ICARE CLINIC SERVICE PRIVACY POLICY FOR US

This privacy policy has been updated on 26/03/2021.

  1. INTRODUCTION

    This Privacy Policy (“Policy”) will help you understand how we use, share and protect personal information we collect about you when you use the iCare PATIENT, PATIENT2, EXPORT, CLINIC or CLOUD software.

    This Privacy Policy applies only to personal information we collect or maintain on our own behalf. We also may collect personal information on behalf of, or receive personal information from, your medical provider in connection with your use of iCare products. For more information on how your medical provider or other businesses you engage with collect, use, and store your personal information, including sharing with service providers like us, we encourage you to review the relevant business’s privacy policy. We do not sell your personal information, and we prohibit any sale of the personal information we share with our service providers.

    As described in more detail below, you may have rights with respect to the personal information we collect about you on our own behalf. We encourage you to read this Policy carefully, and to contact us if you have any questions.

  2. WHAT TYPES OF PERSONAL INFORMATION DO WE COLLECT, WHERE DO WE GET IT FROM, AND WHY?

    We collect personal information directly from you, such as through your interactions with our mobile applications and our website (www.icare-world.com/us/), or from your medical provider. In all cases, we collect personal information about you in accordance with the principles outlined in this Policy and applicable law.

    As stated above, we may also receive personal information about you in our role as a service provider to your medical provider. This information may include your name; the data or other content uploaded from an iCare device to iCare’s CLINIC service; information on which eye is measured; point of time of measurement; measurement angle (angle of the Device compared with your eye); intraocular pressure value; intermediate results of the six samples of intraocular pressure measurements; quality rating of the measurement; the free-text data written by you in the Services in connection with the measurement; reminders on when to take measurement or medication (medication information that you have voluntarily provided); the free-text data concerning conditions and actions defined by you related to measurement in general (you have voluntarily provided); the free-text messages exchanged between you and a professional health care provider (you have voluntarily provided); the time after which the Device will disable measurement function if rental time has been defined for a Device by your medical provider; the settings of the Device.

    For any such information, the privacy policy of your medical provider applies.

    The following table provides more detailed information on the personal information we collect on our own behalf and why:

    Information we collect

    Why we collect it

    If you, as a representative of a

    business, obtain our product or service, we will collect your: name,

    This information is necessary for

    us to provide the product or service you requested or to take

    address, email address, telephone number, payment information, commercial information about your previous interactions with us, and recordings of our calls with you.

    steps to obtain those products or services, for us to comply with a legal obligation, or to carry out related business and operational activities.

    If you use the iCare CLINIC software, we keep information about your identification in an auth token for the time you use the CLINIC software (i.e., until you log out).

    You can find more information about the auth token in the Cookies section of this Policy.

    This information is necessary for us to ensure the security and functionality of our CLINIC software, and related technology resources.

    If you inquire about our product or service, or otherwise request or agree to receive electronic communications from us, we may collect your name, email address, phone number, or physical address.

    You may unsubscribe from any lists you request or agree to be on by clicking the unsubscribe link.

    This information is necessary to send you the communications and information you have requested.

    Additional Information for California Residents

    The personal information we collect about you includes information within the categories below. These categories are defined by California law and represent the personal information that we have collected about California residents, and how it has been shared, over the past 12 months. We do not necessarily collect all information listed in a particular category, nor do we collect all categories of information for all individuals. We have shared information in each category with our affiliates and service providers for our business purposes within the last 12 months. We have not necessarily shared all information listed in a category.

    Category

    Source

    Purpose of Collecting Information

    Types of Third Parties Shared With

    Personal Identifiers. Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport

    number, or other similar identifiers.

    We collect information in this category:

    – directly from you or your interactions with our information

    A subset of this data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to

    send you notifications about your account,

    Affiliates and service providers.

    technology resources

    – from records we have about you in the course of providing services or products

    including billing statements, and to process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

    We also use this information to advertise iCare products/services

    that might be of interest to you.

    Information About You. Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, your name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information.

    We collect information in this category:

    A subset of this data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to send you notifications about your account, including billing statements, and to process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

    We also use this information to advertise iCare products/services that might be of

    interest to you.

    Affiliates and service providers.

    Sensitive information protected by federal or state law: familial status,

    disability, sex, national origin, religion, color,

    We collect information in this category:

    A subset of this data is processed in connection with our operational

    functions, including for us to open your

    Affiliates and service providers.

    • directly from you or your interactions with our information technology resources

    • from records we have about you in the course of providing services or products

    race, sexual orientation, gender identity and gender expression, marital status, veteran status, medical condition, ancestry, source of income, age, or genetic information.

    – directly from you or your interactions with our information technology resources

    account, call you or send you email, and process delivery of products or services to you. It is also processed to protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

    – from records we have about you in the course of providing services or products

    We also use this information to advertise iCare products/services that might be of interest to you.

    Commercial information: records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

    We collect information in this category:

    A subset of this data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to send you notifications about your account, including billing statements, and to process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

    Affiliates and service providers.

    We also use this information to advertise iCare products/services

    that might be of interest to you.

    • directly from you or your interactions with our information technology resources

    • from records we have about you in the course of providing services or products

    Internet or other electronic network activity information: browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement.

    We collect information in this category:

    A subset of this data is processed in connection with our operational functions, including for us to open your account, and process delivery of products or services to you. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

    We also use this information to advertise iCare products/services that might be of interest to you.

    Affiliates and service providers.

    Sensory information: audio, electronic, visual, thermal, olfactory, or similar information.

    This information is collected directly from you.

    This data is processed in connection with our operational functions, including for us to process delivery of products or services to you. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or

    illegal activity, and for data analytics.

    Affiliates and service providers.

    Professional or employment-related information: such as your job title and entity affiliation.

    We collect information in this category:

    – directly from you or your interactions with our information

    technology resources

    This data is processed in connection with our operational functions, including for us to open your account, call you or send you email, and process delivery of products or services to you. We also use it to send you notifications about your account,

    including billing statements, and to

    Affiliates and service providers.

    • directly from you or your interactions with our information technology resources

    • from records we have about you in the course of providing services or products

    – from records we have about you in the course of providing services or products

    process/collect payments. It is also processed to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, and for data analytics.

    We also use this information to advertise iCare products/services

    that might be of interest to you.

    Cookies

    When you access the iCare CLINIC software through a web page, we use a cookie called auth token to make our service more user-friendly, effective, and secure.

    Token-based authentication is a protocol which allows users to verify their identity, and in return receive a unique access token. During the life of the token, users then access the application that the token has been issued for, rather than having to re-enter credentials each time they use the resource protected with that same token.

    The user retains access as long as the token remains valid. Once the user logs out or quits an application, the token is invalidated. In other words, the auth token cookie we use is a “session cookie” which is automatically deleted as soon as you log out from iCare CLINIC.

  3. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH, AND WHY?

    We may disclose personal information about you with our service providers for the purposes described in this Policy where permitted by law.

    The third parties we may share your personal information with include:

    • nonaffiliated service providers;

    • regulatory authorities;

    • our auditors and legal advisors;

    • relevant industry self-regulatory bodies; and

    • others, where permitted by law.

      We do not sell your personal information, and we have contracts with our service providers to prohibit any sale of your personal information and to provide written assurances regarding the security and privacy protections they have in place to protect your personal information. Your information may only be transferred to another country for processing as permitted and in compliance with applicable law.

  4. WHERE DO WE KEEP YOUR PERSONAL INFORMATION AND HOW LONG DO WE KEEP IT?

    We store personal information about you on computer systems operated by us or our service providers. We will maintain personal information about you for as long as necessary in connection with both our and your legal rights and obligations for the purposes for which it was collected, to defend or advance legal claims, or as otherwise required by applicable laws and regulations.

  5. HOW IS MY PERSONAL INFORMATION SECURED?

    We maintain physical, technological and administrative safeguards to protect your personal information and prevent unauthorized or accidental use, access, or loss. We limit access to personal information about you to those who have a business need for such access. We have policies in place that regulate how our employees and contractors handle information about you. We limit access to our premises and to our computer networks and take steps to safeguard against unauthorized access to such premises and networks. We have procedures in place to manage any suspected data security incident and will notify you consistent with applicable legal requirements.

  6. YOUR RIGHTS

    YOU MAY HAVE VARIOUS RIGHTS WITH RESPECT TO YOUR PERSONAL INFORMATION DEPENDING ON WHERE YOU LIVE, THE INFORMATION WE HAVE ABOUT YOU, AND THE CONTEXT IN WHICH IT WAS OBTAINED. THESE RIGHTS ARE DEFINED UNDER A VARIETY OF PRIVACY LAWS AND REGULATIONS, EACH OF WHICH MAY OR MAY NOT APPLY TO OUR RELATIONSHIP WITH YOU OR YOUR PERSONAL INFORMATION.

    We may choose to extend these rights to you even if we are not required to under applicable law.

    For residents of California, to the extent we have collected information about you that is not governed by health information privacy laws, you may have rights to your personal information as described below:

    Right to know – You may be entitled to request that we disclose to you the personal information we have collected about you, the categories of sources from which we collected the information, the purposes of collecting the information, the categories of third parties with whom we have shared the information, and the categories of personal information that we have shared with third parties for a business purpose. In some instances, you may have the right to receive the information about you in a portable and readily usable format. Before providing any of this information, we must be able to verify your identity.

    Right to opt-out – We currently do not sell personal information to third parties, and therefore do not offer this option. We may share personal information about you with service providers as permitted by law. Please see the “Who do we share your personal information with, and why?” portion of this policy for more information.

    Right to deletion – Subject to certain conditions, you may be entitled to request that we delete personal information about you. Before deleting information, we must be able to verify your identity. We will not delete personal information about you when the information is required to fulfill a legal obligation, is necessary to exercise or defend legal claims, or where we are required or permitted to retain the information by law.

    For example, we cannot delete information about you if your personal information is on the contract between us for our services or products.

    We do not discriminate against you if you choose to exercise any of these rights.

    Submitting Privacy Requests

    You can exercise your privacy rights by submitting requests to us to exercise those rights and by taking other steps that will limit how information about you is collected, used, and shared.

    For residents of California, you may exercise your privacy rights under the CCPA by submitting a Personal Information Request by visiting [ https://www.icare- world.com/us/contact-us/] or by calling this toll-free number – [888-422-7313] – to speak to a customer service representative.

    We must verify your identity before fulfilling your personal information request. To verify your identity, we will collect information from you, including, to the extent applicable, your name, date of birth, contact information, your account information, or other personal identifying information. We will match this information against information we have previously collected about you or against information available from consumer reports to verify your identity and to respond to your request. Information collected for purposes of verifying your request will only be used for verification and to respond to your personal information request.

    If you maintain an account with us, we may require you to login to that account as part of submitting your request. If we are unable to verify your identity as part of your request, we will not be able to satisfy your request.

    If you would like to appoint an authorized agent to make a request on your behalf, we require you to verify your identity with us directly before we provide any requested information to your approved agent.

    Unsubscribe from promotional emails

    If you no longer wish to receive marketing or promotional emails from us, please click the unsubscribe or manage subscriptions link included in the footer of every promotional email we send, or contact us directly as provided in the “Contact Us” section of this policy.

  7. CHILDREN AND MINORS

We do not knowingly collect personal information directly from individuals under 18 years of age. Our services are not intended for individuals under 18 years of age. No one under 18 years of age should submit personal information through our services. We may collect personal information regarding individuals under 18 years of age from their parents or legal guardians, but only as necessary to provide our products and services.

Linking to Third Parties

When you leave our website or application and go to another linked website, we are not responsible for the content or availability of the linked website. If you enter into a transaction on the third-party website, we do not represent either the third party or you. Further, the privacy and security policies of the linked website may differ from ours.

Changes to this Policy

We reserve the right to change this Privacy Policy at any time in our sole discretion. If we make changes, we will post the revised policy here, so that you can see what information we gather, how we might use that information and in what circumstances we may disclose it. By continuing to use our services after notice is provided, you accept and agree to this Privacy Policy as modified.

International Users

The mobile application is governed by the laws of the United States and is not directed at users based outside of the United States.

Contact Us

If you have any questions about this Policy or your privacy rights, please contact us at:

Icare USA Inc.

4700 Falls of Neuse Rd. Ste 245 Raleigh, NC. 27609

Ph. +1 888.422.7313

Fax +1 877.477.5485

[email protected]