Under this Privacy Notice, we, Integrated Lens Technology, inform you what personal data of yours we collect, why we collect, use, disclose and process it, including on our website accessible at www.iltoptics.com (“Website”). Your personal data means any data, whether true or not, about an individual who can be identified: (a) from that data; or (b) from that data and other information to which the organisation has or is likely to have access.
Please take the time to read this Privacy Notice carefully, it is very important that you fully understand how we are processing your personal data and how we are protecting your privacy.
- WHAT Personal Data we collect
- The provision of your personal data is a requirement necessary to process your enquiries, access our digital services or process your orders.
- We will only be able to collect your personal data if you voluntarily submit the information to us. If you choose not to submit your personal data to us or subsequently withdraw your consent to our use of your personal information, we may not be able to provide you with our services. You may access, update your personal data submitted to us or withdraw your consent at any time by contacting us.
- We thank you for providing us with complete and accurate data, and please do inform us if your data needs to be updated. If you do not provide us with complete and accurate data, or if you do not inform us that your data needs to be updated, we may not be able to provide you with the services described in our Website.
- We may collect the following categories of your personal data:
- First name and last name
- Age – Date of birth
- Country of residence or nationality
- Payment information
- Contact information (e.g. address, email, contact number, address)
- Vision correction (especially when processing orders from eye care professionals)
- Products you use
- Personal interests and preferences
- Please be informed that we may obtain your personal data from third parties (including without limitation eye care professionals) who have been duly authorised to disclose your personal data to us.
- How we use personal data we collect
- We only use your personal data within the limits authorized by the laws and regulations. Sometimes, we use your personal data because the laws and regulations require us to do so. In any case, we do not make any automated decisions solely on automatic processing which may produce legal consequences concerning you, or which may significantly affect you.
- We may use your personal data for the following purposes (the “Purposes”):
- For web analytics and to improve our Website
- For contests, newsletters and other subscriptions, online applications
- For managing enquiries, whether or not they pertain to the supply of products by us;
- For contact purposes and in contact forms
- For the use of our digital services (e.g. online platform, authentication, subscribing to/unsubscribing from newsletters, for the use of applications)
- For processing, administering and/or managing your relationship with us (when we manufacture our products, the eye care professionals may need to provide us with your personal data); and
- For statistics analysis purposes, after anonymization of the data.
- How long we keep personal data we collect
- The retention periods for your personal data depend on the purpose for which we collect this data is processed for. Even if we are not able to outline the various retention periods in a reasonably intelligible format under this notice, we want you to know that we will retain your personal data only for as long as (i) necessary for the respective purpose, (ii) necessary to carry out each of the Purposes, (iii) you have consented to, and/or (iv) required by applicable laws.
- personal data we share
- Please be informed that we may share your personal data with:
- Others companies in our Group; and
- Companies, organizations, public authorities or individuals outside of our Group (such as hosting providers, IT providers, market and analyst service providers, credit agencies in order to run a credit check on orders, database management and maintenance services).
- Some of these recipients of the data may be located overseas. Where applicable data protection laws for such countries deems that the level of data protection in such countries is not comparable with the level of data protection in the European Union or Singapore, we will ensure that personal data be transferred outside of the county only in accordance with the requirements prescribed under the applicable data protection laws, to ensure that a standard of protection that is comparable to the protection under such laws is provided to the personal data so transferred.
- Please be informed that we may share your personal data with:
- How We Protect Personal Data
- We have measures in place to protect your personal data against unauthorized access, use, or
including without limitation:
- We implement and maintain sophisticated technical measures to ensure that your personal data is recorded and processed in complete confidentiality and security.
- We implement and maintain appropriate restrictions on access to your personal data, and monitoring of the access, use, and transfer of personal data.
- All of our employees who have access to your personal data are required to enter into non-disclosure or similar agreements, which impose obligations on them to comply with our data privacy and confidentiality requirements.
- We require any business partners and third party service providers with whom we may share your personal data to comply with any applicable data privacy and confidentiality requirements.
- We provide data privacy training on a regular basis to our employees and third parties who have access to personal data.
- Though we will take reasonable measures to protect the personal data, no method of transmission over the internet or method of electronic storage is completely secure.
- We have measures in place to protect your personal data against unauthorized access, use, or disclosure, including without limitation:
- WHAT RIGHTS YOU HAVE
- Under applicable data protection laws and regulations, you have a right:
- Of access to, rectification of, and/or erasure (where required by law) of your personal data;
- To restrict or object to its processing;
- To tell us that you do not wish to receive marketing information;
- In some circumstances, to require certain parts of your personal data to be transferred to you or a third party; and
- To the extent our processing of your personal data is based upon your consent, to withdraw your consent, without affecting the lawfulness of our processing based on your consent before its withdrawal.
We are committed to enable you exercising your rights: to do so, you can contact us.
Please provide us with the following information, so that we can take your request with all due
- Your full name (we may also request for a copy of your identity card if required to verify your identity),;
- Your specific request (description of the rights you wish to exercise); and
- The date of the application and your signature (if you sent your application by postal mail).
- If you do not get satisfaction by contacting us, you can also lodge a complaint about our processing of your Personal Data with a data protection authority.
- Under applicable data protection laws and regulations, you have a right:
- Data we collect when you visit our website
- When you access our Website, we automatically collect and store some of your data in our server logs and in cookies, which are small files we send to your computer when you visit our Website.
- This data does not allow us to identify you directly. However, we do record data related to your browsing on our Website, such as the pages that you accessed, the date and time you accessed these pages, your search queries, information on your device (hardware model, operating system version, unique device identifier, Internet protocol address, hardware settings, browser type and browser language), the date and time of your request and referral URL.
- The provision of your personal data is not required if you only want to visit our Website. This means that you may refuse to accept cookies by configuring your web browser accordingly (for more information, refer to the ‘help’ section of your web browser). However, refusing cookies is likely to disrupt your navigation on our Website, in particular by preventing you from accessing certain parts of it.
- Changes to this Privacy Notice
- We regularly review our Privacy Notice, in particular to make it compliant with new laws and regulations regarding data protection. The continued use of our Website and services constitutes acknowledgement and acceptance of such revised terms to this Privacy Notice from time to time.
- If you have any question regarding our use of your personal data, you can of course contact us as set out below:
- Our contact details are listed, here
- APPENDIX - PROCESSING OF DATA
In connection with the performance of our Contract with our customers such as opticians,
hospitals (“Customers” or “You”), we, Integrated Lens Technology
may have to process personal data including name, personal details and vision correction (as
case may be) (the “Entrusted Personal Data”) collected by our Customers from their
end-users or buyers (the “Data Subjects”) for the purpose of processing,
and/or managing our Customer’s relationship with us, including:
- carrying out our obligations arising from any Contracts entered into between us and our Customers, and providing the Customer with information, products and services that the Customer requested from us;
- performing credit checks when processing payments that use insecure payment methods;
- providing the other purchasers, end-consumers and/or users with our products;
- providing our Customers with information about other goods and services we offer that are similar to those that has already been purchased or enquired about by our Customers;
- notifying our Customers about changes to our products or service; and
- for statistics analysis purposes, after anonymization of the data.
- In this Appendix, the terms “process”, “processed” or “processing” shall have the meaning set out under applicable law.
When we act as a data processor under applicable law (for the purposes of this Appendix, a
“Processor”, which term shall be deemed to include “data intermediary” under the
- We only process the Entrusted Personal Data on the written instructions of the Customer, unless the Customer is required by applicable laws to otherwise process that Entrusted Personal Data;
- With regard to Data Subjects’ requests to exercise their rights, we will redirect any such request that we might receive to the Customer and not answer any such request by ourselves, except where otherwise instructed by the Customer in writing. We will comply with any of the Customer’s documented instructions regarding the implementation of a Data Subject’s request, e.g. instructions to correct or erase certain Entrusted Personal Data, to the extent we have the capacity and the rights necessary to perform the requested operations on the same.
- We will take and maintain all necessary technical, logical and organizational measures so as to ensure an adequate level of security of the processing with regard to (i) the then current state of the art, (ii) the specifications of the processing as described and/or in the Customer’s documented instructions and (iii) all security requirements provided by or resulting from applicable data protection laws, the doctrine and case law of Supervisory Authorities, as well as any laws, regulations or other domestic, EU or international rules providing for obligations or requirements having a direct or indirect impact on the security of processing of Entrusted Personal Data or to IT systems.
- We will take all measures to limit access to the Entrusted Personal Data to the sole persons among our employees and Processors who need to access it to perform their duties in the context of the processing of such Entrusted Personal Data;
- We will notify the Customer in writing of any data breach impacting or otherwise concerning the Entrusted Personal Data without delay, from the moment that we are aware of such data breach, and will provide the Customer with all the information necessary for the Customer to (i) comply with the Customer’s data breach notification obligations, and (ii) remedy the data breach or limit or neutralize the consequences of the data breach, without undue delay after we access or are provided with this information.
- We will, after termination of our Contract with the Customer, irreversibly delete all the Entrusted Personal Data still in our possession or under our control, or return all such Entrusted Personal Data to the Customer in an unaltered and reusable form, and shall instruct all our Processors to do the same.
- In the event that no documented instructions are provided by Customer for the purpose of the preceding paragraph, we will proceed with the deletion of the Entrusted Personal Data.
- We will however keep and use the Entrusted Data for statistics purposes, after anonymization.
- Please be informed that the Entrusted Personal Data processed in accordance with our Contract may be disclosed and/or transferred by us to our head office, affiliates and/or third party service providers or agents which may be situated outside of the country.
- Some of these recipients of the data may be located overseas. Where applicable data protection laws for such countries deems that the level of data protection in such countries is not comparable with the level of data protection in Singapore or the European Union, we will ensure that personal data be transferred outside of the county only in accordance with the requirements prescribed under the applicable data protection laws, to ensure that a standard of protection that is comparable to the protection under such laws is provided to the personal data so transferred.
- You shall ensure that complete and accurate personal information is provided to us, and keep us updated on any changes to the Entrusted Personal Data. In the event you do not provide complete and accurate personal information to us as and when it is required, we may be unable to provide our Products to you and to the purchasers, the end-consumers and/or users of the Products and it may have serious consequences for you.
- You will ensure that you have all necessary and appropriate consents and notices in place to enable lawful collection, use, disclosure, processing and transfer of the Entrusted Personal Data for the duration of the Contract and the Purposes, in accordance with all applicable data protection and privacy laws and regulations.
- By providing us with Entrusted Personal Data, you undertake to obtain prior written consent from the relevant Data Subjects for the processing of their Entrusted Personal Data by the Supplier or its representatives for the Purposes.
- In connection with the performance of our Contract with our customers such as opticians, optometrists, hospitals (“Customers” or “You”), we, Integrated Lens Technology may have to process personal data including name, personal details and vision correction (as the case may be) (the “Entrusted Personal Data”) collected by our Customers from their end-users or buyers (the “Data Subjects”) for the purpose of processing, administering and/or managing our Customer’s relationship with us, including: