Ireland | English

Effective January, 2017

VSP Vision Care - UK Ltd. Privacy Notice


VSP Vision Care - UK LTD, registered in the UK under company number 07000582 with registered office at The Broadgate Tower, Third Floor, 20 Primrose Street, London, EC2A 2RS, United Kingdom (referred to in this Privacy Notice as the "Company" or "we") is the data controller for purposes of the UK Data Protection Act 1998 and this Privacy Notice describes how the Company collects, uses, stores and shares your personal data when you use its website, and our services that link to this Privacy Notice (referred to as the "Site"). References to "you" and "your" in this Privacy Notice refer to the individual (e.g. member, member's dependent, eye-care professional or non-registered visitor) about whom personal data is collected. If you do not agree with this Privacy Notice, please do not use the Site.


(a) Personal Data You Provide. When you register or otherwise interact with the Site, we may ask that you provide us with certain personal data to facilitate your use of the Site.

Members: Personal data we collect may include your name, personal or work-related email address, postal address, contact information, date of birth, gender, VSP user ID, employer’s name, benefit entitlements, bank account details, name and relationship of other persons with benefit entitlements such as your partner or children (“dependents”). In addition, you may be required to provide us with sensitive personal data related to your or your dependent’s health, such as your eye-care diagnosis and details about the eye-care treatment received and products purchased.

Eye-Care Professionals: Personal data we collect may include your name, practice name, address and contact information (incl. email address), professional details such as your certification/qualification, VSP user ID, bank account details, billing information, details of the services and products you provided to our members and foreign language capability (if applicable).

Non-Registered Users and Visitors: Any visitor of our Site can access the publicly available areas of our Site without the need to login or provide any personal data. Some features may allow us to collect personal data relating to your use of the Site (see paragraph 2(b) below) and information provided by you in comments and feedback regarding the Site. If you want to access the restricted non-public area of the Site, you will also be required to create a username and password to establish an account.

All Users: Some of the information we ask you to provide is identified as mandatory, and some as voluntary. If you do not provide the mandatory data where requested, we may not be able to provide you with the products and services you require or you may not be able to fully utilize and view the Site.

(b) Cookies and Other Technologies. We and our service providers may use cookies, web beacons – also referred to as single-pixel gifs – and other technologies. Cookies are identifiers that the Site stores on your computer's hard drive or your mobile device to facilitate the interaction between your computer or mobile device and the Site. Our cookies mainly serve the purpose of making the Site run more smoothly and to maintain a secure Site by tracking your access to and use of our Site, including recognizing log files, your VSP user ID and password, the domain from which you access the Site, the date and time you access the Site, what areas of the Site you access, the IP address, unique device identifier, and the type of device and/or web browser you use to access the Site. For more information on our use of cookies and how you can adjust your browser settings to disable our cookies, please read our cookie policy.


(a) Use by the Company. We collect, use, store and share your personal data (as further specified in paragraph 2) to facilitate the use of the Site and for the purposes more particularly described below:

Members: To manage, administer, coordinate and review the enrolment and provision of your entitlements and related services, verify your eligibility and coverage, process and administer your claims, make payments in relation to covered products and/or services subject of a claim. Within this context we may also liaise with your eye-care professional and receive or disclose certain of your personal data, including sensitive personal data in relation to your or your dependent’s health.

Eye-Care Professionals: To manage, administer, coordinate and review the provision of our member’s entitlements and related services and to process and administer claims you submit on our member’s behalf and to reimburse you in relation to covered services and/or products subject of that claim. Further purposes may include quality assessment and improvement, performance evaluations and conducting claim- and payments audits.

Registered Users: To register your account and to provide a secure interaction with the portal. To communicate with you about our services (for example, if you lose your VSP user ID or password or if changes are made to the Site’s Terms of Use or our Privacy– or Cookie Notice), respond to your inquiries and requests, conduct surveys, carry out research and analysis relating to our services and to improve our services, compliance, review and resolve issues, complaints and grievances raised by our members or eye-care professionals, transfer of data outside the European Economic Area or EEA (as further specified in paragraph 4) and for the purposes of prevention and detection of fraud/attempted fraud, occupational health, rehabilitation and underwriting.

We may also give you the option of receiving marketing communications about new products, services and promotions from the Company or our affiliates and subsidiaries. If you choose to receive such marketing communications, we will share your contact information with such affiliate or subsidiary for this purpose. You shall be entitled at all times to opt-out of receiving such communications by sending us an email to

(b) Third Party Service Providers. We sometimes hire or partner with other companies to provide part of the services on our behalf, such as sending communications, customer service, hosting our software, performing analytics, conducting research and surveys or maintaining, delivering or hosting the Site. We will only provide those companies with your personal data that they need to perform their obligations to us. We shall require them to process your personal data in strict accordance with our instructions and implement adequate technical and organizational security measures to prevent unauthorized access to or disclosure of your personal data.

(c) Affiliate Sharing. Subject to the terms of this Privacy Notice, in the normal course of performing our services, and as permitted by applicable law, the Company may share your personal data with any of its affiliates or subsidiaries.

(d) Other Sharing. Your personal data may also be disclosed to third parties during negotiations for a transfer of all or part of our business and may be transferred by us as part of that business.

(e) Sharing of De-Identified Personal Data. Personal data that is collected by our Company may be shared with unaffiliated third parties for their own research and publication, product enhancement, or product development purposes or to conduct research and publish reports on our behalf, to help improve and expand our product and service offerings, to provide general statistics and analysis regarding the consumption or delivery of our products and services, and to help improve or maintain our service quality. Personal data shared as described in this paragraph shall be de-identified and/or aggregated before being disclosed to such third parties.

(f) Required Disclosures. We reserve the right to disclose your personal data, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (1) comply with laws, legal process, or government or regulatory requests; (2) protect and defend our rights or property or one the Site; and, (3) protect the safety and security of our users, this Site, or the public.


VSP Vision Care - UK LTD is a wholly-owned subsidiary of Vision Service Plan, a US not for profit-corporation. Vision Service Plan hosts and operates our IT infrastructure and this Site. For the purposes described in this Privacy Notice, your personal data will be transferred, processed and stored in the United States. Data protection laws in the United States may not offer the same level of protection as in the EEA. We will ensure that adequate technical and organizational security measures within the meaning of UK law shall apply.


If you want to exercise your right to see a copy of the personal data that we hold about you, or think that information we hold about you may need to be corrected, want to delete all or any part of it or to object to the processing on legitimate grounds, please contact us with enquiry topic "Privacy/Data Protection", or alternatively send a signed letter to the address listed below. We will comply with all statutory time periods in responding to any requests. We may, however, limit access to your personal data where providing such access is unreasonably burdensome or expensive under the circumstances, or as otherwise permitted by applicable law. To protect your privacy and security, we may take reasonable steps to verify your identity before responding to your request.


We strive to employ appropriate technical and organizational security measures to protect your personal data. Access by you to your personal data is available through the Site after you provide your unique VSP Login ID (username and password) selected by you. We recommend that you do not divulge your password to anyone. We employ internal policies pursuant to which only selected individuals have access to the data on the server. Your personal data is encrypted at rest and the Site encrypts all communications between our server and client using secured socket layer (SSL) technology. Please be advised, however, that no data transmission over the Internet or any wireless network can be guaranteed to be 100% secure, and we cannot guarantee that your personal data will always be secure.


This Privacy Notice only applies to this Site provided by the Company, and does not apply to any third parties or their products, services or websites. If other websites are accessible through our Site, they will have their own privacy policies and practices, and the use of any personal data provided by you to such a third party will be governed by that party's privacy policy. Please consult each website's privacy policy. We are not responsible for the policies or practices of third parties, and we do not control, operate, or endorse any information, products, or services of any third-party or third party web sites that may be accessed through links from this Site.


You must be at least 18 years old to access and use this Site. We shall not knowingly collect personal information from visitors that are under 13 years of age.


We may change this Privacy Notice from time to time, and if we do we'll post any changes on this Site. If you continue to use the Site after those changes are in effect, you agree to the revised Privacy Notice, provided that we will not retroactively change how we handle your personal data without your consent. If the changes are significant, we may provide more prominent notice or get your consent as required by law.


If you have any questions about this Privacy Notice or our practices, please contact us by e-mail or regular mail.

VSP Vision Care - UK LTD
Attn: Privacy/Data Protection
The Broadgate Tower Third Floor
20 Primrose Street
London EC2A 2RS

You also have the right to contact the UK Information Commissioner's Office (ICO) in respect of any complaints in relation to this Privacy Notice or how your personal data has been used. The ICO's contact details are:

Information Commissioner's Office
Wycliffe House
Water Lane