Last Updated May 25, 2018VCSTest.com (hereafter referred to as “VCSTest.com”, “we”, “us”, or “our”) works hard to provide an exceptional experience to users of its website, test, and other product or service offerings (collectively referred to herein as the “Services”).
VCSTest.com is committed to helping you understand and improve your health, but we also know that you care about your privacy and we want to make sure you understand how we collect, use, and safeguard your information.
Table of Contents
- Acceptance of Terms & Consent
- Information We Collect
- How We Use Information
- Disclosure of Information
- General Data Protection Rule
- HIPAA Compliance
- Information Security
- Reviewing, Revising, and Deleting your Account Information
- Data Retention
- Opting Out
- Children and Privacy
Your use of the Site and our Communications Services following the posting of any revised policy means you accept the new policy. In the event that you decline to accept any changes we make, you will still have the right to receive a copy of the information we’ve collected that’s associated with your account, and the right to delete your account in its entirety.
Information We CollectWhile you can browse our Site and read or make use of some of its content without providing any identifying information to us, you must provide some information in order to create an account, take a test, make a donation or purchase, or generally to take advantage of most our Services.
When you access VCSTest.com, we collect the following types of information:
Information you provide to us:
When you register an account with us, we request, at minimum, your email address and ask you to set a password; this information is used to provide any service we offer, which you, by virtue of using the Site, are requesting. We may also ask for information regarding your location, birthdate/age, sex, and other demographic information; providing this information is optional, as it’s only intended to guide and inform any tests and test results we might offer to you, to help us understand our users, and to advance any research we might conduct ourselves or with a third party. We may also request information on the healthcare provider, if any, who referred you to the Site; this information is generally used only to provide your test results to them, but may be used in other ways – which may vary per healthcare provider – as described on our registration form. We consider any information that personally identifies you, such as your name, email address or mailing information, and other data that is linked to such information, to be personal information ("Personal Information", or "PI").
When donating to or purchasing from us, we may receive or collect payment information like limited credit or debit card information (as may be provided to us by our payment processors) and general transactional information related to the donation or purchase, including but not limited to information on the amount of the transaction, from where on the Site the transaction was initiated, and any goods or services you may receive. Credit, debit, and/or account information necessary for any transaction with us is handled entirely by our third-party payment processors, which meet or exceed PCI-DSS requirements for payment information safety. As a result, we never have access to your payment details beyond either the PayPal email address used to make the payment, or the type, expiration date, and last 4 digits of the payment card used.
We may enable you to provide ratings and reviews (a "Review" or "Reviews") of products or services we offer, and products and services offered by others, including services provided by healthcare providers. This information may include ratings (for instance, a point or star rating) and detailed reviews, including personal experiences, opinions, and feelings. Your submission of information in a Review could, if you include such information, reveal your email address, location, and certain other information about you; when you submit a Review, this information will become publicly available and may be seen, collected, and used by others. While we can delete your reviews at your request, once information has been made public it generally cannot be made private again (the Internet never forgets). Therefore, you should exercise caution when deciding to submit Reviews, and you should not include any information in a Review that you do not want to be seen by others.
Generally, you will be aware of what information you provide to us and can actively choose what to share and what not to share. While we securely store and process your information (as described below), as a matter of policy, we highly recommend that you consider minimizing the information you share with others, generally.
When we require certain information to be able to provide products or services to you (for instance, a shipping address so that we can ship a purchase to you), we’ll clearly indicate that the information is required at the time we request it, and you’ll generally be unable to proceed without providing it.
Other information we collect:
When you visit our Site or interact with us via the Communications Services, we may collect information about the interaction and about the device you’re using, whether a computer, mobile phone, or other device; such information includes, but isn’t limited to, the platform, operating system, Internet protocol (IP) address and IP-associated location data, web browser and web browser version, time zone settings, browser plug-in types and versions, the pages, documents, services, or other resources you access or use, including any links you may click, any cookies we set in your browser (to the extent you allow cookies to be set) that may be sent back to us, any searches you might make on our Site, any error or other status or service messages you might encounter, browser referrer data, and other related information that may help us determine the percentage of people coming from various online gateways, search engines, or other sites.
If you speak with us on the telephone, our telephony system collects metadata, like the telephone number and time and date of the call, and that information is stored as a call detail record (“CDR”). We may also record, transcribe, and retain the content of any telephone calls with us, but we’ll only do this after informing you that the call is being recorded. Any recorded calls or transcripts may be used to inform future interactions with you and to improve the quality of the service we offer.
If you make use of our live chat service, we collect and retain information on that interaction, including metadata like the time and date of the interaction, and a complete transcript. Transcripts retained may be used to inform future interactions with you so that we can provide the best possible service.
How We Use InformationThe information we collect about you is generally used only when necessary to provide the products or services you request; more specifically, we may use information that we collect about you to:
- Create an account for you on the Site when you request that we do so;
- Provide requested products, services, and information, including contrast sensitivity or other tests;
- Fulfill any order you may place with us;
- Email or fax results of tests you take with us;
- Email receipts for donations or purchases;
- Email account-related information;
- Recognize you and welcome you back to the Site;
- Personalize your experience with us;
- Respond to your inquiries;
- Optimize, improve, and debug the Site;
From time to time, we perform statistical analyses of the users and uses of the Site to improve its content, design and navigation. In these cases, we use anonymized, aggregate, or statistical data that cannot be used to identify you.
Disclosure of InformationUnder no circumstances will we share information collected from you with any other party, except that, for specific projects or functions, we may work with outside service providers, such as technology service providers, payment processors, or design and marketing firms. For example, we may retain an outside company to help us with research or to manage our user database, to send direct mail, to send email messages, or to provide telephony or live chat services. The information we provide to third-parties for such purposes may include your name, address, email address, Site usage, donation or purchase history, and other like information which will help us provide the Services and target our communications. We may also provide some anonymous information about donations or purchases to third-party companies that assist us with marketing and promoting the Site and its offerings. Before sharing any information with any third party for any business purpose, we ensure that your information and privacy will be protected by the third party in, at minimum, the same ways and to the same degree as by VCSTest.com.
We may participate in partnerships with trusted organizations that we believe offer products or services that our users may be interested in and might benefit from. We may also enter into a co-branding relationship with other companies or organizations. At times, we may communicate with our users on behalf of that organization and users may be directed to a partner website to learn about their services or offerings. In these cases, both VCSTest.com and the partner organization may receive Personal Information you provide, but VCSTest.com will never share your Personal Information with these partner or affiliate organizations. You will only receive information about these partnerships and related promotions directly from us or from the third party companies that assist us.
General Data Protection RuleVCSTest.com is a United States-based entity controlled and operated by United States persons using servers, infrastructure, and third-party services located and operated within the United States; all information we collect is stored on our United States-based servers and infrastructure, and to our knowledge, none of the third party service providers we use store or process our information elsewhere. While we recognize that the Internet may connect anyone anywhere in the world with our infrastructure and allow them to use our Services, and we and our third party payment processor support financial transactions in every major currency as a convenience to our users, we do not target users in any particular country, we have no physical nexus with the European Union or any of its constituent member nations (collectively, the “EU”), and we have neither signed onto nor accepted any treaty, agreement, or international rule, regulation, or law that gives the EU or any other nation or group of nations either the right to regulate or legal jurisdiction over VCSTest.com or its operations.
While we appreciate and fully support the intentions and goals of the Regulation (EU) 2016/679, General Data Protection Rule (“GDPR”) – and we currently do and always have fully met or exceeded all requirements imposed thereunder on those who collect and process personal information – we categorically reject what we consider an authoritarian overreach by unelected EU regulators who apparently believe they have worldwide jurisdiction over those they intend to control without obtaining their consent.
Information SecurityVCSTest.com uses a variety of security-related systems and technologies, including Secure Sockets Layer (“SSL”), to manage and control access to information, and to prevent that information from being accessed by unauthorized parties. Further, we segment and pseudonymize personal and health-related information by storing it in separate database tables linked only by indirect identifiers.
Unfortunately, however, no computer system or Internet transmission can be considered completely secure, and while we use best efforts to protect your Personal Information, we cannot guarantee the security of any information stored on, or transmitted to or from the Site; accordingly, you transmit information to and use the Site at your own risk. We expressly disclaim liability for any theft, loss, interception of, or any unauthorized access or damage to any data or communications. By using the Site, you acknowledge that you understand and agree to assume these risks.
Anyone with access to the email address and password you use to create an account with us will have access to the Personal Information you have provided to us. Your password should be kept in a safe place and should not be shared with anyone. Always sign out from your account and close your browser window or tab when you have finished your visit to the Site; this ensures that others cannot access your account.
You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of the Site by any person or entity using your password, whether or not such access or use has been authorized by you.
Reviewing, Revising, and Deleting your Account InformationYou may, at any time, receive from us a copy of all of the information associated with your account on the Site. You can do this by visiting your Account Settings and clicking the "Download Data" button. You may also request a copy of the information associated with your account with us by contacting us via email at firstname.lastname@example.org.
You may review and make changes to the Personal Information that is associated with your account on the Site by visiting your Account Settings and making the appropriate changes directly. You may also email us at email@example.com if you’d like us to make changes for you.
You may delete your account in its entirety by either clicking the "Delete Account" button under your Account Settings, or by contacting us via email at firstname.lastname@example.org.
Data RetentionWe retain your Personal Information for as long as you have an active account with us. If you delete your account or otherwise inform us that you no longer wish for us to keep your Personal Information, consistent with industry standards, your information will be removed from our systems as soon as practical within the following schedule:
- Personal Information stored in our online, federated database, including your email address, name, and any other information you’ve provided to us will generally be removed within an hour of your request if the request is made during our normal business hours, but at most within seven (7) days;
- Personal Information shared with third parties who provide services to us (e.g., an email service provider) will be deleted within forty-five (45) days;
- Nearline backups which may contain your Personal Information will be deleted within seven (7) days of your request;
- Backups of parts of our server infrastructure which may contain your Personal Information will be deleted within fourteen (14) days of your request; and,
- Offline backups which may contain your Personal Information will be deleted within sixty (60) days of your request.
Opting OutWe understand that despite the guarantees and protections offered in this Policy, you may choose not to receive communications from us.
You may opt out of receiving emails, including test retake reminder emails, telephone calls, or SMS messages, marketing and promotional emails, newsletters, or other information we may send directly or through or with a partner or third party. To opt out of these communications, visit your Account Settings and change your preferences.
Note that even if you opt out, you will continue to receive some account-related, transactional, and informational emails (e.g., notices of policy changes, password reset emails, donation or purchase confirmations) from us regardless of your account settings for as long as you maintain an account with us.
Children and PrivacyThe Site is intended to be used by adults over the age of 18. We will never request, store, or process Personal Information from anyone under the age of 18 without parental consent. By using the Site, you represent and warrant that you are at least 18 years old, or that you have parental consent to use the Site.
If we become aware that a user is under the age of 18 and has registered or used the Site without parental consent, we will deactivate his or her account and remove any Personal Information from our systems.
QuestionsIf you have any questions or need additional information, please contact us in writing by emailing us at email@example.com. Please allow several days for a response.