Privacy Notice for Washington Residents

Categories of Consumer Health Data We Collect

We only collect consumer health data from you as necessary to provide a product or service that you have requested from us or with your consent to such collection for a specified purpose.

Examples of consumer health data we may collect from you either at a Visionworks location, or on our website, may include:

• Information about your health-related conditions, disease, symptoms, status, diagnoses, testing, or treatments (including surgeries, procedures, medications, or other interventions).
• Social, psychological, behavioral, and medical interventions.
• Use or purchase of prescribed medication.
• Bodily functions, vital signs, symptoms or measurements.
• Biometric data which may include facial mages, or images of your likeness captured by security cameras when you enter our stores and voice recordings if you call a Visionworks location.
• Precise location information that could reasonably indicate your attempt to acquire or receive health services, products or information (if you have location settings turned on).
• Information that identifies a consumer seeking health care services.
• Inferences or derived information based on the information listed above that we collect about you.

Categories of Sources of Consumer Health Data

We may collect consumer health data directly from you, from your interactions with our products and services either online or in one of our retail locations, from third parties and our affiliates, and from publicly available sources.

Why We Collect Consumer Health Data and How we Use it

We collect and use consumer health data as reasonably necessary to provide you with the products or services you have requested or authorized. This may include:

• Providing our products and services to you, to communicate with you about your use of our products and services, to provide you with information about our products and services including information about vision care or health-related services, to provide you with resources and benefits that will help you to manage your heath, personalization of certain product features, ensuring the secure and reliable operation of the products and the systems that support them, troubleshooting and improving the products and other essential business operations that support the provision of the products or services (such as processing your payments, completing transactions you request, analyzing our performance).
• To authenticate or confirm your identity.
• To conduct research and development by administering surveys and questionnaires.
• To protect the services and our business operations, to protect our rights or those of our stakeholders, to prevent and detect fraud, unauthorized activities and access, and other misuse, to conduct risk and security control and monitoring, where we believe necessary, to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety or legal rights of any person or third party, or violations of our Terms of Use as well as any additional terms specific to the Visionworks websites.
• To comply with the law and our legal obligations.
• To consider and implement mergers, acquisitions, reorganizations, and other business transactions, and where necessary to the administration of our general business, accounting, recordkeeping, and legal functions.
• We may use consumer health data for other purposes for which we obtain your consent as required by law, for example, for advertising or marketing purposes.

Categories of Third Parties and Affiliates with Whom We May Share Consumer Health Data

We may share each of the categories of consumer health data described above to a third party or affiliate when such sharing is for the purpose of providing you with the goods or services you have requested or with your consent.

Affiliates.

We may share consumer health data with our parent company Vision Service Plan (“VSP”) or any of our affiliated companies and any successors thereto in the normal course of our vision care operations, and to communicate with you about your vision care benefits if you are a VSP member. In this regard, you consumer health data may be shared with one of our affiliates for use in providing a service to you.

Vendors and service providers.

We may share consumer health data with vendors and service providers that process such information as necessary to provide the products and services you have requested, perform services for us in connection with the Visionworks websites, or our other business operations necessary for the provision of products and services to you.

Legal and similar disclosures.

We may share consumer health data with law enforcement, the courts, our advisors, attorneys, and others who participate in the legal process, if we believe doing so is required or appropriate to comply with legal requirements and law enforcement requests (such as a court order or subpoena); comply with legal process (such as discovery); or protect your, our, or others’ rights, property, or safety.

Merger, sale, or other asset transfers.

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your consumer health data may be shared with the other parties and advisors involved under an obligation of confidentiality in connection with the negotiation of such transaction, and your consumer health data may be transferred as part of such a transaction (subject to compliance with applicable laws) in order to continue to provide you with the goods or services you have requested.

Your Privacy Rights

If you are a Washington resident and we collect, use or share your consumer health data subject to the MHMDA, you may have the following rights, subject to certain exceptions set forth in the MHMDA.

• Right to access – you have the right to know whether we are collecting or sharing your consumer health data, to access that consumer health data, including receiving a list of all third parties and affiliates and their contact information with whom we may have shared your consumer health data.
• Right to delete – you have the right to request that we delete certain consumer health data that we may have collected about you.
• Right to withdraw consent – you make revoke any consent to the collection or sharing of your consumer health data, that you may have provided to us, subject to certain exceptions.

How to Exercise Your Privacy Rights

You can make a request to exercise your right to access, deletion, or withdrawal of consent by submitting the web form here. Please be aware that we will need to confirm your identity to process your request. We will only use the information you provide in order to verify your identity or authority to make the request. Making a verifiable request does not require you to create an account with us. We will provide responses to up to two requests per consumer annually, free of charge.

How to Submit an Appeal

If your request to exercise a right under the MHMDA is denied, you may appeal that decision by contacting us by emailing privacy@vsp.com. We will respond to your appeal in writing within 45 days of our receipt of your appeal. If your appeal is unsuccessful, you may contact the Washington State Attorney General at www.atg.wa.gov/file-complaint.