Privacy Policy

---

Wisconsin Vision Associates, Inc. (“us”, “we”, or “our”) operates the https://www.wisvis.com WVA website, the https://wewillship.com YourStore™ website, and WVA mobile application (the “Service”).

This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

Definitions

A person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.

Cookies are small pieces of data stored on your device (computer or mobile device).

Defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which the U.S. Department of Health and Human Services has adopted standards.

Personal Data means data about a living individual who can be identified from the data (or from the data and other information either in our possession or likely to come into our possession).

Any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a Business Associate of a Covered Entity) and can be linked to a specific individual.

Service means the https://www.wisvis.com WVA website, the https://wewillship.com YourStore™ website, and WVA mobile application operated by Wisconsin Vision Associates, Inc.

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Information Collection and Use

We collect several types of information for various purposes to provide and improve our Service to you.

As a Business Associate of healthcare providers that are Covered Entities under the federal healthcare privacy and security rules, the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health (HITECH) Act, WVA maintains PHI in compliance with these rules and our contractual obligations with healthcare providers.

Types of Data Collected

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”).

Personally identifiable information may include, but is not limited to:

• Email Address
• First Name and Last Name
• Ordered Products
• Shopping Cart Contents
• Phone Number
• Date of Birth
• Address, State, Zip/Postal Code, City
• Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by contacting us.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and any other data we may have access to.

When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and any other data we may have access to.

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amounts of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Security Cookies for security purposes.

Use of Data

Wisconsin Vision Associates, Inc. uses the collected data for various purposes:

• To provide and maintain our Service
• To notify you about changes to our Service
• To allow you to participate in interactive features of our Service when you choose to do so
• To provide customer support
• To gather analysis or valuable information so that we can improve our Service
• To monitor the usage of our Service
• To detect, prevent, and address technical issues
• To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

If you are located outside United States of America and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States of America and process it there.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

Wisconsin Vision Associates, Inc. will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data

Under certain circumstances, Wisconsin Vision Associates, Inc. may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).

In some limited situations, the law allows or requires us to use or disclose your health information without your consent or authorization. Not all of these situations will apply to us; some may never come up at all.

Such uses or disclosures are:

• When a state or federal law mandates that certain health information be reported for a specific purpose;
• For public health purposes, such as contagious disease reporting, investigation or surveillance; and notices to and from the federal Food and Drug Administration regarding drugs or medical devices;
• Disclosures to governmental authorities about victims of suspected abuse, neglect or domestic violence;
• Uses and disclosures for health oversight activities, such as for the licensing of doctors; for audits by Medicare or Medicaid; or for investigation of possible violations of health care laws;
• Disclosures for judicial and administrative proceedings, such as in response to subpoenas or orders of courts or administrative agencies;
• Disclosures for law enforcement purposes, such as to provide information about someone who is or is suspected to be a victim of a crime; to provide information about a crime at our office; or to report a crime that happened somewhere else;
• Disclosure to a medical examiner to identify a dead person or to determine the cause of death; or to funeral directors to aid in burial; or to organizations that handle organ or tissue donations;
• Uses or disclosures for health related research;
• Uses and disclosures to prevent a serious threat to health or safety;
• Uses or disclosures for specialized government functions, such as for the protection of the president or high ranking government officials; for lawful national intelligence activities; for military purposes; or for the evaluation and health of members of the foreign service;
• Disclosures of de-identified information;
• Disclosures relating to worker’s compensation programs;
• Disclosures of a “limited data set” for research, public health, or health care operations;
• Incidental disclosures that are an unavoidable by-product of permitted uses or disclosures;
• Disclosures to “business associates” and their subcontractors who perform health care operations for us and who commit to respect the privacy of your health information in accordance with HIPAA;

Upon your death, we may disclose to your family members or to other persons who were involved in your care or payment for health care prior to your death (such as your personal representative) health information relevant to their involvement in your care unless doing so is inconsistent with your preferences as expressed to us prior to your death.

Your Rights

You have the following rights with respect to your protected health information:

You have the right to inspect and copy certain protected health information that may be used to make decisions about your health care benefits. To inspect and copy your protected health information, you must submit your request in writing to privacy@wisvis.com. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing, or other supplies associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances. If you are denied access to your medical information, you may request that the denial be reviewed by submitting a written request to privacy@wisvis.com.

If you feel that the protected health information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is retained. To request an amendment, your request must be made in writing and submitted to privacy@wisvis.com. You must provide a reason why and in what respect you believe your record is incorrect.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request.

In addition, we may deny your request if you ask us to amend information that:

• was not created by us, unless the person or entity that created the information is no longer available to make the amendment;
• is not part of the information that you would be permitted to inspect and copy; or
• is already accurate and complete

If we deny your request, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.

You have the right to request an “accounting” of certain disclosures of your protected health information. The accounting will not include (1) disclosures for purposes of treatment, payment, or health care operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures. To request this list or accounting of disclosures, you must submit your request in writing to privacy@wisvis.com. Your request must state a time period of no more than six years.

Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be provided free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

You have the right to request a restriction or limitation on your protected health information that we use or disclose for treatment, payment, or health care operations. You also have the right to request a limit on your protected health information that we disclose to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had. However, if we do agree to the request, we will honor the restriction until you revoke it or we notify you.

To request restrictions, you must make your request in writing to privacy@wisvis.com. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure, or both; and (3) to whom you want the limits to apply—for example, disclosures to your spouse.

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to privacy@wisvis.com. We will not ask you the reason for your request. Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests if you clearly provide information that the disclosure of all or part of your protected information could endanger you.

You have the right to be notified in the event that we (or a Business Associate) discover a breach of unsecured protected health information.

You have the right to a paper copy of this notice. You may ask us to give you a copy of this notice at any time. If you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. You may obtain a copy of this notice at our website: https://wisvis.com/privacy

To obtain a paper copy of this notice, contact privacy@wisvis.com.

If you believe that your privacy rights have been violated, you may file a complaint with Wisconsin Vision Associates, Inc. or with the Office for Civil Rights of the United States Department of Health and Human Services. To file a complaint with Wisconsin Vision Associates, Inc., email us at privacy@wisvis.com. All complaints must be submitted in writing.

You will not be penalized, or in any other way retaliated against, for filing a complaint with the Office for Civil Rights or with us.

The security and confidentiality of your personal information matters to us. For this reason, WVA has physical, technical and administrative controls in place to protect your Personal Information from unauthorized access, use, and disclosure. WVA evaluates these safeguards on an ongoing basis to help minimize risks from new security threats as they become known.

The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We do not support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.

We may contract with individuals or entities known as Business Associates to perform various functions on our behalf or to provide certain types of services. In order to perform these functions or to provide these services, Business Associates will receive, create, maintain, use and/or disclose your protected health information, but only after they agree in writing with us to follow appropriate safeguards regarding your protected health information.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

We may use third-party Service Providers or in-house solutions to monitor and analyze the use of our Service.

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

Payment information provided for us to process credit cards is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

• Stripe – Their Privacy Policy can be viewed at https://stripe.com/us/privacy
• Authorize.net – Their Privacy Policy can be viewed at https://www.authorize.net/company/privacy/

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Our Service does not address anyone under the age of 13 ("Children").

We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

If you have any questions about this Privacy Policy, please contact us:

• By email: privacy@wisvis.com