Update: Jan 4th, 2019
This Privacy Statement (‘Statement’) is issued by Sparca Limited trading as Advanced Ophthalmic Systems, a company registered in England and Wales (company number 092016480) whose registered office is at The Old Rectory, Church Street, Weybridge, Surrey, KT13 8DE (referred in this Statement as ‘we’ ‘us’ and ‘our’).
We respect your privacy and your rights to control your personal information. This Statement explains the personal information we collect from you and how we use it. Personal information (also known as “personal data”) is any information that can be used to identify you or that we can link to you. The Statement also explains your rights in relation to the personal information we collect from you.
Our principal guidelines are simple. We keep the personal information we collect to a minimum, and we will be clear about the personal information we collect and why. From our customer’s perspective, we collect a small amount of information to enable us to provide a better service to you; some of this information is required to register and activate the products purchased from us.
The Statement does not deal with the personal information we collect about our employees and job applicants, but we provide separate privacy notices for these persons.
We protect your personal information in accordance with the General Data Protection Regulation 2016 (‘GDPR’) which is a regulation intended to strengthen and unify data protection for everyone within the European Union and shall be applicable to the United Kingdom regardless of Brexit. The GDPR requires greater openness and transparency from companies on how they collect, store and use personal information, while also imposing tighter limits on the use of personal information. You can learn more at https://www.eugdpr.org
We may collect personal information about you as follows:
If you make contact with us via the ‘Contact Us’ page on this website, whether for a request or to leave feedback, or if you sign up for our newsletters, we will collect the following personal information from you:
We use this personal information to deal with your enquiry or to send you newsletters (as the case may be) on the basis that we have a legitimate interest in doing so.
We only make sales to business customers (such as opticians, hospitals, clinicians and educational institutions) but in the course of doing so we will collect personal information, limited to business contact details, from the individuals within those organisations (including those individuals who are registered to use our products).
This contact information comprises the following and will be captured during the registration process prior to either downloading a trial product or purchasing a licenced product:
After purchasing an AOS product, the licence will be sent to the relevant user(s) via automated email. Once the product is installed the system requests the user’s licence code and email address to complete the licencing and registration process. It is essential that this information is provided, otherwise the product cannot be used.
The user’s device needs to be connected to the internet to activate the licence. It does not require internet access for the application to function although if the device does connect to the internet it will periodically check for any available updates to the product.
We use the personal information collected during the product purchase process on the basis that we have a legitimate interest in doing so, i.e. to process the purchase being made by the organisation which the individual represents in accordance with our contractual obligations to our customer.
We do not store any payment or credit card information. We only use payment information during the purchase process of AOS products. For subscription products, card information is held on PCI compliant servers by the payment processor, Stripe.
We also collect business contact details (as described above) from the individuals within our customers’ organisations for the purposes of providing product support. By storing contact details, we are able to easily identify legitimate users which means we are able to provide efficient customer support.
We use this personal information on the basis that we have a legitimate interest in doing so, i.e. to provide product support to the organisation in which the individual works in accordance with our contractual obligations to our customer.
The Desktop Application is activated by a licence key and, as described above, the user’s email address submitted during the purchase process. The licence is visible in the Desktop Application, but the user’s email address is not. Both the licence key and email address are stored in a licence file stored on the host device.
The Desktop Application processes images loaded into it and outputs results on screen. These results are able to be saved as images or reports on the user’s host computer or network. No information, images or results are retained within the Desktop Application or stored by AOS in any other way.
Patient information may be input by the user when creating a patient report. Such patient information is not stored within the Desktop Application, it is only used in the creation of the patient report. It is the responsibility of the user (and the customer organisation which he/she represents) store this report appropriately.
User accounts for the App are created from within the Desktop Application by the administrator user. This creates a cloud storage account where images captured by the App are stored prior to being downloaded to the Desktop Application for analysis. To create the account, the user’s email address must be input.
Cloud storage of images
Images captured using the App are held in cloud storage until they are downloaded to the Desktop Application for analysis. Once downloaded they are automatically deleted from the cloud. The images held contain no patient information and are referenced only by the time and date they were captured.
Patient consent for image capture
All users of the Desktop Application and the App (and the customer organisations which they represent) are responsible for informing their patients that the images captured using the App will be transferred via the cloud to the Desktop Application, and for obtaining their patients’ consent to the images being used in this way. No other patient information is stored by AOS servers during this process.
We use the personal information captured during the use on our products on the basis that we have a legitimate interest in doing so, i.e. to enable our products to perform in accordance with their specifications and thereby to fulfil our contractual obligations to our customers.
Where do we store your personal information and how is it kept secure?
We are based in the UK and all our services are provided in the UK.
We store your personal information on servers based in the UK and the EU.
Links to other websites
Who do we share your personal information with?
We do not sell personal information about the individuals within our customers’ organisations to third parties. We do share user registration information with our partners (authorised agents and distributors) but only with the partner who originally sold our products and/or services to the customer organisation. Please see the section entitled ‘Third Party Vendors’ (below) for more information.
AOS uses a network of agents and distributors in the marketing and selling of our products. As outlined above, the personal information (namely business contact details) of individuals within our customers’ organisations may be shared with these distributors for the purpose of providing our products and services to our customers and in accordance with this Statement, and for the purpose of reporting.
We share such information on the basis that we have a legitimate interest in doing so, i.e. to help us fulfil our contractual obligations to, and maintain and development our relationships with, our customers. If you have questions about our third party vendors, please send an email to firstname.lastname@example.org.
To comply with our legal and regulatory obligations, we may share your personal information with third parties if a legally compliant request for the disclosure of personal information is made. If you have any questions about this, you should contact email@example.com before using this service.
In accordance with the new EU GDPR ruling, we want you to be in control of how your personal information is used by us. We want you to be sure that we keep only the most up-to-date information about you in our records. If you believe that your contact information needs to be updated, e-mail us at firstname.lastname@example.org to requesting a correction.
Your personal information is also editable by you, in your My Account page. You will have created a login (your email address) and password when registering during the purchase or trial download process. You may remove any of the non-required information, as above, it is imperative we retain your name and email for your product to function.]
We will keep your personal information for the following periods of time:
|Circumstances in which personal information is collected||How long do we keep it?|
|Personal information collected on our website||For the term of your subscription.|
|Personal information collected during product purchase||For the term of your subscription.|
|Personal information collected in the course of providing product support||7 years after termination of your subscription.|
We do not provide services to children and our website is not intended to attract children. Although visitors of all ages may navigate through our website, we do not intentionally collect personal information from those under the age of sixteen. If, following a notification by a parent or guardian, or discovery by other means, a child under sixteen has been improperly registered on our website by using false information, we will cancel the registration and delete the records.
You have the right to:
Request access to your personal information (commonly known as a “subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected, though we may need to verify the accuracy of the new information you provide to us.
Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (please see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the information’s accuracy; (b) where our use of the information is unlawful but you do not want us to erase it; (c) where you need us to hold the information even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you have any questions about this Statement or if you would like further information, or wish to complain, about our privacy practices you may contact us in any of the following ways:
Post: The Old Rectory, Church Street, Weybridge, Surrey KT13 8DE, UK.
Telephone: 01932 943 040
You have the right to complain to the Information Commissioner about the way in which we collect and use your personal information: www.ico.org.uk/concerns or telephone 0303 123 1113.
This Statement is effective from 27th August 2019. We may modify or update this Statement when necessary, when regulations demand it, or to reflect customer feedback and changes to our products or services. Please review it regularly.
Cookies are small text files sent between your web browser and our server. Cookies collect information about your web browser and provide us with information about the way you use our website. This helps us to ensure our website performs optimally throughout your visit.
This website uses three types of cookies:
Functional cookies. These cookies allow our website to remember choices you make while browsing and personalise your experience. We may store your geographic location in a cookie for instance, to ensure that we show you the website relevant to your area, for instance, for product pricing.
Payment Cookies. These cookies (Stripe) to enable us to collect payment from you. We may store your credit card or debit card details to enable you to make any necessary payment directly on our website.
Analytics cookies. We use analytics cookies, like those offered by Google Analytics, to help us understand things like how long a visitor stays on our website, what pages they find most useful. Visit the Google Analytics Wikipedia page here to learn more.
We will only place cookies on your browser if you consent to us doing so. When you visit our website for the first time you will see a ribbon towards the top of the homepage providing information about the cookies we use and inviting you to consent to us placing them on your browser.
By clicking the ‘Accept’ button you consent to us placing cookies on your web browser or hard drive and, in relation to the Google Analytics cookies, to Google, Inc processing the information collected by the cookies in the manner and for the purposes set out in the webpage referred to above.
If you wish to withdraw your consent you will need to delete the cookies from your web browser. You may be unable to log into our website or use some of its functionality if you do this.