
  • Your company/institution; and
  • Such other information you choose to share with us.

We use this personal information to deal with your enquiry or to send you the newsletters you have requested (as the case may be) on the basis that we have a legitimate interest in doing so (i.e. in order to pursue and develop our business), provided such interests are not overridden by your rights or interests, and/or in order to perform a contract with you (including by responding to and dealing with your enquiry). If you do not provide certain personal data, we may be unable to  respond fully to your enquiry. We may also need to process your personal data to comply with certain legal or regulatory requirements.

This website uses cookies and if you accept the use of cookies, we may automatically collect technical data about your equipment, browsing actions and patterns. For more information about the cookies we use, please see our cookie policy [hyperlink to section at the foot of this document to be added].

Personal information collected during product purchase

We only make sales to business customers (such as opticians, hospitals, clinicians and educational institutions) but in the course of doing so we will collect personal information, limited to business contact details, from the individuals within those organisations (including those individuals who are registered to use our products).

This contact information comprises the following and will be captured during the registration process prior to either downloading a trial product or purchasing a licensed product:

  • Name and email address;
  • Phone number (optional);
  • Address of the organisation which the individual represents; and
  • Preferred method(s) of communication.

After purchasing an AOS product, the licence information will be sent to the relevant user(s) via automated email. Once the product is activated the system requests the user login using their sign up details. It is essential that this information is provided, otherwise the product cannot be used.

We use the personal information collected during the product purchase process on the basis that we have a legitimate interest in doing so (i.e. to process the purchase being made by your organisation in accordance with our contractual obligations to our customer), provided such interests are not overridden by your rights or interests. We may also need to process the personal data to comply with certain legal or regulatory requirements.

Personal information collected in the course of providing product support

We also collect business contact details (as described above) from the individuals within our customers’ organisations who are nominated representatives for the purposes of product support.

We use this personal information on the basis that we have a legitimate interest in doing so (i.e. to provide product support to the organisation in which you work in accordance with our contractual obligations to our customer), provided such interests are not overridden by your rights or interests. We may also need to process your personal data to comply with certain legal or regulatory requirements.

 

Anonymised Images

In addition to storing images captured using the AOS App as processor on behalf of our customers, we separately store such images for our own purposes (i.e. for product development, research, statistical and benchmarking purposes) as controller. The images stored by us as controller are separately stored on a fully anonymised basis (so they cannot be associated with you) and contain no personally identifiable information. We may continue to store and use this data at all times, including if you cease to be a customer of our customer or you ask us to delete it, and may use this information indefinitely without further notice to you.

 

Where your consent is required

We do not normally rely on consent to the processing of personal data. However if we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you specifically to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting us at support@sparcacorp.com or support@aos-hub.com.

 

Automated decision making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

 

Where do we store your personal information and how is it kept secure?

We are based in the UK and all our services are provided in the UK.
We store your personal information on servers based in the UK and the EU.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or accidentally disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

 

Links to other websites

Our website may, from time to time, contain links to other websites which may be of interest to you.  If you follow a link, please note that the other website will have its own privacy policy and you should check this before you submit any personal information to that website. We are not responsible and accept no liability for the content of other websites or their use of your personal information.

 

Who do we share your personal information with?

Except as set out in this section, we do not share personal information with third parties.  Please see the section below for more information.

External Third Parties

We will not disclose personal data we hold about you to any third party except as set out below. We will only disclose personal data which we hold about you to these third parties in connection with the purposes set out above.

AOS uses a network of agents and distributors in the marketing and selling of our products. As outlined above, the personal information (namely business contact details) of individuals within our customers’ organisations may be shared with these distributors for the purpose of providing our products and services to our customers and in accordance with this Statement, and where legally required.

We may also share personal data with other third parties including:

  • service providers acting as processors who provide IT, payment and system administration services;
  • professional advisers acting as processors or controllers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance, accounting and other professional and/or advisory service providers; and
  • third parties to whom we may choose to sell, transfer or merge parts of our business or our assets, or a successor in interest in the unlikely event of our insolvency, winding up or liquidation. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

All third parties are required to respect the security of your personal data and to treat it in accordance with the law.

We do not allow our third party service providers (such as IT and system administration service providers) to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

 

Legal and Regulatory Disclosures

To comply with our legal and regulatory obligations, we may share your personal information with third parties if a legally compliant request for the disclosure of personal information is made. If you have any questions about this, you should contact support@sparcacorp.com or support@aos-hub.com before using this service.

Managing your Personal Information with us

We want to be sure that we keep only the most up-to-date information about you in our records so please let us know if your personal details change at any time. If you believe that your contact information needs to be updated or corrected, e-mail us at support@sparcacorp.com or support@aos-hub.com.

If you are a user of an AOS product and have an account with us, your personal information is also editable by you in the Administration page. You will have created a login (your email address) and password when registering during the purchase or trial process. You may remove any of the non-required information but, as above, it is imperative we retain your name and email for your product to function.

How long do we keep your personal information?

We will not retain your personal information for longer than necessary for the purposes set out in this Statement. Different retention periods apply for different types of personal information. We will keep your personal information for the following periods of time at a maximum:

Circumstances in which personal information is collected How long do we keep it?
Personal information collected on our website For the duration of your enquiry.
Personal information collected during product purchase For the term of your subscription or until you are no longer the account representative (whichever is sooner).
Personal information collected in the course of providing product support 7 years after termination of your subscription or until you are no longer the account representative (whichever is sooner).

We recognise that, within organisations, individual personnel may change from time to time. Where an individual ceases to be the representative / contact for the organisation prior to the expiry of the timeframes set out above, we will delete that individual’s data when we are notified of such departure / change.

When it is no longer necessary to retain your personal information, we will delete it or, in certain circumstances we will anonymise it (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Our website is not intended for children

We do not provide services to children and our website is not intended for children. Although visitors of all ages may navigate through our website, we do not intentionally collect personal information from those under the age of sixteen. If, following a notification by a parent or guardian, or discovery by other means, a child under sixteen has been improperly registered on our website by using false information, we will cancel the registration and delete the records.

Your rights in relation to the personal information we hold

You have the right to:

Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.

Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (please see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

For further information on each of these rights, including the circumstances in which they apply, please contact us or see the guidance from the UK Information Commissioner’s Office on individuals’ rights under the General Data Protection Regulation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).

Questions about this Statement and Complaints

If you have any questions about this Statement or if you would like further information, or wish to complain, about our privacy practices you may contact us in any of the following ways:

Post:                 Data Protection Officer, The Old Rectory, Church Street, Weybridge, Surrey KT13 8DE, UK.

Email:               support@sparcacorp.com or support@aos-hub.com

Telephone:       01932 943 040

You have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy about the way in which we collect and use your personal information: www.ico.org.uk/concerns or telephone 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Updates to this Statement

This Statement is effective from [30 October] 2020. We may modify or update this Statement from time to time, including when necessary, when regulations demand it, or to reflect customer feedback and changes to our products or services. When we do, changes we make will be posted on this page and, where appropriate, notified to you in writing. Please review this page regularly to see any changes or updates to this policy.

Cookie Policy

This website uses cookies to better your experience while visiting the website. Where applicable this website uses a cookie control system allowing you on your first visit to the website to accept the use of cookies on your computer/device.

Cookies are small text files sent between your web browser and our server. Cookies collect information about your web browser and provide us with information about the way you use our website. This helps us to ensure our website performs optimally throughout your visit.

This website uses the following categories of cookies:

Functional cookies. These cookies allow our website to remember choices you make while browsing and to personalise your experience. We may store your geographic location in a cookie for instance, to ensure that we show you the website relevant to your area, for instance, for product pricing.

Analytics cookies. We use analytics cookies, like those offered by Google Analytics, to help us understand things like how long a visitor stays on our website, what pages they find most useful. Visit the Google Analytics page here to learn more.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

Cookie Name Purpose Category (see list above) Essential / Non-Essential Expiry
__hs_opt_out Cookie notification Functionality Essential 13 months
__hs_initial_opt_in Prevents the banner from always displaying when visitors are browsing in strict mode. Functionality Non-Essential 7  Days
__hs_cookie_cat_pref This cookie is used to record the categories a visitor consented to. Analytical Non-Essential 13 months
hs_ab_test This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before. Analytical Non-Essential End of User Session
<id>_key When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again. Functionality Non-Essential 14 Days
hs-messages-is-open This cookie is used to determine and save whether the chat widget is open for future visits. Functionality Essential 30 Minutes
hs-messages-hide-welcome-message

 

This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed. Functionality Essential One Day
hs-messages-hide-welcome-message This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed. Functionality Essential One Day
__hs-membership-csrf This cookie is used to ensure that content membership logins cannot be forged. Functionality Essential End of Session
__cfduid Helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users. Functionality Essential 30 Days
__hstc The main cookie for tracking visitors.

It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Analytical Non-Essential 13 Months
hubspotutk This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts. Analytical Essential 13 Months
__hssc It contains the domain, viewCount (increments each pageView in a session), and session start timestamp. Analytical Non-Essential 13 Months
messagesUtk This cookie is used to recognize visitors who chat with us via the chatflows tool. Functionality Essential 13 Months
_ga Google Analytics – Used to distinguish users. Analytical Non-Essential 2 Years
_gid Google Analytics – Used to distinguish users. Analytical Non-Essential 2 Years
_gat Used to throttle request rate Functionality Essential 1 Minute
ASP.NET_SessionId This cookie is used in sites developed with Microsoft.Net. When a user start browsing a unique session ID is created, which keeps track of all the information regarding that session. This information is stored in the web server and it is identified via a GUID. The GUID is essential for any ASP.NET site to function properly.

 

Functionality Essential 20 Minutes
vuid This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website. Analytics Non-Essential 2 years

We will only place cookies on your browser if you consent to us doing so. When you visit our website for the first time you will see a ribbon towards the top of the homepage providing information about the cookies we use and inviting you to consent to us placing them on your browser.

By clicking the ‘Accept’ button you consent to us placing cookies on your web browser or hard drive and, in relation to the Google Analytics cookies, to Google, Inc processing the information collected by the cookies in the manner and for the purposes set out in the webpage referred to above.

 

Third Party Cookies

Please note that the following integrated third party services may also use cookies, over which we have no control. These named third parties may include, for example, advertising networks and providers of external services like web traffic analysis services. These third party cookies are likely to be analytical cookies or performance cookies or targeting cookies:

 

  • Stripe
  • Google

To deactivate the use of third party advertising cookies, you may visit the consumer page to manage the use of these types of cookies https://www.aboutcookies.org.uk/managing-cookies/.

Withdrawing consent and turning cookies off

If you wish to withdraw your consent you will need to delete the cookies from your web browser. You may be unable to log into our website or use some of its functionality if you do this. Further details on cookies (including how to turn them off) can be found at www.allaboutcookies.org.