Privacy Policy

1 Introduction

Alexander Optical Corporation (“Alexander Optical”, “we”, “us”) uses a number of safeguards to protect the privacy of Users of the Alexander Optical Platform and the confidentiality of their Personal Information including Personal Health Information (“Collective Information”). When discussing Eyecare Services, Information typically refers to Personal Health Information (“PHI”), and when discussing our Services, Information typically refers to Personal Information that is not specifically about you or your health (“Information”), such as information in questions you would be comfortable asking of business or insurance companies.

This Privacy Policy (“Policy”) summarizes how Alexander Optical collects, uses, discloses, retains, disposes of, destroys and protects Information as well as Data (information that does not identify an individual) in the course of providing our Services. We are committed to complying with this Policy and with Provincial and Federal privacy legislation.

Please note that this Policy does not apply to the collection, use, retention, disposal, destruction, and protection of Collective Information by the third-party independent Eyecare Professionals (as defined in the Terms of Service). Eyecare Professionals are subject to additional privacy legislation and professional requirements that govern their management of PHI, including Collective Information they collect, use and retain in the course of providing Eyecare Services through the Alexander Optical Platform. Please feel free to ask any Eyecare Professional to whom you receive Eyecare Services from if you have any questions about how they will Protect your PHI.

1.1 Privacy Statement

Thank you for using Alexander Optical, your trust is important to us and we’re committed to protecting the privacy and security of your Information. By providing you Information you help us provide a great experience with the Alexander Optical Platform. We are committed to protecting all the Information we collect and ensuring that Information is handled properly. Our Privacy Policy is designed to inform our Personnel, Users and Third-Parties of our commitment to compliance with the PHI Act and the Freedom of Information and Protection of Privacy Act.

Alexander Optical places a high value on privacy and is committed to respecting the privacy of our Users. We recommend you read this Privacy Statement carefully, as your continued use of the Alexander Optical Platform will be considered your consent to the terms and practices described in this Policy. If you do not consent, please exit and cease usage of the Alexander Optical Platform.

1.2 Definitions

· “Alexander Optical”, “We” and “Us” refers to the administrative Service provider that facilitates Clinics for all User types.

· “Alexander Optical Platform” means the hardware, software, applications, websites, content, products and Services owned, operated and administered by us, which includes the software that enables Eyecare Professionals to provide Eyecare Services.

· “Clinic” means the organized event where Eyecare Professionals will provide Eyecare Services.

· “Collective Information” is the combination of Information and PHI.

· “Data” means information collected or compiled through the Alexander Optical Platform which has been de-identified.

· “Eyecare Professional” means either an Optometrist or Optician who is registered to practice Eyecare Services in Ontario, meets Alexander Optical’s other criteria, and is permitted to provide Eyecare Services through the Alexander Optical Platform.

· “Eyecare” means any observation, examination, assessment, care, service or procedure that is provided by an Eyecare Professional to an individual to diagnose, treat, or maintain the individual’s physical or mental condition, to prevent disease or injury to the individual, or to promote the individual’s health.

· “Eyecare Services” means the provision of Eyecare by an Eyecare Professional through the Alexander Optical Platform.

· “Electronic Medical Record” or “EMR” refers to the independent third-party service provided for the storage and protection of PHI

· “Host” has the same meaning as in the Terms of service

· “Patient” has the same meaning as in the Terms of service

· “Personal Information” or “Information” means information about an individual that is identifiable, but is not PHI, and which is collected, created, compiled, used, disclosed or otherwise transmitted and/or stored on or by means of the Alexander Optical Platform.

· “Personnel” in relation to Alexander Optical, means our employees and agents including independent contractors and sub-contractors, for whom Alexander Optical is responsible at law.

· “Personal Health Information” or “PHI” means information about an individual’s health or Eyecare that is subject to Health Information Privacy Law and that is collected, created, compiled, used, disclosed or otherwise transmitted and/or stored on or by means of the Alexander Optical Platform but is controlled by Eyecare Professionals.

· “Services” means the provision of administrative, informational, event management, payment processing and any other Service Alexander Optical and/or Third-Party Service Providers provide to Users (with exception to Eyecare Professionals).

· “User” and “Users” means an individual or corporate representative who has registered and created a User Account on the Alexander Optical Platform in accordance with our Terms of Use and is thereby eligible to receive access to the Alexander Optical Platform and Alexander Optical Services (as appropriate).

1.3 Purpose

The purpose of this Privacy Policy is to describe how and when Alexander Optical collects, uses and shares Information about you through the ALEXANDER OPTICAL Platform and associated licensed systems by us. If you do not understand any aspects of our Privacy Policy, please feel free to contact us via the contact page or as described at the end of this Policy.

The Privacy Policy applies to Information about the Users of the Alexander Optical Platform that is collected, used or disclosed by Alexander Optical. This Privacy Policy does not apply to information about the employees of Alexander Optical, an internal Privacy Policy applies to said individuals.

Our Privacy Policy Explains:

· What Information we collect;

· How we collect Information;

· How we use your Information;

· How we store and protect your Information;

· How to access your Information;

· Who has access to what parts of your Information;

· How we destroy your Information when required; and

· How to contact us for additional Information.

2 Collection of Information

Alexander Optical collects Information only as necessary to provide our Services, including to develop, assess, and improve our Services. We only collect Information if non-identifying Data will not suffice. We minimize our collection and use of Information to what is necessary for these purposes.

Eyecare Professionals are responsible for their collection, use, disclosure, retention, destruction and protection of PHI they are custodian of.

2.1 Information we Collect

It is necessary for us to collect certain Information from our Users; this Information is categorized into one of four groups;

· Information required for the use of the Alexander Optical Platform or Services;

· Optionally given information;

· Information automatically collected from your use of the Alexander Optical Platform or Services; or

· Information collected from Third-Parties.

2.1.1 Required Information

The following Information is required to be collected through the Alexander Optical Platform in order for you to receive Alexander Optical Services and/or Eyecare Services.

2.1.1.1 Collective Information

Collective Information we require Users to submit includes both Personal Information and PHI. We ask for and collect the following Collective Information about you when you use the Alexander Optical Platform. This Collective Information is necessary for the adequate performance of the contract between you and us and to allow us to comply with our legal obligations. Without it, we may not be able to provide you with all the requested Services.

· User Account Information. When you sign up for a User Account, we require certain Information such as your first name, last name, email address, and date of birth.

· Profile Information. For the provision of Services, we require Users to provide their mailing address, a valid email address and phone number.

· PHI. After scheduling your initial Appointment, and biannually after this, we ask you to fill out a ‘Patient Intake Form’, for the exclusive use of the Eyecare Professionals who you receive Eyecare Services from. The PHI required from you for the purpose of Eyecare Services includes (but is not limited to) your Health Card Number (or equivalent), health conditions, and medical history.

· Identity Verification Information. To help create and maintain a trusted environment, we may collect identity verification information (such as images of your government issued ID, Health Card, Professional License, and/or driving license, as permitted by applicable laws and as appropriate) or another authentication information.

· Payment Information. To use certain features of the Alexander Optical Platform (registering as an Eyecare Professional or purchasing eyewear), we may require you to provide certain financial information (like your bank User Account or credit card information) in order to facilitate the processing of payments.

· Communications with Alexander Optical. When you communicate with Alexander Optical, we may collect the Information you provide and/or Information about the means of communication. Collective Information and communications between Eyecare Professionals and Patients are not accessible to/collected by Alexander Optical.

· User content. We may collect Information that you submit when you contact Alexander Optical customer support, provide ratings or compliments for other Users, or otherwise contact Alexander Optical.

2.1.1.2 Payment Information

We use a Third-Parties Payment Processing Company to process payments.

The Payment Processing Company needs to collect the following Information for the purchase of Goods and Services and to comply with applicable law (such as anti-money laundering regulations). Without it, you will not be able to use the Payment Processing Services:

· Payment Information. When you use the payment processing Services, the Payment Processing Company requires certain financial information (like your bank User Account or credit card information) in order to process payments and comply with applicable law.

· Identity Verification and Other Information. If you are an Eyecare Professional, the Payment Processing Company may require identity verification Information (such as images of your College issued license or other authentication information, your date of birth, your address, email address, phone number and other information) in order to verify your identity, provide the Payment Processing Services to you, and to comply with applicable law.

· Insurance Information. If you have coverage for Eyecare Services from a public of private insurance provider, we will be required to collect this Information in order to process your insurance claim.

2.2 Optional Information

You may choose to provide us with additional Information in order to obtain a better User experience when using the Alexander Optical Platform. This additional Information will be processed based on our legitimate interest or when applicable, with your consent.

· Additional Profile Information. You may choose to provide additional Information as part of your Profile (such as gender, preferred language(s), city, and eyewear preferences). Some of this Information as indicated in your User Account settings is part of your public Profile and may be publicly visible to others. Some features and Services may be limited by User Account Type.

· Relationship Links. You may choose to link your relationship to other Users such as family Users or employers. This may be beneficial for payment processing or group rates (if applicable).

· Other Information. You may otherwise choose to provide us Information when you fill in a form, update or add Information to your User Account, respond to surveys, post to community forums, participate in promotions, communicate with our customer care team, share your experience with us or use other features of the Alexander Optical Platform.

2.3 Automatically Collected Information

When you use the Alexander Optical Platform and the Payment Processing Services, we automatically collect Information about the Services you use and how you use them. This Information is necessary for the adequate performance of the contract between you and us, to enable us to comply with legal obligations and given our legitimate interest in being able to provide and improve the functionalities of the Alexander Optical Platform and Payment Processing Services.

· Appointment Information. We collect Information relating to any Appointments you make on the Alexander Optical Platform, including the IP address of the device used to place the order to help protect against theft, fraud and unauthorized access to a User Account, and payment Information (e.g. your credit card number) using the secure Services of our payment processors. We may use the Information about the relationship between Host organizations and Patients that make Appointments at their Facility. We use this Information to authenticate Profiles, and to allow you to select previously used Facilities for future Appointments.

· Geo-location Information. When you use certain features of the Alexander Optical Platform, we may collect Information about your precise or approximate location as determined through Data such as your IP address or mobile device’s GPS to offer you an improved User experience. Most mobile devices allow you to control or disable the use of location Services for applications in the device’s settings menu. Alexander Optical may also collect this Information even when you are not using the app if this connection is enabled through your settings or device permissions.

· Usage Information. We collect Information about your interactions with the Alexander Optical Platform such as the pages or content you view, your product preferences, Appointments you have made, and other actions on the Alexander Optical Platform.

· Log Data and Device Information. We automatically collect log Data and device information when you access and use the Alexander Optical Platform, even if you have not created a User Account or logged in. That information includes, among other things: details about how you’ve used the Alexander Optical Platform (including if you clicked on links to Third-party applications), IP address, access dates and times, hardware and software information, device information, device event information, unique identifiers, crash Data, cookie Data, and the pages you’ve viewed or engaged with before or after using the Alexander Optical Platform.

· Cookies and Similar Technologies. We use cookies and other similar technologies when you use the Alexander Optical Platform, use our mobile app, or engage with our online ads or email communications. We may collect certain Information by automated means using technologies such as cookies, web beacons, pixels, browser analysis tools, server logs, and mobile identifiers. In many cases the Information we collect using cookies and other tools is only used as Data. For example, we may use Data we collect to better understand website traffic patterns and to optimize the ALEXANDER OPTICAL Platform experience. In some cases, we associate the Information we collect using cookies and other technology with your Personal Information. Our third-party affiliates may also use these tracking technologies on the Alexander Optical Platform or engage others to track your behavior on our behalf.

· Payment Transaction Information. The Payment Processing Company collects Information related to your payment transactions through the Alexander Optical Platform, including the payment instrument used, date and time, payment amount, payment instrument expiration date and billing postcode, email address, IBAN information, your address and other related transaction details. This Information is necessary for the adequate performance of the contract between you and Alexander Optical and to allow the provision of the Payment Services.

2.4 Information Collected from Third-Parties

Alexander Optical may collect Information that others provide about you when they use the Alexander Optical Platform and the Payment Processing Services, or obtain Information from other sources and combine that with Information we collect through the Alexander Optical Platform and the Payment Processing Services. We do not control, supervise or respond to how the third parties providing your Information process your Information, and any information request regarding the disclosure of your Information to us should be directed to such third parties.

· Third-party Services. If you link, connect, or login to your User Account with a third-party service (e.g. Google, Facebook, Twitter), the third-party Service Provider may send us Information such as your registration and Profile Information from that service. This Information varies and is controlled by that Service Provider or as authorized by you via your privacy settings at that service. It is the responsibility of the Service Provider who provides the Information to ensure accuracy and completeness.

· Eyecare Professionals. In order to fully provide the Eyecare Services you request, the third-party, independent, Eyecare Professionals will enter your PHI into your Profile for your access and information. Alexander Optical is not party to this Information as it is the PHI portion of your Services.

· Feedback. If someone has written feedback about an Eyecare Professional, it may be published on their Profile page with their consent.

· Background Information. We may require Eyecare Professionals and some Hosts to provide verification and background Information, however Alexander Optical may input missing and/or additional information acquired by research if we believe it to be pertinent or relevant.

· Referrals. If you wish to acquire Alexander Optical Services by referral of an Eyecare Professional, the Eyecare Professional may provide us with contact information for you.

· Other Sources. To the extent permitted by applicable law, we may receive additional Information about you, such as demographic Data or Information to help detect fraud and safety issues, from Third-party Service Providers, and combine it with Information we have collected. For example, we may receive background check results (with your consent where required) or fraud warnings from Service Providers like identity verification services for our fraud prevention and risk assessment efforts. We may receive Information about you and your activities on and off the Alexander Optical Platform through communications with professional Colleges (i.e. the College of Optometry), or about your experiences and interactions from previous Clients and/or Patients.

2.5 Information about Minors

The Alexander Optical Platform is not intended for use by individuals under the age of eighteen (18) and we do not knowingly collect any Collective Information directly from individuals under the age of eighteen (18). If you are under the age of eighteen (18), please do not attempt to register with us or provide any Information about yourself to us. If we learn that we have collected Information from a child under the age of eighteen (18), we will promptly delete that information. If you believe we have collected Collective Information from a child under the age of thirteen (13), please Contact Us or call us at 416-613-1270.

2.6 Eyecare Services

Eyecare Professionals may collect PHI about you when you provide it during the intake process or the provision of Eyecare Services (e.g., verbally or through a form), by viewing the PHI that you have entered or uploaded to the Alexander Optical Platform and/or by creating or compiling Collective Information in the Alexander Optical Platform. Information that may be available to Eyecare Professionals includes: the details that you provide in your Patient Intake Form; Information you’ve entered or uploaded to Profiles and medical records; Information created during earlier interactions through the Alexander Optical Platform with other Eyecare Professionals; the name, email address, phone number, gender and date of birth and province/territory that you provided when you registered; and your emergency contact’s name and contact information.

3 Use of Information

Please note, your PHI will not be used in any way other than for the purpose of Eyecare Services by verified Eyecare Professionals, unless required by law (at the discretion of the Eyecare Professionals).

3.1 How we Use Information we Collect

Alexander Optical uses the Information we collect to enable reliable and convenient Service and in order to provide a channel of communication between Eyecare Professionals and their Patients. We also use the Information we collect in the following ways:

· To enhance the safety and security of our Users and Services;

· For customer support;

· For research and development;

· To enable communications to or between Users;

· To provide promotions or events; and

· In connection with legal proceedings.

Alexander Optical does not sell or share your Information to third-parties for any purpose other than identified herein.

3.1.1 Providing Services & Features

Alexander Optical uses the Information we collect to provide, personalize, maintain and improve our Services. This includes using the Information to:

· Create and update your User Account;

· Verify your identity;

· Create locations based on Hosts Facilities;

· Process or facilitate payments for those Services;

· Offer, obtain, provide or facilitate insurance claims or financing solutions in connection with our Services;

· To schedule Clinics;

· Enable features that allow you to share information with other Users, such as when you submit a Patient Intake Form;

· Enable features to personalize your User Account, such as creating relationship links;

· Enable Accessibility features that make it easier for Users with disabilities to use our Services;

· Perform internal operations necessary to provide our Services, including to troubleshoot software bugs and operational problems, to conduct Data analysis, testing, and research, and to monitor and analyze usage and activity trends.

3.1.2 Improvements & Changes to the Alexander Optical Platform

We may use Information to provide, improve, and develop the Alexander Optical Platform such as to:

· Enable you to access and use the Alexander Optical Platform;

· Enable you to communicate with other Users;

· Operate, protect, improve, and optimize the Alexander Optical Platform and experience, such as by performing analytics and conducting research;

· Provide customer service;

· Provide feedback to Eyecare Professionals;

· Send you service or support messages, updates, security alerts, and User Account notifications;

· We may process your contact information: (i) to facilitate your referral invitations, (ii) send you requests for references, (iii) for fraud detection and prevention, and (iv) for any purpose you authorize; and

· To operate, protect, improve, and optimize the Alexander Optical Platform and experience, and personalize and customize your experience and facilitate claims with your Health Insurance, Liability Insurance, other types of Insurance or other similar protection programs, we conduct profiling based on your interactions with the Alexander Optical Platform, your Profile Information and preferences, and other content you submit to the Alexander Optical Platform.

We process this Information for these purposes given our legitimate interest in improving the Alexander Optical Platform and our Users’ experience with it, and where it is necessary for the adequate performance of the contract with you.

3.1.3 Safety & Security

We use Information to help maintain the safety, security and integrity of our Services and Users. This includes, for example:

· Screening Eyecare Professionals prior to enabling their use of our Services and at subsequent intervals, including through reviews of background checks where permitted by law, to prevent use of our Eyecare Services by unlicensed individuals;

· Detecting and preventing fraud, spam, abuse, security incidents, and other harmful activity;

· Conducting security investigations and risk assessments;

· Verifying or authenticating Information or identifications provided by you (such as to verify your Facility address or verify your license number through a professional College);

· Conducting checks against Databases and other information sources, including background or police checks, to the extent permitted by applicable laws and with your consent where required;

· Complying with our legal obligations;

· Resolving any disputes with any of our Users and enforce our agreements with third parties;

· Enforcing our Terms of Service and other policies; and

· In connection with the activities above, we may conduct profiling based on your interactions with the Alexander Optical Platform, your Profile Information and other content you submit to the Alexander Optical Platform, and Information obtained from third parties. In limited cases, automated processes may restrict or suspend access to the Alexander Optical Platform if such processes detect activity that we think poses a safety or other risk to the Alexander Optical Platform, our Users, or third parties. If you challenge the decision based on the automated process, please contact us as provided in the Contact Us.

We process this Information for these purposes given our legitimate interest in protecting the Alexander Optical Platform, to measure the adequate performance of our contract with you, and to comply with applicable laws.

3.1.4 Personalize, Measure and Improve our Advertising and Marketing

We may use Information to provide personalization’s, measurements, and improvement to our advertising and marketing such as to:

· Send you promotional messages, marketing, advertising, and other Information that may be of interest to you based on your preferences (including information about Alexander Optical or partner campaigns and Services) and social media advertising through social media Platforms such as Facebook or Google);

· Personalize, measure, and improve our advertising;

· Administer referral programs, rewards, surveys, or other promotional activities or events sponsored or managed by Alexander Optical or its Third-party Service Providers;

· Enrolling in an email subscription will not affect the frequency of administrative emails that we may send in connection with any User Account. No fee is charged for sending promotional emails to you, but third-party Data rates may apply. Note that you may not be able to take advantage of certain promotions if you do not have a User Account; and

· Invite you to events and to participate in other relevant opportunities.

We will process your Information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or Services that may be of your interest. PHI will never be used in connection to the Terms above.

3.2 Payment Information

We may use the Information as a part of the Payment Processing Services such as to:

· Enable you to access and use the Payment Processing Services;

· Detect and prevent fraud, abuse, security incidents, and other harmful activity;

· Conduct security investigations and risk assessments;

· Comply with legal obligations (such as anti-money laundering regulations);

· Enforce the Payment Terms and other payment policies; and

· With your consent, send you promotional messages, marketing, advertising, and other Information that may be of interest to you based on your preferences.

The Payment Processing Company processes this Information given its legitimate interest in improving the Payment Processing Services and Users’ experience with it, and where it is necessary for the adequate performance of the contract with you and to comply with applicable laws.

3.2.1 Insurance Information

We may use the Information as a part of the Insurance Claim Process such as to:

· Submit an insurance claim on behalf of Eyecare Professionals, as part of our Services;

· Detect and prevent fraud, abuse, security incidents, and other harmful activity;

· Conduct security investigations and risk assessments;

· Comply with legal obligations (such as anti-money laundering regulations);

· Enforce the Payment Terms and other payment policies; and

3.3 SMS Terms

You may choose to receive Appointment reminders and information via SMS messages (“Text Message”), by requesting, joining, agreeing to, enrolling in, signing up for, acknowledging, or otherwise consenting to receive one or more Text Messages (“Opting In”) you consent to the handling of your Information as described in this Policy, and agree to resolve disputes with Alexander Optical as described in our Terms of Service. Message and Data rates may apply, Alexander Optical is not responsible for any charges related to your personal device.

Alexander Optical will use reasonable commercial efforts to deliver the automated marketing Text Messages to the number you provide through compatible wireless carriers. Carriers and Alexander Optical are not liable for delayed or undelivered messages.

3.4 Eyecare Services

Eyecare Professionals use Collective Information to provide you with Eyecare Services and, as with any Eyecare provider, must comply with the privacy legislation and medical record-keeping obligations to which they are subject. Eyecare Professionals may create PHI such as prescriptions and other notes about your interaction with them through the Alexander Optical Platform. They may export or print copies of your Information that they collect.

3.4.1 Emergency Contact

Eyecare Professionals and/or our Personnel may contact your emergency contact if they believe that you are dealing with a medical emergency during a consultation. You are responsible for advising your emergency contact that you are providing their name and contact information to Alexander Optical and Eyecare Professionals, and for obtaining any necessary consent from them for the provision and use of their Information in connection with the Alexander Optical Platform.

3.4.2 Referrals

During the intake process we ask Patients to tell us how they heard about us, if you were referred to a specific Eyecare Professional you are entitled to let us know. You understand that this Information will be passed on to the Eyecare Professional in order for us to attempt to schedule an Appointment between you and the Eyecare Professional.

3.5 Limiting Use & Retention

Alexander Optical will only use Information for the purpose for which it was collected, unless you give documented consent to additional use or permission to disclose it for another purpose or as is required by law. Alexander Optical retains Information for a period of three (3) calendar years of inactivity, during which period we will make all reasonable attempts to get in contact with inactive User, if we are unsuccessful, we will follow the procedure outlined in section seven, subsection seven, subsection one (7.7.1).

3.6 Lodging Complaints

You have the right to lodge complaints about our Data processing activities by filing a complaint with our Data Protection Officer who can be reached by the “Contact Us” section below.

4 Cookies & Third-party Information

4.1 Tracking Technologies

Alexander Optical employs, and/or the Third-Party Service Providers may employ various tracking technologies, such as cookies, web beacons and analytics software, that help us better manage content on the Alexander Optical Platform by informing us on the effectiveness of certain aspects of the Alexander Optical Platform.

4.2 Cookies

When you visit any part of the Alexander Optical Platform, we may send one or more “cookies” to your computer or other devices. Cookies are alphanumeric identifiers stored on your computer through your web browser and are used by most websites to help personalize your web experience. Some cookies may facilitate additional site features for enhanced performance and functionality such as User preferences, allowing social interactions, analyzing usage for site optimization, providing custom content, allowing third parties to provide social sharing tools, and serving images or videos from Third-party websites. Some features on the Alexander Optical Platform will not function if you do not allow cookies. We may link the Information we store in cookies to any Information you submit while on the ALEXANDER OPTICAL Platform.

We use both session ID cookies and persistent cookies. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. Persistent cookies enable us to track and target the interest of our Users to enhance the experience on the ALEXANDER OPTICAL Platform. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file.

Functional cookies, persistent and session type, store information to enable core site functionality.

Analytics cookies allow us to count page visits and traffic sources so we can measure and improve the performance of the ALEXANDER OPTICAL Platform and our marketing campaigns.

Advertising cookies may be set through the ALEXANDER OPTICAL Platform by the Third-Party Service Providers. Data may be collected by these companies that enable them to serve up advertisements on other sites that are relevant to your interests.

If you reject cookies, you may still use the ALEXANDER OPTICAL Platform, but some features on the ALEXANDER OPTICAL Platform may not function properly.

4.3 Web Beacons

Alexander Optical uses Web Beacons alone or in conjunction with cookies to compile Information about the Alexander Optical Platform. Web Beacons are tiny graphic objects that are embedded in a web page or email and are usually invisible to the User but allows checking that a User has viewed the page or email. Web Beacons may be used within the ALEXANDER OPTICAL Platform to track email open rates, web page visits or form submissions. In some cases, we tie the Information gathered by Web Beacons to our Users Information.

4.4 Google Analytics

Alexander Optical uses “Google Analytics” and “Google Tag Manager,” a web analysis service provided by Google, that provides us with Information about the use of the Alexander Optical Platform that we use to improve the functionality of the ALEXANDER OPTICAL Platform so as to make information about our Services more easily and widely available. Google collects cookies and usage Data and processes such information in the United States.

Google Analytics may set or read cookies on the browsers of Users and otherwise receive Information from Users’ browsers. Google utilizes the Data collected to track and examine the use of the ALEXANDER OPTICAL Platform, to prepare reports on those activities and share them with other Google Services. Google may use the Data collected to contextualize and personalize the ads of its own advertising network. For more information on Google’s use of information collected through Google Analytics, please consult Google’s Privacy Policy.

If you wish to opt out of Google Analytics Data collection, please consult Google’s instructions on downloading and installing the “Google Analytics Opt-out Browser Add-on”. There is also information on that page about what you can do if you do not want Google Analytics to be used in your browser.

Please note: Third-Party Service Providers privacy, linked from Alexander Optical websites, may use different systems to track website usage. Please consult the Third-Party Service Providers privacy policies for more information.

4.5 Social Media Integrations and Widgets

The Alexander Optical Platform may contain links to third-party websites or Services, such as third-party integrations, co-branded Services, or third-party-provided Services (“Third-party Service Providers”). Alexander Optical doesn’t own or control these Third-party Service Providers and when you interact with them, you may be providing Information directly to Third-party Service Provider, Alexander Optical, or both. These Third-party Service Providers will have their own rules about the collection, use, and disclosure of information. We encourage you to review the privacy policies of the other websites you visit.

Parts of the Alexander Optical Platform may use third-party Services such as Google Maps/Earth Services, including the Google Maps API(s) integrated within the Alexander Optical App and the EMR. Use of these respective Services is subject to their privacy policies such as Google Maps/Earth Additional Terms of Use, and the Jane.App Privacy Policy.

4.5.1 Facebook, Google & Twitter Connect

You may link your User Account with your User Account on a third-party social networking service (Facebook, Twitter and/or Google) in order to sign into the Alexander Optical Platform. When you create this link:

· Some of the Information you provide to us from the linking of your User Accounts will be used in the registration process (i.e. your email);

· Some of the Information you provide to us from the linking of your User Accounts may be used on your Profile;

· The Information you provide to us from the linking of your User Accounts may be stored, processed and transmitted for fraud prevention and risk assessment purposes; and

· the publication and display of Information that you provide to Alexander Optical through this linkage is subject to your settings and authorizations on the Alexander Optical Platform and the third-party site.

We only collect your Information from linked third-party User Accounts to the extent necessary to ensure the adequate performance of our contract with you, or to ensure that we comply with applicable laws, or with your consent. You can unlink your User Accounts at any time by visiting the Settings tab in your User Account, you may be required to provide a new or additional email User Account and/or provide a new password.

4.6 Mobile Application Providers

Apple Inc., Google, Inc., Microsoft Corporation or BlackBerry Limited and/or their applicable international subsidiaries and affiliates will be third-party beneficiaries to this Policy if you access the Services using Applications developed for Apple iOS, Android, Microsoft Windows, or Blackberry-powered mobile devices, respectively. These third-party beneficiaries are not parties to the relationship between us and our Users and are not responsible for the provision or support of the Services in any manner. Your access to the Services using these devices is subject to terms set forth in the applicable third-party beneficiary’s privacy policy.

4.7 Third-Party Service Providers

Some of our Services require integrations with or technology provided by Third-Party Service Providers such as Payment Processing Companies to bill you for Services, a support provider to help us collect feedback and manage our support and an email service provider to send out emails on our behalf. When you sign up for our Services, we may share your Information only as necessary for the Third-party to provide their Service(s).

4.7.1 Third-Party Service Provider, Sub-Processors/Onward Transfer

Transfers of Information to Third-Party Service Providers are covered by the provisions in this Policy regarding notice and choice and the Terms of Service Agreement with our Users.

4.8 Electronic Medical Record Provider

We use an independent Third-Party Service Provider to supply us with the Electronic Health Record (furthermore the “EMR”). The EMR collects Information under either our or the Eyecare Professionals’ direction and has no direct relationship with the Users whose Collective Information it processes. No personnel of the EMR has access to any PHI and/or sensitive Information, all Information collected on our behalf or on behalf of the Eyecare Professionals’ is encrypted and stored in a secure location.

The role of the EMR is to supply us with the software and technologies required to operate our Clinics effectively, allow for easy Patient onboarding, and accessibility for Eyecare Professionals and Patients.

4.9 External Links

For programs and tools not managed by Alexander Optical, these links are provided on an “as-is” basis and Alexander Optical has no control over the Third-Party Service Providers sites, application, programs and/or software. Alexander Optical has conducted privacy and risk assessments for the EMR and conducted other due diligence initiatives. When you click on an external link not managed by Alexander Optical, you will be subject to the Privacy Policy/Statement and Terms of Use of the organization hosting that tool. Alexander Optical recommends you read and become familiar with that Privacy Policy/Statement, Terms of Use and all other applicable policies.

When you visit the Alexander Optical Platform and access a site or tool not managed by Alexander Optical, the following Data could be collected from you such as; number of visitors, number of registrations to the self-managed EMR linked to the Alexander Optical Platform, number of site visits, total sessions, average number of sessions per User and session duration, average time on page, unique page views, hour of the day visited, and total number of post-login site visits to the self-managed portion of the EMR, including registration page visits. This Data will be collected and used to access and report on visits from the Alexander Optical Platform to meet reporting and evaluation obligations. Should you have any questions about the programs and tools not managed by Alexander Optical, please contact us using the contact information below, or contact the Third-Party Service Provider

5 Disclosure & Sharing

We will not disclose, share, sell or rent your Information with or to any third-party except to the extent we disclose to Eyecare Professionals, emergency contacts, or to the extent necessary, in our good faith judgment, to legal, regulatory or other reasons mentioned below.

We may disclose Information for the purposes of the due diligence required for or for the completion of a transaction such as a merger, acquisition or asset sale. We will comply with any applicable legal requirements, including notice requirements, that apply to such transactions.

5.1 Sharing between Users

In order to organize Clinics or other interactions between Users, we need to share and facilitate the access of certain Collective Information, between Patients and Eyecare Professionals, as it is necessary for the provision of our Services and the Eyecare Services provided by Eyecare Professionals, as follows:

· When you as a Patient submit an Appointment request, certain Information about you is shared with the Eyecare Professional(s), including your Profile, full name, location you wish to get Services, your cancellation history, and any other pertinent Information you agree to share. Once your Appointment is confirmed, the system automatically provides the Eyecare Professional(s) who will provide Eyecare Services with access to your relevant Collective Information, as required for the provision of Eyecare Services.

· When you as an Eyecare Professional create a Profile on the ALEXANDER OPTICAL Platform, certain Information may be displayed publicly such as your Profile Picture, specialities and years of experience.

· When you as a Host have a confirmed Clinic, certain Information is shared with the Eyecare Professional (and the Patients you may invite, if applicable) to coordinate the Clinic, such as your organizational name, phone number, and Facility address.

· When you as a Patient pay for Eyecare Services at the Clinic you will required to share certain billing and insurance information with the Eyecare Professional you received Eyecare Services from and/or the ALEXANDER OPTICAL Personnel authorized to process this Information.

5.2 Public Information

We require certain Information to be displayed publicly within the Alexander Optical Platform for transparency and advertising purposes. For example:

· We may display biographical Information about Eyecare Professionals including (but not limited to) their Profile photo and service area.

· We may display the names of Host organizations who have Hosted Clinics.

· After completing a Clinic, Hosts and Patients may write Reviews and provide feedback about us and/or the Eyecare Professionals. We may display this Information on the Alexander Optical Platform.

Information displayed publicly on the Alexander Optical Platform may be indexed through third-party search engines. In some cases, you may opt-out of this feature in your User Account settings. If you change your settings or your public-facing content, these search engines may not update their Databases. We do not control the practices of third-party search engines, and they may use caches containing your previously collected Information.

5.3 Compliance with Law, Responding to Legal Requests, Preventing Harm and Protection of our Rights

Alexander Optical may disclose your Information, to courts, law enforcement, governmental authorities, tax authorities, or authorized third parties, if and to the extent we are required or permitted to do so by law or if such disclosure is reasonably necessary: (i) to comply with our legal obligations, (ii) to comply with legal process and to respond to claims asserted against Alexander Optical, (iii) to respond to valid requests relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our Users to legal liability, (iv) to enforce and administer our Terms of Service, the Payment Terms or other agreements with Users, or (v) to protect the rights, property or personal safety of Alexander Optical, our Personnel, our Users, or members of the public.

These disclosures may be necessary to comply with our legal obligations, for the protection of your or another person's vital interests or for the purposes of our or a third-party’s legitimate interest in keeping the Alexander Optical Platform secure, preventing harm or crime, enforcing or defending legal rights, facilitating the collection of taxes and prevention of tax fraud or preventing damage.

Where appropriate, we may notify Users about legal requests unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud or damage upon Alexander Optical’s property, our Users or their property and the Alexander Optical Platform. In instances where we must comply with legal requests without notice for these reasons, we will attempt to notify the affected User(s) about the request after the fact where appropriate and where we determine in good faith that we are no longer prevented from doing so.

5.3.1 Reporting Mistreatment, Malpractice or Mishandling

If you believe an Eyecare Professional is in contravention of this Policy or related documents, has acted inappropriately, has mishandled Patient Information or has acted inappropriately towards a Patient, we ask Users to contact us to let us know. For serious offenses involving risk of harm, inappropriate conduct or mishandling of Collective Information you may be required to contact the appropriate authorities prior to contacting ALEXANDER OPTICAL. We ask that you contact us for all types of misconduct so as to ensure that the College that the Eyecare Professional belongs to can be notified, their User Account can be suspended, Appointments cancelled, and a thorough investigation can be implemented.

5.4 Collection and Remittance of Goods and Service Taxes

When appropriate, Alexander Optical facilitates the Collection and Remittance of Goods and Service Taxes as permitted by Ontario and Canadian law as described in the “Taxes” section of the Terms of Service Agreement. Eyecare Professionals and Patients, where legally permissible according to applicable law, expressly grant us permission, without further notice, to disclose the appropriate Data and other Information relating to them or to their transactions, purchases, and Services received to the relevant tax authority, including, but not limited to, their name, business number, transaction dates and amounts, HST number(s), the amount of taxes received (or due), and contact information.

5.5 Third-Party Service Providers

Alexander Optical uses a variety of Third-Party Service Providers to help us provide Services related to the Alexander Optical Platform and Services. Third-Party Service Providers may be located within or outside of Ontario.

Third-Party Service Providers may help us: (i) verify User identity or authenticate your identification documents, (ii) check Information against public databases, (iii) conduct background or police checks, fraud prevention, and risk assessment, (iv) perform product development, maintenance and debugging, (v) allow the provision of the Alexander Optical Services through third-party platforms and software tools (e.g. the EMR), (vi) provide customer service, advertising, or payments Services, or (vii) process, handle or assess insurance claims or other similar claims. These providers have limited access to your Information in order to perform these tasks on our behalf and are contractually bound to protect the Information and only use the Information in accordance with our instructions and the jurisdictional law (as appropriate).

Alexander Optical will need to share your Information in order to ensure the adequate performance of our contract with you.

5.6 Government Registration

In jurisdictions where Alexander Optical facilitates or requires a registration, notification, permit, or license application of a Host with a local governmental authority through the Alexander Optical Platform in accordance with local law, we may share Information of participating Hosts and/or Eyecare Professionals with the relevant authority, both during the application process and, if applicable, periodically thereafter, such as the Host Organization’s legal name, Eyecare Professionals full name, contact details for both the Host and the Eyecare Professionals, Facility address, tax identification number, Facility details, and number of Patients to participate.

5.7 Aggregated Data

We may also share Data and other anonymized Information for regulatory compliance, industry and market analysis, research, demographic profiling, marketing and advertising, and other business purposes.

6 Confidentiality & Access

6.1 Confidentiality

It is the joint responsibility of Alexander Optical and Users to maintain the confidentiality and security of User Accounts.

6.1.1 Alexander Optical Responsibilities

Alexander Optical is accountable for the protection of all Information within our possession or control. No matter how the Services change, your Information will never be shared without your consent. Only the Eyecare Professional(s) who treat/serve you will ever have access to your PHI, all ALEXANDER OPTICAL Personnel have variations of access to Patient Information that place limitations upon them as per dictated by their security clearance. Alexander Optical will ensure that the administrative, electronic and physical safeguards are all in place as well ensuring that Personnel are following this Policy at all times.

6.1.2 User Responsibilities

Users are responsible for protection of their credentials and may not disclose their credentials to any third party. You must immediately notify Alexander Optical if you know or have any reason to suspect that your credentials have been lost, stolen, misappropriated, or otherwise compromised or in case of any actual or suspected unauthorized use of your User Account. You are liable for any and all activities conducted through your User Account, unless such activities are not authorized by you and you are not otherwise negligent (such as failing to report the unauthorized use or loss of your credentials).

In the event that you suspect that your credentials have been lost, stolen, misappropriated, or otherwise compromised the Alexander Optical team shall enact the Breach protocol to prevent third-party access to your User Account and Collective Information.

6.1.3 Eyecare Professional Responsibilities

Eyecare Professionals have specific responsibilities not controlled by Alexander Optical, as they are the Record Custodian for PHI. For additional information you can contact the Eyecare Professional who conducted Eyecare Services for you, or review the following sections of the PHI Protection Act:

· Health Information Custodian

· Security

· Records

· Collection

· Access

6.2 Data Controller

Alexander Optical is responsible for your Information under this Policy and acts as the Data Controller for the portion of Information we possess and/or control. The Data Controller may also refer to specific authorized and competent Personnel who are responsible for upholding any part of this Policy, contact information for these individuals can be found in section eleven, subsection one (11.1).

6.3 Personnel & User Access Levels

We only permit our Personnel to access Information to the extent necessary to perform their designated functions. We require them to protect the Information and maintain its confidentiality by complying with our policies, procedures and applicable law. The EMR has pre-set access levels that restrict access to sensitive Information and/or PHI by the type of work a User or Personnel does.

Hosts

Host representative(s)

Unless the representative is going to be a Patient as well, they will not require a Profile and thus will not have any access to the database.

Patients

Those receiving/looking to receive Eyecare Services

Patients will be limited to accessing their own Records. They may be able to have linked relationships with family members for scheduling purposes only.

Eyecare Professional (Limited)

Eyecare Professionals working part-time or on a limited basis

The basic access level that allows Eyecare Professionals to see their own schedules and are limited to specific Clinics.

Eyecare Professional (All)

Eyecare Professionals operating at multiple locations per week with a larger Patient load

Can view their own schedule and the schedule of other Eyecare Professionals and Alexander Optical Personnel, book Appointments at any Clinic and access their billing information.

Alexander Optical Executives

The CEO and the HR Coordinator who oversee the EMR

Full access to the EMR settings and sets the access levels for other Personnel. Able to make changes to the schedule, some changes to Personnel & Eyecare Professional Profiles and has full access to billing. Does not have access to PHI.

Alexander Optical Administration

Alexander Optical administrative team that assists at Clinics

Able to book Appointments, process payments, order products and process insurance claims. Does not have access to PHI.

Alexander Optical Reception

Alexander Optical reception and sales team

Able to book appointments and schedule Clinics. Cannot access Patient Profiles.

Unassociated Eyecare Professionals

Eyecare Professionals who have ended their Services

This is the lowest level of access and is used to allow Eyecare Professionals to access their Patient’s records in order to export them for future treatments.

6.4 Your Access

You can access your Collective Information to check that it is accurate, complete, and up to date by logging in to your User Account at the Alexander Optical login page. You can access and update certain Information we have relating to your User Account by signing into your User Account and going to the User Account settings section of our Site.

You may update and edit any of your Information except PHI an Eyecare Professional has uploaded or created during an Eyecare Services Appointment when you log in to your User Account. Contact the Eyecare Professional who provided the Eyecare Services to access or request the correction of PHI in their notes on the Alexander Optical Platform or that they hold in their Records.

6.4.1 Copies of Your Information

You may be able to request copies of some or all of your Information from us, you also have the ability to receive an email copy of your prescription as well as accessing it in your Profile. You have the right to request full copies of your PHI, this information may be subject to a Fee, at the discretion of the Eyecare Professional.

7 Storage & Security

7.1 Security

The protection and security of your Collective Information is a joint effort between our Personnel at Alexander Optical, the Eyecare Professionals and Patients. We have outlined our obligations, practices and procedure below. As mentioned, the Eyecare Professional(s) who performs Eyecare Services for you acts as the custodian of your PHI and is responsible for the protection and security of this Information.

Patients also play an important role in protecting their privacy and the confidentiality of their Collective Information. Some of the security steps Patients (and all other Users) should take include:

· Creating a strong and unique password for their User Account, using the password strength estimator, and update it periodically.

· Not sharing their User Account or password with anyone. Personnel will never ask you for your password, including in any unsolicited communication such as letters, phone calls or email messages, so please contact us if you receive such a request.

o Your record is specific to your health, family members may be linked, but must have individual User Profiles.

· Logging out of their User Account once you are finished using it, especially if you share your Device with anyone else.

· Having a strong and unique password on your personal device, too.

· Choosing a private location from which to access your Record

Please note that emails you send to us are not encrypted, and we strongly advise you not to communicate any confidential information through these means.

7.2 Where Information is Stored

Collective Information is stored on a private SOC2, Type2-certified Data centre and backed up regularly on secondary servers. You Information never leaves Canada the servers are located in Montreal using computer systems with restricted access and housed in facilities using physical, administrative and electronic security measures.

7.3 Safeguarding Against Loss of Collective Information

In executing our responsibilities with respect to the confidentiality of Information, Alexander Optical employs a number of safeguards, appropriate to the sensitivity of the Information, to protect Collective Information against loss or theft, as well as unauthorized access, disclosure, copying, use, or modification. Such safeguards include physical measures, organizational measures and technological measures, for example locked filing cabinets, encryption of Data, security clearances, limiting access based on competency and clearance level and the use of passwords and activity logs. Procedures for implementing these measures will be communicated to all employees upon hiring and on a scheduled basis thereafter and third parties to ensure compliance with this Policy.

Some of the specific security features include (but are not limited to):

· An Activity Log that tracks movement of each User within the EMR;

· Message Logs for Alexander Optical employees, Eyecare Professionals and Patients;

· Staff-Access Levels (for additional information please see section six, subsection three (6.3));

· Locked and private charts (private charts blur out identifiable information);

· New device login notifications;

· Consent Forms;

· Eyecare Professional signatures, timestamps and limited editing abilities;

· Locked filing cabinets; and

· Security policies and procedures.

7.4 GDPR & PCI Compliance

Both the Payment Processing Company and the EMR are compliant with the EU General Data Protection Regulation (“GDPR”). This means that User’s who are citizens within the European Union are protected in the following ways;

· The EMR, Payment Processor and Alexander Optical all have in house Data Protection Officers;

· Data moves from your computer to the servers using 256-bit encryption-same as your bank;

· Your Data is stored on servers that are GDPR appropriate.

Additionally, in compliance with the Payment Card Industry (PCI) Data security standard, Alexander Optical does not save or store your credit card information. The Payment Processing machines we use are also PCI compliant.

7.5 Limiting Collection

Alexander Optical limits the amount and type of Information we collect to that which is necessary for the operation of our Services and as permitted by law. Each Eyecare Professional is responsible for their own collection, use and disclosure of Collective Information, especially PHI. Information is collected using procedures that are fair, transparent and lawful.

7.6 Proper Handling

Alexander Optical and Users share the responsibility for maintenance & protection of Information. It is the responsibility of Users to ensure that their Information is up to date, accurate and complete, as well as ensuring that their User Account credentials remains private and secure. Additionally, we suggest that Eyecare Professionals retain externally backed up copies of their Patient records for further protection of Patient PHI.

Alexander Optical holds the responsibility to ensure that the Alexander Optical Platform remains protected and intact to the best of our abilities, as well as backing up Information that is crucial to the operation of our business.

7.7 Retention Period

We retain User Information for as long as is necessary for the performance of the contract between you and us and to comply with our legal obligations. In certain instances, you may be able to request to have all your Information removed from the ALEXANDER OPTICAL Platform entirely. Please note that if you request the erasure of your Information:

· We may retain some of your Information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. For example, if we suspend a User Account for fraud or safety reasons, we may retain certain Information from that User Account to prevent that User from opening a new Account in the future.

· We are not in control of your PHI, including the erasure of this information. If you wish to have your PHI removed you will need to contact the Eyecare Professional(s) who provided Eyecare Services for you, we may assist in contacting said Eyecare Professionals when appropriate.

· Information you have shared with others (e.g., Reviews, forum postings) may continue to be publicly visible on the Alexander Optical Platform, even after your User Account is cancelled, however, attribution of such Information to you will be removed. Additionally, some copies of your Information (e.g., log records) may remain in our Database, but are disassociated from personal identifiers.

· Because we maintain the Alexander Optical Platform to protect from accidental or malicious loss and destruction, residual copies of your Information may not be removed from our backup systems for a limited period of time.

7.7.1 Removal & Destruction of Information

If you request your Information to be removed and/or destroyed, we will do so using the following methods;

· Physical documents containing Information will be shredded;

· Your Patient Record will be marked as discharged which notifies applicable Users and Alexander Optical Personnel that you are no longer “Active”.

· Your EMR Record will be locked to the Eyecare Professional(s) you received Eyecare Services from, and you will be required to contact them for your PHI.

o In accordance with the law, we are not able to delete Records containing PHI.

· If we are informed that an “Active” User is deceased, we will seek confirmation and they’re record will be marked “Deceased”.

7.8 Transparency & Openness

We make our policies and practices relating to the protection of Collective Information available to our Users, some policies and practices may be restricted by the type of User (i.e. Eyecare Professionals). Alexander Optical keeps our Users informed of changes or additions to policies and practices and Users are provided access to all related policies and procedures via Alexander Optical’s web page and (when appropriate) email alerts.

8 Your Rights

You may exercise any of the rights described in this section before your applicable Alexander Optical Data Controller by sending an email to hr@alexanderoptical.com. Please note that we may ask you to verify your identity and request before taking further action on your request.

8.1 Managing Your Information

You may access and update some of your Information through your User Account settings. If you have chosen to connect your User Account to a third-party application, like Facebook or Google, you can change your settings and remove permission for the app by changing your User Account settings. You are responsible for keeping your Information up-to-date.

8.1.1 Device Permissions

Most mobile Platforms (iOS, Android, etc.) have defined certain types of device data that apps cannot access without your consent, and these platforms have different permission systems for obtaining your consent. The iOS Platform will alert you the first time the Alexander Optical app seeks permission to access certain types of Data and will seek consent to that request. Android devices will notify you of the permissions that the Alexander Optical app seeks before you first use the app, and your use of the app constitutes your consent. Other device types may vary.

8.2 Accessing Your Profile on Your Devices

The Alexander Optical Platform is compatible with most computer operating systems and mobile devices. For optimal User experience, we recommend the use of the following systems (as applicable):

Computer Browsers

· Chrome v23 or higher

· Firefox v34 or higher

· Internet Explorer 10 or higher (if TLS 1.1 is enabled)

· Safari v7 or higher

· Edge

Mobile Browsers

· Safari v5 and higher

· Chrome on Android Jelly Bean 4.1 - 4.3.1 and Android KitKat 4.4 – 4.4.4 (if TLS 1.1 is enabled)

· Chrome on Android Lollipop 5.0 – 5.0.2 and higher (if TLS 1.1 is enabled)

· Internet Explorer Mobile on Windows Phone 8 (if TSL 1.1 is enabled)

· Internet Explorer Mobile on Windows Phone 8.1 and higher (TLS 1.1 is enabled by default)

· Edge all versions

· Opera 12.18 or higher

Operating Systems

· Windows 7 or higher;

· Mac OS 10.9 or higher.

8.3 Rectification of Inaccurate or Incomplete Information

You have the right to ask us to correct inaccurate or incomplete Information about you (and which you cannot update yourself within your User Account). If you wish to correct your PHI, please contact the Eyecare Professional you received Eyecare Services from or submit a request for contact through us.

8.4 Your Preferences

You have the ability to choose what communications you receive from us, the means of communication as well as the ability to opt out of communications at any time.

· You may choose to receive email, text messages or a combination of both for appointment reminders;

o Email reminders will be sent two days prior to your appointment;

o Text reminders will be sent two hours prior to your appointment;

§ If a message fails to send an SMS message, we may notify you via email; and

· At the end of your Intake Form you will be asked if you wish to receive marketing and/or promotional emails, you can choose to opt in or out;

8.4.1 Messages you Cannot Opt-Out of

We require Users to receive certain communications depending on certain circumstances. It is important that you enter an email address and phone number in your Profile that you have access to in order to receive these messages;

· We do send all new Users a welcome message and confirmation email, you cannot opt out of this as it is required for User Account verification;

· If you forget your credentials, we will send you an email with a verification code;

· If you have duplicate User Accounts and wish to link the User Accounts, we will send you an email with a verification code;

· If you have not filled out an Intake Form, we will send you a request to fill one out prior to your scheduled Appointment;

· Appointment confirmation emails are sent automatically with requirements for your Appointment, this is to ensure that you have a copy of the date and time. This information can also be found in your Profile;

o If changes are made to an existing Appointment you will also receive an email notification;

o If an existing Appointment is cancelled, you will receive an email notification with instructions for following up;

· If you have an outstanding balance, we will send a reminder email to pay the balance; and

· Appointment cancellation notices.

8.5 Intake Form Consents

Within the Intake Form we ask for your consent on multiple topics, these consents go above and beyond this Policy. If you do not consent within the Intake Form, you may not be able to receive Services and/or Eyecare Services through the ALEXANDER OPTICAL Platform.

8.6 Consent & Right to Revoke

If we are processing your Information based on your consent you may withdraw your consent at any time by changing your User Account settings or by sending a communication to Alexander Optical specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit the ways in which we use your Information, in particular where (i) you contest the accuracy of your Information; (ii) the processing is unlawful and you oppose the erasure of your Information; (iii) we no longer need your Information for the purposes of the processing, but you require the Information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to this Policy and pending the verification whether the legitimate grounds of Alexander Optical override your own.

You understand that your continued use of the ALEXANDER OPTICAL Platform represents your consent to this Policy. Evocation of consent may result in limitation and/or termination of the Agreement between you and us and/or limitation and/or termination of Services.

9 Other Important Information

9.1 Accuracy

Alexander Optical shall take all reasonable steps to ensure that all Information provided by, on or within the Alexander Optical Platform is kept accurate, complete and up to date.

Users may challenge the accuracy and completeness of Information and have it amended as appropriate.

9.2 Application of Policy

This Policy applies to the entirety of the Alexander Optical Platform, physical documents and Clinical practices. This policy does not apply to the Information of ALEXANDER OPTICAL Personnel and does not restrict Eyecare Professional’s control over their Eyecare Services.

9.3 Provision of the Platform

The Alexander Optical Platform is a multi-part platform, our systems are provided in the following fashion:

· The Alexander Optical Application is provided in-house;

· The Alexander Optical Website is provided and managed in-house

· The EMR portion of the Platform, is supplied externally by Jane.App

Additional information and guides about the EMR are available at the Jane.App website.

10 Modification to This Policy

We reserve the right to make changes to this Policy at any time, and in our sole discretion. We will not reduce your rights under this Policy without your notice and consent in accordance with applicable law. We will provide you with notice of any modification of this Policy by posting a date updates were made at the top of this page. For significant modification, we may contact Users via email prior to the changes taking effect. If you disagree with the revised Policy, you will be required to cease use of the ALEXANDER OPTICAL Platform.

Your continued use of the Alexander Optical Platform after any change of this Policy will constitute your acceptance of the revised terms of this Policy.

10.1 Audit

We conduct an annual audit of this Policy in order to ensure compliance and applicability. We may conduct additional modifications to the audit at any time.

11 Contact

If you have any questions, comments or suggestions about this Policy or the Alexander Optical Platform, please email us at info@alexanderoptical.com or contact by mail at the following address:

Alexander Optical Incorporated

The Venture North Building

270 George St N, 3rd Fl,

Peterborough, ON,

K9J 3H1

*Please note, phone calls outside of your immediate region may result in long-distance service charges, Alexander Optical holds no responsibility for the payment of these charges.

11.1 Data Controller & Platform Manager

If you have any concerns or complaints regarding this Policy, the security of your Information, your privacy and/or anything else regarding the Alexander Optical Platform please contact the either of the following Personnel

Data Controller

stephanie@alexanderoptical.com

Platform Manager

dylan@alexanderoptical.com

Alexander Optical Incorporated

The Venture North Building

270 George St N, 3rd Fl,

Peterborough, ON,

K9J 3H1