Update: Nov 2nd, 2020
Introduction and Data Controller
This Privacy Statement (‘Statement’) is issued by, and the data controller of your personal data is, Advanced Ophthalmic Systems Ltd, a company registered in England and Wales (company number 12874125) whose registered office is at The Old Rectory, Church Street, Weybridge, Surrey, KT13 8DE (referred in this Statement as ‘we’ ‘us’ and ‘our’). You can contact us by post at the address above (for the attention of the Data Protection Officer) or by email at firstname.lastname@example.org or email@example.com.
We respect your privacy and your rights to control your personal information. This Statement explains who we are, the personal information we collect from you, how long we hold it, and how and why we collect, store, use and share it. Personal information (also known as “personal data”) is any information that can be used to identify you or that we can link to you. It does not include data where the identity has been removed (anonymised data). The Statement also explains your rights in relation to the personal information we collect from you and how to contact us or the regulator in the event you have a complaint.
Our principal guidelines are simple. We keep the personal information we collect to a minimum, and we will be clear about the personal information we collect and why. From our customer’s perspective, we collect a small amount of information to enable us to provide a better service and some of this information is required to register and activate the products purchased from us.
The Statement does not deal with the personal information we collect about our employees and job applicants, but we provide separate privacy notices for these persons. In addition, it does not deal with personal data we process on behalf of our customers (who are controllers of that personal data) and you should refer to those customers’ own privacy notices for details of such processing.
What is the GDPR?
We protect your personal information in accordance with applicable data protection laws, including the General Data Protection Regulation 2016 (‘GDPR’) (which is a regulation intended to strengthen and unify data protection for everyone within the European Union) and the UK Data Protection Act 2018.
When do we collect personal information, what do we collect and why?
We may collect personal information about you as follows:
Personal information collected on our website
If you make contact with us via the ‘Contact Us’ page on this website, whether for a request or to leave feedback, or if you sign up for our newsletters, we will collect the following personal information from you:
We use this personal information to deal with your enquiry or to send you the newsletters you have requested (as the case may be) on the basis that we have a legitimate interest in doing so (i.e. in order to pursue and develop our business), provided such interests are not overridden by your rights or interests, and/or in order to perform a contract with you (including by responding to and dealing with your enquiry). If you do not provide certain personal data, we may be unable to respond fully to your enquiry. We may also need to process your personal data to comply with certain legal or regulatory requirements.
Personal information collected during product purchase
We only make sales to business customers (such as opticians, hospitals, clinicians and educational institutions) but in the course of doing so we will collect personal information, limited to business contact details, from the individuals within those organisations (including those individuals who are registered to use our products).
This contact information comprises the following and will be captured during the registration process prior to either downloading a trial product or purchasing a licensed product:
After purchasing an AOS product, the licence information will be sent to the relevant user(s) via automated email. Once the product is activated the system requests the user login using their signup details. It is essential that this information is provided, otherwise the product cannot be used.
We use the personal information collected during the product purchase process on the basis that we have a legitimate interest in doing so (i.e. to process the purchase being made by your organisation in accordance with our contractual obligations to our customer), provided such interests are not overridden by your rights or interests. We may also need to process the personal data to comply with certain legal or regulatory requirements.
Personal information collected in the course of providing product support
We also collect business contact details (as described above) from the individuals within our customers’ organisations who are nominated representatives for the purposes of product support.
We use this personal information on the basis that we have a legitimate interest in doing so (i.e. to provide product support to the organisation in which you work in accordance with our contractual obligations to our customer), provided such interests are not overridden by your rights or interests. We may also need to process your personal data to comply with certain legal or regulatory requirements.
In addition to storing images captured using the AOS App as processor on behalf of our customers, we separately store such images for our own purposes (i.e. for product development, research, statistical and benchmarking purposes) as controller. The images stored by us as controller are separately stored on a fully anonymised basis (so they cannot be associated with you) and contain no personally identifiable information. We may continue to store and use this data at all times, including if you cease to be a customer of our customer or you ask us to delete it, and may use this information indefinitely without further notice to you.
Where your consent is required
We do not normally rely on consent to the processing of personal data. However if we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you specifically to request this consent. In such circumstances, we will provide you with full details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting us at firstname.lastname@example.org or email@example.com.
Automated decision making
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
Where do we store your personal information and how is it kept secure?
We are based in the UK and all our services are provided in the UK.
We store your personal information on servers based in the UK and the EU.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or accidentally disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Links to other websites
Who do we share your personal information with?
Except as set out in this section, we do not share personal information with third parties. Please see the section below for more information.
External Third Parties
We will not disclose personal data we hold about you to any third party except as set out below. We will only disclose personal data which we hold about you to these third parties in connection with the purposes set out above.
AOS uses a network of agents and distributors in the marketing and selling of our products. As outlined above, the personal information (namely business contact details) of individuals within our customers’ organisations may be shared with these distributors for the purpose of providing our products and services to our customers and in accordance with this Statement, and where legally required.
We may also share personal data with other third parties including:
All third parties are required to respect the security of your personal data and to treat it in accordance with the law.
We do not allow our third party service providers (such as IT and system administration service providers) to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Legal and Regulatory Disclosures
To comply with our legal and regulatory obligations, we may share your personal information with third parties if a legally compliant request for the disclosure of personal information is made. If you have any questions about this, you should contact firstname.lastname@example.org or email@example.com before using this service.
Managing your Personal Information with us
We want to be sure that we keep only the most up-to-date information about you in our records so please let us know if your personal details change at any time. If you believe that your contact information needs to be updated or corrected, e-mail us at firstname.lastname@example.org or email@example.com.
If you are a user of an AOS product and have an account with us, your personal information is also editable by you in the Administration page. You will have created a login (your email address) and password when registering during the purchase or trial process. You may remove any of the non-required information but, as above, it is imperative we retain your name and email for your product to function.
How long do we keep your personal information?
We will not retain your personal information for longer than necessary for the purposes set out in this Statement. Different retention periods apply for different types of personal information. We will keep your personal information for the following periods of time at a maximum:
|Circumstances in which personal information is collected||How long do we keep it?|
|Personal information collected on our website||For the duration of your enquiry.|
|Personal information collected during product purchase||For the term of your subscription or until you are no longer the account representative (whichever is sooner).|
|Personal information collected in the course of providing product support||7 years after termination of your subscription or until you are no longer the account representative (whichever is sooner).|
We recognise that, within organisations, individual personnel may change from time to time. Where an individual ceases to be the representative / contact for the organisation prior to the expiry of the timeframes set out above, we will delete that individual’s data when we are notified of such departure / change.
When it is no longer necessary to retain your personal information, we will delete it or, in certain circumstances we will anonymise it (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Our website is not intended for children
We do not provide services to children and our website is not intended for children. Although visitors of all ages may navigate through our website, we do not intentionally collect personal information from those under the age of sixteen. If, following a notification by a parent or guardian, or discovery by other means, a child under sixteen has been improperly registered on our website by using false information, we will cancel the registration and delete the records.
Your rights in relation to the personal information we hold
You have the right to:
Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (please see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with applicable law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
For further information on each of these rights, including the circumstances in which they apply, please contact us or see the guidance from the UK Information Commissioner’s Office on individuals’ rights under the General Data Protection Regulation (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).
Questions about this Statement and Complaints
If you have any questions about this Statement or if you would like further information, or wish to complain, about our privacy practices you may contact us in any of the following ways:
Post: Data Protection Officer, The Old Rectory, Church Street, Weybridge, Surrey KT13 8DE, UK.
Telephone: 01932 943 040
You have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy about the way in which we collect and use your personal information: www.ico.org.uk/concerns or telephone 0303 123 1113. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Updates to this Statement
This Statement is effective from [30 October] 2020. We may modify or update this Statement from time to time, including when necessary, when regulations demand it, or to reflect customer feedback and changes to our products or services. When we do, changes we make will be posted on this page and, where appropriate, notified to you in writing. Please review this page regularly to see any changes or updates to this policy.
Cookies are small text files sent between your web browser and our server. Cookies collect information about your web browser and provide us with information about the way you use our website. This helps us to ensure our website performs optimally throughout your visit.
This website uses the following categories of cookies:
Functional cookies. These cookies allow our website to remember choices you make while browsing and to personalise your experience. We may store your geographic location in a cookie for instance, to ensure that we show you the website relevant to your area, for instance, for product pricing.
Analytics cookies. We use analytics cookies, like those offered by Google Analytics, to help us understand things like how long a visitor stays on our website, what pages they find most useful. Visit the Google Analytics page here to learn more.
You can find more information about the individual cookies we use and the purposes for which we use them in the table below:
|Cookie Name||Purpose||Category (see list above)||Essential / Non-Essential||Expiry|
|__hs_opt_out||Cookie notification||Functionality||Essential||13 months|
|__hs_initial_opt_in||Prevents the banner from always displaying when visitors are browsing in strict mode.||Functionality||Non-Essential||7 Days|
|__hs_cookie_cat_pref||This cookie is used to record the categories a visitor consented to.||Analytical||Non-Essential||13 months|
|hs_ab_test||This cookie is used to consistently serve visitors the same version of an A/B test page they’ve seen before.||Analytical||Non-Essential||End of User Session|
|<id>_key||When visiting a password-protected page, this cookie is set so future visits to the page from the same browser do not require login again.||Functionality||Non-Essential||14 Days|
|hs-messages-is-open||This cookie is used to determine and save whether the chat widget is open for future visits.||Functionality||Essential||30 Minutes|
|This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed.||Functionality||Essential||One Day|
|hs-messages-hide-welcome-message||This cookie is used to prevent the chat widget welcome message from appearing again for one day after it is dismissed.||Functionality||Essential||One Day|
|__hs-membership-csrf||This cookie is used to ensure that content membership logins cannot be forged.||Functionality||Essential||End of Session|
|__cfduid||Helps Cloudflare detect malicious visitors to your website and minimizes blocking legitimate users.||Functionality||Essential||30 Days|
|__hstc||The main cookie for tracking visitors.
It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
|hubspotutk||This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts.||Analytical||Essential||13 Months|
|__hssc||It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.||Analytical||Non-Essential||13 Months|
|messagesUtk||This cookie is used to recognize visitors who chat with us via the chatflows tool.||Functionality||Essential||13 Months|
|_ga||Google Analytics – Used to distinguish users.||Analytical||Non-Essential||2 Years|
|_gid||Google Analytics – Used to distinguish users.||Analytical||Non-Essential||2 Years|
|_gat||Used to throttle request rate||Functionality||Essential||1 Minute|
|ASP.NET_SessionId||This cookie is used in sites developed with Microsoft.Net. When a user start browsing a unique session ID is created, which keeps track of all the information regarding that session. This information is stored in the web server and it is identified via a GUID. The GUID is essential for any ASP.NET site to function properly.
|vuid||This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.||Analytics||Non-Essential||2 years|
We will only place cookies on your browser if you consent to us doing so. When you visit our website for the first time you will see a ribbon towards the top of the homepage providing information about the cookies we use and inviting you to consent to us placing them on your browser.
By clicking the ‘Accept’ button you consent to us placing cookies on your web browser or hard drive and, in relation to the Google Analytics cookies, to Google, Inc processing the information collected by the cookies in the manner and for the purposes set out in the webpage referred to above.
Third Party Cookies
To deactivate the use of third party advertising cookies, you may visit the consumer page to manage the use of these types of cookies https://www.aboutcookies.org.uk/managing-cookies/.
Withdrawing consent and turning cookies off
If you wish to withdraw your consent you will need to delete the cookies from your web browser. You may be unable to log into our website or use some of its functionality if you do this. Further details on cookies (including how to turn them off) can be found at www.allaboutcookies.org.