Washington Consumer Health Data Privacy Notice

Effective Date: 09/23/2024

EyeMed Vision Care, LLC including all direct and indirect subsidiaries (collectively, “EyeMed”, “we,” “our,” or “us”), respects the privacy of your “consumer health data” as defined by the Washington State My Health My Data Act (“MHMDA”). This Washington Consumer Health Data Privacy Notice applies to “consumer health data” collected from Washington state residents through the EyeMed website, as well as those whose consumer health data is collected in the State of Washington. Under MHMDA, consumer health data means personal information that is linked or can reasonably be linked to a consumer and that identifies or could potentially identify the consumer's past, present, or future physical or mental health status. 

This notice does not apply where an exception or exemption applies to the data collected such as protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”). We provide a HIPAA privacy notice to certain customers and consumers as required under applicable laws and regulations.  Most consumer health data we process is regulated under HIPAA or is processed for a necessary function. 

1. CATEGORIES OF CONSUMER HEALTH DATA WE COLLECT

The health data we collect from you depends on your relationship with us and varies on how you interact with our Sites. We will collect and/or receive the following categories of consumer health data:

  • Information about your health-related conditions, symptoms, status, diagnoses, disease, treatments or tests conducted, procedures, medications and other associated healthcare actions.
  • Biometric data which may include voice recordings if you contact the EyeMed customer support team. 
  • You may provide demographic information like gender, age, income, family size, and marital status data which may be used to draw a health inference.
  • Precise location information that could reasonably indicate your attempt to acquire or receive health services, products or information, if you enter your zip code or address information on our website.
  • Information that identifies a consumer seeking health care services. 
  • Inferences or derived information based on the information listed above that we collect about you. 

For the personal data we collect to be considered consumer health data it must alone or with other data, identify you and allow an inference about your health. We may make inferences regarding your health but only in the context of providing you with services governed by HIPAA. Please see our HIPAA Notice of Privacy Practices for more information.

2. WHY WE COLLECT AND USE CONSUMER HEALTH DATA

To the extent we collect and use your consumer health information as described above we may use it for the following purposes.

  • Services and Support - To provide and operate our Services, communicate with you about your use of the services, provide you with information about our Services, sending administrative information to you, such as changes to our terms, conditions, and policies; provide troubleshooting and technical support, respond to your inquiries, fulfill your orders and requests, process your payments and claims, communicate with you about the Services, complete transactions, provide quotes; and to provide our insurance products or services requested by consumers.
  • Analytics and Improvements - To better understand how you access and use the Services, and for other internal research and analytical purposes, such as to evaluate and improve our Services and business operations and for internal quality control and training purposes.
  • Surveys, Promotions or Newsletters - To administer surveys and questionnaires, such as for customer engagement purposes, offer sweepstakes and promotions, or to administer our newsletter.
  • Authentication - To confirm your identity.
  • Security - To protect our Services and business operations; to prevent and detect fraud, unauthorized activities and access, and other misuse; conduct risk assessments and monitoring; to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party.
  • Compliance and Legal Process - To comply with the law and our legal obligations, to respond to legal proceedings.
  • General Business and Operational Support - To consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions such as financing, and related to the administration of our general business, accounting, auditing, compliance, recordkeeping, and legal functions.

3. CATEGORIES OF SOURCES 

We generally collect consumer health data from the following categories of sources:

  • Directly from you;
  • From your interactions with our products and the services on our EyeMed websites; and
  • Directly from your provider.

4. OUR SHARING OF CONSUMER HEALTH DATA

We share all the categories of Consumer Health Data listed above with:

  • Service Providers to provide services in connection with the operation of our business.
  • Affiliates or joint venture partners we have now or in the future.  
  • With law enforcement or other authorities if we believe that: the law or legal process requires it; we have received a valid administrative request from a law enforcement agency; or such release is necessary or appropriate (in our sole discretion) to protect the rights, property, or safety of EyeMed, or any of our respective affiliates, service providers, customers, or as EyeMed deems necessary to resolve disputes, troubleshoot problems, prevent fraud and otherwise enforce the Terms of Use. 
  • As part of a business transition, such as a merger, acquisition by another company, or the sale of all or a portion of our assets, including as part of a bankruptcy proceeding. 
  • With your consent or as otherwise disclosed at the time of collection or sharing.  

We may share information that has been de-identified or aggregated without limitation.

5. YOUR PRIVACY RIGHTS

MHMDA grants certain rights including a right of access and deletion, subject to certain exceptions. 
If you would like to exercise your rights under the MHMDA, you may make a request by completing our interactive Webform or by mail at: 4000 Luxottica Place Mason, OH 45040 ATTN: Privacy Office. Please indicate that you are making a request pursuant to your “Washington Privacy Rights” and provide us with the following information: (1) first and last name; (2) email address; (3) physical address; and (4) date of birth. We will take steps to verify your request by matching the information provided by you with the information we have in our records. 
If your request to exercise a right under the MHMDA is denied, you may appeal the denial. You can appeal a denial by using our interactive webform or emailing us at PrivacyOffice@EyeMed.com. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.

6. CHANGES TO THIS PRIVACY NOTICE

We reserve the right to amend this Washington Consumer Health Data Privacy Notice at our discretion and at any time. When we make material changes to this Notice, we will notify you by posting an updated Notice on our websites, including the effective date of the updates.