Privacy Policy

Effective Date: 9 February 2020

Your Privacy Rights

CT Operations International USA Inc., CT Operations PTY LTD and CT Operations International LTD”, (“Oculo”, “us,” “we,” or “our”) provides a software platform located at https://connect.oculo.com.au, https://connect.oculo.co.nz/ https://www.oculo.health and https://www.oculo.co/ (including all applications, tools, information, content, materials, data, products and services made available on the Platform from time to time) (the “Platform”) to enable improved e-communication between health care providers, including optometrists, ophthalmologists, general practitioners, specialist support providers and other similar eye health providers who access and use the Platform (“Health Care Provider” or “you”).

The Platform aims to enable improved digital communication between Health Care Providers and to streamline the transfer and sharing of Health Care Provider and relevant patient information, including clinical notes and images, eye care records, referral and medical appointment details.

We are committed to protecting the privacy of those who use our Platform and our website at Oculo. This Privacy Notice (“Notice”) contains details about how Oculo collects, uses, and retains the Personal Data (defined below) of our Platform and website users that we obtain from and about you when you use our Platform and/or our website or otherwise interact with us for example by email or phone. Please read this Notice carefully.

This Notice is directed at Health Care Providers and other non-patient website visitors. It is not intended to provide patients with details of how we process Personal Data relating to them which is contained in the communications made between Health Care Providers via our Platform. As we do not have any direct relationship with these patients, it is the responsibility of our Health Care Providers, as the controllers of this data, to inform patients (where required by applicable privacy laws) about how their Personal Data will be processed on the Platform. To the extent HIPAA applies to any of the information we handle, such information is also not subject to this Notice and is instead governed by agreements we have with Health Care Providers.

Whenever you provide or access Personal Data about another individual (such as a patient or another Health Care Provider) whilst using the Platform or interacting with Oculo, you must ensure and you represent that you have any necessary consent or authorization for Oculo to use or share such information as described in this Notice. You shall have sole responsibility for any violation of privacy laws as a result of any failure to inform the other individual about how their Personal Data will be processed, or any failure to ensure that there is a lawful basis for the use of their Personal Data, such as obtaining the consent from the other individual.

Changes: Oculo may update this Notice from time to time by updating this page and so please check back periodically for updates. When required by applicable law, we will notify you of any changes to this Notice by providing an updated notice on this page.

What Information Do We Collect?

Personal Data refers to any information relating to an identified or identifiable natural person (“Data Subject”).

Sources of Personal Data:

We collect information about you and how you use the Platform and our website in several ways, including:

Information you provide to us directly. We collect the information you provide to us directly, such as when you register to create a user account for the Platform and when you interact with us via the Platform or our website, such as if you fill in and submit forms, participate in surveys, questionnaires, or contests, or otherwise communicate with us, for example by telephone, email or in person.
Information collected or inferred from your use of the services. We automatically collect information about your access to and use of the Platform and our website for example information collected via cookies. For further information about how we use cookies, please see our Cookie Policy at oculo.co/cookie-policy.html.
Information from third parties. We may receive information about you and your use of the Platform from third parties, such as from your employer or coworkers (such as an authorised representative), third party service and content providers and other Platform users.

We may combine information that we receive from the various sources described in this Notice with the Personal Data we collect from you and use or disclose it for the purposes identified below. 

Information We Collect:

The types of information that Oculo collects about you will depend on how you use our website and whether you access the Platform and our services:

Identifiers, such as your name, postal address, unique personal identifier, practice details/details of your employer, online identifier, email address, account name, social security number, health identification number, or other similar identifiers.
Financial information, such as invoice details.
Demographic information, such as age, race, gender, or date of birth.
Internet or other electronic network activity information, such as your browsing history, search history, internet protocol address and information regarding your interactions with and use of the Platform, our website, and advertisements. We may also collect and hold details of any support calls, enquiries and complaints made by you.
Professional, employment, or education information, such as job title, business address, employment history, qualifications or other professional information.

You do not have to give us any of the Personal Data set out above, but if you do not provide us with certain information, you will not be able to register to create an account with our Platform and we will not be able to provide you with our services, or deal with your query or other communication.   

How Do We Use Your Personal Data? 

We may use your information in a number of ways, including:

To provide you with the Platform, our website and our services, such as to register and administer your account, provide you with and support your use of the Platform or our website, diagnose, repair and track service and quality issues; communicate with you about your account or regarding additional uses of your Personal Data beyond the scope of this list; install and configure changes and updates to the Platform or our website; authenticate users of the Platform or our website; verify your eligibility for certain programs or benefits; or to respond to your requests, complaints, and inquiries.
For our own internal business purposes, such as to evaluate or audit the usage, performance and safety of our Platform or our website; evaluate and improve the quality of our Platform, our website, or our services and design new services; to develop and maintain the Platform or our website; to process and catalog your responses to surveys or questionnaires; conduct data analysis and testing; maintain proper business records and other relevant records.
For legal, safety or security reasons, such as to comply with legal requirements; protect the safety, property or rights of Oculo, our Platform users, or others; and detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity.
For marketing, we may use your Personal Data to market our products or services or those of third parties. We may use usage data to make our advertising more relevant to you and to offer you products and services that we believe may be of interest to you. When required by law, we will seek your consent for such marketing.
In an anonymous or aggregated format, we may also use your information in an anonymized or aggregate manner, such as to compile statistical information about the use of our Platform or website.
For any other purposes for which you provide consent.

With Whom Do We Share Your Information? 

We may share your Personal Data with entities other than the Oculo entity that originally collected it, including the categories of recipients described below:

Affiliates and subsidiaries: We may share your Personal Data within the Oculo group of companies, which includes parents, corporate affiliates, subsidiaries, business units and other companies that share common ownership for the purposes described above.
Third party service providers: We may share your Personal Data with third party service providers working on behalf of Oculo in order to provide the Platform, our website and our services, such as hosting service providers, IT providers, providers involved in online transactions (eg. for billing purposes), accountants, analytics companies, and marketing providers. More detail can be provided on request.
For legal, security and safety purposes: We may share your Personal Data with third parties such as law enforcement or other government agencies to comply with law or legal requirements; to enforce or apply our Terms of Use and other agreements; and to protect our rights and the property or safety of Oculo, our users, or third parties.
In connection with a transaction: If we, or some or all of our assets, are acquired by another entity, including through a sale or in connection with a bankruptcy, we will share your Personal Data with that entity.
Platform users: When you use our Platform to communicate with other Health Care Providers, patients or other third parties, this may involve the disclosure of your Personal Data to those individuals.
Your employer or coworkers: If you receive our services in connection with your employment, your employer, coworkers (such as your authorised representative), or other individuals designated by your employer may view any Personal Data that we collect in connection with your use of or interaction with the Platform, or our Services.

We may also share Personal Information that has been anonymized or aggregated with third parties for any purpose. 

Data Security and Retention

Oculo maintains reasonable security procedures and technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, disclosure, alteration, or use. These measures include industry-standard techniques, such as firewalls, encryption, intrusion detection and website monitoring. Whilst we strive to protect your information, no data transmission over the internet can be guaranteed to be 100% secure, and we cannot guarantee the security of any information you send to us or receive from us. 

Oculo retains Personal Data only for as long as necessary to fulfill the stated purpose for which the Personal Data was collected or otherwise processed, and thereafter only for legitimate legal or business purposes. These may include retention periods that are: (i) mandated by law, contract or similar obligations applicable to Oculo’s business operations; (ii) for preserving, resolving, defending or enforcing our legal/contractual rights; or (iii) needed to maintain adequate and accurate business and financial records. We will delete or anonymise Personal Data as soon as the respective purpose for its use is complete and no requirement to retain it for any of the purposes described above remains. 

Please use all reasonable efforts to keep the Personal Data which you provide to Oculo, accurate and up-to-date by informing us of any changes as soon as possible. 

Children’s Privacy

The Platform and our services are intended for individuals 16 years of age and older. Neither the Platform nor our website is directed at, marketed to, nor intended for, children under 16 years of age. Oculo does not knowingly collect any information, including Personal Data, from children under 16 years of age. If you believe that we have inadvertently collected Personal Data from a child under the age of 16, please contact us at the address below and we will use reasonable efforts to delete the child’s information from our databases. If you use our Platform to communicate Personal Data relating to patients (or any other individuals) who are under 16, it is your responsibility to ensure that this complies with all applicable laws, including privacy laws.

External Links

Our website may contain links to external sites or other online services, including those embedded in third party advertisements or sponsor information, that are not controlled by Oculo. Oculo is not responsible for the privacy practices and data collection policies for such third party services. You should consult the privacy notices of those third party services for details.

Terms of Use

The Terms of Use are incorporated by reference into this Notice, and can be found at: https://oculo.co/terms-and-conditions.

Contact Info/Your Choices

If you have questions regarding this Notice, please contact Oculo at: 

EMAIL:
AU: privacy@oculo.com.au 
NZ: privacy@privacy.co.nz 
UK: privacy@oculo.health 
US: privacy@oculo.co

MAIL: Oculo L3 373 Little Bourke Street Melbourne Victoria Australia 3000 

In Europe, you may contact the Oculo Data Protection Officer at: 

NAME: Phil Walker 
EMAIL: pdwalker87w@btinternet.com 
PHONE: 447388340416 
MAIL: 8 Seven Wells Amotherby Malton YO17 6TT 

To opt-out of receiving promotional email messages from us, please click on the "Unsubscribe" link contained at the bottom of each email or contact us using the details above.

EEA Data Protection Laws Section

Where EEA data protection laws apply to our processing of your Personal Data (for example, where your Personal Data is processed by our UK company), we are required to provide you with additional information, which is set out in this EEA Section. In the event of a conflict between information in this section and the rest of the Notice, this EEA Section will govern.  

The legal basis for our collection and use of your Personal Data, as data controllers, will depend on the Personal Data concerned and the specific context in which we collect it. In many cases, we will process Personal Data about you using the following legal bases:

Legitimate Interest – we process Personal Data to meet our legitimate business interests, such as to develop, improve and to provide our Platform, our website and our services, support our sales and business operations, and secure our systems, facilities and personnel;
Legal Obligation – we process Personal Data to comply with applicable laws and regulations;
Performance of Agreement – we process Personal Data in order to perform or fulfill our obligations under our agreement with you;
Consent – we may process your Personal Data based on consent. For example, if we want to send you a marketing communication, where required by data protection law, we will seek your consent separately at the time of collection. You may withdraw your consent at any time by contacting us using the information in the “Contact Us” Section above.

Further information about how we process your personal data is provided in the table at the end of this EEA Section. 

International Transfers of Your Personal Data 

Your Personal Data may be processed by Oculo affiliates or service providers located outside the European Economic Area (“EEA”), such as our Australian entity, CT Operations Pty Ltd for one or more of the purposes described in this Notice. Where your data is transferred outside the EEA, we will ensure that adequate safeguards are in place, such as: 
(a) the transfer is to a country which is the subject of an adequacy-decision by the European Commission; 
(b) the transfer is covered by a contractual agreement which has been approved by the European Commission as providing adequate safeguards for personal data transferred outside the EEA, such as the EU Standard Contractual Clauses; 
(c) the transfer is to an organisation in the US that is EU-US Privacy-Shield certified; or  (d) an exemption applies, such as where the transfer is necessary to perform a contract with you (or concluded in your interests) or to take pre-contractual measures at your request. 
International data transfers to our affiliates, subsidiaries and parent companies are governed by EU Standard Contractual Clauses. 
Please contact privacy@oculo.health if you want to receive further information or, where available, a copy of the relevant data transfer mechanism. 

Your EEA Privacy Rights 

Where EEA data protection laws apply (such as where your Personal Data is processed by Oculo in the UK), with certain legal exceptions and limitations, you may exercise the following rights regarding your Personal Data: 

Access. You have the right to confirm with us if your Personal Data is being processed and to obtain certain other information about that processing in addition to obtaining a copy of that data.   
Rectification. You have the right to request the rectification of inaccurate Personal Data and to have incomplete data completed. 
Objection. Where we are processing your Personal Data on the basis of our legitimate interests, you can ask us to stop processing it and we must do so unless we believe we have an overriding legitimate reason to continue processing your Personal Data, or we need to process it for the establishment, exercise or defence of legal claims. In addition, you have the right to object at any time if your Personal Data is processed for direct marketing purposes. 
Portability. You may receive Personal Data that you have provided to us in a structured, commonly used and machine-readable format and have the right to transmit that data to others or to ask us to do this. 
Restriction. You may request us to restrict processing of your Personal Data in certain circumstances, for example if you want to establish its accuracy or the reason for processing it. 
Erasure. You may request us to erase your Personal Data in certain circumstances, for example, where there is no good reason for us continuing to process it, or where you have exercised your right to object to processing (see above). 
Right to lodge a complaint. You also have the right to lodge a complaint with your data protection regulator and we will work with them to resolve it. In the UK, this is the Information Commissioner's Office (ICO). You can make a complaint to the ICO by calling their helpline on 0303 123 1113 or on their website at www.ico.org.uk/concerns. We would, however, appreciate the chance to deal with your concerns before you approach the data protection regulator, and so please do contact us in the first instance.
Right to refuse or withdraw consent. Please note that in case we ask for your consent to process your Personal Data, you are free to refuse to give consent and you can withdraw your consent at any time. Where you withdraw consent, we will stop using it for the specific purpose, unless we have an alternative legal basis to use it.

Right not to be subject to automatic decision-making, including profiling. 

We may ask you for proof of your identity before dealing with your request, as a security measure to protect your data. To exercise your rights or if you have questions about exercising any of your rights you may contact us at: 

EMAIL: pdwalker87w@btinternet.com 
PHONE: 447388340416 
MAIL: 8 Seven Wells Amotherby Malton YO17 6TT

WHAT PERSONAL DATA WE PROCESS AND HOW WE USE IT

The personal data we collect

We will collect the personal data needed to identify you and/or to register your account with the Platform such as your name and your contact details, such as your email address, telephone number and mailing address and where relevant, your job title and the name of your employer/your practice details, qualifications and other professional information.

‍

Where you are a Platform user: Financial information such as invoice details.

Where you are a Platform user: Personal data contained within communications made via the Platform, such as the fact that you are the sender or the recipient of a referral.

Information you provide to us when you contact us ie. by telephone, email, post or social media.

Technical data collected by automatic means ie. browsing actions and patterns, such as details of Platform/website visits, including traffic data, location data, logs, communication data, the resources accessed and website.

Information about your computer and internet connection, including IP address, operating system and browser type and equipment used to access the Platform/website.

‍

We also use “cookies” and similar applications for the purposes of enabling us to evaluate the use of our Platform/website and improve the experience of visitors to it. For information on the way in which we use cookies to monitor and manage our website performance, please see our Cookie Policy.

How we use it

Whether you are a Platform user or a website user, to provide you with the information or services requested and if you are a Platform user, to administer your registration with the Platform, to provide our Platform and our services and to contact you about them where necessary.

To send you marketing communications and to keep you up-to-date about our services which we think will interest you.

To respond to any communications from you, such as an enquiry or complaint and to administer any surveys/promotions/competitions. To notify you of any changes to our Platform, our website or our services.

Fraud prevention and detection and security.

To invoice you for your use of our Platform and our services.

To provide the Platform and our services.

‍

To provide you with the information, support and/or service you have requested and to fulfil any other purposes for which you have provided the data.

To administer and to improve our Platform and /or our website, to ensure it is presented in the most effective manner for you and to give you the best experience and to allow you to participate in interactive features of our Platform and our website if you choose to do so.

‍

For data analysis, testing, research and statistical statistics to help us to improve our Platform/website and services.

To keep our Platform/website safe and secure.

‍

Lawful Basis

To enter into and fulfil our contract with you/legitimate business purposes.

‍

Where you consent or for legitimate business purposes.

‍

For legitimate business purposes.

‍

Legal obligation/legitimate business purposes.

‍

To fulfil our contract with you/legitimate business purposes.

‍

To fulfil our contract with you/legitimate business purposes.

‍

For legitimate business purposes.

‍

For legitimate business purposes/to fulfil our contract with you.

‍

For legitimate business purposes/to fulfil our contract with you.

‍

For legitimate business purposes.

How We Use Cookies and Automatic Data Collection Tools

Please click oculo.co/cookie-policy.html for information about how we use cookies and other tracking technologies, including online behavioural advertising.

Online Advertising
Oculo advertises on the websites of third parties. These third parties may use cookies or tools to gather information about your browsing activities in order to provide advertising relevant to your interests.
You can manage your receipt of targeted advertising by visiting these sites: in the EU, https://www.youronlinechoices.eu/ and for U.S. and other regions, http://www.aboutads.info/consumers.

Marketing Communications
We provide digital marketing communications about our services with an unsubscribe mechanism in each communication. You can unsubscribe from any particular communication by clicking on “unsubscribe” in the email itself. You can also unsubscribe from receiving marketing communications from us by sending a request to unsubscribe@oculo.com.au, unsubscribe@oculo.co.nz, unsubscribe@oculo.health (UK), unsubscribe@oculo.co (US).

This Notice was last updated on 9 February, 2020.

‍