Privacy Policy

This document sets out the privacy policy (“Privacy Policy“) of Hanita Lenses (ACS) Ltd., which is an Israeli legal corporate entity, registered at the Israeli Registrar of Companies under number 57-003864-6 (“Hanita“, “we“, “us” and “our“).

Privacy Commitment

Hanita is committed to protecting the privacy of all individuals in respect of whom we hold any personal data, regardless of whether those persons are customers, potential customers, business partners or otherwise and regardless of how we have come to possess the personal data.

Our privacy policy is designed to be compliant with all applicable Israeli privacy and data protection regulations, including without limit the Protection of Privacy Law 5741-1981 and the Privacy Protection (Data Security) Regulations 5777-2017 promulgated thereunder (collectively “Israeli Law“) and the European Union’s General Data Protection Regulation 2016/679 (“GDPR“).

Hanita will ensure that all personal data that you submit to us, or which we collect, via various channels, including without limit via your interaction with our website, through written correspondence (including e-mail) and from our distributors, doctors and hospitals, is only used for the purposes set out in this policy and that it shall be held and stored safely and in compliance with the applicable laws.

Through this Privacy Policy we aim to inform you about the types of personal data that we collect from individuals, the purposes for which we use the information and the ways in which the information is handled.

Hanita is the controller of all personal data that we collect, meaning that we determine the purposes and means of the collecting and using the personal data. We also control who has access to all personal data that is under our control. Additionally, if any of your personal data is processed, Hanita is also the processor of the personal data. Our contact details for the purposes of any correspondence relating to the Privacy Policy are as follows:

E.      [email protected]

What is Personal Data?

For the purpose of this Privacy Policy, “personal data” means any information of any kind relating to you personally and which can be connected to you either directly or indirectly by reference to other information. If information relating to you is anonymized so that we cannot connect you to the personal data by any means, then it is not personal data.

Our policy is not to require or to receive any information relating to any person’s health, including data relating to dimensions of your eyes and lens requirements or any other information that Israeli law or the GDPR considers to be sensitive or in a special category (“Sensitive Data“), unless that information has been anonymized before being sent to us so that we cannot identify to whom the information relates.

Any Sensitive Data that we identify in our systems will be anonymized so that we cannot connect it to you (“Anonymized Data“) and we will purge all Sensitive Data that we receive or find on our systems at any time.

We will also ensure that we receive no Sensitive Data from clinical trials conducted on our behalf other than where it has been anonymized by the institution conducting the trials or it has been converted into aggregated statistics in which the Sensitive Data relating specifically to an identifiable individual cannot be ascertained.

Business information is not personal data for the purposes of this privacy policy. We protect confidential business information in accordance with signed non-disclosure agreements, other applicable commercial agreements and our confidentiality policies. However, business related information that also relates to you, such as email addresses that may be used to identify or to target specific individuals, or personal profiles about you, your employers or employees, is personal data and we will protect that data in the same way that we protect all other forms of personal data in accordance with this privacy policy.

How We Collect Personal Data

We generally collect personal data from you in the following ways:

  1. You may be required to complete a form on our website or landing pages in order to receive a service such as a newsletter or in order to receive information and promotional material about products. The form will request personal data from you.  This is usually limited to first name, last name and email address or other appropriate contact details.
  2. You may complete the contact form on our website, requesting us to make contact with you. This form also requires that you provide us with your name and email address and also a phone number and a message. Depending on the nature of your message, it might also include personal data about yourself or about somebody else. Please do not include in your message any Sensitive Data or any personal data of any kind about any other person unless you have their express and fully informed written permission to do so. If you wish to discuss Sensitive Data with us, then state this in the form, but do not provide the Sensitive Data to us through the form.  Please note that if we receive from you any personal data relating to somebody else, then we will inform that person that we have received their personal data, specifying the type of personal data and the fact that we received that personal data from you.
  3. You may provide us with the personal data in your interactions with us through our social media pages, such as on Facebook, LinkedIn, Instagram and Google and others .
  4. We may have exchanged personal data from you at a trade show, meeting or similar types of events.
  5. When you order products from us, you will provide us with an address for delivery and details of credit cards or other relevant payment methods.
  6. We obtain certain information when your web browser accesses our website including your IP address, browser type, operating system, mobile network data, pages viewed and access times.
  7. You may have approached us directly by email or otherwise in connection with interest in our products or for business purposes and in the course of the communications provided us with personal data. Please ensure that these communications do not contain Sensitive Data of any person unless it is Anonymized Data.
  8. You may be participating in a clinical trial for our products that is being run for us. In this case, you will provide your contact details and other personal data that will include Sensitive Data to the clinic or hospital running the clinical trial. We will receive from the institution only personal data that is not Sensitive Data, though we will receive a report and results of the clinical trials in which Sensitive Data will have been anonymized and aggregated for statistical purposes. In such cases, all Sensitive Data is provided by you directly to the clinic or hospital and the clinic or hospital is responsible for holding, controlling, processing and securing your Sensitive Data as the Data Controller of that Sensitive Data and we take no responsibility for the control and processing of the Sensitive Date.

User Statistics

We collect statistical information regarding use of our website. This includes information about your browsing actions and patterns on the website, which we may use in order to provide you with a more personal experience. We also aggregate all statistical information regarding the browsing actions and patterns of all visitors to our website and this aggregated statistical information does not identify you.

How we Process your Personal data

“Processing” personal data means performing any operation or set of operations on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of the personal data.

The personal data that you provide to us or that we receive from other sources will be kept confidential. We will only hold, use and disclose your personal data in a manner that is fully compliant with Israeli law and the GDPR and in accordance with our legitimate business purposes, which include:

  1. If you conduct or may conduct business with Hanita, for example you are a Hanita distributor, sales representative, agent, hospital, doctor or other health care worker, then we will only use your personal data as is specifically required in order to communicate with you in connection with the relevant business. This might include:
  • promoting new products and services to you
  • responding to inquiries
  • providing offers
  • making introductions to other relevant persons
  • advise you of news and industry updates
  • advise you of events and promotions
  • other relevant business correspondence
  • delivering products you have ordered
  • for our internal business purposes, developing new products, enhancing the website, improving our services, identifying usage trends and visiting patterns, determining the effectiveness of our promotions, evaluating third party performance (such as distributors and health care workers) and meeting contractual obligations
  • administrative purposes, such as sending you important information regarding our website, changes to our terms of business or policies, or other administrative information.
  1. To provide you with services that you may have specifically ordered from our website or from a trade show or from any other form of communication, such as newsletters and direct mailing campaigns. We will ensure that you only receive the services in connection with the specific form you completed or in connection with the specific approval that we received from you. On any occasion that we send to you a newsletter or other direct mail campaign communication that is addressed to an email address that is connected specifically to you (even if a work email address), then we will include with it an easy to identify process to opt out of receiving similar future communications (e.g. checking an appropriate opt out box).
  2. To release personal data to regulatory or law enforcement agencies, if we are required or permitted to do so.
  3. If we receive any Sensitive Data, then our sole use of that data will be to anonymize it, where possible and to delete it from our systems.

We will not process your personal data for any other reason than those stated above, unless we first receive your express prior written consent or we are legally required to. The legal basis for processing your personal data is made up of one or more of the following reasons:

  • Your consent.
  • Providing our goods and services and conducting our business in the manner that we described above.
  • Compliance with applicable laws, regulations or other legal process. If we process your personal data in order to comply with a law, regulation or other legal process, then we will notify you of this in writing.
  • The processing is necessary for the purposes of our (or a third party’s) legitimate interests, provided we have established that those interests are not overridden by your rights and freedoms, including your right to have your personal data protected.

How we share your Personal data

Personal data that we collect is stored on third party servers that have been selected, among other reasons, based on their commitments to hold and protect the personal data from unauthorized access or transfer and that have provided commitments consistent with the GDPR and Israeli privacy protection laws. Currently, the personal data is stored on the servers belonging to Hubspot, Inc. (“Hubspot“). Hubspot provides us with customer relations management (CRM) services. The personal data is stored on the servers under our own unique account to which no other party has access (according to Hubspot’s terms and conditions). Hubspot undertakes to store and transfer personal data in accordance with its own privacy policy which can be found at https://legal.hubspot.com/privacy-policy#_Toc513893751.

Different members of Hanita personnel have different access rights to the personal data stored with the third party servers, and different members of Hanita personnel have different permissions for what they may and may not do with the personal data, including with whom they may share personal data. Access and permission for each Hanita employee is set according to their responsibilities.  Additionally, all personnel who have any kind of access to the Hubspot account or who have any other means of accessing personal data are made fully aware of this Privacy Policy and are also trained in Israeli privacy and GDPR requirements.

As Hanita personnel are generally located in Israel, when they access the personal data from the third party servers, the personal data is effectively also transferred out of the EU to Israel and part or all of that personal data may be stored in Israel, such as when it is downloaded onto the Hanita employee’s hard drive.

Except for storing the personal data on the third party servers as explained above, our policy is not to share your personal data with any other party unless it is in line with this Privacy Policy and the applicable Israeli laws and GDPR. For example, if you are employed by one of our distributors and we would like to share your email address or other contact information with a hospital in your distributor’s sales region for the purpose of advancing the sales activity of the distributor, then we may do so without asking for your specific prior approval. However, if we wish to share the same information with a third-party company that is collecting email contact details for its own direct marketing purposes that are unrelated to our mutual business, then even if we are convinced that sharing the information will be to your personal benefit, we will first send you a message, explain the circumstances and ask for your permission to share the information. We will then require your express written (which may be by email) consent for us to send your personal contact information to that third-party company.

Whenever we share any personal data with third parties, we require that they contractually guarantee to maintain adequate levels of protection and that any processing of personal data is restricted to the purposes set out in this Privacy Policy and that, where required, they also contractually agree to GDPR approved standard contractual clauses.

New business owners

If we or our business merges with or is acquired by another business or company, we will share your personal data with the new owners of the business or company and their advisors. If this happens, we will notify you of such event in advance, subject to restrictions in transferring commercially sensitive information.

How long we will hold your information

To the extent permissible by applicable law, we will retain your personal data for such period plus 12 further months as is necessary to satisfy or to fulfill the following:

  • the purposes for which that personal data was provided;
  • an identifiable and ongoing business need, including record keeping;
  • a requirement to retain records that may be relevant to any notified regulatory investigations or active legal proceedings;
  • comply with any applicable law, regulation, legal process, including, without limitation, court orders and/or compulsory disclosures required by governmental authorities;
  • fulfill legitimate interests of Hanita that are not outweighed by your right to privacy.

Use of Cookies and Tracking Technology

We use cookies

  • to make our website easier for you to use
  • to help stop our online-forms from being used to send spam-email
  • to monitor usage so we can spot trends and make improvements

We do not use cookies:

  • to identify individuals
  • to store personal information

It is our belief that use of cookies is necessary for the smooth functioning of our website and that they do not pose any threat to your personal privacy or online security. We recommend that you indicate that you will “allow” cookies. However, if you “disable” cookies, you will still be able to use the website, but the interactive functions of the website will not operate. For example, data-submission via forms cannot fully work without the use of cookies.

You can learn more about our cookie usage in our Cookie Policy [to add link]

Security

We have put in place reasonable administrative, organizational and technical safeguards and security measures to protect personal data from unauthorized access, disclosure, destruction or alteration, accidental loss, misuse or damage. We regularly review and monitor such safeguards and security measures and update them when we deem it to be required. However, no measures can provide an absolute guarantee against unauthorized access.

You should understand that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data while it is being transmitted to our website or sent to us by email via third party networks. Once we have received your information, we will use the procedures and security features described above to reduce the possibility of unauthorized access.

Your Rights in Connection with Your Personal Data Held by Us.

You have certain rights in relation to personal data about you that we hold. Details of these rights and how to exercise them are set out below. We will require evidence of your identity before we are able to act on any request with respect to exercising any rights. For convenience, please address any requests to us regarding your rights below by email to [email protected]

Right of Access

You have the right at any time to ask us for a copy of the personal data about you that we hold.  Israeli law and GDPR provides certain instances where we may refuse your request for a copy of your personal data, or certain parts of the personal data that we hold. If we refuse your request or any element of it, we will provide you with our written reasons for doing so as soon as possible.

Right of Correction or Completion

If personal data we hold about you is not accurate, out of date or incomplete, you have a right to have the data rectified, updated or completed.

Right of Erasure

You have the right to request that personal data we hold about you is erased if:

  • your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • you wish to withdraw your consent on which the processing of your personal data was based and there is no other basis justifying such processing;
  • you consider and can establish that your personal data has been unlawfully processed; or
  • your personal data must be deleted in accordance with a legal obligation.

Right to object to or restrict processing

You have the right to object to our processing of your personal data and you also have the right to object to use of your personal data for direct marketing purposes.

Right of Data Portability

You have a right to receive any personal data that we hold about you in a structured, commonly used and machine-readable format, provided that:

  • the personal data is data that you have provided to us previously; and
  • the personal data is processed by us using automated means.

Please note that if you are requesting the personal data to be transferred to a third party’s system, we cannot guarantee technical compatibility with that system.

Consent

To the extent that we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

Complaints

If you are unhappy about our use of your personal data, please do notify us, providing the reasons and we will endeavor to rectify the problem.

You may address any complaints to our representative ([email protected]).

If you are based in the EU, you may also lodge a complaint with any Data Protecton Authority set up to supervise and enforce the GDPR (“DPA“). There is a DPA in each EU member state and you may report to any DPA, although generally you will report to the DPA set up in the member state in which you are located. Here is a list of all DPAs and their contact details: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm However, we do take your rights with respect to your personal data very seriously and will appreciate the chance to resolve any issues that you may have before you address a DPA.

Third-Party Websites

Please note that clicking on links and banner advertisements on our website can result in your browser accessing a third-party website, where data privacy practices will be different to those of Hanita as described in this Privacy Policy and we cannot be responsible for the manner in which those parties hold and process any personal data that they collect from you. We therefore recommend that you review their privacy policies separately before providing such third parties with any of your personal data.

Changes to our Privacy Policy

This Privacy Policy can be changed by Hanita at any time. If we change our Privacy Policy in the future, we will advise you of material changes or updates by email. For less substantive changes, we will simply publish the revised policy on our website. You are therefore encouraged to review our Privacy Policy from time-to-time to ensure that you remain updated.

Further Information on Data Protection and Personal Privacy

If you have any further inquiries or if you would like to contact us about our processing of your personal data, including exercising your rights as outlined above, please contact us by email. You may contact our representative by email at [email protected]

If and when you contact us, we will ask you to verify your identity.