Effective:  January 1, 2020

Your privacy is important to us at STAAR Surgical Company ("STAAR").  This privacy statement ("Statement") applies to STAAR Web sites, any mobile applications ("Apps") and digital platforms and services ("Services") (collectively, "Sites") and explains how we collect, use, disclose and otherwise process information that identifies you or from which you are identifiable (“Personal Information”). Please be sure to read this entire Statement before using or submitting information to our Sites.

Personal Information Collected We collect information from you in various ways when you use our Sites. We may collect Personal Information you directly provide on our Sites.  In addition, we may collect Personal Information you generate as a user of our Sites or if you are a patient, which you provide to a healthcare professional or an institutional healthcare provider (collectively, "Providers"). Personal Information we may collect includes name, email address, phone number, gender, date of birth and zip code.

Where we collect and process Personal Information about your health or medical status (i.e., “Sensitive Personal Information”) this information may be subject to stricter requirements than other Personal Information. Before providing (or consenting to the disclosure of) Sensitive Personal Information to us, we urge you to carefully consider whether to disclose such information.

In addition, some information may be automatically collected when you visit our Sites – please see Section on Cookies below. 

If you are a Provider, you are responsible for providing adequate notice to, and obtaining any legally required authorization, consent or other permission from, your patients prior to providing their Personal Information to STAAR through the Sites (though STAAR does not request patient Personal Information). By submitting any Personal Information about a patient to STAAR, you represent and warrant to STAAR that you have provided adequate notice to and obtained all required consents from patients to do so.

Interactive Services

If you choose to participate in our questionnaires and surveys and other interactive Services, we will collect Personal Information that you disclose, to help us better understand how STAAR products are used in addressing visual conditions for which they are marketed.

The information you provide through interactive Services may be combined (subject to all applicable laws) with the Personal Information provided elsewhere in or through the Services. We may combine your and others' Personal Information to create summary data that we will use for our business purposes, such as research to improve our products and analyses that may help us better market our products.

If you submit Sensitive Personal Information (e.g., health-related information) through the Services to participate in a clinical trial, sweepstake or otherwise, we may use such Sensitive Personal Information to assess whether you qualify for enrollment or participation, to contact you about potential participation, and to provide you with additional information.

You may provide information to be published or displayed ("Posted") on public areas of the Services (collectively, "User Contribution"). If you post User Contributions then you do so at your own risk. STAAR does not control the actions of third parties with access to your User Contributions.

Cookies We may automatically collect certain information through the use of "cookies." Cookies are small data files that are stored on your hard drive by a Web site, which the site may then use to identify you on your next visit.  Among other things, the use of cookies helps us to improve our Sites and your experience.  We use cookies to see which areas and features are most popular, to count the number of computers accessing our Sites, to personalize your experience, and to remember your preferences.

A "web beacon" is a piece of code that enables us to monitor user activity and website traffic. A "cookie" is a randomly-generated unique numeric code stored in the user's web browser settings or computer's hard drive. A cookie typically contains the name of the domain (internet location) from which the cookie originated, the "lifetime" of the cookie (i.e., when it expires), as well as the randomly generated unique numeric code.

We link the information we store in cookies to any personally identifiable information you submit while on our Sites.  If you prefer not to receive cookies on this website, you can set your browser (such as internet explorer, Google Chrome, Mozilla Firefox, etc.) to warn you before accepting cookies and refuse the cookie when your browser alerts you to its presence. You can set your browser not to accept cookies, but if you do so or if you reject a cookie, you may not be able to access some of the features or services of our Sites.  We may track your activities over time and across third-party websites, apps or other online services to display advertisements on third-party websites. If you do not want us to use your information in this way, please see "Your Privacy Choices" below. For more information about our digital advertising practices, please see "Digital Advertising" below.

If our third party vendors, consultants and other service providers ("Service Providers") use cookies, their use is not covered by this privacy statement.  We do not have access or control over those cookies.  Our Service Providers use session ID cookies to collect data in order to enable us to provide a better user experience.

Google, as a third party vendor, uses cookies to serve ads. Google's use of the first party cookies (such as Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) enables it to serve ads to you based on your visit to our Sites and other sites on the Internet. Additionally, these cookies are used to generate a report on how our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our Sites. Users may opt out of the use of the cookie by visiting the Google ad and content network privacy Statement here: adssettings.google.com or http://optout.networkadvertising.org/#!/.

Connecting with Social Media through the Services

Certain Services may link with social media platforms and social media plug-ins (e.g., the Facebook "Like" button, "Share to Twitter" button) (collectively, "Social Media"). When accessing the Services through a Facebook or other Social Media account, STAAR may (depending on the applicable user privacy settings) automatically have access to information provided to or through the Social Media platform. STAAR may collect and use this information for the purposes described in this Privacy Statement or at the time the information was collected.

Connecting with Social Media through Service Providers

Third parties that assist us with our business operations also collect and use information (including Personal Information and "Usage Data" (i.e., information about an individual's activity on or through the Services that, by itself, does not identify the individual, such as browser type, operating system and webpages visited)) through the Services and also may share the collected information with us. For example, our vendors collect and share information with us to analyze use of the Services, to help us detect and prevent fraud and to improve user experience.

Use of your Personal Information We use your Personal Information as necessary to perform a contract (e.g., to respond to your enquiries, to register you for an account with us,  to provide you with our Services), to comply with a legal obligation (e.g., for fraud and security monitoring purposes), for reasons of public interest in the area of public health (i.e., for our medical device vigilance obligations) or for our legitimate business interests (e.g., to operate and improve our Sites, to send you messages, and for other purposes described in this Privacy Policy or disclosed to you on our Sites or in connection with our Services).  For example, we may use the information we collect from you on our Sites:

  • to personalize and improve your experience on our Sites;
  • to respond to comments and questions and provide customer service;
  • to deliver service messages and other services and content you request and to send information related to accounts and services, including confirmations, invoices, technical notices, updates, security alerts, and support and administrative messages;
  • to send you information about new promotions, products, and services offered by STAAR and our selected partners;
  • to conduct an aggregated analysis of the performance of promotions; and
  • to use Remarketing with Google Analytics to advertise online.

STAAR may store and process Personal Information in the United States or in other countries.

Where required by applicable law, we (or a Provider on our behalf) will obtain your consent to our use of your Personal Information – for example, for the processing of your Sensitive Personal Information.

Sharing of Personal Information We share information, including Personal Information, with our third party service providers to perform the functions for which we engage them, such as data analysis, system design and maintenance, customer services and for marketing and promotions.  We may also share Personal Information with third parties to (a) comply with laws or respond to lawful requests and legal process, (b) protect the rights and property of STAAR, our agents, members, and others including to enforce our agreements, policies and terms of use, (c) respond to an emergency or protect the personal safety of any person in the good faith belief that disclosure is needed for that purpose; or (d) in connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.  In any such event, we will provide notice if your data is transferred and becomes subject to a different privacy statement.

Social Media Plugins

When you use the Services, Social Media operators can place a cookie on your computer to recognize individuals who have previously visited the Services. If you are logged into a Social Media account while using the Services, the social plugins allow that Social Media to receive information that you have accessed and used the Services. The social plugins also allow the Social Media operator to share information about your activities in or through the Services with other Social Media users. For example, Facebook Social Plugins allows Facebook to show your Likes and comments on our pages to your Facebook friends. Facebook Social Plugins also allows you to see your friends' Facebook activity through the Services. STAAR does not control any of the content from the Social Media plugins. For more information about Social Media plugins, please refer to the privacy statements and other legal notices of the Social Media platform.

Digital Advertising

We use third-party advertising companies to serve ads on other websites and digital services. These companies may use information obtained from data collection tools in order to measure advertising effectiveness and to provide advertisements of interest to you.

You can opt out here so as not to receive targeted ads from use of the tools, but this will not affect any general advertisements you may receive.

Security and Retention of Your Personal Information STAAR takes reasonable security measures to protect your personal information to prevent loss, misuse, unauthorized access, disclosure, alteration, and destruction.  Please be aware, however, that despite our efforts, no security measures are impenetrable.  If you use a password on our Site, you are responsible for keeping it confidential.  Do not share it with any other person.  If you believe your password has been misused, please advise us immediately.

We retain information as long as it is necessary and relevant for our operations. In addition, we retain Personal Information to comply with applicable law, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Service, and other actions. When STAAR no longer needs your Personal Information for our business purposes, we dispose of it. The criteria used to determine the retention periods include: (i) how long the Personal Information is needed to provide the Services and operate the business; (ii) the type of Personal Information collected; and (iii) whether we are subject to a legal, contractual or similar obligations to retain the Personal Information (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes).

We employ security measures intended to help protect the security of all information submitted through the Services. The security of information transmitted through the internet cannot, however, be guaranteed. We are not responsible for any interception or interruption of any communications or for changes to or losses of data through the internet. Users of the Services are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of the Services. Any access to the Services through your user ID and password will be treated as authorized by you. To help protect your Personal Information, we may suspend your use of all or part of the Services, without notice, if STAAR suspects or detects any breach of security. Unauthorized access to such areas is prohibited and may lead to criminal prosecution.

Choices about Use of Your Information. You may "opt-out" of receiving promotional emails from STAAR by following the instructions in those emails.  You may also send requests relating to promotional messages and your permission for sharing information with third parties for their marketing purposes by emailing [email protected]  Opt-out requests will not apply to transactional service messages, including messages about any current STAAR account or Services.  You may "opt-out" of providing requested information on Sites, but then you may not be able to use the Site as intended.

Updating and Accessing Your Personal Information. If your Personal Information changes, we invite you to correct or update your information as soon as possible.  You can request changes or access to your information by emailing [email protected] If you wish to cancel your account, request that we no longer use your information to provide you services or delete your Personal Information, contact us at [email protected] 

Users in the European Union.  The following terms (in addition to all other terms in this privacy policy) apply to users in the EU. 

For the purposes of EU data protection laws, STAAR is the data “controller” (i.e., the organization that determines the purposes and means of processing) for the Personal Information that you submit to our Sites.  Please see the “Contacting Us” section below for STAAR’s contact information and the contact information of its data protection representative in the EU.

STAAR may transfer your Personal Information from the European Economic Area (EEA) to the United States.  The European Commission has not determined that the laws in the United States (outside of the Privacy Shield Framework) provide an adequate level of protection for personal information.  Your personal information may be at greater risk once it is transferred to the United States due to such absence of an adequate level of protection.  Notwithstanding the foregoing, STAAR commits to using reasonable security measures to protect your personal information as described in this privacy policy.

STAAR’s uses and shares your personal information (i) based on your consent, (ii) as needed to comply with applicable law, (iii) as needed for the performance of tasks in the public interest in the area of public health, (iv) as necessary for pursuing STAAR’s legitimate interests, such as ensuring its network and information security, preventing fraud, and for its direct marketing activities, and (v) as necessary for the establishment, exercise or defense of legal claims.

Individuals in the EU have certain data subject rights which may be subject to limitations and/or restrictions. These rights include the: (i) right to request access to and rectification or erasure of their Personal Information; (ii) right to request restriction of processing or to object to processing of their Personal Information; and (iii) right to ask for a copy of their Personal Information to be provided to them, or a third party, in a digital format (data portability).  Individuals in the EU also have the right to withdraw consent for the processing of their Personal Information at any time, however, such withdrawal will not affect the lawfulness of processing of Personal Information that occurred prior to the consent being withdrawn. If individuals in the EU want to exercise any of their rights they can contact us at [email protected] Individuals in the EU also have the right to lodge a complaint about the processing of their Personal Information with their local data protection authority. 

You are not required to provide us with your personal information, however, if you choose not to provide us with your personal information, you may not be able to fully utilize our Sites.

 

How We Respond to Browser "Do Not Track" Signals

Some web browsers incorporate a "do-not-track" or similar feature that signals to websites with which the browser communicates that a visitor does not want to have his/her online activity tracked. If a digital service that responds to a particular DNT signal receives the DNT signal, the browser can block that digital service from collecting certain Personal Information about the browser's user. As of the Effective Date not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, STAAR along with many other digital service operators do not currently respond to DNT signals. For more information about DNT signals, visit allaboutdnt.com.

Notice to Residents of Countries outside the U.S. STAAR is headquartered in the United States of America. Your Personal Information may be accessed by or transferred to the United States or to our affiliates and data processors elsewhere in the world. By providing us with your Personal Information, you consent to this transfer to the U.S. which your country may not consider to provide for adequate privacy protections. We will always protect the privacy and security of your Personal Information as expressed in this Statement, regardless of where it is processed or stored. You may withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Privacy Policies of Third Parties This Privacy Statement only addresses the use and disclosure of information by STAAR. We may provide links to outside websites or advertisements for third parties that have their own privacy policies and data collection, use and disclosure practices. Our business partners have their own privacy policies too. We encourage you to familiarize yourself with the privacy statements provided by all third parties prior to providing them with information or taking advantage of an offer or promotion.

Children's Privacy The STAAR website and applications are not intended to attract children, and we do not knowingly collect any Personal Information of anyone under the age of 13. If you believe your child is using our website, please contact us at [email protected] so we can investigate and delete any inappropriate information.

Links to Other Sites Our Site includes links to other Web sites whose privacy practices may differ from those of STAAR.  If you submit personal information to any of those sites, your information is governed by their privacy statements.  We encourage you to carefully read the privacy statement of any Web site you visit.

Testimonials We post customer testimonials on our Web site which may contain Personal Information.  We do obtain the customer's consent via email prior to posting the testimonial to post their name along with their testimonial.  If you wish to request that your testimonial be removed you may do so by emailing us at [email protected]

Public Forums Our Web site offers publicly accessible blogs or community forums.  You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.  To request removal of your Personal Information from our blog or community forum, contact us at [email protected]  In some cases, we may not be able to remove your Personal Information, in which case we will let you know if we are unable to do so and why.

Changes to This Statement STAAR may change this Statement from time to time, including using collected information for new, unanticipated uses not previously disclosed.  If we make any changes to this Statement to reflect changes in collection or dissemination of information, we will change the "Last Updated" date above.  We encourage you to review this Statement whenever you visit our Sites to understand how your Personal Information is used.

Job Applicants If you have applied for employment with STAAR or one of its affiliates, the Personal Information submitted with your job application will be used to process and consider your job application and where in our legitimate interest for business management purposes. STAAR will not sell the information on your application to unaffiliated third-parties for their marketing purposes. We may share the information on your applications with recruiters, consultants, attorneys, background services and our affiliates. The information on your application may also be used for certain regulatory, compliance and legal purposes, consistent with this Privacy Policy. Should we enter into an employment contract with you we will provide further notification to you about the processing of your Personal Information as an employee.

California Privacy Rights 

The California Consumer Privacy Act of 2018 (“CCPA”) provides certain rights to users of our Sites and others who reside in the State of California (“CA Consumers”).  Below is a description of STAAR’s practices regarding the collection, use and disclosure of personal information regarding CA Consumers and of CA Consumers’ rights concerning their personal information.

CA Consumers have the right to request that STAAR disclose what personal information it collects, uses, discloses and sells.  Specifically, a CA Consumer may request details concerning any or all of the following: (i) specific pieces of personal information that STAAR has about the CA Consumer; (ii) categories of personal information STAAR has collected about the CA Consumer; (iii) categories of sources from which the personal information is collected; (iv) categories of personal information about the CA Consumer that STAAR sold or disclosed for a business purpose; (v) categories of third parties to whom the personal information was sold or disclosed for a business purpose; and (vi) the business or commercial purpose for collecting or selling personal information.  To make any of these requests, please either email STAAR at: [email protected] or call 888.909.0123.  Once STAAR receives your request, we will need to verify that you are the person about whom STAAR has collected personal information.  Depending on the type of request you make, STAAR may require you to provide additional information about yourself as part of this verification process; STAAR will inform you of the specific information it requires (if any) to verify your identity after it receives your request.

Please be aware that STAAR does not and will not sell personal information about any CA Consumers, including but not limited to any information about minors.

The chart below describes the categories of CA Consumers’ personal information STAAR has collected in the last 12 months, categories of sources from which that information was collected, the business or commercial purpose for which the information was collected, and the categories of third parties with whom STAAR shares such personal information:

Category of personal information STAAR has collected

Category of source from which information was collected

Business/commercial purpose for which information was collected

Categories of third parties with whom STAAR shares personal information

 

Identifiers (e.g., name, online identifier, email address and similar identifiers)

 

CA Consumers; STAAR’s customers, suppliers and distributors

For STAAR’s provision of customer service; billing and payment purposes; marketing purposes; handling of complaints; STAAR’s compliance with applicable regulations; verifying or maintaining the quality and safety of STAAR’s products

 

Existing vendors/service providers; STAAR’s customers, suppliers and distributors; regulatory agencies

Health information

 

 

CA Consumers; STAAR’s customers; research collaborators

For handling of complaints; STAAR’s compliance with applicable regulations; auditing purposes; STAAR’s provision of customer service; verifying or maintaining the quality and safety of STAAR’s products

 

Regulatory agencies; STAAR’s customers; auditors

Commercial information (e.g., account/payment information, products/services purchased)

 

CA Consumers; STAAR’s customers and suppliers

 

For STAAR’s provision of customer service; marketing purposes; billing purposes; financial and accounting purposes

 

Existing vendors/service providers; STAAR’s customers and suppliers

Internet or other electronic network activity information (e.g., search history, information concerning a consumer’s interaction with website)

 

CA Consumers

To optimize and maintain STAAR’s websites and systems; to detect security incidents and protect website security; for data analysis, marketing and advertising purposes; provision of customer service

 

Existing vendors/service providers

Employment-related information

 

CA Consumers; STAAR’s employees; job applicants

To fulfill STAAR’s legal obligations; for STAAR’s legitimate interests and business purposes; financial purposes

 

Existing vendors/service providers; financial auditors

 

In the last 12 months, STAAR has disclosed all of the categories of personal information included in the chart above (i.e., identifiers, health information, commercial information, internet or other electronic network activity information, and employment-related information) to third parties for a business or commercial purpose.

CA Consumers have the right to request the deletion of their personal information which is collected or maintained by STAAR.  To make a deletion request, please either email STAAR at: [email protected] or call 888.909.0123. Once STAAR receives your request, as described above STAAR will verify that you are the person about whom STAAR has collected personal information.  Please be aware that there are certain exceptions to the right of deletion of personal information.  STAAR will inform you if there is any such exception when responding to your request.

CA Consumers also have the right not to receive discriminatory treatment for the exercise of privacy rights conferred by the CCPA.  STAAR will not discriminate against any CA Consumer for his/her exercise of those rights.

A CA Consumer may use an authorized agent (which may be another person or a business entity registered with the CA Secretary of State) to submit any of the requests described above on the CA Consumer’s behalf.  The authorized agent should follow processes specified above for submitting such requests.  When a CA Consumer uses an agent to submit a request, STAAR may require the CA Consumer to provide the agent with written permission to do so and may also require the CA Consumer to verify his/her own identity directly with STAAR.  STAAR may deny a request from an agent that does not submit proof that the agent has been authorized by the CA Consumer to act on the CA Consumer’s behalf.

CA Consumers may contact STAAR with questions or concerns about STAAR’s privacy policies or practices.  Please see the section below (“Contacting Us”) for STAAR’s contact information.

Contacting Us

All enquiries, requests or concerns regarding this Privacy Policy or relating to the processing of your Personal Information including all requests as detailed in Section “Users in the European Union” above, should be sent to: Privacy Office 1911 Walker Avenue, Monrovia, CA  91016, Email: [email protected]

Be sure to include your name, address, and email address if you want to receive a response by email. Otherwise, we will respond by postal mail within the time required by applicable law.

You may also contact our data protection representative: STAAR Surgical AG Niederlassung

Germany at Harksheider Str. 3, 22399 Hamburg, Germany, Email: [email protected].