CONTENTS
ICARE CLINIC
SERVICE PRIVACY POLICY
FOR OUTSIDE OF US
This
privacy policy has been updated on 26/03/2021.
ICARE
FINLAND OY (Business ID 1084502-3) (“iCare”)
Address:
Äyritie 22, 01510 VANTAA, Finland
telephone:
+358 9 8775 1150
email:
[email protected]
The
contact details may be amended from time to time and you can find current
details in this privacy policy which is available at the address
https://www.icare-world.com at all times.
Full name: Vesa Hakkarainen
Contact
information: [email protected]
The name
and contact details may be amended from time to time and you can find current
details in this privacy policy.
The name of
the register is iCare CLINIC Service register. The iCare CLINIC Service
register includes data originating from devices iCare HOME, iCare HOME2, iCare
IC200 and iCare PRO and software / software services iCare CLINIC Service, iCare
CLOUD, iCare PATIENT2 Application, iCare PATIENT Application and iCare EXPORT
Application. All the devices and services are hereinafter referred to as “Services”.
The
provision of Personal Data (as defined below in section 5) is voluntary. In
case you do not provide the data that is marked as obligatory when the data is
requested, iCare is not able to provide you with the Services.
The
purposes for and the legal grounds for processing of the Personal Data are as
follows:
The legal
basis for the processing of the Personal Data are as follows:
The Personal
Data is defined as follows:
• enquiry
from you
• the
Services
• provided by you when you contact iCare’s
customer service or when you utilize the Services
The Personal Data may be transferred to a
subcontractor of the Supplier called Taitopilvi Oy (Business ID 2786133-7). The purposes of the transfers are
the same as stated in the Section 4.1.
iCare does
not transfer your Personal Data to countries outside the European Economic Area
(EEA) and European Union (EU) except for i) the USA or ii) the United Kingdom
(“Third Countries”).
The basis
of a transfer outside the EU area is the model clauses of the EU Commission. The
text of the model clauses is available on the internet at the address http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm or the adequacy decisions of the EU
Commission. The decisions are available on the internet at the address https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
The Services
may have hypertext links to third party web sites. Please note that iCare is
not liable for personal data processing on such web sites. Such third parties
are not personal data controllers or processors towards iCare.
iCare’s
cookie policy can be found at the address https://www.icare-world.com. Please
read the cookie policy together with this document.
The Personal
Data is secured by using, for example, the following methods and principles:
After
having supplied sufficient search criteria, you have the right to get
information on which Personal Data on you is being processed or information
that no Personal Data is being processed.
Where such Personal
Data are being processed, iCare shall provide the following information:
(a)
the purposes of the processing;
(b)
the categories of Personal Data concerned;
(c)
the recipients or categories of recipients to whom the Personal Data are to be
or have been disclosed, in particular to recipient in Third Countries;
(d)
the period for which the Personal Data will be stored;
(e)
the existence of the right to request from iCare rectification or erasure of
your Personal Data or to object to the processing of such Personal Data;
(f)
the right to lodge a complaint to the supervisory authority and the contact
details of the supervisory authority;
(g)
communication of the Personal Data undergoing processing and of any available
information as to their source;
(h)
the significance and envisaged consequences of such processing, at least in the
case of measures which produce legal effects concerning you or significantly
affects you and which are based solely on automated processing intended to
evaluate certain personal aspects relating to you or to analyze or predict in
particular your performance at work, economic situation, location, health,
personal preferences, reliability or behavior; and
(i)
information on the regular sources of Personal Data.
Where you
make the request in electronic form, the information shall be provided in
electronic form, unless otherwise requested by you.
iCare shall
provide a copy of your Personal Data undergoing processing. For any further
copies requested by you, iCare may charge a reasonable fee based on
administrative costs.
Where
requests from you are manifestly unfounded or excessive, in particular because
of their repetitive character, iCare may either: (a) charge a reasonable fee
taking into account the administrative costs of providing the information or
communication or taking the action requested; or (b) refuse to act on the
request.
If you want
to inspect the data concerning yourself as mentioned herein, you must represent
the request to iCare in a document hand signed by you or in a document
certified in a similar manner or personally by visiting iCare.
iCare
shall, at your request, without undue delay correct, erase or supplement Personal
Data contained in its Personal Data register if the data is erroneous,
unnecessary, incomplete or obsolete as regards the purpose of the processing,
including by way of supplementing a corrective statement.
If iCare
refuses your request of the correction of the data, iCare will give you a
written certificate regarding this. The certificate will also include the
reasons for the refusal. In such event, you may bring the matter to be handled
by the Data Protection Ombudsman.
The
Personal Data are processed for the time until the debt relationship directly
related to the Personal Data becomes time-barred. Main rule according to law
for a debt to become time-barred is three years. When mandatory law provides a
longer or shorter time for processing, such limitation is applied.
iCare may
also store Personal Data for as long as it is needed for the establishment,
exercise or defense of possible legal claims.
You have
the right to lodge a complaint to the supervisory authority. The contact
details of the supervisory authority:
https://tietosuoja.fi/en/contact-information
Office of the Data Protection Ombudsman
P.O. Box
800
FI00531
HELSINKI
FINLAND
Address:
Lintulahdenkuja
4, 00530 HELSINKI, FINLAND
Tel:
+358 29 56 66700 (exchange)
Fax:
+358 29 56 66735
Email:
[email protected]
You have
the right to prohibit iCare to process your Personal Data for purposes of
direct advertising, distance selling, other direct marketing, market research,
opinion polls, catalogues on persons or genealogical research.
You have
the right not to be subject to a measure which produces legal effects
concerning you or significantly affects you, and which is based solely on
automated processing intended to evaluate certain personal aspects relating to
you or to analyze or predict in particular your performance at work, economic
situation, location, health, personal preferences, reliability or behavior.
You have
the right to object, on grounds relating to your particular situation, to the
processing of Personal Data which is based on either of the following grounds
for processing: (i) when processing has been found necessary for the purposes
of the legitimate interests of iCare or (ii) when processing has been found
necessary in order to protect your vital interests. You however do not have the
right to object, if iCare demonstrates compelling legitimate grounds for the
processing which override your interests or fundamental rights and freedoms.
You have
the right to obtain from iCare the erasure of Personal Data relating to you and
the abstention from further dissemination of such data, where one of the
following grounds applies:
(a)
the data are no longer necessary in relation to the purposes for which they
were collected or otherwise processed;
(b)
you withdraw the consent on which the processing is based, or when the storage
period consented to has expired, and where there is no other legal ground for
the processing of the data;
(c)
you object to the processing of Personal Data pursuant to Section 14.3 of this
policy; or
(d)
the processing of the data does not comply with lawful requirements for other
reasons.
Instead of
erasure, iCare shall restrict processing of Personal Data where:
(a)
their accuracy is contested by you, for a period enabling iCare to verify the
accuracy of the data;
(b)
iCare no longer needs the Personal Data for the accomplishment of its task but
they have to be maintained for purposes of proof; or
(c)
the processing is unlawful and you oppose their erasure and request the
restriction of their use instead.
In cases of
restriction of processing of Personal Data in cases defined above, the Personal
Data may, with the exception of storage, only be processed for purposes of
proof, or with your consent, or for the protection of the rights of another
natural or legal person or for an objective of public interest.
ICARE CLINIC
SERVICE PRIVACY POLICY
FOR US
This
privacy policy has been updated on 26/03/2021.
This Privacy Policy (“Policy”) will help you understand how
we use, share and protect personal information we collect about you when you
use the iCare PATIENT, PATIENT2, EXPORT, CLINIC or CLOUD software.
This Privacy Policy applies only to personal information we
collect or maintain on our own behalf. We also may collect personal information
on behalf of, or receive personal information from, your medical provider in
connection with your use of iCare products. For more information on how your
medical provider or other businesses you engage with collect, use, and store
your personal information, including sharing with service providers like us, we
encourage you to review the relevant business’s privacy policy. We do not sell
your personal information, and we prohibit any sale of the personal information
we share with our service providers.
As described in more detail below, you may have rights with
respect to the personal information we collect about you on our own behalf. We encourage you to read
this Policy carefully, and to contact us if you have any questions.
We collect personal information directly from you, such as
through your interactions with our mobile applications and our website
(www.icare-world.com/us/), or from your medical provider. In all cases, we
collect personal information about you in accordance with the principles
outlined in this Policy and applicable law.
As stated above, we may also receive personal information
about you in our role as a service provider to your medical provider. This
information may include your name; the data or other content uploaded from an
iCare device to iCare’s CLINIC service; information on which eye is measured;
point of time of measurement; measurement angle (angle of the Device compared
with your eye); intraocular pressure value; intermediate results of the six
samples of intraocular pressure measurements; quality rating of the
measurement; the free-text data written by you in the Services in connection
with the measurement; reminders on when to take measurement or medication
(medication information that you have voluntarily provided); the free-text data
concerning conditions and actions defined by you related to measurement in general
(you have voluntarily provided); the free-text messages exchanged between you
and a professional health care provider (you have voluntarily provided); the
time after which the Device will disable measurement function if rental time
has been defined for a Device by your medical provider; the settings of the
Device.
For any such information, the privacy policy of your medical
provider applies.
The following table provides more detailed information on
the personal information we collect on our own behalf and why:
Information we collect |
Why we collect it |
If
you, as a representative of a business, obtain our product or service, we
will collect your: name, address, email address, telephone number, payment
information, commercial information about your previous interactions with us,
and recordings of our calls with you. |
This
information is necessary for us to provide the product or service you
requested or to take steps to obtain those products or services, for us to
comply with a legal obligation, or to carry out related business and
operational activities. |
If you use the iCare CLINIC software, we
keep information about your identification in an auth token for the time you
use the CLINIC software (i.e., until
you log out). You
can find more information about the auth token in the Cookies section of this
Policy. |
This
information is necessary for us to ensure the security and functionality of
our CLINIC software, and related technology resources. |
If
you inquire about our product or service, or otherwise request or agree to
receive electronic communications from us, we may collect your name, email
address, phone number, or physical address. You
may unsubscribe from any lists you request or agree to be on by clicking the
unsubscribe link. |
This
information is necessary to send you the communications and information you
have requested. |
The personal information we collect about you includes information within the categories below. These categories are defined by California law and represent the personal information that we have collected about California residents, and how it has been shared, over the past 12 months. We do not necessarily collect all information listed in a particular category, nor do we collect all categories of information for all individuals. We have shared information in each category with our affiliates and service providers for our business purposes within the last 12 months. We have not necessarily shared all information listed in a category.
Category |
Source |
Purpose of
Collecting Information |
Types of Third
Parties Shared With |
Personal Identifiers. Identifiers
such as a real name, alias, postal address, unique personal identifier,
online identifier Internet Protocol address, email address, account name,
Social Security number, driver’s license number, passport number, or other
similar identifiers. |
We collect information in this category: - directly from you or your interactions with our information
technology resources - from records we have about you in the course of providing
services or products |
A subset of this data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to send you notifications about your account, including billing statements, and to process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics. We also use this information to advertise
iCare products/services that might be of interest to you. |
Affiliates and service providers. |
Information About You. Information
that identifies, relates to, describes, or is capable of being associated
with, a particular individual, including, but not limited to, your name,
signature, Social Security number, physical characteristics or description,
address, telephone number, passport number, driver’s license or state
identification card number, insurance policy number, education, employment,
employment history, bank account number, credit card number, debit card
number, or any other financial information, medical information, or health
insurance information. |
We collect information in this category: - directly from you or your interactions with our information
technology resources - from records we have about you in the course of providing
services or products |
A subset of this data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to send you notifications about your account, including billing statements, and to process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics. We also use this information to advertise
iCare products/services that might be of interest to you. |
Affiliates and service providers. |
Sensitive information protected by federal or state law:
familial status, disability, sex, national origin, religion, color, race,
sexual orientation, gender identity and gender expression, marital status,
veteran status, medical condition, ancestry, source of income, age, or
genetic information. |
We collect information in this category: - directly from you or your interactions with our information
technology resources - from records we have about you in the course of providing
services or products |
A subset of this data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. It is also processed to protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics. We also use this information to advertise
iCare products/services that might be of interest to you. |
Affiliates and service providers. |
Commercial information: records of
personal property, products or services purchased, obtained, or considered,
or other purchasing or consuming histories or tendencies. |
We collect information in this category: - directly from you or your interactions with our information
technology resources - from records we have about you in the course of providing
services or products |
A subset of this data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to send you notifications about your account, including billing statements, and to process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics. We also use this information to advertise iCare
products/services that might be of interest to you. |
Affiliates and service providers. |
Internet or other electronic network activity information:
browsing history, search history, and information regarding a consumer’s
interaction with an Internet Web site, application, or advertisement. |
We collect information in this category: - directly from you or your interactions with our information
technology resources - from records we have about you in the course of providing
services or products |
A subset of this data is processed in connection with our operational functions, including for us to open your account, and process delivery of products or services to you. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics. We also use this information to advertise
iCare products/services that might be of interest to you. |
Affiliates and service providers. |
Sensory information: audio, electronic, visual, thermal,
olfactory, or similar information. |
This information is collected directly from you. |
This data is processed in connection with our operational
functions, including for us to process delivery of
products or services to you. It is also processed to detect security
incidents, protect against malicious, deceptive, fraudulent or illegal
activity, and for data analytics. |
Affiliates and service providers. |
Professional or employment-related information: such as
your job title and entity affiliation. |
We collect information in this category: - directly from you or your interactions with our information
technology resources - from records we have about you in the course of providing
services or products |
This data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to send you notifications about your account, including billing statements, and to process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics. We also use this information to advertise
iCare products/services that might be of interest to you. |
Affiliates and service providers. |
When you access the iCare CLINIC software through a web
page, we use a cookie called auth token to make our service more user-friendly,
effective, and secure.
Token-based authentication is a protocol which allows
users to verify their identity, and in return receive a unique access token. During the
life of the token, users then access the application that the token has been issued for, rather than having to re-enter
credentials each time they use the resource protected with that same token.
The user retains access as long as the token remains
valid. Once the user logs out or quits an application, the token is invalidated.
In other words, the auth token cookie we use is a “session cookie” which is
automatically deleted as soon as you log out from iCare CLINIC.
We may disclose personal information about you with our
service providers for the purposes described in this Policy where permitted by
law.
The third parties we may share your personal information
with include:
· nonaffiliated service providers;
· regulatory authorities;
· our auditors and legal advisors;
· relevant industry self-regulatory bodies; and
· others, where permitted by law.
We do not sell your personal information, and we have
contracts with our service providers to prohibit any sale of your personal
information and to provide written assurances regarding the security and
privacy protections they have in place to protect your personal information.
Your information may only be transferred to another country for processing as
permitted and in compliance with applicable law.
We store personal information about you on computer systems
operated by us or our service providers. We will maintain personal information
about you for as long as necessary in connection with both our and your legal
rights and obligations for the purposes for which it was collected, to defend
or advance legal claims, or as otherwise required by applicable laws and
regulations.
We maintain physical, technological and administrative
safeguards to protect your personal information and prevent unauthorized or
accidental use, access, or loss. We limit access to personal information about
you to those who have a business need for such access. We have policies in
place that regulate how our employees and contractors handle information about
you. We limit access to our premises and to our computer networks and take
steps to safeguard against unauthorized access to such premises and networks.
We have procedures in place to manage any suspected data security incident and
will notify you consistent with applicable legal requirements.
We may choose to extend these rights to you even if
we are not required to under applicable law.
For residents of California, to the extent we have
collected information about you that is not governed by health information
privacy laws, you may have rights to your personal information as described
below:
Right to know – You may be entitled to request that we disclose
to you the personal information we have collected about you, the categories of
sources from which we collected the information, the purposes of collecting the
information, the categories of third parties with whom we have shared the
information, and the categories of personal information that we have shared
with third parties for a business purpose. In some instances, you may have the
right to receive the information about you in a portable and readily usable
format. Before providing any of this information, we must be able to verify
your identity.
Right to opt-out – We currently do not sell personal
information to third parties, and therefore do not offer this option. We may
share personal information about you with service providers as permitted by
law. Please see the “Who do we share your personal information with, and why?”
portion of this policy for more information.
Right to deletion – Subject to certain conditions, you
may be entitled to request that we delete personal information about you.
Before deleting information, we must be able to verify your identity. We will
not delete personal information about you when the information is required to
fulfill a legal obligation, is necessary to exercise or defend legal claims, or
where we are required or permitted to retain the information by law. For
example, we cannot delete information about you if your personal information is
on the contract between us for our services or products.
We do not discriminate against you if you choose to
exercise any of these rights.
Submitting Privacy Requests
You can exercise your privacy rights by submitting
requests to us to exercise those rights and by taking other steps that will
limit how information about you is collected, used, and shared.
For residents of California, you may exercise your
privacy rights under the CCPA by submitting a Personal Information Request by
visiting [ https://www.icare-world.com/us/contact-us/]
or by calling this toll-free number – [888-422-7313] – to speak to a customer service
representative.
We must verify your identity before fulfilling your
personal information request. To verify your identity, we will collect
information from you, including, to the extent applicable, your name, date of
birth, contact information, your account information, or other personal
identifying information. We will match this information against information we
have previously collected about you or against information available from
consumer reports to verify your identity and to respond to your request.
Information collected for purposes of verifying your request will only be used
for verification and to respond to your personal information request.
If you maintain an account with us, we may require
you to login to that account as part of submitting your request. If we are
unable to verify your identity as part of your request, we will not be able to
satisfy your request.
If you would like to appoint an authorized agent to
make a request on your behalf, we require you to verify your identity with us
directly before we provide any requested information to your approved agent.
Unsubscribe from promotional emails
If you no longer wish to receive marketing or
promotional emails from us, please click the unsubscribe or manage
subscriptions link included in the footer of every promotional email we send,
or contact us directly as provided in the “Contact Us” section of this policy.
We do not knowingly collect personal information directly
from individuals under 18 years of age. Our services are not intended for
individuals under 18 years of age. No one under 18 years of age should submit
personal information through our services. We may collect personal information
regarding individuals under 18 years of age from their parents or legal
guardians, but only as necessary to provide our products and services.
Linking to Third Parties
When you leave our website or application and go to another linked website, we are not responsible for the content or availability of the linked website. If you enter into a transaction on the third-party website, we do not represent either the third party or you. Further, the privacy and security policies of the linked website may differ from ours.
Changes to this Policy
We reserve the right to change this Privacy Policy at any time in our sole discretion. If we make changes, we will post the revised policy here, so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our services after notice is provided, you accept and agree to this Privacy Policy as modified.
International Users
The mobile application is governed by the laws of the United States and is not directed at users based outside of the United States.
Contact Us
If you have any questions about this Policy or your privacy rights, please contact us at:
Icare USA Inc.
4700 Falls of Neuse Rd. Ste 245
Raleigh, NC. 27609
Ph. +1 888.422.7313
Fax +1 877.477.5485