Privacy Policy
June 1, 2022
Introduction
This privacy policy (“Privacy Policy”) describes the collection of personal information by Ocuvault, Inc. (“Company,” “we,” “us”, or “our”) from users (“you”, “your”) when using the services available on this and other websites we operate, and when using our mobile and desktop applications (collectively, the “Service” and “Services”). This Privacy Policy also describes our use and disclosure of such information. This Privacy Policy is incorporated by reference into our Terms of Use at: https://ocuvault.com/terms-of-use/.
For the purposes of EU data protection laws ("Data Protection Legislation"), Ocuvault is a data controller (i.e., the company that is responsible for, and controls the processing of, your personal information).
What is the purpose of this Privacy Policy?
This Privacy Policy discloses our personal information gathering and dissemination practices with respect to the Services. Please read this Privacy Policy carefully to understand our views and practices regarding your personal information and how we will treat it. By visiting and/or using the Services, you are accepting the practices described in this Privacy Policy. If you do not agree to this Privacy Policy, please do not use the Services.
Contacting us
If you have any questions or comments about this Privacy Policy, you may contact us by email at privacy@ocuvault.com or by mail at:
ocuvault.com L.L.C
21691 Gullane Dr
Woodbridge VA 22191
U.S.A.
What information do we collect?
This section describes the types of personal information we may collect about you. We use the personal information we collect to carry out our obligations arising from any contracts entered into between you and us and to provide you with the Services that you request from us.
Information you provide us directly
Contact and account information. We may collect personal information, such as your name, phone number, address, industry type, company, and e-mail address when you register for our Services, purchase products, sign up for our mailing lists, or otherwise communicate with us.
Payment and transaction information. Information such as the model of camera purchased, subscription plans purchased, date and time of your transaction, and payment information, such as your credit card or bank account details.
Online Inquiries and Correspondence. You may submit an inquiry via the Service, or via email or written mail. For example, when requested Customer Support services, when requesting additional information about our products and the Service, and any other general correspondence. We may ask for your first and last name, physical address, email address, phone number, company name, industry type, details about your current product usage, and certain other information from time to time. You should ensure that you do not include any personal information beyond what we have requested in any online inquiries or correspondence.
Images stored and processed. When you capture images using a Ocuvault camera or other devices, or if you provide images from any other source and upload them to the Ocuvault Cloud (as described in the Ocuvault Cloud Subscription Agreement), we may collect personal information which is depicted within the imagery you submit.
Automatically collected information
URL, IP addresses, Device Information and Frequency of Use. Like many other online service providers, we collect and analyze information about our users’ utilization and navigation of our Services. This information helps us to design our Services to better suit our users’ needs, and we also use this information to share aggregated, anonymous information on the effectiveness of our Services with content owners and creators. This information is collected automatically and may include the URL you came from prior to using the Services, the Internet Protocol address (IP address) of your computer or mobile device, the type, and version of the internet browser you are using, the make, OS model and unique identifier of your computer or mobile device, and your usage patterns associated with the Services.
Location data. When you use a Ocuvault camera in conjunction with our mobile applications your current location may be captured and processed from location information provided from the camera or mobile devices built-in GPS sensors, and from information derived from cell tower triangulation. Additionally, we may use your IP address information to determine your approximate location. The mobile device OS will always prompt you for permission to use location data and we do not bypass this OS provided permission functionality in our mobile applications.
Information from other sources
We may receive information about you, including personal information, from third parties, and may combine this information with other personal information we maintain about you. If we do so, this Privacy Policy governs any combined information that we maintain in a personally-identifiable format.
Cookies and similar technologies
Cookies are small files that are stored on your computer or mobile devices by saving your information such as user ID and other preferences. Cookies are either deleted from your computer or mobile device at the end of every session or are maintained for a longer period of time. As a result, we use cookies to distinguish you from other users of our Service and this helps us to provide you with a personalized experience when you use the Services, and also allows us to better understand how you use the Services. For example, we use cookies to keep you logged in to Ocuvault Cloud and to protect your account. We also use cookies for analytical purposes to better understand how you use the Services and to deliver the best user experience.
Also, please be aware that third parties’ sites (“Third-Party Sites”) that may be linked to from the Service, may set cookies or use other means of passively collecting information about your use of their services, Third-Party Sites or content. We do not have access to, or control over, these third-party means of passive data collection. For more information, please refer to our cookie policy at https://ocuvault.com/legal/cookie-policy/.
Collection and processing of sensitive information
The Service does not collect or process ‘sensitive information’, defined as data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation. As such, you should not provide any such information as part of your user profile, as part of any correspondence, when you upload images, or by any other means with your use of the Service.
How do we use personal information?
Contact and account information. We use your contact and account information to enable us to provide a secure and personalized Service. We also use your personal information to improve our services, to provide you with information about other goods and services we offer that are similar to those that you have already purchased or enquired about, or to notify you about changes to our Services.
Payment and transaction information. We use this information to facilitate transactions, detect and prevent fraud and keep a record of your purchases so we can provide you Customer Support and warranty services, and for financial purposes as required by law. We do not process your credit card information directly, but rather this information is processed by one or more 3rd-party payment processors.
Online Inquiries and Correspondence. We use the personal information you provide so we may communicate with you regarding your inquiry and to satisfy other requests. If you provide your phone number, we may use that information to make direct dial calls, autodialed and prerecorded message calls, and to send text messages, from Ocuvault relating to our products and services. If you correspond with us via email or by written mail, we may store the information you submit in a manner specific to you, for example in an electronic file indicating you are the sender.
Images stored and processed. We use the images you upload to Ocuvault Cloud to provide the Services you have subscribed to. Additionally, we use this information in an aggregated form for analytics and machine learning, but the results of these activities do not contain or disclose any personal information that is identifiable to you. If you captured personal information in images that you have uploaded to Ocuvault Cloud this information may be publicly displayed if you choose to display the underlying imagery publicly through the Service. If you do not wish to publicly display personal information depicted in the images you submit, you should either refrain from capturing such personal information in your images or designate the resulting 3D models as “private” in your Ocuvault Cloud account. For additional information on designating your imagery as “public” or “private”, restricting third parties from editing or re-sharing your imagery, and the consequences of archiving your imagery, deleting your imagery and/or terminating your account, please also see the Ocuvault Cloud Subscription Agreement. You are responsible for any personal information depicted in the imagery, and you should refrain from capturing any personal information if you object to the processing as described in this Privacy Policy.
URL, IP addresses, Device Information and Frequency of Use. We use this personal information to better understand how frequently you use the Services, the time you spend actively using the Services, and the pattern of actions you take in using the Services, We also track the URL that you visited before you came to our Services, the URL to which you next go to, information about the browser through which you are accessing the Services, and your Internet Protocol (IP) address. We use this information to administer and improve our Services, help diagnose problems with our Services, and to better understand your use of the Services. Your IP address may also be used to help identify you and to gather broad location and demographic information.
Location data. We use location data to autofill the address of a location being scanned when using the Service. We also use location data to assist the processing of image data and to better understand how multiple scan locations are related to each other. We also use location data to provide aggregated analytics to better understand how and where the Service is being used, to provide a customized and localized experience when using the Service, and to prevent access to the Services where required by law.
Legal basis for processing in the EU
If you are a resident in the EU, we need to tell you the legal basis on which we collect and use your personal information. In the EU, the purposes for which we process your personal data are:
Where we need to perform the contract we are about to enter into or have entered into with you for the Service;
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests; and
Where we need to comply with a legal or regulatory obligation in the EU.
The legal basis depends on the category of personal data being process, and the purpose for that processing the following table indicates each category of personal data we process, and the legal bases we rely on to do so. Where legitimate interest has been used as the legal basis for processing, the specific legitimate interest we use has been described. Please contact us if you need details about the specific legal basis we are relying on to process your personal data where one or more legal bases has been indicated.
Category of Personal DataLegal Basis for ProcessingContact and account informationThe performance of a contract and to take steps prior to entering into a contract; Our legitimate interests, namely, administering the Service, for marketing purposes and communicating with users.Payment and transaction information.Performance of a contract; Our legitimate interests, namely providing Customer Support and the detection and prevention of fraud.Online Inquiries and CorrespondenceLegitimate interest, namely for marketing purposes and to respond to inquiriesImages stored and processedPerformance of a contract;URL, IP addresses, Device Information and Frequency of UseOur legitimate interests, namely providing, administering and improving the ServiceLocation dataOur legitimate interests, namely providing, administering and improving the Service
When do we share your personal information?
We will not share, rent, sell or otherwise disclose any of the personal information that we collect about you, except when we have your permission or in any of the following situations:
We disclose information that we collect about you to our third-party contractors, service providers, and processors who perform services for Ocuvault in connection with the Services and/or our business or to complete or confirm a transaction that you conduct with us. Unless you request otherwise, we require these contractors to use or disclose this information only as necessary to perform services on our behalf in a manner consistent with this Privacy Policy, or as otherwise required by law.
We may disclose the results of aggregated data about you for marketing or promotional purposes, as further described below. We may disclose, to the owners of certain content available through the Services, or their representatives, the following types of aggregated data about usage of such content: the number of views and the number of users who view the content, statistical information about users who view the content by geography, the referring URLs of users who view the content, the number of users who interacted with the content in specific ways, and other similar aggregated information relating to usage of the content. We may also disclose to third parties certain algorithms developed from analytics and machine learning conducted on user information collected in aggregated form, but these algorithms do not contain or disclose any personal information that is identifiable to you.
We may disclose your personal information to partners and resellers in order to facilitate sales in situations where Ocuvault does not directly sell our products and Services due to location, industry type or any other reason as determined solely by Ocuvault.
We may disclose information about you as part of a bankruptcy, corporate reorganization, merger, acquisition or other sale or transfer of Ocuvault’s assets or business.
We may be legally obligated to disclose information about you to the government or to third parties under certain circumstances, such as in connection with illegal activity related to our Services or to respond to a subpoena, court order or other legal process, including to meet national security requirements. We reserve the right to release information that we collect to law enforcement or other government officials, as we, in our sole and absolute discretion, deem necessary or appropriate.
Direct marketing
From time to time, we may contact you with information about our products and services. Most marketing messages we send will be by email. For some marketing messages, we may use personal information we collect about you to help us determine the most relevant marketing information to share with you. In most cases our processing of your personal data for marketing purposes is based on our legitimate interest to provide you information about our current and future products, services and events.
If you do not want to receive marketing messages from us, you will be able to tell us by selecting certain boxes on forms we use when we first collect your contact details. If you receive marketing email from us, you may unsubscribe at any time by following the instructions contained within the email. You may also opt-out from receiving marketing email from us, and any other promotional communications that we may send to you from time to time (e.g., by postal mail) by sending your request to us by email at privacy@ocuvault.com or by writing to us at the address given in the ‘Contacting us’ section of this Privacy Policy. Additionally, we allow you to view and modify settings relating to the nature and frequency of marketing communications that you receive from us as part of your user settings by logging into your account and changing your preferences.
Please be aware that if you opt-out of receiving marketing email from us, it may take up to ten business days for us to process your opt-out request, and you may receive marketing email from us during that period. Additionally, even after you opt-out from receiving marketing messages from us, you will continue to receive administrative and transactional messages from us regarding your use of the Service.
Where do we process your personal information?
International Transfers of your personal information. As we are primarily located in the USA, any information you provide will initially be collected processed and stored in the USA. If you are in the EU or EEA, this may mean that your personal information will be stored in a jurisdiction that offers a level of protection that may, in certain instances, be less protective of your personal information than the jurisdiction you are typically resident in.
Privacy Shield. We comply with the EU-U.S. Privacy Shield and Swiss-U.S. privacy framework as set forth by the U.S. Department of Commerce regarding the collection, use and retention of personal information received from European Union countries and Switzerland (the "Privacy Shield"). We have certified that we adhere to the Privacy Principles of notice, choice and accountability for onward transfer, security, data integrity, purpose limitation, access, and recourse, enforcement and liability ("Principles"). If there is any conflict between the policies in this Privacy Policy and the Privacy Shield Principles, the Principles shall govern. In cases of onward transfers of data received pursuant to the EU-U.S. and Swiss-U.S. Privacy Shield, we are potentially liable. To learn more about Privacy Shield, please visit the U.S. Department of Commerce Privacy Shield website: https://www.privacyshield.gov/. For more information regarding our Privacy Shield certification, please see: https://www.privacyshield.gov/list.
If you wish to enquire further about the safeguards we use, please contact us using the details in the ‘Contacting us’ section of this Privacy Policy.
We will take reasonable steps to ensure that your personal information is treated securely and in accordance with applicable law and this Privacy Policy.
Jurisdiction and Enforcement
As part of our participation in the Privacy Shield, we are subject to the investigatory and enforcement powers of the US Federal Trade Commission ("FTC").
For European Union residents, you also have the right to lodge a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
In compliance with the EU-US and Swiss-US Privacy Shield Principles, we commit to resolve complaints about your privacy and our collection or use of your personal information. European Union or Swiss individuals with inquiries or complaints regarding this Privacy Policy should first contact us using the contact information listed below.
We have further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your complaint. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit JAMS at https://www.jamsadr.com/eu-us-privacy-shield for more information and to file a complaint.
How do we use online analytics services and tailored online marketing?
In our Services, we use Google Analytics and other third-party web analytics services. These third-party services use the kinds of technology described in the preceding sections to help us analyze how users use the Services, including by noting the URL that users visited before they came to our Services. These service providers will receive or directly collect the information collected by the technology, which they will use to evaluate your use of the Services. As described in the following paragraphs, we also use Google Analytics with the Services for certain purposes related to online marketing. You may wish to install the Google Analytics Opt-Out Browser Add-on, available at: https://tools.google.com/dlpage/gaoptout, to prevent Google Analytics from using your information for analytics.
We also allow other third parties, such as Google Analytics, Facebook and other ad networks and ad servers, to access their own cookies or other tracking technologies on your computer, mobile phone, or other device you use the Services. These tracking technologies enable these third parties to serve our tailored marketing to you while viewing other areas of the Internet, based on anonymous information collected while you are using the Services. We have implemented the following Google Analytics advertising features based on interests and location for the purposes of remarketing: retargeting and enhanced demographic tracking, including affinity audiences, custom affinity audiences, in-market audiences, similar audiences, demographic and location targeting, and demographics and interest reports. The parties that provide these technologies may offer you a way to opt out of targeted marketing as described below. Click the following link for more information on how Google uses data when you use the Site: https://policies.google.com/privacy
You may visit the Network Advertising Initiative’s Consumer Opt-Out Link and/or the Digital Advertising Alliance’s Consumer Opt-Out Link to opt-out of receiving tailored marketing from companies that participate in those programs, and if you are interested in learning about tailored browser marketing and how you can generally control cookies from being put on your computer to deliver tailored marketing (i.e., not just for our Site). You may also visit the Google Ads Settings page to opt-out of Google Analytics for Display Advertising or customize Google Display Network ads. Please also see additional information here about Google Ad Settings for mobile apps. Be aware that you may still receive marketing content that is not tailored to your interests, even if you opt-out of tailored marketing, to the extent marketing technology is integrated into our Site. In addition, we are not responsible for any choices you make using any of the above opt-out links, and we do not control these opt-out methods or their continued availability or accuracy.
You may also receive tailored in-application marketing content when using an application on a mobile device. Each mobile operating system provides its own instructions on how to prevent or opt-out of the delivery of tailored in-application marketing content.
California privacy disclosures
The following California privacy disclosures supplement the information contained in this Privacy Policy and apply solely to individual residents of the State of California (“California Residents” or “consumers” or “you”).
The California Consumer Privacy Act
We are required disclose the information we collect, our uses of that information, and your rights with regard to that information as defined by the California Consumer Privacy Act of 2018 (the “CCPA”), California Civil Code Sec. 1798.100 et seq.
When you use the Services, we collect personal information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or your device.
Personal information does not include information publicly available from government records, de-identified or aggregated consumer information, information relating to our employees, contractors, and other personnel, and information excluded from the CCPA’s scope such as personal information covered by certain sector-specific privacy laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the California Confidentiality of Medical Information Act (CMIA), the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
The categories of information we collect
Specifically, we have collected the following categories of personal information from you within the last twelve (12) months:
CategoryExamplesCollected?Category A: IdentifiersFirst and last name, email address, IP address, or similar identifiers. YesCategory B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.YesCategory C: Protected classification characteristics under California or federal lawAge (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).NoCategory D: Commercial informationRecords of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.YesCategory E: Biometric informationGenetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.NoCategory F: Internet or other similar network activityBrowsing history, search history, information on a consumer's interaction with a website, application, or advertisement.YesCategory G: Geolocation dataPhysical location or movements.YesCategory H: Sensory dataAudio, electronic, visual, thermal, olfactory, or similar information.YesCategory I: Professional or employment-related informationCurrent or past job history or performance evaluations.NoCategory J: Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.NoCategory: K. Inferences drawn from other personal informationProfile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Yes
We collect the categories of personal information listed above from the following categories of sources:
Directly from you, for example when you sign up for the Service.
Indirectly from you, for example by observing or analysing your use of the Service via our websites and mobile applications.
Please review the section ‘What information do we collect?’ in this Privacy Policy for more information regarding the specific personal information we collect.
Use of personal information for California Residents
Please review the section ‘How do we use personal information?’ in this Privacy Policy for the ways we may use or disclose the personal information of California Residents.
Sharing personal information for California Residents
We may disclose your personal information to third-parties for business purposes. In the preceding twelve (12) month we have disclosed the following categories of personal information for business purposes:
Category A: Identifiers
Category B: Personal information categories listed in the California Customer Records statute
Category D: Commercial information.
Category F: Internet or other similar network activity
Category G: Geolocation data
Category H: Sensory data
Category: K. Inferences drawn from other personal information
We disclose your personal information for business purposes to service providers and to third-parties to whom you or your agents authorize us to do so.
We do not “sell” personal information as most people would typically understand that term. However, we do allow certain third-party partners and providers to collect information about consumers directly through our services for purposes of analysing and optimizing our services and advertisements (ads), providing content and ads that are more relevant, measuring statistics and the success of ad campaigns, and detecting and reporting fraud. To the extent this practice is interpreted to constitute a “sale” under the CCPA, please see our ‘Cookies and Similar Technologies’ section above for more information including how to exercise your rights to opt-out of cookies, analytics and personalized advertising.
Rights and choices for California Residents
The CCPA provides California Residents with specific rights regarding their personal information. This section describes your rights and how to exercise them.
Access to your information and data portability rights. You have the right to request information about our collection and use of your personal information over the past 12 months. You also have the right to receive a copy of your personal information in a portable format to enable you to better understand our use of your personal information and to allow you to transfer your personal information to an alternative service provider of your choice.
Deletion request rights. You have the right to request that we delete your personal information that we have collected from you, subject to certain exceptions. We may deny your deletion request if retaining your information is necessary for us or one of our service providers to, for example:
Complete a transaction with you
Detect security incidents to protect against malicious, deceptive, fraudulent or illegal activity
Debug the Service and to identify and repair errors
Exercise free speech or to exercise another right provided by law
Use the personal information solely for internal uses that are reasonably aligned with your expectation based on your relationship with us
Comply with a legal obligation
Make other internal and lawful uses of your personal information that are compatible with the context with which you provided it
Personal information sales rights.You have the right to direct us not to sell your personal information.
Non-discrimination right.You have the right not to be discriminated against when you exercise any of the rights under the CCPA. Unless permitted by the CCPA, we will not:
Deny you goods or services
Actually charge, or suggest we charge you different prices or rates, or provide different levels of quality for goods and services.
However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.
We may, where permitted by the CCPA, offer certain financial incentives related to the personal information you provide that can result in different prices, rates and quality levels. Such financial incentives will be reasonably related to the value of the personal information that you have provided, and in such cases, we will provide written terms that describes such an incentive programs material aspects.
Exercising access, data portability and deletion rights
To exercise the access and deletion rights described above, you should submit a verifiable consumer request to us using the information in the ‘Contacting us’ section of this Privacy Policy. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make such requests.
You may only make a verifiable consumer request to exercise your access or data portability rights or your deletion right once free-of-charge within a 12-month period, and such requests must provide sufficient information that allows us to reasonably identify you, or identify you as an authorized representative. We will need to verify your identity before processing your request, which may require us to request additional personal information from you or require you to log into your account, if you have one. You must also provide sufficient detail in your request such that we can properly understand, evaluate and respond to it.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will provide a brief explanation.
We endeavor to respond to verifiable consumer requests within forty-five (45) days of receipt. If we require more time, we will inform you of the reason and extension period. We will deliver our written responses to these requests either by mail or electronically, at your option. The response may also explain the reason we cannot comply with the request.
Additional California disclosures
California law requires us to let you know how we respond to web browser Do Not Track (DNT) signals. Because there currently isn’t an industry or legal standard for recognizing or honoring DNT signals, we don’t respond to them at this time. We await the result of work by the privacy community and industry to determine when such a response is appropriate and what form it should take.
A California resident who has provided personal information to a business with whom he/she has established a business relationship for personal, family, or household purposes (“California Customer”) is entitled to request information about whether the business has disclosed personal information to any third parties for the third parties’ direct marketing purposes, subject to certain exceptions, as defined in California Civil Code Sec. 1798.83. In general, subject to certain exceptions, if the business has made such a disclosure of personal information, upon receipt of a request by a California Customer, the business is required to provide, free of charge, a list of all third parties to whom personal information was disclosed in the preceding calendar year, as well as a list of the categories of personal information that were disclosed. California Customers may request further information about our compliance with this law using the contact details at the end of this Privacy Policy.
EU privacy rights
If you are located in the EU, you have the following rights in respect of your personal data that we hold:
Right of access. You have the right to access the personal information that we hold about you.
Right to rectification. You may have the right to require us to correct any inaccurate or incomplete personal information we hold about you.
Right to erasure. In certain circumstances you may have the right to the erasure of your personal data we hold about you (for example where it is no longer necessary in relation to the purposes for which it was collected or processed).
Right to restriction. You may have the right to request that we restrict processing of you personal information in certain circumstances (for example where the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of that personal data).
Right to portability. In some limited circumstances, you may have the right to portability which allows you to move, copy or transfer personal data from one organization to another.
Right to object. You have a right to object to us processing your personal information when the processing is based on legitimate interests and also to stop us sending you direct marketing.
Rights in relation to automated decision making and profiling. You have the right not to be subject to a decision that affects you based solely on automated processing. See the section ‘Automated Decision-making’ in this Privacy Policy for more information.
If you wish to exercise one of these rights, please contact us using the information in the ‘Contacting us’ section of this Privacy Policy.
Automated decision-making and profiling
Automated decision making refers to a decision that is taken solely on the basis of automated processing of your personal data, for example using software, artificial intelligence or other rating or scoring algorithms. Profiling uses automated processing which sometimes results in automated decision making, and in some cases does not.
When you sign up to use the Services, we may use certain personal information, for example your first name, last name, address and IP address to verify you are eligible to use the Services and to restrict your access if you are not, for example if you are resident in a country or region that is subject to a U.S. government embargo. We will also restrict access by use of automated decision-making and profiling to anyone on or, directly or indirectly, owned, in whole or part, by any person or persons on the U.S. Treasury Department’s List of Specially Designated Nationals and Blocked Persons or any other U.S. government list of parties with respect to transactions that are forbidden or restricted.
You have the right to not be subject to decision making which is solely based on automated processing and profiling, but only when that decision results in legal effects or otherwise significantly affects you. If you believe we have incorrectly made a decision based on automated decision-making and profiling, please contact us using the information in the ‘Contacting us’ section of this Privacy Policy.
Your right not to be subject to automated decision making and profiling does not apply if the decision was necessary for entering into or performing a contract with you or is authorized by law and there are suitable safeguards for your rights and freedoms. However, in these situations, you can still obtain human intervention in the decision-making process and will make sure there are methods in place for you to express your point of view.
How do we secure your personal information?
We take steps to help protect your data, including your personal information. The steps include protecting this data against accidental loss, unauthorized use, disclosure, and restricting access to personal information by our staff. The Service is hosted by a third-party hosting company that we have determined maintains various security controls and utilizes TLS encryption for all internet communication with the Service. We also require all staff that administer and develop the service follow a series of controls, including strong passwords, the use of anti-virus and anti-malware software, disk encryption and other practices.
We use various 3rd party processors to enable us to provide the Service, and as part of our vendor due-diligence, we review the security controls these processors have in place for appropriateness in relation to the type of data we collect.
You should keep in mind, however, that the Service utilizes software, hardware, and networks, which from time to time require maintenance and experience problems beyond our control. Note that no data transmission over the public internet or encryption method can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information that you provide to us. You transmit information to us at your own risk.
How long do you retain personal information?
Unless otherwise specifically stated elsewhere in this Privacy Policy, we will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
Rights to access
You may correct or update information collected about you by contacting Ocuvault at the email or mailing address noted below. We will use commercially reasonable efforts to correct or update our records. For our records, we may retain original and updated information for reasons such as technical constraints, dispute resolution, troubleshooting, and agreement enforcement.
You have the right to access personal information about you. We may request a fee to meet our costs in providing you with details of the information we hold about you, as permitted by law. We may decline to process requests that are frivolous, vexatious, jeopardize the privacy of others, are extremely impractical, or not otherwise required by local law.
Links to third-party websites, apps or services?
This Privacy Policy only addresses the use and disclosure of personal information collected from you by Ocuvault. You should be aware that when you are using the Services, you may also use or be directed to other websites, applications or services of third parties that are beyond our control, and Ocuvault is not responsible for the privacy practices of third parties or the content of their websites, applications or services. We encourage you to read the posted privacy policy whenever interacting with any third party website, application or service.
Updates to this Policy
We may occasionally update this Policy. When we do, we will also revise the “last updated” date at the beginning of the Policy. Your continued use of our Service after such changes will be subject to the then-current policy. If we change this Policy in a manner that is material, we will use reasonable efforts to notify you via the contact methods you have provided of the change prior to applying the change to any personal information that we collected from you prior to the date the change becomes effective. We encourage you to periodically review this Privacy Policy to stay informed about how we collect, use, and disclose personal information.
What is our policy on children users of the Services?
We do not knowingly collect or maintain personal information from persons under 16 years old. Our Services are intended for use by a general audience, and no part of our Services is directed to children under 16. If Ocuvault learns that personal information of children less than 16 years old has been collected without verifiable parental consent, then Ocuvault will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under the age of 16 has obtained an account on the Services or otherwise provided us with personal information without your consent, then you may alert Ocuvault at the address below and request that we delete that child’s personal information from our systems.