1. ABOUT THIS POLICY

    We are committed to providing you with professional and valuable products and services whilst safeguarding your privacy.

    This Data Privacy Policy (“Policy”) outlines when, why and how we collect, use, disclose and/or otherwise handle (collectively “process”) personal data about (i) individuals associated with our customers (including opticians), (ii) individuals associated with potential customers, (iii) consumers of our products and/or services; (iv) individuals associated with suppliers, business partners, service providers or other types of third parties we engage, retain or otherwise interface with in our business operation; and (v) users of our online Platforms (“Data Subjects”).  “Platforms” include websites, mobile apps, electronic communications, social media platforms such as WhatsApp, electronic forms, online market surveys, and online points of sale and events.

    Personal Data” is any information relating to you, whether true or not, which can be used to personally identify you, either directly or indirectly.  We will process your Personal Data, as described in this Policy and as described when we collect data from you.  This Policy must be read together with any other legal notices or terms and conditions provided or made available to you when we collect data from you (or at a later stage) or that are available on other pages of our Platforms.

    The provision of certain types of your Personal Data in connection with your use of our Platforms is mandatory, including, where you register for an account on our CooperVision Pro or Brilliant Futures Platforms, your name, work phone and email address, so that we can ensure that only authorised persons may access the relevant Platform. If you do not provide such information, we may not be able to provide you with access to or full use of the Platform in question.  The provision of Personal Data in other contexts, such as visiting our websites (without registration), is voluntary.

    In this Policy

    • references to “we”, “us” or “our” means CooperVision Hong Kong Limited and/or the Affiliates (defined below); and
    • references to “you” and “your” are to the Data Subjects.
  2. WHATSAPP & OTHER SOCIAL MEDIA PLATFORMS

    We are not responsible or liable for the collection, use, disclosure and processing by WhatsApp or any other social media platform providers of any content or Personal Data relating to you collected through WhatsApp or such other social media platforms. You are encouraged to carefully review WhatsApp’s and such other social medial platform providers’ privacy and cookie policies.

  3. COOKIE POLICY

    Where you use our Platforms, we will process your Personal Data collected by using cookies in accordance with this Section C.

    A cookie is a small text file that a website, application or other online platform stores on your computer or mobile device when you visit the site. We may use cookies on our Platforms for a number of different purposes, e.g. for technical reasons like letting you navigate between pages efficiently, for storing your preferences and for generally improving your user experience of an Platform. If you do not wish to receive any cookies, you may set your browser to refuse cookies. Cookies must be enabled to use the services on the Platform. If you set your browser to refuse cookies, you will be unable to log into the Platform or use the services on the Platform.

  4. WHO IS RESPONSIBLE FOR YOUR DATA?

    CooperVision Hong Kong Limited with its place of business at: Unit no. 05-06, 18th Floor, No. 909 Cheung Sha Wan Road, Cheung Sha Wan, Kowloon, Hong Kong, registered in Hong Kong Special Administrative Region with company registration number 491794 (“CooperVision”) is the data user in relation to your Personal Data.

    We can be contacted by email at: cvhkorder@coopervision.com or by post using the address set out above.

    Where CooperVision shares Personal Data with CooperVision affiliates (“Affiliates”), which means our subsidiaries, our ultimate holding company and its subsidiaries (including CooperVision, Inc., and other Affiliates located outside of Hong Kong), the Affiliates are also data users as explained in this Policy.  Details of the Affiliates, including their locations, are listed here at https://coopervision.com.sg/APAC-Affiliates.

  5. WHAT PERSONAL DATA DO WE PROCESS AND WHY?

    We set out in the table below a non-exhaustive list of the types of Personal Data that we may collect and process and the purposes for which that Personal Data is collected and processed.

    Data Subject category Type of information Purposes of processing
    Individuals associated with trade customers (including sole-practitioners, opticians working for companies or organizations, stores staff)
    • your name
    • your address (business and personal)
    • your e-mail address
    • your telephone numbers (business and personal)
    • your job title, role
    • the store at which you work
    • your purchase history
    • other Personal Data that is necessary to meet our legitimate business purposes
    • supplying goods purchased from us
    • supplying services purchased from us
    • performance of an agreement that we have in place with our customers, including collecting payments from our customers, sending invoices, statements and payment reminders
    • sending you non-marketing commercial communications
    • sending you marketing communications (including our email newsletter) relating to our products or services, if you have consented to receiving them or if the communications are sent to you solely in your professional capacity as a representative of an ECP
    • other legitimate business purposes

    Individuals associated with potential trade customers

    • your name
    • your address (business and personal)
    • your e-mail address
    • your telephone numbers (business and personal)
    • other Personal Data that is necessary to meet our legitimate business purposes
    • sending you marketing communications (including our email newsletter) relating to our products or services, if you have consented to receiving them
    • other legitimate business purposes

    Consumers (including participants in promotional events)

    • your name
    • your e-mail address
    • your telephone number (personal)
    • your address (business and personal)
    • WhatsApp ID
    • gender
    • birthday month
    • age range
    • social media account name and/or ID
    • eye examination information
    • eye prescription information
    • past and present contact lens brands and modalities used by you
    • other Personal Data that is necessary to meet our legitimate business purposes
    • organization of promotional events, including giving you a discount
    • development and improvement of our products and services
    • sending trial lenses to you at your request or sending products ordered by you
    • sending you marketing communications (including our email newsletter) relating to our products or services, if you have consented to receiving them
    • other legitimate business purposes

    Individuals associated with suppliers, business partners, service providers or other types of third parties we engage, retain or interface with during operations

    • your name
    • your postal and e-mail address
    • your telephone numbers (fixed and mobile)
    • your job title, role
    • bank account and other payment information
    • other Personal Data that is necessary to meet our legitimate business purposes
    • managing third parties we work with
    • to perform our contractual obligations towards you or to take pre-contractual steps
    • organization of tenders
    • managing our IT facilities
    • making payment, billing and invoicing
    • other legitimate business purposes

    Users of our Platforms

    • IP address
    • geographical location
    • time zone setting
    • browser type and version
    • operating system
    • information about your visits to and use of our Platforms
    • email address
    • user name
    • password
    • user role
    • other Personal Data that is necessary to meet our legitimate business purposes
    • identifying and authenticating users
    • where relevant, confirming intent of users to register for our Platforms and deciding whether to approve the registration
    • administering, operating and managing our Platforms.
    • personalizing our Platforms
    • enabling your use of the services available on our Platforms
    • determining if certain functions under the Platforms should be made available to you.
    • other legitimate business purposes

    We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose.  Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.  For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Platform application feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Policy.

    Our business purposes – we will also use your Personal Data for our internal business purposes including:

    • for record keeping, statistical analysis, internal reporting and research purposes;
    • to investigate any complaints you make;
    • to provide evidence in any disputes or anticipated disputes between you and us;
    • for the detection and prevention of fraud, other criminal offences and for risk management purposes; and
    • for business and disaster recovery (e.g. to create back-ups);
    • to ensure network and information security;
    • to host, maintain and otherwise support the operation of our Platforms, including to customise various aspects of our Platforms to improve your experience;
    • for document and data retention/storage;
    • to protect the rights, property, and/or safety of CooperVision, any of its Affiliates, its personnel and others; and
    • to ensure the quality of the services we provide to our clients and other Data Subjects.

    We may also be required to process your personal data to comply with our legal requirements or to enable us to fulfill the terms of any contract that we have with or in preparation of us entering into a contract with you.

  6. HOW AND WHEN DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?

    This Section F describes with whom we may share your Personal Data.

    1. Data sharing within CooperVision group

      CooperVision may share your Personal Data with its Affiliates:

      • where we need to do so in order to provide the products and/or services or information that you have requested; for example, we may transfer your Personal Data to CooperVision Inc. and Eye Care Prime, LLC for central support services; or
      • for the purposes of IT support and maintenance; or
      • internal governance and administration; or
      • if you consent to us doing so; or
      • to comply with our legal or regulatory obligations; for example, we may transfer your Personal Data to CooperVision Inc. in the US, which hosts our database of product and patient regulatory information.
    2. Data sharing with service providers

      We also share your Personal Data with our third party service providers, whom we engage to provide various services, which include but are not limited to:

      • delivery of our products (e.g. couriers);
      • our Platforms (e.g. hosting and maintaining our Platforms); and
      • IT services and solutions (e.g. providing data storage, assisting us with database management).
    3. Data sharing with other recipients

      We may also share your Personal Data with:

      • our accountants, auditors, lawyers or other professional advisers when we ask them to provide us with professional advice;
      • any other third party if we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or to protect the rights, property and/or safety of CooperVision, any of its Affiliates, its personnel and others;
      • any other third party for the purposes of acting in accordance with the requirements of a court, regulator or government agency, for example, complying with a court order or acting in accordance with an applicable law or regulation;
      • police and other law enforcement agencies in connection with the prevention and detection of crime; or
      • prospective and actual investors and other relevant third parties in the event of a potential sale or other corporate transaction related to CooperVision and/or any of its Affiliates.
  7. INTERNATIONAL TRANSFERS OF PERSONAL DATA

    The transfer of your Personal Data to and between the Affiliates, service providers or other recipients may involve your Personal Data being sent to recipients outside of your jurisdiction. Where we transfer Personal Data overseas, we will implement appropriate and suitable safeguards to ensure that such Personal Data will be protected as required by applicable data protection law.

  8. HOW LONG DO WE STORE PERSONAL DATA?

    It is our policy to retain your Personal Data for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfillment of an agreement with you). However, we may be obliged to store some Personal Data for a longer time, taking into account factors including:

    • legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements); the establishment, exercise or defence of legal claims (e.g., for the purposes of a potential dispute).
  9. HOW DO WE PROTECT YOUR PERSONAL DATA?

    We implement technical and organisational security measures to protect your Personal Data against the risk of accidental or unauthorised access, processing, erasure, loss, misuse, alteration or destruction. Such measures may include the use of firewalls, encryption (where appropriate), access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your Personal Data. Where appropriate, we may also make backup copies and use other such means to prevent accidental damage to or destruction of your Personal Data.

    Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you online we will use a recognised online secure payment system, which may be subject to a third party's privacy policy.

  10. YOUR RIGHTS

    This Section J explains your data protection rights that you can exercise. The rights may only apply in certain circumstances and are subject to certain exemptions. Please see the table below for a summary of your rights. You can exercise these rights using the contact details set out in Section L (How to Contact Us).

    • The right to be informed – you have the right to be provided with clear, transparent and easily understandable information about how we use your Personal Data.  This is why we are providing you with the information in this Policy and in any legal notices or terms and conditions provided to you.
    • The right of access – you have the right to access and to receive a copy of your Personal Data that we hold about you, subject to certain exemptions.
    • The right to rectification – you can ask us to take measures to correct your Personal Data if it is inaccurate or incomplete (e.g. if we have the wrong name or address for you).

    Before assessing your request, we may request additional information in order to identify you. If you do not provide the requested information and, as a result, we are not in a position to identify you, we may refuse to action your request.

    We may charge a fee that is not excessive in order to comply with a data access request.

  11. THIRD PARTY LINKS

    Our Online Platforms may include links to third-party websites, plug-ins, applications and platforms (collectively “Third-Party Platforms”).  Clicking on those links or enabling those connections may allow third parties to collect or share data about you.  We do not control these Third-Party Platforms and are not responsible for how they handle your Personal Data.  When you leave one of our Platforms, we encourage you to read the privacy notice of every Third-Party Platform you visit.

  12. HOW TO CONTACT US

    If you wish to request further information regarding this Policy or the way we use your Personal Data, or if you wish to exercise any of the above rights set out in Section J or to make a complaint, you can contact our data protection officer at: cvhkorder@coopervision.com

    We will endeavour to respond to your enquiry or complaint within a reasonable period.  If we fail to respond to a complaint within a reasonable time or if you are dissatisfied with our response, you may submit a complaint to your local data protection authority.