This privacy statement is in addition to and supplemental to our Privacy statement a copy of which can be accessed at https://www.menicon.com/corporate/privacy/. It is important that you read this privacy notice together with our Privacy statement and any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your personal data.
This privacy notice provides you with information about how we look after your personal data collected through our Bloom Connect Web Application (“the Software”), and tells you about your privacy rights and how the law protects you.
For the purpose of data protection laws in the UK, Menicon Limited (“Menicon” or “we” “our” “us” as appropriate) is the data controller and is therefore responsible for your personal data.
Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you which are further detailed below.
Your personal data will be transferred to us by the Software when your Eye Care Professional places an order or performs a regular check on your eyes and sends the results to us as part of your treatment (this requires an active transfer by the Eye Care Professional, the results are not automatically sent to us).
The types of personal data that we receive and process are set out below:
We require your lens specification so that we can execute any order placed with us (whether that is for lens’ or any other treatment, product or service) and therefore for the performance of our contract with you. It is also in our legitimate interest to process this information so that we can ensure you receive the most appropriate products and services to meet your particular needs and so we can monitor the effectiveness of our products and services and develop and improve business. Your lens specification constitutes health data for the purposes of the data protection laws and is therefore subject to additional protections. We will only process your health data where you have given your explicit consent for us to do so as further detailed below.
For some of our products it is necessary to know your name, address, domicile, date of birth, e-mail address or your refractive data. This is so that we can perform our contracts with you and/or because it is in the legitimate interests of our business to do so which include providing the best and most advanced products and services as well as ensuring the efficient administration and growth of our business. The personal data which we process about you will generally be provided to us by your Eye Care Professional or in some cases you or your parent or guardian may provide us with personal data directly.
Personal data does not include data where your identity has been removed or where it is not associated with or linked to your personal data (anonymous data).
As stated above, the personal data collected by us includes information relating to your health, this constitutes special category data under the data protections laws. This information will only be processed by us with your explicit consent. Your consent will be required for the forwarding of your personal data by your Eye Care Professional to Menicon and to the processing of your personal data by Menicon for the purpose of performing our contract with you and providing the requested products to you in compliance with this Privacy policy. Where we would like to use your personal data for any other purpose we will always seek your explicit consent in advance and will not process your personal data for any purpose which you have not consented to.
You can withdraw your consent to our processing your personal data (whether generally or for a specific purpose) at any time by notifying your Eye Care Professional (who will notify us) or by notifying Menicon directly by contacting us at bloom_support@menicon.co.uk. Where you withdraw your consent to us processing your data we will anonymise your order by deleting your name, address, domicile and date of birth so that the information we hold no longer identifies you.
Withdrawal of your explicit consent does not alter the legitimacy of the processing of your personal data before the date of withdrawal.
[As stated above generally your personal data will be processed for the purpose of providing you with th products, including lens’ which you have order from us (either directly or through your Eye Care Professional) including the review, manufacture and supply of your orders of Menicon Bloom products. However, where you have provided your consent for us to do so,] we may process your personal data for the purposes of:
We may create anonymised information without restriction to use for aggregate statistics relating to the use of Menicon Bloom.
Please note where we seek your consent to the above we will do so granularly so that you can consent to some, all or none of the above processing activities.
Your personal data may also be used for the purpose of ensuring our compliance with legal obligations imposed on us such as those relating to retention of data and traceability where this is in accordance with the data protection laws.
We will only use your personal data for the purposes for which we collect it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us. If we need to use your personal data for an unrelated purpose, we will notify you, we will explain the legal basis which allows us to do so and where necessary or appropriate will seek your explicit consent to the additional processing.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above, where this is required or permitted by law.
Your personal data will not be used for the purposes of automated decision making.
We will keep your personal data no longer than is necessary. Generally we retain your personal data for four years after supplying your order after which time we will anonymise your order by deleting your name, address, domicile, date of birth, e-mail address so that this no longer identifies you.
For specific products it may be necessary to keep your personal data longer, for example as long as you use the products. In this case the data may include refractive data which is sent to us after checks performed by your Eye Care Professional. This data will be anonymized four years after termination of your treatment.
You have the right of access to your personal data and the right to seek the correction, erasure or restriction of the same. You also have a right to ask us to transfer your data to a third party (data portability). As well as the right to object to our processing of your data. Should you wish to exercise any of your rights you can submit your request at bloom_support@menicon.co.uk. We will send our response as quickly as possible and at the latest within four weeks. Further details of your rights and how to access them can be found in our Privacy statement a copy of which is at (www… URL of sub’s privacy page).
You also have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
We take protection of your personal data seriously and therefore we apply adequate measures to prevent misuse, loss, unauthorized access, unwanted disclosure and unauthorized amendment of your data.
Your personal data will only be disclosed to those of our employees or workers that have a need for such access for the purpose for which it was collected. The access to the software with which we process your personal data is digitally and physically restricted to users with authentication and authorization. The Software is provided with encryption methods to ensure the security of your data.
Your personal data will not be disclosed to any other individuals or other entities except in the following circumstances, where you have explicitly consented to us doing so:
We require all third parties who we share your personal data with to respect the security of your personal data, to treat it in accordance with the law and to only use it in accordance with the consent which you have given.
We do not allow our third party service providers such as BPM to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and your consent.
Generally your personal data collected through the Software will be processed and stored within the United Kingdom and/or the European Economic Area (EEA). The UK government has confirmed that transfers of data from the UK to the EEA are permitted. We may on occasion be required to transfer your personal data outside the UK and/or EEA as some of our external third parties, such as BPM, Menicon Co., Ltd and its affiliate companies are based and/or operate outside the United Kingdom and EEA.
Whenever we transfer your personal data out of the United Kingdom, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access. We urge you to take every precaution to protect your personal data when you are on the internet.
For the details of our privacy policy, please visit our website https://www.menicon.com/corporate/privacy/.
If you think it is necessary, you could submit a complaint with the United Kingdom’s Authority for personal data, the Information Commissioner’s Office (ICO) (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Lucy Stratton
+44 (0)1604 646216