Ireland | English

VSP Privacy Notice

Effective August, 2018

1. SCOPE OF THIS PRIVACY NOTICE

This website including the user portal (this "Site") is operated by Vision Service Plan, a corporation registered in California whose principal place of business is at 3333 Quality Drive, Rancho Cordova, CA, 95670 ("Vision Service Plan").

VSP Vision Care - UK LTD is a wholly owned subsidiary of Vision Service Plan through which it provides the vision benefit services in the UK, Ireland and France (and such other European countries VSP may elect from time to time) (the "Services").

VSP Vision Care - UK LTD, is registered in the UK under company number 07000582 with its registered office at The Broadgate Tower, Third Floor, 20 Primrose Street, London, EC2A 2RS, United Kingdom and its principal place of business at The Dairy Stonor Estate Henley on Thames Oxon RG9 6HF, United Kingdom ("VSP UK").

Vision Service Plan and VSP UK are hereinafter collectively referred to as the "Company", "we" or "VSP".

VSP's mission is to help people see. In line with this philosophy, we also wish to be transparent to you about the way we process your personal data.

We respect your rights to privacy and to the protection of your personal data. The purpose of this Privacy Notice is to explain how we collect and use your personal data when you visit this Site or when we offer you the Services.

References to "you" and "your" in this Privacy Notice refer to the individual about whom VSP collects personal data (e.g. member, member's dependent, eye-care professional or non-registered visitor).

When you interact with this Site or receive our Services, your personal data is processed as described in this Privacy Notice. When processing your personal data, both Vision Service Plan and VSP UK shall be regarded the "data controllers" and your personal data shall be processed in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "General Data Protection Regulation" or "GDPR").

VSP UK is regulated by the Information Commissioner's Office or ICO (www.ico.org.uk) and registered under Z2027437.

More information on VSP UK is available at the ICO at https://ico.org.uk/ESDWebPages/Entry/Z2027437.

2. HOW WE OBTAIN YOUR PERSONAL DATA

(a) We may obtain your personal data from a variety of sources, including information you give to us, or that we gather or learn from how you use this Site or our Services and the technology you use (for example location data from an Internet Protocol (IP) address).

(b) We may also receive your personal data from third parties (including other VSP companies), third parties who provide services to you or us (for example the eye-care professional that submits the benefits claim to VSP on your behalf) or the bank(s) involved to reimburse the benefit claims.

(c) We also gather information from public sources, such as the press and online search engines.

3. TYPES OF PERSONAL DATA COLLECTED

(a) Personal Data You Provide To Us. When you wish to register an account on this Site or receive our Services, we may ask that you provide us with certain (sensitive) personal data to facilitate your use of the Site or our Services.

Members: We collect and process various categories of personal data you provide to us throughout your relationship with us, including basic personal data such as your name, personal or work-related email address, postal address, contact details, date of birth, gender, VSP user ID, employer's name, benefit entitlements, bank account details, name and relationship of other persons with benefit entitlements such as your spouse, partner or children ("member dependents"). VSP may receive a part of this data directly from your employer upon enrolment to our Services.

Sensitive Personal Data. In those cases where you have obtained Services from an eye care professional that is not affiliated with VSP's network of eye care professionals, you will have to submit your claim for reimbursement of the Services yourself using the member portal on this Site.

As a means for VSP to establish eligibility for reimbursement of such "out of network" claim, you will be required to upload the corresponding invoice that provides proof of receipt and payment of the Services as part of the claims submission.

This invoice may on occasion contain sensitive personal data concerning your or your dependent's health such as your eye care diagnosis, details about the treatment received and/or details about the services or products purchased.

Where you have elected to obtain Services from an eye care professional that is affiliated to VSP, your eye care professional will submit such "in-network claim" with VSP on your behalf.

As we have other means of establishing eligibility of in-network claims, we do not require receipt of a corresponding invoice and we therefore do not process any health-related data as may be the case for out of network claims.

Your personal data shall not be processed in any other way as described in this Privacy Notice. In some cases, though, VSP may be obligated to disclose your personal data as described in 5(v) ("Required Disclosures").

Unless you are a registered member (or a member dependent) receiving the Services, VSP does not process any sensitive data about you.

Please note that some information we ask you to provide is identified as mandatory, and some as voluntary.

If you do not agree with us processing your personal data - including providing us your explicit consent to process data concerning your health - as described in this Privacy Notice or otherwise choose not to provide us with the mandatory data, it may not be possible for us to continue to operate your account and/or provide the Services to you.

Eye-Care Professionals: Personal data we collect about you may include your name, practice name, business address and contact information (incl. email address), professional details such as your certification/qualification, VSP user ID, bank account details, billing information, details of the services and products you provided to our members and foreign language capability (if applicable).

Non-Registered Users and Visitors: Any visitor of our Site can access the publicly available areas of our Site without the need to login or provide any personal data. Some features may allow us to collect personal data relating to your use of the Site (see "Cookies and other Technologies") and information provided by you in comments and feedback regarding the Site. If you want to access the restricted non-public area of the Site, you will also be required to create a username and password to establish an account.

(b) Cookies and other Technologies. In addition to the information you provide to us, we and our service providers may use cookies, web beacons - also referred to as single-pixel gifs - and other technologies. Cookies are identifiers that the Site stores on your computer's hard drive or your mobile device to facilitate the interaction between your computer or mobile device and the Site. Our cookies mainly serve the purpose of making the Site run more smoothly and to maintain a secure online environment by tracking your access to and use of our Site, including recognizing log files, your VSP user ID and password, the domain from which you access the Site, the date and time you access the Site, what areas of the Site you access, the IP address, unique device identifier, and the type of device and/or web browser you use to access the Site. For more information on our use of cookies and how you can adjust your browser settings to disable our cookies, please read our Cookie Policy.

4. USE OF YOUR PERSONAL DATA BY VSP

We collect, use, store and share your personal data to facilitate your use of the Site and our Services and for the purposes more particularly described below:

  • User Registration and Account Management: To register your account and to authenticate you so that we know it is you and not someone else. To communicate with you about the Services (for example, if you lose your VSP user ID or password), identity and credential management, verification and access control.

  • It is in our legitimate interest to use your personal data in this way to ensure that we provide the very best client service we can to you or others.

  • Member Service Delivery: Processing your personal data - including sensitive data concerning your or your dependent's health - is necessary for us to perform our contractual obligations we have with you when providing you the Services, including allowing you to operate your online account to manage, administer, coordinate and review the enrolment and provision of your entitlements under the Services, verify your eligibility and coverage, process, administer your claims or to receive payments associated with a claim and to respond to your inquiries and requests or complaints.


  • Any data concerning your or your dependent's health is processed for the purpose of performing our contractual obligations to you (to assess eligibility of your claim and reimbursement of covered Services).

  • Eye-Care Professionals Service Delivery: To manage, administer, coordinate and review the provision of our member's entitlements and related services and to process and administer claims you submit on our member's behalf and to reimburse you in relation to covered services and/or products subject of such a claim. Further purposes may include quality assessment and improvement, performance evaluations and conducting claim- and payments audits and to review and resolve issues and complaints raised by you.

  • It is necessary for us to process your personal data in this way to perform our obligations in accordance with any contract that we may have with you. It is in our legitimate interest to use your personal data in such a way to ensure that we provide the very best service we can to you or our members.

  • System and Network Security: It is in our legitimate interest to use your personal data to offer you the best service possible and to process it for system and network administration and security, including infrastructure monitoring, participate in cybersecurity, anti-fraud and anti-money laundering initiatives or programs, data de-identification and aggregation of de-identified data for data minimization and analysis of our Services, hosting, storage, and other processing needed for business continuity and disaster recovery, including making back-up and archive copies of personal data.

  • Improvement of our Services: It is in our legitimate interest to use your personal data to offer you the best service possible and to understand your preferences and expectations to help us improve or develop new products or services and the relevance of offers from VSP and that we continually develop and improve as an organization.

  • Marketing & Surveys: If you are an eye care provider affiliated with VSP or actively enrolled to receive our Services, it is in our legitimate interest to make use of your personal data that we collect for marketing purposes or to ask you to participate in surveys about our Services. We may for instance send you information about our Services that we feel might be of particular interest to you.
    • You can opt out from receiving future marketing messages or survey requests at any time by contacting us here or use the opt-out function in our messages you receive.
    • VSP will not share your personal data with third parties for their own marketing purposes without your permission.

  • Internal Business processes and Management

  • We may incidentally process your personal data (including sensitive data concerning your or your dependent's health) for the legitimate interest of internal business process execution and management functions including prevention and detection of fraud/attempted fraud, underwriting, (internal) auditing, record retention, legal, financial, accounting, fraud, risk assessment compliance and reporting.

5. SHARING WITH THIRD PARTIES

  • Third Party Services: For any of the purposes listed in paragraph 4, we sometimes hire or partner with other companies to provide part of the Services on our behalf. We will only provide those companies with your personal data that they need to perform their obligations to us. We shall require them to process your personal data in strict accordance with our instructions and implement adequate technical and organizational security measures to prevent unauthorized access to or disclosure of your personal data.

  • Affiliate Sharing: Subject to the terms of this Privacy Notice, in the normal course of performing our Services, for the day to day running of our business, to manage the security of our properties and to protect our business and as otherwise permitted by applicable law, we may share your personal data with any of our affiliates or subsidiaries.

  • Sharing of De-Identified Personal Data: Personal data that is collected by VSP may be shared in a de-identified and/or aggregated format as part of statistics before being disclosed to such third parties.

  • Other Sharing: Where required for a sale, reorganisation, transfer, financial arrangement, sub-participation, asset disposal or other transaction relating to VSP's business, your personal data may also be disclosed to third parties.

  • Required Disclosures: We reserve the right to disclose your personal data, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (1) comply with laws, legal process, or government or regulatory requests; (2) protect and defend our rights, property or business and, (3) protect the safety and security of our users, this Site, or the public.

Except as mentioned above, we will not sell, distribute or lease your personal data to third parties.

Archive