VCSTest.com Privacy Policy
Last Updated May 25, 2018
VCSTest.com (hereafter referred to as “VCSTest.com”, “we”, “us”, or “our”) works hard to provide an exceptional experience to users of its website, test, and other product or service offerings (collectively referred to herein as the “Services”).

VCSTest.com is committed to helping you understand and improve your health, but we also know that you care about your privacy and we want to make sure you understand how we collect, use, and safeguard your information.

Table of Contents
  1. Scope
  2. Acceptance of Terms & Consent
  3. Changes to this Privacy Policy
  4. Information We Collect
  5. How We Use Information
  6. Disclosure of Information
  7. General Data Protection Rule
  8. HIPAA Compliance
  9. Information Security
  10. Reviewing, Revising, and Deleting your Account Information
  11. Data Retention
  12. Opting Out
  13. Children and Privacy
  14. Questions
Scope
This Privacy Policy applies to information collected by VCSTest.com through its Internet websites (currently located at vcstest.com and any subdomains, such as www.vcstest.com) (collectively the "Site") and any associated sites or services.  It also applies to any face-to-face, phone, email, mail, and any and all other interactions you may have with us, including via any toll-free and direct telephone numbers, any email addresses, any SMS and voice messages, and any online chat or other communication tools we may make use of or offer.  Collectively, any and all methods or routes you may use to provide information to or communicate or interact with us, including via services provided to us by third parties, are referred to herein as "Communications Services".
Acceptance of Terms & Consent
By using the Site or our Communications Services, you agree to and accept this Privacy Policy and all of the terms and conditions it contains; you further consent to the use of any information we collect as outlined herein, or as permitted by applicable laws.

If you do not accept this Privacy Policy, you may not use the Site or our Services.
Changes to this Privacy Policy
VCSTest.com reserves the right to change, modify, and add or remove portions of this Privacy Policy at any time.  If this Privacy Policy changes in the future, we will immediately post the new policy on the Site with an updated modification date.  Please check for changes periodically.

When we make material changes, we will notify you of our revised Privacy Policy and ask you to accept the changes when you access your account; under some circumstances, we may also contact you directly via email about policy changes regardless of your email communications settings or preferences.

Your use of the Site and our Communications Services following the posting of any revised policy means you accept the new policy.  In the event that you decline to accept any changes we make, you will still have the right to receive a copy of the information we’ve collected that’s associated with your account, and the right to delete your account in its entirety.
Information We Collect
While you can browse our Site and read or make use of some of its content without providing any identifying information to us, you must provide some information in order to create an account, take a test, make a donation or purchase, or generally to take advantage of most our Services.

When you access VCSTest.com, we collect the following types of information:

Information you provide to us:
When you register an account with us, we request, at minimum, your email address and ask you to set a password; this information is used to provide any service we offer, which you, by virtue of using the Site, are requesting.  We may also ask for information regarding your location, birthdate/age, sex, and other demographic information; providing this information is optional, as it’s only intended to guide and inform any tests and test results we might offer to you, to help us understand our users, and to advance any research we might conduct ourselves or with a third party.  We may also request information on the healthcare provider, if any, who referred you to the Site; this information is generally used only to provide your test results to them, but may be used in other ways – which may vary per healthcare provider – as described on our registration form.  We consider any information that personally identifies you, such as your name, email address or mailing information, and other data that is linked to such information, to be personal information ("Personal Information", or "PI").

When you take any of the tests we offer, we necessarily collect information related to your health.  This may include information regarding your visual acuity and/or contrast sensitivity, any symptoms you may be experiencing, portions of your health history, previous diagnoses, your history with respect to environmental exposures, genetic information, and other related data, survey information, or health facts.  The health-related information we collect is used only to provide the services you request, and it will never be shared with a third party except as provided for in this Privacy Policy, or at your direction or with your consent.  This information may be linked to and correlated with your test results and results summaries to generate statistical information for research purposes.  It may also be made available anonymously and in aggregate either on the Site on its Statistics page (or on other pages) or to researchers for use as a part of medical or other research, the results of which will be made publicly available.

When donating to or purchasing from us, we may receive or collect payment information like limited credit or debit card information (as may be provided to us by our payment processors) and general transactional information related to the donation or purchase, including but not limited to information on the amount of the transaction, from where on the Site the transaction was initiated, and any goods or services you may receive.  Credit, debit, and/or account information necessary for any transaction with us is handled entirely by our third-party payment processors, which meet or exceed PCI-DSS requirements for payment information safety.  As a result, we never have access to your payment details beyond either the PayPal email address used to make the payment, or the type, expiration date, and last 4 digits of the payment card used.

We may enable you to provide ratings and reviews (a "Review" or "Reviews") of products or services we offer, and products and services offered by others, including services provided by healthcare providers.  This information may include ratings (for instance, a point or star rating) and detailed reviews, including personal experiences, opinions, and feelings.  Your submission of information in a Review could, if you include such information, reveal your email address, location, and certain other information about you; when you submit a Review, this information will become publicly available and may be seen, collected, and used by others.  While we can delete your reviews at your request, once information has been made public it generally cannot be made private again (the Internet never forgets).  Therefore, you should exercise caution when deciding to submit Reviews, and you should not include any information in a Review that you do not want to be seen by others.

Generally, you will be aware of what information you provide to us and can actively choose what to share and what not to share.  While we securely store and process your information (as described below), as a matter of policy, we highly recommend that you consider minimizing the information you share with others, generally.

When we require certain information to be able to provide products or services to you (for instance, a shipping address so that we can ship a purchase to you), we’ll clearly indicate that the information is required at the time we request it, and you’ll generally be unable to proceed without providing it.

Other information we collect:
When you visit our Site or interact with us via the Communications Services, we may collect information about the interaction and about the device you’re using, whether a computer, mobile phone, or other device; such information includes, but isn’t limited to, the platform, operating system, Internet protocol (IP) address and IP-associated location data, web browser and web browser version, time zone settings, browser plug-in types and versions, the pages, documents, services, or other resources you access or use, including any links you may click, any cookies we set in your browser (to the extent you allow cookies to be set) that may be sent back to us, any searches you might make on our Site, any error or other status or service messages you might encounter, browser referrer data, and other related information that may help us determine the percentage of people coming from various online gateways, search engines, or other sites.

The Site makes use of cookies, which are small data files stored on your computer by your web browser that allow us to customize portions of the Site to your preferences, to track your progress during tests, and are required to enable most functionality of the Site.  We use cookies to remind us of who you are, tailor your experience with us to you, and to ensure that only you have access to your account and other information you may have provided to us.  The cookie, by itself, doesn't provide or contain any Personal Information, such as your name or email address.  You can configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is set; however, setting your browser to reject cookies will prevent you from using features of the Site that require you to log in.

If you speak with us on the telephone, our telephony system collects metadata, like the telephone number and time and date of the call, and that information is stored as a call detail record (“CDR”).  We may also record, transcribe, and retain the content of any telephone calls with us, but we’ll only do this after informing you that the call is being recorded.  Any recorded calls or transcripts may be used to inform future interactions with you and to improve the quality of the service we offer.

If you make use of our live chat service, we collect and retain information on that interaction, including metadata like the time and date of the interaction, and a complete transcript.  Transcripts retained may be used to inform future interactions with you so that we can provide the best possible service.
How We Use Information
The information we collect about you is generally used only when necessary to provide the products or services you request; more specifically, we may use information that we collect about you to: Additionally, we use analytics software that relies on the information we collect to re-create and visualize your visits to the Site.  We may use such analytics data to make the Site easier and more enjoyable to use, to evaluate and monitor interest in our offerings, and to help us troubleshoot and resolve any problems you may encounter.  If you have provided us with Personal Information, Site usage and analytics information may be linked to your Personal Information, and we may use this information to contact you in order to address problems you may have experienced while using the Site.

From time to time, we perform statistical analyses of the users and uses of the Site to improve its content, design and navigation.  In these cases, we use anonymized, aggregate, or statistical data that cannot be used to identify you.

To the extent permitted by applicable law, and consistent with this Privacy Policy, including in accordance with your consent where required, we may use your email address to send you marketing communications that we believe may be of interest to you.  We may also send you offers, promotions, and information about new VCSTest.com services, offerings, or features.  If you do not wish to receive marketing or other emails from us, you may opt out at any time by visiting your Account Settings and making the appropriate changes, or by following the opt-out instructions included in the emails you no longer wish to receive.
Disclosure of Information
Under no circumstances will we share information collected from you with any other party, except that, for specific projects or functions, we may work with outside service providers, such as technology service providers, payment processors, or design and marketing firms.  For example, we may retain an outside company to help us with research or to manage our user database, to send direct mail, to send email messages, or to provide telephony or live chat services.  The information we provide to third-parties for such purposes may include your name, address, email address, Site usage, donation or purchase history, and other like information which will help us provide the Services and target our communications.  We may also provide some anonymous information about donations or purchases to third-party companies that assist us with marketing and promoting the Site and its offerings.  Before sharing any information with any third party for any business purpose, we ensure that your information and privacy will be protected by the third party in, at minimum, the same ways and to the same degree as by VCSTest.com.

We may participate in partnerships with trusted organizations that we believe offer products or services that our users may be interested in and might benefit from.  We may also enter into a co-branding relationship with other companies or organizations.  At times, we may communicate with our users on behalf of that organization and users may be directed to a partner website to learn about their services or offerings.  In these cases, both VCSTest.com and the partner organization may receive Personal Information you provide, but VCSTest.com will never share your Personal Information with these partner or affiliate organizations.  You will only receive information about these partnerships and related promotions directly from us or from the third party companies that assist us.

As VCSTest.com continues to grow, we might buy or merge with other businesses, or develop or sell subsidiaries or business units.  In such circumstances, user information could be a business asset transferred to another entity; however, all Personal Information will continue to be protected under the terms of this Privacy Policy, our Terms of Service, and any applicable laws.

The above notwithstanding, we promise not use or disclose your Personal Information except: (i) as described in this Privacy Policy and in our Terms of Service; (ii) after obtaining your permission for a specific use or disclosure; (iii) if it is necessary in order to protect you, us, or others from persons or entities who could or may be causing injury to you, to us, or to others (this includes exchanging information with other companies and organizations for fraud protection and credit risk reduction purposes); (iv) if we are required to do so in order to comply with any valid legal process or governmental request (such as a court order, search warrant, subpoena, civil discovery request, or statutory requirement); or, (v) as we otherwise believe is required by law.  In the event that we believe a disclosure is necessary under (iv) or (v), we will use commercially reasonable efforts to contact you before any disclosure is made so that you'll have an opportunity to address the matter yourself or through counsel.
General Data Protection Rule
VCSTest.com is a United States-based entity controlled and operated by United States persons using servers, infrastructure, and third-party services located and operated within the United States; all information we collect is stored on our United States-based servers and infrastructure, and to our knowledge, none of the third party service providers we use store or process our information elsewhere.  While we recognize that the Internet may connect anyone anywhere in the world with our infrastructure and allow them to use our Services, and we and our third party payment processor support financial transactions in every major currency as a convenience to our users, we do not target users in any particular country, we have no physical nexus with the European Union or any of its constituent member nations (collectively, the “EU”), and we have neither signed onto nor accepted any treaty, agreement, or international rule, regulation, or law that gives the EU or any other nation or group of nations either the right to regulate or legal jurisdiction over VCSTest.com or its operations.

While we appreciate and fully support the intentions and goals of the Regulation (EU) 2016/679, General Data Protection Rule (“GDPR”) – and we currently do and always have fully met or exceeded all requirements imposed thereunder on those who collect and process personal information – we categorically reject what we consider an authoritarian overreach by unelected EU regulators who apparently believe they have worldwide jurisdiction over those they intend to control without obtaining their consent.

If you are an EU person, by using VCSTest.com Services, you expressly acknowledge that VCSTest.com is not subject to the terms of the GDPR.  You further waive, disclaim, and relinquish any and all rights and privileges the GDPR may have conferred on you, or that you believe it should confer on you, and instead agree to accept and be bound entirely by this Privacy Policy with respect to the subject matter herein (which, again, meets or exceeds the requirements imposed on those who collect and process personal information under the GDPR).
HIPAA Compliance
As VCSTest.com is not a Healthcare Provider, a Health Plan, or a Clearinghouse, does not submit information to or bill insurance companies, and is not a Business Associate of any of the above, we are not a Covered Entity under the Health Insurance Portability and Accountability Act of 1996, as amended ("HIPAA", or the "Act"), and are not required to comply with the Act.  Nonetheless, we consider Personal Information private and confidential and will not disclose or use it other than as necessary to provide our services, as defined and described in our Terms of Service and this Privacy Policy.  Note: the otherwise undefined capitalized terms used above refer to terms defined in the Act, and carry the same definitions.

In the event that VCSTest.com is, in the future, determined to be or is otherwise considered a HIPAA Covered Entity, by using this Site you expressly and explicitly waive all rights, privileges, and protections granted, conveyed, or otherwise conferred on you by the Act.  VCSTest.com is bound only by its Terms of Service and this Privacy Policy.
Information Security
VCSTest.com uses a variety of security-related systems and technologies, including Secure Sockets Layer (“SSL”), to manage and control access to information, and to prevent that information from being accessed by unauthorized parties.  Further, we segment and pseudonymize personal and health-related information by storing it in separate database tables linked only by indirect identifiers.

Unfortunately, however, no computer system or Internet transmission can be considered completely secure, and while we use best efforts to protect your Personal Information, we cannot guarantee the security of any information stored on, or transmitted to or from the Site; accordingly, you transmit information to and use the Site at your own risk.  We expressly disclaim liability for any theft, loss, interception of, or any unauthorized access or damage to any data or communications.  By using the Site, you acknowledge that you understand and agree to assume these risks.

Anyone with access to the email address and password you use to create an account with us will have access to the Personal Information you have provided to us.  Your password should be kept in a safe place and should not be shared with anyone.  Always sign out from your account and close your browser window or tab when you have finished your visit to the Site; this ensures that others cannot access your account.

You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of the Site by any person or entity using your password, whether or not such access or use has been authorized by you.
Reviewing, Revising, and Deleting your Account Information
You may, at any time, receive from us a copy of all of the information associated with your account on the Site.  You can do this by visiting your Account Settings and clicking the "Download Data" button.  You may also request a copy of the information associated with your account with us by contacting us via email at support@vcstest.com.

You may review and make changes to the Personal Information that is associated with your account on the Site by visiting your Account Settings and making the appropriate changes directly.  You may also email us at support@vcstest.com if you’d like us to make changes for you.

You may delete your account in its entirety by either clicking the "Delete Account" button under your Account Settings, or by contacting us via email at support@vcstest.com.
Data Retention
We retain your Personal Information for as long as you have an active account with us.  If you delete your account or otherwise inform us that you no longer wish for us to keep your Personal Information, consistent with industry standards, your information will be removed from our systems as soon as practical within the following schedule: Note that all backups we make are generally inaccessible except under emergency circumstances, so your data cannot be restored after you request a deletion.
Opting Out
We understand that despite the guarantees and protections offered in this Policy, you may choose not to receive communications from us.

You may opt out of receiving emails, including test retake reminder emails, telephone calls, or SMS messages, marketing and promotional emails, newsletters, or other information we may send directly or through or with a partner or third party. To opt out of these communications, visit your Account Settings and change your preferences.

Note that even if you opt out, you will continue to receive some account-related, transactional, and informational emails (e.g., notices of policy changes, password reset emails, donation or purchase confirmations) from us regardless of your account settings for as long as you maintain an account with us.
Children and Privacy
The Site is intended to be used by adults over the age of 18.  We will never request, store, or process Personal Information from anyone under the age of 18 without parental consent.  By using the Site, you represent and warrant that you are at least 18 years old, or that you have parental consent to use the Site.

If we become aware that a user is under the age of 18 and has registered or used the Site without parental consent, we will deactivate his or her account and remove any Personal Information from our systems.
Questions
If you have any questions or need additional information, please contact us in writing by emailing us at privacy@vcstest.com.  Please allow several days for a response.