A. ABOUT THIS POLICY
We are committed to providing you with professional and valuable products and services whilst safeguarding your privacy.
“Personal Data” is any information relating to you, which can be used to personally identify you, either directly or indirectly.
“Sensitive Personal Data or Information” or “SPDI” is information such as your: (i) password; (ii) financial information such as bank account or credit card or debit card or other payment instrument details; (iii) physical and physiological; (iv) sexual orientation; or (v) biometric information.
- references to “we”, “us” or “our” means CooperVision Limited and/or the Affiliates (defined below); and
- references to “you” and “your” are to the Data Subjects.
B. WHO IS RESPONSIBLE FOR YOUR DATA?
CooperVision Limited, with its head office at: Delta Park, Concorde Way, Segensworth North, Fareham, Hampshire, PO15 5RL, registered in the companies register maintained by Companies House, under company number 03685161 “CooperVision”) is the data controller of your Personal Data and SPDI.
We can be contacted at by email: email@example.com or by post using the address set out above.
C. WHAT PERSONAL DATA DO WE PROCESS AND WHY?
We have set out below a table which provides a non-exhaustive list of the types of Personal Data and SPDI that we collect, the purposes for which that Personal Data or SPDI is processed and the legal basis we rely upon to process such Personal Data..
|Data Subject category||Type of information||Purposes of processing||Legal basis of processing|
|Customers (including opticians, stores staff)||
|Consumers (including participants in promotional events)||
|Users of our websites||
Our business purposes – we will also use your Personal Data for our internal business purposes (our legitimate interests) such as:
- record keeping, statistical analysis, internal reporting and research purposes;
- to investigate any complaints you make;
- to provide evidence in any disputes or anticipated disputes between you and us;
- for the detection and prevention of fraud, manual (non-automated) credit checking, other criminal offences and for risk management purposes;
- for business and disaster recovery (e.g. to create back-ups);
- to ensure network and information security;
- to host, maintain and otherwise support the operation of our websites, including to customise various aspects of our websites to improve your experience;
- for document and data retention/storage;
- to protect the rights, property, and/or safety of CooperVision , any of its Affiliates, its personnel and others; and
- to ensure the quality of the services we provide to our clients and other Data Subjects.
We believe the risk to your data protection rights in connection with Personal Data that we process on the basis of our legitimate interests is not excessive or overly intrusive.
We may be required to process your personal information to comply with our legal requirements as per applicable law, to enable us to fulfil the terms of any contract that we have with or in preparation of us entering into a contract with you.
In addition, we will only use your SPDI under the following conditions:
- record keeping, statistical analysis, internal reporting and research purposes
We collect SPDI only upon receiving your consent. You are free to withdraw your consent provided the same is given in writing or by e-mail to us.
D. HOW AND WHEN DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?
This section describes with whom we may share your Personal Data or SPDI.
- Data sharing within CooperVision group
CooperVision may share your Personal Data or SPDI with its Affiliates (details of the Affiliates, including their locations, are listed here:
- where we need to do so in order to provide the products and/or services or information that you have requested; for example, we may transfer your Personal Data or SPDI to CooperVision Limited in the UK for central support services; or
- for the purposes of IT support and maintenance; or
- internal governance and administration; or
- if you consent to us doing so (e.g. when you give us consent for marketing communications with Affiliates); or
- to comply with our legal or regulatory obligations; for example, we may transfer your personal data/SPDI to CooperVision Inc. in US which hosts our database of product and patient regulatory information.
- Data sharing with service providers
We also share your Personal Data with our third party service providers, whom we engage to provide various services, which include but are not limited to:
- delivery of our products (e.g. couriers);
- marketing and advertising services (e.g. marketing agencies, interactive agencies, e-mailing solution providers);
- our websites (e.g. hosting and maintaining our websites); and
- IT services and solutions (e.g. providing data storage, assisting us with database management).
- Data sharing with other recipients
We may also share your Personal Data/SPDI with:
- our accountants, auditors, lawyers or other professional advisers when we ask them to provide us with professional advice;
- any other third party if we are under a duty to disclose or share your Personal Data/SPDI in order to comply with any legal obligation, or to protect the rights, property and/or safety of CooperVision, any of its Affiliates, its personnel and others;
- any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation;
- police and other law enforcement agencies in connection with the prevention and detection of crime; or
- investors and other relevant third parties in the event of a potential sale or other corporate transaction related to CooperVision and/or any of its Affiliates.
E. INTERNATIONAL TRANSFERS OF PERSONAL DATA
The transfer of your Personal Data and SPDI to and between the Affiliates, service providers or other recipients will be as per provisions of applicable law.
You can request further details about the safeguards that we implement by contacting our Data Protection Officer at: firstname.lastname@example.org.
F. HOW LONG DO WE STORE PERSONAL DATA?
It is our policy to retain your Personal Data/SPDI for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfilment of an agreement with you). However, we may be obliged to store some Personal Data/SPDI for a longer time, taking into account factors including:
- legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements);
- the establishment, exercise or defence of legal claims (e.g., for the purposes of a potential dispute).
If you would like to find out how long we keep your Personal Data for a particular purpose, you can contact us at: email@example.com.
G. HOW DO WE PROTECT YOUR PERSONAL DATA?
We implement technical and organisational security measures to protect your Personal Data/SPDI against the risk of loss, misuse, or unauthorised alteration or destruction. Such measures may include the use of firewalls, encryption (where appropriate), access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your Personal Data. Where appropriate, we may also make backup copies and use other such means to prevent accidental damage to or destruction of your Personal Data.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you online we will use a recognised online secure payment system.
H. YOUR RIGHTS
The following section explains your data protection rights that you can exercise. The rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. You can exercise these rights using the contact details set out in Section I (How to Contact Us).
- The right to rectification – you can ask us to take measures to correct your Personal Data if it is inaccurate or incomplete (e.g. if we have the wrong name or address for you).
- The right to withdraw consent – where we process your Personal Data on the basis of your consent, you have the right to withdraw your consent at any time.
Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.
We will generally respond to your request within one month of receiving your request. We can extend this period by an additional two months if this is necessary taking into account the complexity and number of requests that you have submitted.
We will not charge you for such communications.
I. THIRD PARTY LINKS
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for how they handle your Personal Data. When you leave one of our websites, we encourage you to read the privacy notice of every website you visit.
If you have a complaint about how we use your personal data/ SPDI, we would always prefer you to contact us first. You can file a complaint by contacting our Grievance Officer, whose details are provided below:
Anand Nayal, CooperVision India Office
K. HOW TO CONTACT US