Privacy Policy

LENSAR PRIVACY POLICY

LENSAR Inc. (referred to as “LENSAR”, “we”, “us” or “our“) is committed to protecting and respecting your privacy. This Privacy Statement tells you about your privacy rights and sets out how we, as a Data Controller, collect, use, process and disclose your personal data relating to your interactions with us via our websites or other communication means. If you utilize the LENSAR website, this privacy statement should be read in conjunction with our Cookie policy (See http://lensar.com/privacy.php#cookie-policy). This policy covers all of the European Union (EU), the European Economic Area (EEA) and states in the United States with data privacy laws in effect and applicable to LENSAR such as California. LENSAR does not buy, sell or share personal information nor does it derive annual income from selling personal information. This exempts LENSAR from Data Privacy Regulations in Colorado, Virginia, Utah and Connecticut.

Please read the following carefully to understand our use of your personal data. 

1. Information we may collect from you

“Personal data” under Data Protection Law (including the EU General Data Protection Regulation 2016/679 (GDPR), the EU Privacy and Electronic Communications Directive 2002/58/EC, and all national implementing legislation) means any information about an individual from which that person can be identified.  

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) define “personal data” as information that identifies, relates to or could reasonably be linked to a person or household including name, social security number, email address, records of products purchased, internet browsing history, geolocation data, fingerprints, and inference from personal information that could create a profile about preferences and characteristics. It does not include publicly available information from federal, state or local government records, such as professional licenses and public real estate/property records.

You can use our Site without being required to provide any personal data to us.  We only collect personal data about you on the Site which you volunteer when you email us, by using our online forms, in order to deliver a service or product to you, or to send you newsletters or other information. In addition to the information you provide to us, we collect certain information when you visit our Site. This and other information may be supplied outside of our website through normal communication methods but the information is processed and protected in the same manner.

Depending on the nature of your use of the LENSAR website, we may collect and process the following categories of personal data about you when you access/utilize our website or communicate through other means:

Identity Data – We receive personal data from you i.e., name, date of birth, and title 

Contact Data – We receive mailing/billing address, email address, and telephone numbers.

Financial Data – We receive bank name, bank account routing number/account number, bank address, payment amounts. 

Transaction Data – We receive payment amounts, invoice numbers, along with the details of the products/services purchased.

Technical Data including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this Site.

Profile Data including your username, job title, practice name/company, industry memberships purchases or orders made by you, your interests, preferences, feedback, and survey responses.

Usage Data including information about how website users use our website, products, and services.

Marketing and Communications Data including your preferences in receiving marketing materials from us and our third parties and your communication preferences.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences via the website. If you use the website to apply for employment, only the personal information required by law or as required for hiring purposes is collected.

If you do not provide the requested information, we will not be able to deliver our services or products to you or respond to you. If you wish to stop further email contact, click on “Unsubscribe” at the bottom of emails sent you from LENSAR.

2. How we use personal data we collect 

We will only use your personal data for the purposes and legal/regulatory bases set out in the table below. 

Purpose(s) for Processing

Legal Basis for Processing

To register and create an account on our website and provide you with customer services 

  • The processing is necessary to enter and perform our contract with you

To manage our relationship with you, including processing your order and delivering the requested product, materials, or service to you

  • The processing is necessary to perform our contract with you and to comply with our regulatory and legal obligations, including tax and accounting rules.

To provide user training to doctors, nurses, laser techs, etc., and create records for training.

  • Provision of user training and creation of training records is required for regulatory compliance.

For the prevention and detection of fraud, money laundering or other crimes

  • The processing is necessary for us to comply with legal and regulatory obligations

Sending invitation, notices, or other direct marketing electronic communications

  • The processing is necessary to perform our contract with you to the extent you have subscribed to such marketing information, 
  • You have provided your consent to receipt of direct marketing communications – which can be withdrawn at any time 
  • It is in our legitimate business interests to send customers information about similar products or services – you have the right to object/withdraw such communications at any time

To customise your experience on the Site, or to serve your specific content that is relevant to you

  • The processing is necessary to support our legitimate interests in managing our business (to define types of customers for our products and services, to keep our Site updated and relevant, to develop our business and to inform regarding our marketing strategy) provided such interests are not overridden by your interests and rights

To manage business accounts including banking information/funds (distributors and suppliers only)

  • The processing is necessary to manage the transfer of payments and receipts of funds for products and/or services requested by you or LENSAR.

To provide a mechanism for capturing information on potential job candidates

  • The process is necessary to identify top candidates, perform credit and criminal background checks and initiate the hiring and onboarding process.

The data collected will only be stored as necessary or needed for the purposes of providing access to our Site and providing services to you, as required by law, for the exercise or defense of legal claims and according or LENSAR record retention policies whichever is longer. Financial type data is typically required to be kept for 6-8 years. Certain sales and distribution and training records for 10 years after the last system was sold. Marketing information will be kept as long as needed or deletion is requested by the client. 

3. Disclosure of your information

We may disclose your personal data to third parties who provide a service to us, including our Internet Service Provider who records data on our behalf and is bound by confidentiality provisions, or in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets or if we are under a duty to disclose or share your personal data in order to comply with any legal/regulatory obligation, or where necessary for our legitimate business interests to protect the rights, property, or safety of LENSAR Inc., our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction. We do not sell the personal data we collect and provide to third parties, nor do we transfer personal data for other than business purposes. Therefore, there is no need for OPT OUT provisions in this policy. Additionally, LENSAR does not collect information from persons under the age of 18. 

EU Residents: The transmission of information via the Internet is not completely secure and may involve the transfer of personal data to a third party outside of the European Economic Area (EEA) including online email communication platforms such as Mail Chimp as well as industry related publications. To the extent that it is necessary to transfer your personal data outside of the EEA, we will ensure appropriate safeguards are in place to protect the privacy and integrity of such personal data including utilization of Secure Sockets Layer encryption and/or transfer certain User Information in a non-human readable format to provide protection. Please contact us if you wish to obtain information concerning such safeguards (see Contact Us below).

4. Links to other sites

Our Site may, from time to time, contain links to and from other websites. These links will take you to websites where 3rd parties will process your information on behalf of LENSAR including credit and background checks as applicable. LENSAR does not control or manage 3rd party sites. If you follow a link to any of those websites, please note that those websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check those policies before you submit any personal data to those websites.

5. Your rights under GDPR (EU customers only)

You have the right to request access to, rectification, or erasure of your personal data, or restriction of processing or object to processing of your personal data, as well as the right to data portability. The following is a summary of your rights:

  • The right of access enables you to request and receive a copy of your personal data. 
  • The right to rectification enables you to correct and update any inaccurate or incomplete personal data we hold about you.
  • The right to erasure enables you to ask us to delete your personal data in certain circumstances, including where:
    • It is no longer necessary for us to process your personal data;
    • You consider the personal data is being unlawfully processed;
    • You withdraw your consent (where the processing is based on consent);
    • You object to the processing and there are no overriding legitimate grounds justifying the processing; or
    • The personal data have to be erased to comply with a legal obligation.

We may refuse your request if the processing is necessary to comply with a legal/regulatory obligation or for the establishment, exercise or defense of legal claims. We will not comply with your request if we are unable to confirm your identity.

  • The right to restrict processing enables you to ask us to halt the processing of your personal data in certain circumstances, including where:
    • You contest the accuracy of your personal data; 
    • You consider the processing is unlawful, but you do not want your personal data erased;
    • We no longer need the personal data but you require it for the establishment, exercise or defense of legal claims; or
    • You have objected to the processing, and verification as to our overriding legitimate interests is pending. 

We may continue to process your personal data:

    • Where we have your consent to do so;
    • For the establishment, exercise or defense of legal claims; 
    • Where regulatory agencies require us to do so;
    • The processing is necessary to protect the rights of other individuals or legal persons; or
    • For important public interest reasons.
  • The right to object enables you to object to us processing your personal data on the basis of our legitimate interests (or those of a third party).  We will stop such processing unless we can demonstrate compelling legitimate grounds for the processing which override your interests, or the processing is necessary for the establishment, exercise or defense of legal claims. This would apply to regulatory agency requirements as well. You also have the right to object to us processing your personal data for direct marketing purposes. 
  • The right to data portability enables you to request us to transmit personal data that you have provided to us, to a third party without hindrance, or to give you a copy of it so that you can transmit it to a third party, where technically feasible. The right only applies where:
    • The processing is carried out by automated means; and
    • The processing is based on your consent or for the performance of a contract with you.
  • The right not to be subject to a decision based on automated processing including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

You have the right to lodge a complaint with the Data Protection Authority, in particular in the Member State of your residence, place of work or place of an alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

If you wish to exercise any of these rights, please contact us (see Contact Us below). We will respond to your request within one month. That period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request. We may request proof of identification to verify your request. We have the right to refuse your request for the reasons set out above, or if it is manifestly unfounded or excessive, or to the extent necessary for important objectives of public interest.

Your Rights Under California CCPA/CPRA: 

  • Right to know and have access to personal information collected as described in this policy. Current and potential customers using the LENSAR website have the right to request the personal information that has been collected from their interaction with the website as described in the “Contact Us” section below. 
  • Right to Know What Personal Information is Sold or Shared and to Whom. LENSAR does not sell or disclose personal information collected.
  • Right to request deletion of personal  information collected about you on the LENSAR website as described in the “Contact Us” section below.
  • Right to Opt Out of Sale or Sharing of Personal Information. By signing up for marketing materials, you are formally “OPTING IN” to the collection of the indicated personal data.  Since we do not sell or share your data, there is no need for a provision to OPT OUT of selling your data. Failure to provide your personal data prevents us from providing information about LENSAR products or providing services to you via this website. If you decide not to allow LENSAR to process your data, we will be unable to provide you with the services offered
  • Right of No Retaliation Following Opt Out or Exercise of Other Rights. LENSAR will not fail to provide any special offers or discounts to those current and potential customers wishing not to utilize LENSAR’s website for product information.
  • Right to Correct Inaccurate Personal Information. You have the right to request your personal information be corrected should you identify errors in the personal information collected.
  • Right to Limit Use and Disclosure of Sensitive Personal Information. LENSAR does not collect sensitive personal information.
  • Right to have personal information collected subject to data minimization and purpose limitations.
  • Right not to be subject to fully automated decisions and profiling. LENSAR does not use automated processing in the personal information about you that would be subject to fully automated processing. The information collected would be used to direct marketing information to you regarding LENSAR products. However, LENSAR may use personal data collected and analyzed by 3rd parties to initiate marketing contacts with you.

Refer to the Contact Us section below for instructions on how to submit your request. Your request will be acknowledged within 10 business days and we will respond within 45 days provided the consumer can be properly verified. If LENSAR is unable to fulfill the request within 45 days, you will be notified on planned completion timeframes.

6. Security and where we store your personal data

Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal data is at your own risk. Once we receive your personal data, we use appropriate security measures to seek to prevent unauthorized access or disclosure.

We are committed to protecting the security of your personal data. We use a variety of security technologies including, but not limited to data encryption/pseudonymisation of personal data, periodic tests, assessments, evaluations and backups of our data management systems along with procedures and training to help protect your personal data from unauthorized access and use. As effective as modern security practices are, no physical or electronic security system is entirely secure. We cannot guarantee the complete security of our database, nor can we guarantee that information you supply will not be intercepted while being transmitted to us over the Internet. We have implemented strict internal guidelines to ensure that your privacy is safeguarded at every level of our organization. We will continue to revise policies and implement additional security features as new technologies become available. Where we have given you a password which enables you to access certain parts of our Site, you are responsible for keeping that password confidential. We ask you not to share your password with anyone.

7. Changes to this Privacy Statement

We reserve the right to change this Privacy Statement from time to time at our sole discretion. If we make any changes, we will post those changes here and update the “Last Updated” date at the bottom of this Privacy Statement.  However, if we make material changes to this Privacy Statement, we will notify you by means of a prominent notice on the Site prior to the change becoming effective.  Please review this Privacy Statement periodically for updates.

8. Contact Us

Questions, comments, requests and complaints regarding this Privacy Statement and the personal data we hold are welcome and should be addressed to secretary@lensar.com or sent in writing to LENSAR, Inc. 2800 Discovery Drive, Suite 100, Orlando, Florida 32826 ATTN: Data Protection Officer  

To make a request to view, correct, update or delete the personal information LENSAR has collected from you, please complete the Consumer Access Request form attached and submit via mail or email to the addresses above. You may also contact us by phone to make a request at 888-536-7271. In order for LENSAR to fulfill your requests regarding collected personal information, please include the following: name, email address, physical address and phone number. We will verify your identity against the information we have on file. We will then contact you using the information we have on file to confirm your identity. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. If we can verify your identity, we will deal with your request promptly and efficiently within the required timelines for your location. Please note, in some cases we may be unable to delete your information in order to meet legal or regulatory requirements. If we cannot fulfill your requests for these reasons, we will provide you with justification. We have not disclosed the personal data we collect to third parties except for business and legal purposes.

Last Updated: April 14, 2023

COOKIE POLICY: By using or accessing this Website, you are consenting to LENSAR’s use of cookies as follows:

This policy helps to explain when and why cookies may be sent to visitors of the Website.  “Cookies” are text-only pieces of information that the Website transfers to an individual’s hard drive or other website-browsing equipment for record-keeping purposes.  Cookies allow the Website to remember important information that may make your use of the site more convenient.  A cookie will typically contain the name of the domain from which the cookie originated, the life span of the cookie, and a randomly generated unique number or value.  We use cookies for the following purposes:

  • Analytical purposes: We use cookies from third-party partner Google® Analytics to analyze user activity in order to improve the Website.  Visit the Google site to see how Google uses data on partner sites.

Website users who do not want their data collected by Google Analytics can install the Google Analytics opt-out browser add-on.  This add-on prevents the Google Analytics JavaScript® running on the Website from sending information to Google Analytics.

To opt-out of Google Analytics for the web, visit the Google Analytics opt-out page and install the add-on for your browser. 

50-00183-000 (B) LENSAR Site Privacy Policy

© 2023 LENSAR, Inc. All rights reserved. LENSAR, the LENSAR logo, Streamline, IntelliAxis, IntelliAxis Refractive Capsulorhexis, ALLY Adaptive Cataract Treatment System, and the ALLY Adaptive Cataract Treatment System logo are registered trademarks and the LENSAR Cataract Laser with Augmented Reality logo, Intelligent Incisions, Augmented Reality, and Adaptive Intelligence are trademarks of LENSAR, Inc. All other trademarks are their owners. 50-00503-000 Rev. A 11/23