NOTICE OF PRIVACY PRACTICES

Securing your Personal Information is our priority, this Notice of Privacy Practice (“Notice”) is in addition to, and does not replace, Optimax Privacy Policy. Defined terms herein shall have the same meaning as defined in the Privacy Policy.
This Notice describes how we, Optimax Investment Ltd. (together with its subsidiaries, affiliates, or related companies, the “Company”, “our”, “we” or “us”), may use and disclose certain medical information about you, and how you can get access to this information. Any information which relates to eyeglasses, prescription, or the provision of eye care services, identified with an individual who is the subject of such eye care services is considered under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) as Personal Health Information (“PHI”). Therefore, even though we operate an eCommerce platform and are not considered a covered entity under HIPAA, we take the confidentiality and security of your PHI very seriously therefore we choose to adopt the strict HIPAA Rules in maintaining the PHI as further detailed below in this Notice. This Notice also describes your rights with respect to your PHI.

Customers accessing our Properties in their capacity as insured or covered member of a health or other benefit plan (“Covered Member”) are subject to certain HIPAA rules and regulations as well.

1. Treatment: We may use and disclose your PHI for treatment purposes, we may share the PHI with doctors, optometrists, and other personnel involved in your health care. This helps to coordinate your care and make sure that everyone who is involved in your care has the information that they need about you to meet your health care needs.
2. Vision and Prescription Information: When purchasing eyeglasses and contact lenses, we may request information about your medical history, vision, and prescriptions provided by a doctor or optometrist to complete the transaction and provide you with the products you purchased. In addition, we may use your vision and prescription Information to contact your prescriber for the purpose of requesting that your prescriber furnish us with a copy of your prescription. By providing your vision and prescription information, you agree and authorize us to do that.
3. Payment: We may use and disclose your PHI so that we, or health care providers can bill and collect payment from you, your insurance company, or a third party that help us submit bills and collect amounts owed. For example, we may contact your insurer, or other health care payor to determine whether it will pay for health care products and services you need and to determine the amount of your co-payment. The information on or accompanying the bill may include information that identifies you, as well as information about the services or products that were provided to you. We may also disclose your PHI to other health care providers or covered entities you are associated with, who may need it for their payment activities related to their engagement with you.
4. Healthcare Operations: We may use and disclose your PHI to improve our services, to improve our Properties, for marketing activities permitted under HIPAA (such as personalized advertising based on your past purchases), and ensure you receive quality customer service, performance evaluation, and other internal business management purposes. We may use your PHI to create de-identified data, which is stripped of your identifiable data and no longer identifies you.
5. Business Associates: We may contract with third parties to perform certain services for us, such as billing services, copy services or consulting services. These Third Party Service Providers, referred to as Business Associates and/or Business Associate Subcontractors, may need to access your PHI to perform services for us and in such case we will use our best efforts to ensure they are required by contract and law to protect your PHI and only use and disclose it as necessary to perform their services for us.
6. Family Members: We may disclose your PHI to a family member, other relative, friend, or other individual identified by you, who is involved in your medical care or payment for your care, provided you agree to this disclosure, you had an opportunity to object and did not do so, or we infer from the circumstances in our professional judgment that the disclosure is appropriate.
7. Reorders: To send you reminders for re-orders (e.g., re-orders of contact lenses), as described in the Privacy Policy.
8. As Required by Law: We will disclose your PHI when required to do so by federal, state, or local law.
9. Safety, Quality Management, Public Health, and FDA: We may disclose your PHI to relevant authorities to prevent or control product recalls, repairs, or replacements.
10. Health Oversight Activities: We may disclose your PHI for legally authorized oversight activities, such as audits, investigations, inspections, and credentialing.

2.1 Uses and disclosures other than those described in this Notice will require your written authorization. For example:

2.1.1. To Communicate with you about Health-Related Products and Services: We may use or disclose your PHI to communicate with you regarding your care and related matters. For example, we may use or disclose your PHI to provide reminders, reminders your prescription needs to be renewed or that you need to re-order lenses. We provide these services through text or email and solely subject to your consent and approval. You may withdraw your consent and opt-out of these communications at any time.

2.1.2. Marketing: With your authorization, we may use or disclose your PHI for marketing purposes.

Using information with additional protection: Certain types of PHI have additional protection under state or federal law. For those types of information, if and to the extent applicable, we are required to get your authorization before disclosing that information to others. We use third-party online tracking tools on our Properties for certain purposes, including for analyzing our users’ behavior through the Properties in order to enhance and optimize the efficiency, design, and quality of our Properties, for example, identify and repair technical errors, as well as for marketing purposes, etc.

Tracking technologies are used to collect and analyze information about how users interact with our Properties and the services therein. These third party vendors, referred as Business Associates under HIPAA, will only collect, use and disclose your PHI upon your prior authorization and as necessary to perform their services for us, in accordance with a Business Associate Agreement we execute with them.

Additional information, including the tools we use, as well as your opt-out rights, is available through our Cookie Policy here.

1. Access PHI and Receive a Copy: You have the right to review or get copies of your PHI and health related information, with limited exceptions. You may request that we provide copies in a format other than photocopies. We will use the format you request unless we cannot practicably do so. Please make such request in writing. You may obtain a paper copy at the site where you obtain health care services from us or by contacting privacy@glassesusa.com. You have the right to request a copy of your information in electronic format, and to direct us to transmit a copy of your information to a third party designated by you.
2. Alternative Communication: You have the right to request in writing that we communicate with you about your PHI by alternative means or to alternative locations. Your request must specify the alternative means or location, and provide satisfactory explanation how payments will be handled under the alternative means or location you request.
3. Restrict Uses and Disclosures of PHI: You have the right to request additional restrictions on our use or disclosure of your PHI. We are not required to agree to these additional restrictions except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, or otherwise required by law. Note, we will not disclose your health information to a health plan for purposes of payment or health care operations when the information relates solely to a service or product for which you paid out-of-pocket in full.
4. Amendment of PHI: If you feel that PHI we maintain about you is incomplete or incorrect, you may request that we amend it. Your request must be in writing, and it must explain why the information should be amended. We may deny your request under certain circumstances. You may obtain a form to request an amendment to your health information by using the contact information listed at the end of this Notice.
5. Accounting of Disclosures of PHI: You have the right to receive a list of instances in which we disclosed your PHI for purposes other than treatment, payment, health care operations, where you have provided an authorization and certain other activities, for the last 6 years (or a shorter period if our relationship with you has existed for less than 6 years). If you request this accounting more than once in a 12 month period, we may charge you a reasonable, cost based fee for responding to these additional requests.
6. PHI Breach Notification: If we become aware that your PHI has been breached and the privacy or security of the information has been compromised, you have the right to be notified of the breach without unreasonable delay and in no event later than 60 days following our discovery of the breach.

For exercising any rights or requests related to your PHI, please contact us at privacy@glassesusa.com.

• We are required by law to maintain the privacy and security of your PHI.
• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
• We must follow the duties and privacy practices described in this Notice and give you a copy of it.
• We will not use or share your information other than as described here unless you authorize us to do so. If you provide such authorization, you may revoke your authorization at any time by contacting us at: privacy@glassesusa.com.
• If a state or other law requires us to restrict the disclosure of your information beyond what is provided in this Notice, we will follow the applicable provisions of those laws.

If you have questions or would like further information about this Notice or if you feel we have violated your rights, you may file a complaint by contacting us at customercare@glassesusa.com.

You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. A complaint must be made in writing and will not in any way affect the quality of care we provide you with. We reserve the right to change this Notice and to make the revised Notice effective for PHI we already maintain or receive in the future. We will post a copy of the current Notice here.