Last modified: September 1, 2020
1. Our approach to privacy
Otto operates a cloud-based eyewear patient relationship and practice management solution available via our website (our “Websites”) including at ottooptics.io as well as other products and services that we make available (the “Otto Service”).
Note that this policy does not apply to the collection, use, retention, disposal, destruction, and protection of Information by optical health care providers using Otto’s proprietary software. Healthcare providers are subject to privacy legislation and professional requirements that govern their management of Information, including Information they collect, use and retain in the course of providing services through the Otto Service.
Privacy laws in Canada generally define “personal information” as any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. Personal information does not include business contact information, including your name, title, or business contact information.
This policy applies to information we collect, use, or disclose about you:
- On this Service.
- In email, text, and other electronic messages between you and this Service.
- Through mobile and desktop applications you download from this Service, which provide dedicated non-browser-based interaction between you and this Service.
- When you interact with our advertising and applications on third-party platforms and services if those applications or advertising include links to this policy.
- Any other proprietary software as a service delivered by Otto.
This policy DOES NOT apply to information that:
- We collect offline or through any other means, including on any other Company or third-party Service including our affiliates and subsidiaries.
- You provide to or is collected by any third party including our affiliates and subsidiaries, through any application or content (including advertising) that may link to or be accessible from or on the Service.
3. Personal Information we collect about you
If you choose not to provide personal information, we may not be able to provide the Otto Service to you or respond to your other requests.
We collect and use several types of information from and about you, including:
- Personal Health Information, that we can reasonably use to directly or indirectly provide you with optical healthcare services such as eyewear delivery. Information such as your optical prescription, optical medical history, health card number, insurance information and other data that is provided by healthcare professionals to identify you may be provided to us in an effort to provide appropriate care.
- Personal information, that we can reasonably use to directly or indirectly identify you, such as your name, mailing address, e-mail address, telephone number, Internet protocol (IP) address used to connect your computer to the Internet, user name or other similar identifier, billing and account information, social insurance number, and any other identifier we may use to contact you (“personal information“).
We provide an opportunity for any user to unsubscribe from our contact delivery service OR refill scheduling or opt-out of contact for marketing purposes on an ongoing basis by accessing our Service Account module, using the unsubscribe mechanism at the bottom of our e-mails, or e-mailing to email@example.com.
- Non-personal information, that does not directly or indirectly reveal your identity or directly relate to an identifiable individual, such as demographic information, or statistical or aggregated information. Statistical or aggregated data does not directly identify a specific person, but we may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the percentage of users accessing a specific Service feature.
- Technical information, including your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and Service, or information about your internet connection, the equipment you use to access our Service, and usage details.
- Non-personal details about your Service interactions, including the full Uniform Resource Locators (URLs), clickstream to, through and from our Service (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, or any phone number used to call our customer service number.
- Public Contribution, you may also provide information to be published or displayed (hereinafter, “posted“) on public areas of the Service or transmitted to other users of the Service or third parties (collectively, “User Contributions“. Your User Contributions are posted on and transmitted to others at your own risk.
Information we receive from other sources. We may receive personal information about you from individuals or corporate entities which are users to the Otto Services, where you are to be designated a patient of the Otto Service. We may receive personal information about you if you use any of the other websites we operate or the other services we provide from time to time. We also work closely with third parties (including, for example, subcontractors in technical, payment and delivery services, advertising networks, analytics providers, search information providers, credit reference agencies) and may receive information about you from them, subject to your agreements with them.
We will only use your personal information in accordance with this policy unless otherwise required by applicable law. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and used for limited purposes.
4. How we use your personal information
We use information that we collect about you or that you provide to us, including any personal information:
- To present our Service and its contents to you.
- To provide you with information, products, or services that you request from us.
- To fulfill the purposes for which you provided the information or that were described when it was collected, or any other purpose for which you provide it.
- To provide you with notices about your account/subscription, including expiration and renewal notices.
- To carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection or to comply with legal requirements.
- To notify you about changes to our Service or any products or services we offer or provide though it.
- To improve our Service, products or services, marketing, or customer relationships and experiences.
- To allow you to participate in interactive features, social media, or similar features on our Service.
- To measure or understand the effectiveness of the advertising we serve to you and others, and to deliver relevant advertising to you.
- In any other way we may describe when you provide the information.
- For any other purpose with your consent.
We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you, as permitted by law. If you do not want us to use your information in this way, please check the relevant box located on the form on which we collect your data (the order form/registration form), adjust your user preferences in your account profile, use the unsubscribe mechanism at the bottom of our e-mails and/or e-mail us at firstname.lastname@example.org. For more information, see “Choices about how we use and disclose your information.”
We may use the information we have collected from you to enable us to display advertisements to our advertisers’ target audiences. Even though we do not disclose your personal information for these purposes without your consent, if you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.
Provision of the Otto Service for Users
- We collect and use your Information to register you, create your User Account, authenticate you when you log in and personalize your experience while using the Otto Service.
- To manage all appointments, track shipments, inventory, accounting, interfacing with laboratory machines.
- We may confirm your eligibility to use the Otto Service for Healthcare Services and/or Consumer Services by asking you to confirm your place of residence, authority to practice and date of birth that you provide when registering.
- We use Information that you enter, or upload, or consent to our disclosure by a third party to make it available to you when you access your User Account.
- We may use Information for loss prevention and anti-fraud purposes, and to comply with regulatory and legal requirements.
- We may use Information to help us create, develop, operate, deliver, support and improve the Otto Service, its content and advertising provided to you through it (Otto’s and third parties’) unless you have decided not to receive such advertising.
- We may collect location data through the use of GPS technology and your IP address where applicable to services you have requested, e.g., ensuring you are connected to an optical healthcare provider that is licensed or authorized to provide such services in the jurisdiction where you are located. We also use your IP address for security purposes, e.g., presenting you with information about your account activity in your account settings.
Provision of the Otto Service for Patients
- We use your optical prescription information to order and distribute eyewear directly to you on behalf of your primary optical health provider.
- We may collect your provincial health card number in order to bill provincial health plans for those services that are eligible for coverage by provincial health plans.
- We use your personal information to provide you with a complete and protected electronic health record.
- We use information that you enter to provide you with services that you request us to perform on your behalf, e.g., securely faxing your prescription to your chosen optometry.
- We use your Information to text or email you to notify you about services that you request. For example, we notify you about the status of your prescription order and other requests such as prescription expiry.
- You may choose to enter or upload and store your Information in the Otto Service such as your medical records, and the name and contact information for your emergency contact.
- When using our services, you may also choose to enter or upload and store Information about individuals for whom you have legal authority to make decisions regarding their healthcare and for whom you have created a profile by providing their first and last name, gender and date of birth (each a “Registered Dependent”). We use their date of birth where applicable and your assertion of their relationship with you to confirm your eligibility to obtain Healthcare Services for them, and their eligibility to receive Healthcare Services.
5. Cookies and similar technologies
Information we collect through cookies and other automatic data collection technologies
- • Details of your visits to our Service, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Service.
- • Information about your computer and internet connection, including your IP address, operating system, and browser type.
We may also use these technologies to collect information about your online activities over time and across third-party Services or other online services (behavioral tracking). To learn more or to opt-out of tailored advertising please visit Digital Advertising Alliance of Canada Opt-Out Tool for information on how you can opt out of behavioral tracking on this Service and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.
The information we collect automatically is statistical information and may include personal information and we may maintain it or associate it with personal information we collect in other ways, that you provide to us, or receive from third parties. It helps us to improve our Service and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Service according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Service.
The technologies we use for this automatic data collection may include:
- Flash Cookies. Certain features of our Service may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Service. Flash cookies are not managed by the same browser settings that are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
- Web Beacons. Pages of our Service [and our e-mails] may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or [opened an email] and for other related Service statistics (for example, recording the popularity of certain Service content and verifying system and server integrity).
You can opt-out of several third party ad servers’ and networks’ cookies simultaneously by using an opt-out tool created by the Digital Advertising Alliance of Canada and/or an opt-out tool created by the Network Advertising Initiative. You can also access these websites to learn more about online behavioural advertising and how to stop websites from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.
We do not control these third parties’ tracking technologies or how they are used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For more information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
6. Disclosure of your personal information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
- To our subsidiaries and affiliates.
- In accordance with applicable law, to a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Otto Optical System’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Otto about our customers and users is among the assets transferred.
- To advertisers and advertising networks that require the information to select and serve relevant advertisements to you and others. We do not disclose data about identifiable individuals to our advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 400 women between 30 and 45 have clicked on their advertisement on a specific day). We may also use such aggregate information to help advertisers target a specific audience (for example, men in a specific location). We may make use of the personal information we have collected from you to enable us to display our advertisers’ advertisement to that target audience.
- To third parties to market their products or services to you if you have consented to/not opted out of these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them. For more information, see “choices about how we use and disclose your information”.
- To contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Service improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.
- To fulfill the purpose for which you provide it. For example, if you give us an email address to use the “email a friend” feature of our Service, we will transmit the contents of that email and your email address to the recipients.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request, in accordance with applicable law.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Otto Optical Systems, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
7. Transferring your personal information
We may transfer personal information that we collect or that you provide as described in this policy to contractors, service providers, and other third parties we use to support our business (such as analytics and search engine providers that assist us with Service improvement and optimization) and who are contractually obligated to keep personal information confidential, use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.
We may process, store, and transfer your personal information in and to a foreign country, with different privacy laws that may or may not be as comprehensive as Canadian law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information through the laws of the foreign country. Whenever we engage a service provider, we require that its privacy and security standards adhere to this policy and applicable Canadian privacy legislation.
You are welcome to contact us to obtain further information about Company policies regarding service providers outside of Canada. By submitting your personal information or engaging with the Service, you consent to this transfer, storage, or processing.
8. Choices about how we use and disclose your personal information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Third-Party Advertising. If you do not want us to share your personal information with unaffiliated or non-agent third parties for promotional purposes, you can opt-out by checking the relevant box located on the form where we collect your data (the order form/registration form). You can also opt-out by logging into the Service and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request to email@example.com.
- Promotional Offers from the Company. If you have opted in to receive certain emails from us but no longer wish to have your email address/contact information used by the Company to promote our own or third parties’ products or services, you can opt-out by checking the relevant box located on the form on which we collect your data (the order form/registration form) or at any other time by logging into the Service and adjusting your user preferences in your account profile by checking or unchecking the relevant boxes or by sending us an email stating your request to firstname.lastname@example.org. If we have sent you a promotional email, you may unsubscribe by clicking the unsubscribe link we have included in the email. This opt-out does not apply to information provided to the Company as part of a product purchase, warranty registration, product service experience, or other transactions.
- Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt out by [OPT-OUT METHOD]. For this opt-out mechanism to function, you must have your browser set to accept browser cookies.
We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of several third party ad servers’ and networks’ cookies simultaneously by using [an opt-out tool created by the Digital Advertising Alliance of Canada and/or an opt-out tool created by the Network Advertising Initiative. You can also access these Services to learn more about online behavioural advertising and how to stop Services from placing cookies on your device. Opting out of a network does not mean you will no longer receive online advertising. It does mean that the network from which you opted out will no longer deliver ads tailored to your web preferences and usage patterns.
9. Data security
The security of your personal information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We store all information you provide to us behind firewalls on our secure servers. Any payment transactions and personal information will be encrypted using SSL technology.
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Service, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Service like client feedback and review spaces, which any Service visitor can view.
Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Service. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Service.
10. Data retention
Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.
11. Children under the age of 13
Our Service is not intended for children under 13 years of age. No one under age 13 may provide any information to or on the Service. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Service or on or through any of its features/register on the Service, make any purchases through the Service, use any of the interactive or public comment features of this Service, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at email@example.com.
12. Accessing and correcting your personal information
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to and to correct the personal information that we hold about you.
You can review and change your personal information by logging into the Service and visiting your account profile page.
If you want to review, verify, correct, or withdraw consent to the use of your personal information you may also send us an email at firstname.lastname@example.org. to request access to, correct, or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. We may charge you a fee to access your personal information, however, we will notify you of any fee in advance.
We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.
We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:
- Information protected by solicitor-client privilege.
- Information that is part of a formal dispute resolution process.
- Information that is about another individual that would reveal their personal information or confidential commercial information.
- Information that is prohibitively expensive to provide.
13. Withdrawing your consent
Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances.
To withdraw your consent, if applicable, contact us at email@example.com. Please note that if you withdraw your consent we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you with your decision.
15. Contact information and challenging compliance
Chief Privacy Officer
Mr. Alexander McIntosh, Chief Executive Officer
[and/or via our toll-free number: 888-330-6886]
We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information, our compliance with this policy, and with applicable privacy laws. To discuss our compliance with this policy please contact our Chief Privacy Officer using the contact information listed above.