I. INTRODUCTION
A. Overview
Eversight cares about your privacy and we are committed to safeguarding your Personal Information. This Privacy Policy (the “Policy”) outlines how we may collect, use, share, transmit, maintain, and store (collectively, “process”) Personal Information, including through designated third-party service providers, and the choices that may be available to you regarding your Personal Information.
In addition to information stored electronically or kept in hardcopy, this Policy also applies to Apps and other online services that we offer which link to this Policy. Our websites may contain links to other websites and, if you follow a link to any of these websites, you should read their own privacy notices.
Please read the following carefully to understand our views and practices regarding your Personal Information and how we may treat it. For more information, answers to questions or if you are eligible to submit a subject access request, please reach out to us as provided in the “Contact Us” section below or visit our website (eversightvision.org).
B. Definitions
For the purposes of this Policy:
“Apps” shall mean Eversight-related websites and other online applications that run on smart phones, tablets, and other mobile devices.
“EEA” shall mean the European Economic Area.
“Eversight” shall mean Eversight, Inc., a Michigan corporation.
“GDPR” shall mean the European Union General Data Protection Regulation.
“Personal Information” shall mean information that relates to an identified or identifiable individual. Personal Information does not include data where the identity of the individual has been removed (anonymous data).
“You” and “your” shall mean any individual customer, business partner, or employee of Eversight and any other individual whose Personal Information we process
“We,” “us,” and “our” shall mean Eversight.
II. OUR GOALS
A. Collection, Processing, and Notice of Personal Information
We will only collect Personal Information appropriate for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason which is compatible with the original purpose. If requested, or where it is not clear from the Eversight product or service that you utilize or from your relationship with us, we may inform you about how we process your Personal Information and the rights and remedies you have under our Policy. Further, where permitted under applicable law you may object to certain types of processing. The Eversight business(es) with which you transact provide notifications regarding the collection and processing of personal data and such notices may be found on our website.
Please be aware that we may process your Personal Information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
B. Confidentiality and Data Security
We will maintain your Personal Information as confidential and limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know, except as otherwise permitted by applicable law. We have implemented industry standard security measures to secure your Personal Information from accidental loss and from unauthorized use, access, alteration, and disclosure and require that third parties who are authorized by us to process your Personal Information on our behalf implement industry standard data security measures.
C. Misappropriation of Personal Information
We have implemented procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so. For the purposes of any applicable law regarding notification of people whose Personal Information was, or is reasonably believed to have been, acquired by an unauthorized person, our policy provides that any required notification may, where permitted by law, be made by the use of email, telephone, fax, mail (including a notice printed in an available area of a bill or statement) or posting a notice on the website. The specific means are in our discretion, and we will use our judgment based on the circumstances. Where any notice is to be sent to a specific address or number (such as email address, physical address, telephone number, etc.), we will use the latest available address in our records.
D. Your Choices Regarding Our Use and/or Disclosure of Personal Information
We endeavor to provide you with choices regarding the Personal Information you provide to us, including the option of having your Personal Information removed from lists we use for marketing purposes, as may be required by applicable law.
E. Maintenance of and Access to Personal Information
You may also have the right to demand access to, review and change, and request deletion of the Personal Information that you have provided to us depending on your country or residence and/or citizenship, under applicable laws such as the GDPR. You will not have to pay a fee to access your Personal Information or to exercise any of your rights listed above. However, if your request is clearly unfounded, repetitive, or excessive, we reserve the right to charge a reasonable fee or refuse to comply. In addition, we may not always be able to accommodate your request to change or delete information if we believe doing so would cause the information to be incorrect, if we have a legitimate business purpose to retain that information, and/or if doing so might violate other legal obligations. More details on how to make a subject access request are contained below in our “You May Have Rights Under the GDPR” and “Contact Us” sections.
F. Information Transfers
We may transfer the Personal Information we collect about you to countries other than the country in which the information was originally collected, and we will take appropriate steps to protect that information. We will tell you if your Personal Information may be transferred outside of your country where it is not clear from the Eversight product or service or from your relationship with us. Any transfers will be conducted in accordance with applicable law.
If you are located in a country subject to the GDPR, we will comply with applicable legal requirements and have adequate measures in place to provide protection for the international transfer of Personal Information, including, without limitation, contractual obligations for recipients to handle and protect the Personal Information in accordance with standard contractual clauses developed by the European Commission.
G. Employee Training
We take our data privacy obligations very seriously. Our employees may only process your Personal Information in accordance with this Policy, and we conduct training and review compliance with respect to this Policy. Employees who violate this Policy may be subject to disciplinary action, up to and including termination.
III. INFORMATION WE DO COLLECT ABOUT YOU
A. Information You Provide to Us
We collect information about you, some of which is Personal Information, when you contact us (whether in person, through our website or by phone or email), subscribe to our newsletter, submit a request for tissue, or make a gift or donation. We also collect information about you using cookies, and if you interact with us via phone, social media, websites, or apps.
The types of information, including, without limitation, Personal Information, that you may give us vary depending on the nature of your use of our services. For example, you may be subscribing to our newsletter, requesting tissue for surgical or research purposes, seeking ophthalmic education and training, pursuing a business partnership, contributing financially, inquiring about our operations, following up on a loved one’s gift, or sharing your story. The information you may give us could include categories such as, but not limited to, your name, work or personal address, email address, phone number, date of birth, gender, financial and/or credit card information, passport or driver’s license information, Social Security Number, national ID number, personal description and/or photograph, as well as customer data, payment data, employee data and/or website user data.
B. Information From Cookies, Web Beacons, Log Files, and Website Usage
Our websites may use technologies including cookies, web beacons, and log files to distinguish you from other users of our websites, provide you with individualized content, and permit us to assess trends, traffic, and user behavior, analyze and secure the website, identify preferred content, and measure site engagement. We do this to improve the functionality and content of the websites, including keeping our websites and records safe and secure, and to facilitate usage by you.
i. Cookies
A cookie is a piece of data sent by a website to your browser, which can then be stored on your computer as a tag that identifies your computer. Cookies often used to measure website usage and effectiveness and to allow for ease of navigation or use and as such, are not associated with any Personal Information. However, cookies containing Personal Information are used at times to personalize a known visitor’s experience with profile information or user preferences. Most browsers can be set to notify you before you receive a cookie, giving you the chance to decide whether to accept it or not. You can also generally set your browser to turn off cookies. Since cookies allow you to take advantage of some of our websites’ features, we recommend that you leave them turned on. If you block or otherwise reject our cookies, you will not be able to use any website services that require you to sign in. Please see the Cookies Policy at eversightvision.org/cookies-policy for more information.
ii. Web Beacons
Some of our websites also use web beacons or other technologies to better tailor those websites to provide better customer service. When a visitor accesses these pages, a non-identifiable notice of that visit is generated which may be processed by us or by our suppliers. These web beacons usually work in conjunction with cookies. If you do not want your cookie information to be associated with your visits to these pages, you can set your browser to turn off cookies. If you turn off cookies, web beacon and other technologies will still detect visits to these pages; however, they will not be associated with information otherwise stored in cookies.
We may also include web beacons in marketing email messages or our newsletters to determine whether messages have been opened and links contained within clicked on.
iii. Passwords and Risk of Transmission
If you have been provided or chosen a password to access any parts of our websites, you are responsible for keeping this password confidential and we request that you do not share your password with anyone. The transmission of information, including, without limitation, Personal Information, via the internet is not completely secure. Although we endeavor to protect your personal data, we cannot guarantee the security of your data transmitted to/from our websites – any transmission is at your own risk.
C. Information We Receive From Other Sources
We may receive information, including, without limitation, Personal Information, about you if you use any of the other websites we operate or the other services we provide. We also work closely with third parties (including, business partners, analytics providers, advertising networks, sub-contractors, payment and delivery services, search information providers, and credit reference agencies) and may receive information, including, without limitation, Personal Information, about you from them.
D. Non-Personal Information
We may automatically collect non-Personal Information about you such as the type of internet browsers you use or the website from which you linked to our website. We may aggregate details which you have submitted to us. You cannot be identified from this information and it is only used to assist us in providing effective services, including in connection with this website.
IV. CHILD ONLINE PRIVACY PROTECTION ACT (COPPA) COMPLIANCE
We do not knowingly collect or maintain Personal Information relating to any person under the age of 18. If you are under the age of 18, please do not supply any Personal Information to Eversight. If you are under the age of 18 and have already provided Personal Information to us, please have your parent or guardian contact us immediately using the information contained in the “Contact Us” section below so that we can remove such information from our files.
V. HOW WE USE YOUR INFORMATION
We use your information, including, without limitation, Personal Information, to provide you with information, process financial contributions, fill tissue requests, share the impact of your work with us, and administer or otherwise carry out our obligations in relation to any agreement you have with us. We may also use this information, including, without limitation, Personal Information, to provide you with information about goods or services we think may interest you.
We retain your information, including, without limitation, Personal Information, for the period necessary to fulfil the purpose for which it was collected or as authorized by you or as otherwise required by law.
If at any time you wish us to stop using your Personal Information for any of the above purposes, contact us as provided in the “Contact Us” section below. We will stop the use of your Personal Information for such purposes as soon as it is reasonably possible to do so.
VI. HOW WE SHARE YOUR INFORMATION
A. To Third Parties
We may share your Personal Information with third parties in connection with the performance of any contract we enter into with them or you. We request those third parties implement adequate levels of protection to safeguard your Personal Information and that they will not use your Personal Information for any other purposes than what we have agreed to with them, and.
B. Outside the EEA
Because Eversight operates in the United States and other locations globally, data we collect from you may be transferred to, and stored at, a destination outside the EEA. While the Personal Information is under our control, we seek to ensure that your Personal Information receives the same level of protection as it would had it stayed within the EEA.
C. Business Transitions
If we go through a business transition (e.g., merger, acquisition, sale of assets), we may disclose your Personal Information to third parties.
D. Legal Duties to Disclose
We may have a duty to disclose or share your Personal Information for other reasons, such as to comply with a legal obligation, to enforce or apply our terms of use and other agreements, or to protect the rights, property, or safety of Eversight, our customers, or others. This could include, for example, sharing information with law enforcement or a regulator; or with companies and organizations for the purposes of fraud prevention and credit risk analysis.
VII. LINKS AND THIRD-PARTY APPLICATIONS
To allow you to interact with other websites on which you may have accounts (such as Facebook, TikTok, Instagram, and other social media sites) or join communities on third-party sites, we may provide links or embed third-party applications that permit you to login, post content or join communities from our websites.
We may also provide you with general links to non-Eversight websites. Your use of these links and applications is subject to the privacy policies of third parties,’ and you should review the third-party sites' privacy policies prior to using the links or applications. We are not responsible for the privacy practices or the content of those other websites.
VIII. YOU MAY HAVE RIGHTS UNDER THE GDPR
Under the GDPR, if you are a citizen or resident of an EEA country or Switzerland, you may have certain rights regarding your Personal Information:
- Right to access your Personal Information;
- Right to ensure your Personal Information accurate and complete and to request correction;
- Right to erase your Personal Information, or the right to be forgotten;
- Right to restriction of processing of your Personal Information;
- Right to data portability;
- Right to withdraw your consent if previously provided; and
- Right to complain to the Information Commissioner’s Office.
If you are eligible and would like to invoke one of the rights listed above, please contact us as part of a subject access request as provided in our “Contact Us” section below. We may not always be able to fulfill your request as there may be legitimate purposes, including, without limitation, certain legal or statutory obligations, that require us to retain your information as stored or if we believe the change would cause the information to be incorrect.
Withdrawing your consent to the processing of your data will not affect the lawfulness of any processing carried out before you withdraw your consent. If you choose to withdraw your consent, we may be unable to provide certain products or services to you and we will endeavor to advise you if this is the case at the time you withdraw your consent.
IX. POLICY UPDATES
We reserve the right to make changes to this Policy that will be posted online and, where appropriate, be sent to you by email. We encourage you to check back frequently to remain aware of any updates or changes to this Policy.
X. CONTACT US
We suggest you first visit our website, which contains additional information regarding our policies and procedures. If you have specific questions, and/or are eligible and wish to exercise certain rights as described herein, please email info@eversightvision.org or write to us at:
Eversight, Inc.
Attn: Marketing & Communications
3985 Research Park Drive
Ann Arbor, MI 48108
Phone: (800) 247-7250
When we receive a formal written complaint regarding the processing of personal data, we endeavor to resolve it directly with the complainant. However, as needed, we will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints that we cannot resolve with a complainant directly regarding our processing of personal data.