Notice of Privacy Policy USA

v.3.0/ Novembre 2020
THIS NOTICE DESCRIBES HOW HEALTH INFORMATION AND OTHER PERSONAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY TILAK HEALTHCARE, AND HOW YOU CAN GET ACCESS TO THE HEALTH INFORMATION WE HAVE ABOUT YOU. PLEASE REVIEW IT CAREFULLY.

Tilak Healthcare SAS ("Tilak Healthcare" or "we"), which is based in Paris, France, offers OdySight® application ("Application") and related services ("Services"), which help monitor clinically relevant visual parameters for patients with chronic eye diseases.

This Notice of Privacy Policy ("NPP") explains:

  • The personal data, including health information, we collect about you and how we collect it;
  • How we may use and share (process) personal data, including health information;
  • Your rights with respect to the personal data that we collect and maintain.

At Tilak Healthcare we take the protection of your personal data very seriously. As a company that operates in both the United States and Europe, Tilak Healthcare is committed to complying with and addressing data protection requirements under all laws that might apply to our business, including the Privacy Rules issued under the Health Insurance Portability and Accountability Act ("HIPAA") and the European Union's General Data Protection Regulation ("GDPR").

All of our Services are governed by this NPP. By using the Services, you hereby consent to the policies and practices set forth in this NPP.

If you do not want Tilak Healthcare to collect, store, use or share your health information in the ways described by this Notice, you may not be able to access the Application or use our Services.

A. Personal data that we collect and how we collect it
Tilak Healthcare collects and maintains personal data, including health information, about you that may include your name, address, email address, telephone number (land line and mobile), date of birth, health care provider (such as the name of your ophthalmologist or other qualified healthcare professional), health insurer, health condition and status, dates of Service, , and information related to payment for our Service including information related to your health insurance, such as the name of your health insurance and your insurance number ("health information"). When you agree, your health care provider furnishes us with certain personal data about you to help us provide you Services.

In addition, Tilak Healthcare may collect some data when you enquire about our Services or when the Application collects automatically directly from you when you use the Services as follows:

  • Telephone number for sending (i) an automatic text message containing an access code to allow you the use of the Application and (ii) weekly notifications regarding your use of the Applications (such as when you need to contact your ophthalmologist or healthcare professional)
  • When you contact us via email, over the phone or through our web site or Application (including customer support);
  • Data that you provide when seeking help from our customer service (such as chat logs and customer-support tickets);
  • Other data you provide us (such as information used to identify a lost account);
  • When you visit our websites or use the Application and/or the Service, device information such as the IP address of your Device, operating system, browser information including browsing type and the language you prefer, your Device model and its settings and network information may potentially be collected;
  • Information about your Application progress and activity or information that you provide on how you use the Application or the Services;
  • Cookies or similar technology on our websites that help Tilak Healthcare to provide you a tailored experience. Please refer to the cookies section on our website for more information on how and what cookies are used;
  • When you sign up for a newsletter;
  • When you use the Application and the Services and you create some content.

The Application collects only adequate and relevant data limited to the purposes defined hereunder.
B. How we may use and share personal data, including health information
Tilak Healthcare may lawfully collect, use, share, analyze and maintain (process) your personal data, including health information for the following purposes:
1. For Treatment, Payment, and Operations
We regularly process your health information for the following purposes:

  • Treatment. We process your health information to provide you with Services that relate to your health. For example, we use your health information to determine which Services are suitable to your age and health condition. We may share your health information with doctors, nurses or other health care professionals who are involved in providing your health care. For example, we may share your vision test results with your health care provider to help them make treatment decisions about you.
  • Payment. We use and share your personal information, including health information, for activities related to obtaining reimbursement for the Application and Services. For example, we may share personal information with your health care provider that prescribes the Application to assist them in obtaining reimbursement from your health insurer.
  • Operations. We use your health information for a number of activities that are necessary for the operation of our business such as quality review and improvement activities; training programs; legal and financial services; business planning and development; management activities related to privacy practices; customer services; internal grievances; and data aggregation. For example, we may track your use of Services to help us learn more about your activities and understand your preferences so we can personalize your experience with the Application.
2. To Communicate with You
We use your personal information, including health information, to communicate with you for such purposes as:

  • Providing you with support, communicate with you and respond to any requests or questions you have submitted to Tilak Healthcare's customer support (Customer Services); and
  • Handling your subscription to, and opting-out of, our newsletters.
3. For Other Purposes Without Your Express Permission
In some situations, we are required or permitted to use or share your personal data, including health information, without your express permission (authorization). We generally have to meet specific conditions before we may use or share your information for these purposes. In general, under the law, we may use or share your personal data for the following purposes:

  • Anonymized or De-identified Information. We may use or disclose information about you if it has had sufficient personal information removed or is in such a high-level summary form that it can no longer be used to identify you.
  • Contractors. Tilak Healthcare may disclose health information to our contractors, agents, and other third parties) who need the information to provide certain business activities on our behalf. For example, we may share your personal data for administration, analytics, optimization, customer service and data analysis. Although Tilak Healthcare is permitted by the law to share personal data for these business purposes, we generally only share deidentified data for these purposes. If we do share your personal data with a business associate, we will have a written contract with them that requires the business associate to take reasonable steps to protect the privacy of the data. In addition, these business associates are directly bound by law and contract to only use your personal data for the contracted service.
  • When Required by Law. We may disclose personal data, including health information, when required by law to do so. For example, we may disclose health information to the United States Department of Health and Human Services if the federal agency needs to verify that we're complying with federal privacy law. We will limit the information we provide in these circumstances to only the information that Tilak Healthcare is legally required to disclose.
  • For Research. In certain circumstances, we may use or share your personal data for research. We may only use or share your personal information for research when the research has been approved by a privacy board or with your express permission.
  • In Connection with Any Sale of Tilak Healthcare or any line of business (including the Application). When a business, or a line of business, is sold customer information generally is one of the transferred business assets. In the event of any such sale or disposition of any or all of our business, your data may be transferred to the acquiring company.
  • For Public Health. We may share health information when we are required to collect information about disease or injury or to report vital statistics to a public health authority. We may share your personal data with a public health authority that is authorized to receive reports of abuse, neglect or domestic violence. We will make every effort to obtain your permission before releasing this information, but in some cases, we may be required by law to act without your permission.
  • Health Oversight. We may share health information with a health oversight agency that is responsible for monitoring: the health care system, government benefit programs for which health information is relevant to beneficiary eligibility, regulatory programs, for which health information is necessary for determining compliance with program standards. For example, we may share personal data for purposes of monitoring government benefit programs such as Medicare and Medicaid.
  • Law Enforcement Activities. Police and other law enforcement may seek personal data from us. We may release this information to them when appropriate under the law.
  • For Judicial and Administrative Proceedings. We may disclose personal data in response to valid court orders, court-ordered warrants, and judicial summonses and subpoenas, grand jury subpoenas, and administrative requests. We may also disclose your personal data in response to a discovery request in a lawsuit or other legal process or requests, but only if efforts have been made either by the requesting party or us, to first tell you about the request or to obtain an order protecting the data requested.
  • To Avert a Serious Threat to Health and Safety or for disaster relief efforts. We may use or disclose your health information to avert a serious and imminent threat to the health and safety of an individual.
  • With Friends or Family. Generally, we will not share your health information with your friends or family. We may communicate with your legally appointed personal representative about your health information if you have provided us with documentation showing this relationship. You may send such documentation to dpo@tilakhealthcare.com.

To protect your privacy and the security of your account, you should never share your account password or other sign–in information with anyone else. We will assume that you are complying with the Terms of Use and you are the only person that is signing into your account, unless you advise us that your password or other sign-in information has been lost, stolen or otherwise compromised.

  • With organ procurement organizations. We may share health information with organ procurement organizations or similar organizations for the purpose of facilitating organ, eye or tissue donation and transplantation from cadavers.
  • For health-related services and products. Tilak Healthcare may provide you with general information about your health condition, information about other products and services related to your condition, potential options for treatment or similar health-related information. Sometimes, third parties might want to pay us to recommend their products or services to you. We will notify you in advance and obtain your Authorization before we send you any communication that has been paid for by a third party.
  • Texting. By signing up for our Service and providing us with your phone number, you are agreeing that we may use your information to send you automatic texts about your health. You understand that texting may not be 100% secure.
4. With Your Express Specific Permission
On some occasions we may request your permission (called a Consent or Authorization) to disclose your health information for other than Treatment, Payment or Operations or the other specific purposes described in this NPP. For instance, we may seek an Authorization if you would like us to share information about you with a friend or relative. We may also require an Authorization when using or disclosing certain highly protected information. You may revoke an Authorization at any time except to the extent that we have already used or disclosed your information in reliance on your Authorization.
5. Legal Basis
Our legal basis to use, process, maintain and disclose your personal data, including health information, includes (i) your consent (which may be subsequently withdrawn at any time by contacting the Data Protection Officer at the address listed in this NPP); (ii) legitimate business needs, which include but are not limited to ensuring that we provide the Services and that we have the right information to communicate with you at any time, obtaining payment for our Services, ensuring that we comply with quality assurance policies; (iii) creation or performance of contractual obligations (e.g., communicating your vision test results to your ophthalmologist or other qualified healthcare professional); and (iv) compliance with legal requirements.

Tilak Healthcare will only use and share your health information as explained in this NPP.
C. Your rights
1. US Users
You have the following rights with respect to your health information:

  • Right to access. You have the right to request a copy of your health information. We may charge you a reasonable, cost-based fee for this service.
  • Right to amend or rectify. It is important that the health information that Tilak Healthcare maintains about you to be complete and accurate. You have the right to amend your health information if it is incomplete or incorrect. You can correct or add to any data provided by contacting Tilak Healthcare by email at supportUS@odysight.app or by contacting your physician/healthcare professional directly.
  • Ask us to communicate with you in a specific way. You may ask us to contact you in a specific or different way (for example, using your office phone number instead of your home phone number) by sending an email which describes the change you are requesting to us at supportUS@odysight.app. We will say "yes" to all reasonable requests, but in some cases, this may affect whether or how you can receive Services from us.
  • Request restrictions on uses and disclosures. You may ask us not to use or share certain health information for treatment, payment, or our business operations by emailing us at support@tilakhealthcare.com. If you make such requests, you may not be able to use our Services, which require the use of health information.
  • Request that we erase your personal information. Once you have closed your account, you may request that we erase your personal information from our system.
  • Get an accounting of those with whom we have shared information. You may ask us for an accounting (list) of when, with whom, and why we have shared your health information in the period up to 6 years from the date of your request by sending us an email at supportUS@odysight.app. The accounting does not include information about disclosures we made for treatment, payment, and healthcare operations, and certain other purposes (such as disclosures you asked us to make). We'll provide one accounting per year for free but will charge a reasonable, cost-based fee if you ask for another one within the same year.
  • Get a copy of this privacy notice. You may ask us for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically, by emailing us at supportUS@odysight.app. We will provide you with a paper copy promptly.
  • Ask us questions or file a complaint. If you have questions about this NPP or believe your privacy rights have been please contact us at supportUS@odysight.app and include "Complaint" in the subject line. You can also file a complaint with the US Department of Health & Human Services. We will not retaliate against you for filing a complaint.
  • Opt out of receiving certain communications. You can opt out of automatic texting by contacting us at: dpo@tilakhealthcare.com. If you have previously consented to any automatic texting, direct marketing communication from us or subscribed to Tilak Healthcare's newsletters, you can unsubscribe by clicking on a link available in each communication and/or newsletter that we send you. If you revoke your consent to automatic texting, you may not be able to use our Services such as receiving alerts generated by the Application.
2. EU Users
If you are a European user, you have the right to request a copy of your health information. We may charge you a reasonable, cost-based fee for this service. You have also the right to amend or rectify your health information if it is incomplete or incorrect. You can correct or add to any data provided by contacting Tilak Healthcare by email at supportUS@odysight.app or by contacting your physician/healthcare professional directly. You have the right to also request limitations to the processing of your personal information, object to the processing of your information, request that your personal data be erased from our system, and to exercise your right to data portability. Please note that Application functionality, Services and features can be affected by your actions. Some of your data and its processing is mandatory for Tilak Healthcare to provide the Services.

Your actions can oblige Tilak Healthcare to stop providing the Services. When the conditions below apply, we may no longer be able to provide you with access to the Application or Services:

  • If you withdraw your consent or ask for the deletion of your information. In such case, Tilak Healthcare will not use or process your information anymore but will store it to answer regulatory or police requests. Tilak Healthcare also reserves the right to retain an archive of such information for a commercially reasonable time to ensure that its deletion does not affect the integrity of Tilak Healthcare's data; and Tilak Healthcare further reserves the right to retain an anonymous version of such information.

  • If you request that we limit processing your information which is necessary for the Service or you object to such processing (in which case, Tilak Healthcare may not be able to provide you with the Services).

To preserve the confidentiality of your information, Tilak Healthcare must be sure to correctly identify you when you make these requests. For this reason, you will need to provide Tilak Healthcare with a copy of an official document that can prove your identity at the time you make a request. This copy will be safely destroyed within two months of your request being received and closed. Tilak Healthcare will look into your request and will answer you within one (1) month, unless your request requires further investigation. You'll be specifically informed if that is the case.
3. Minors
Tilak Healthcare encourages parents to instruct their children (in USA, generally users under the age of 18) about privacy and the way they use their information. Any disclosure of personal data shall be subject to parents' prior permission.
D. How we retain and protect data
Tilak Healthcare retains, uses and stores your data as long as you are using the Services, and also for the period necessary to fulfil the purposes described in this NPP, in compliance with applicable laws but in any event no more than one (1) year from the end of your access to the Application. A longer retention period may be required to resolve disputes or answer regulatory or police requests. In such cases, the collected data will be stored until the request is closed.

Tilak Healthcare uses a third-party hosting service to store your personal data. We maintain, and require our hosting service to maintain, reasonable security measures to safeguard your personal data from loss, interference, misuse, unauthorized disclosure, alteration and destruction. We also maintain reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete and current.

However, please remember that no transmission of data over the Internet or any wireless network can be guaranteed to be 100% secure. As a result, Tilak Healthcare cannot guarantee the security of your data and do not assume any responsibility for the unauthorized use of, or access to, your data that is under your or your physician's or healthcare professional's control.

If there is a breach of security involving your personal data from the Services, Tilak Healthcare will promptly inform you and take commercially reasonable steps to rectify such breach.

If you believe your personal data is being improperly used by Tilak Healthcare or any third party, please immediately notify us via email at dpo@tilakhealthcare.com.
E. Modifications to the notice of privacy policy
Tilak Healthcare reserves the right to change this NPP at any time. In the event that Tilak Healthcare makes material changes to this NPP, they will be re-posted in the "About" section of the Application with the date the modifications were made indicated on the top of the page.

Therefore, please review this NPP from time to time so that you are aware when any changes are made to it. Your continued use of the Services after such change(s) constitutes your acceptance of any such change(s), and if you do not accept any changes, you may choose not to use the Services or opt out by sending us appropriate notice. If you would like further information about any recent changes made, please send your request to supportUS@odysight.app.
F. Contact and complaints
If you have any questions, comments or concerns regarding the NPP and/or practices to protect your data, please contact Tilak Healthcare : Data Protection Officer, 74 rue du Faubourg Saint Antoine, 75012 Paris, France, Email: dpo@tilakhealthcare.com.

If we are subject to the Health Insurance Portability and Accountability Act ("HIPAA"), you may also contact the Secretary of the U.S. Department of Health and Human Services You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights. You can get information about filing a complaint with OCR at: https://www.hhs.gov/hipaa/filing-a-complaint/index.html. Under no circumstances will we take any retaliation against you for filing a complaint.

Tilak Healthcare reminds European users that they have a right to lodge a complaint with a European Data Protection Supervisor.
74 rue du Faubourg Saint Antoine 75012 Paris, France
+ 33 (0) 762271842
Copyright © 2020 Tilak Healthcare S.A.S All rights reserved.
Date of the last update of the site: August 19, 2021