PRIVACY NOTICE
This Privacy Notice has been updated as of May 2024.
We at the Executive Optical Inc. (the “Company”) are committed in providing you with quality eye care products and services while implementing safeguards to protect your privacy and keep your personal data safe and secure. We prioritize the responsible processing of your personal data, in accordance with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and related issuances (“Data Privacy Laws”) of the National Privacy Commission (“the Commission” or “NPC”).
PERSONAL DATA COLLECTED, PURPOSE AND MANNER OF COLLECTION
This Notice covers our online collection of data done through this website, and our official accounts with third-party platforms, networks, and applications.
This likewise covers our offline collection of data using our manual forms.
PATIENTS AND CUSTOMERS
We will collect your personal data when you open your online account. To facilitate your membership application and to process your future online transactions, discounts, claims and refunds, we need to collect the following information:
- Name;
- E-mail address;
- Contact number;
- Address; and
- Order History.
We will also collect the following personal data for all transactions done manually, or using our official accounts in Grab Mart, Pickaroo, Zalora, Shopee, Lazada, and in social media platforms like Facebook, Instagram, TikTok and Viber):
- Name;
- Contact Number; and
- Delivery Address.
For patient’s assessment, we may collect the following information to ensure that you get proper prescription from our optometrist:
- Name; Address;
- Birthdate;
- Contact number;
- Senior Citizen (SC) ID or Personal with Disability (PWD) ID; and
- Health record or prescription from your ophthalmologist, if any.
For other customer-related concerns raised using Contact Us or live chat, we will be asking for your: Name; E-mail address; and Other relevant data to give you full customer experience.
With your consent, we may also collect your email address and phone number to send you updates about promotions, new products, and other marketing materials. You will always have the option to opt-in or opt-out of receiving these communications. We will provide clear instructions for unsubscribing in every marketing email or message.
VIRTUAL TRY-ON
The virtual try-on feature is powered by Fitting Monster™. You may check their privacy policy here.
APPLICANTS
We will collect your personal data when you apply through the Careers page or our social media platform on LinkedIn and Jobstreet. To process your employment application and other human resource-related transaction, we need to collect the following:
- Name;
- E-mail address;
- Contact information; and
- Other information in your Curriculum Vitae.
We may further collect information relevant to your application or employment with the Company.
CORPORATE PARTNERS
We will collect your personal data when you submit your application as a corporate partner in our website. We will collect your:
- Name; and
- E-mail Address.
We may likewise collect your contact number and other personal data relevant to your application.
PERSONAL DATA BELONGING TO ANOTHER INDIVIDUAL
If you disclose another individual’s personal data, you affirm that you have the proper authorization to share such information with us. You commit to taking sole responsibility for ensuring that the concerned individual comprehends, consents to, and accepts this Privacy Notice. EO assumes no liability for any privacy issues arising from your sharing of another person’s information with us.
COOKIES
We collect cookies to provide you with personalized content and services, enhancing your overall customer experience on our website. To learn more about our Cookie Policy, click here.
DISCLOSURE OF YOUR PERSONAL DATA
We may share and transfer your personal data to our affiliates, subsidiaries, service providers, agents, hospitals/clinics, or companies that are acting on behalf of the Company (“Associated Companies”), only for the following purposes:
- To process your orders and transactions; and
- To provide you with our latest offers and discounts.
No further use or disclosure of your personal information is being undertaken by our associated companies beyond the specified purposes. We will only disclose your data outside the scope of our purpose when such disclosure is allowed under Sections 12 or 13 of the Data Privacy Act.
DATA PROTECTION
We shall implement reasonable and appropriate organizational, physical, and technical security measures for the protection of personal data which we collected. The security measures shall aim to maintain the availability, integrity, and confidentiality of personal data and are intended for the protection of personal data against any accidental or unlawful destruction, alteration, and disclosure, as well as against any other unlawful processing. We restrict access to personal data, maintain technology products, conduct regular vulnerability assessments, and securely destroy personal data when no longer needed. We continually adapt our security measures in line with technological progress and developments.
STORAGE
The Company shall ensure that all the personal data it collects and uses are stored in secured storage facilities in order to avoid any unauthorized access or use to the same. Moreover, all collected and processed personal data will be stored in our data center located within the Philippines and/or on Cloud Computing Services – Amazon Web Services (AWS). To know more about how your personal data is stored and is being protected under AWS Cloud, you may click here.
RETENTION AND DISPOSAL
We will retain your Personal Data for a maximum of 10 years from your last visit to our store or transaction with us, unless a longer retention period is required under the applicable laws or regulations. After the retention period, the personal information will be securely disposed of using the following methods:
- Physical copies: Shredded within 6 months upon encoding in the database; and
- Electronic copies: deleted electronically
Should you have inquiries regarding the specific retention period of your data, you may contact our Privacy team with the contact details provided at the end of this Privacy Notice.
CONFIDENTIALITY
Only authorized agents/representatives are permitted and have access to the collected information who will treat any confidential information under strict confidentiality. In case of breach, the Company shall notify the data subject and inform the NPC in accordance with NPC Circular 16-03 or Personal Data Breach Management.
YOUR RIGHTS AS DATA SUBJECTS
You are entitled to the following rights:
- Right to be informed – You have the right to be informed that your personal data shall be, are being, or have been processed.
- Right to access – You have the right to gain reasonable access to your personal data, upon demand. You may request access to the following:
- Contents of your personal data that were processed;
- Sources from which your personal data were obtained;
- Purposes of processing;
- Names and addresses of the recipients of your data;
- Manner by which your data were processed;
- Reasons for the disclosure of your personal data to recipients;
- Information on automated processes where the data will or likely to be made as to the sole basis for any decision which would significantly affect you;
- Date when your data was last accessed and modified;
- Period for which particular categories of information will be stored; and
- The designation, or name and address of the Company’s data protection officer.
- Right to object – You have the right to object to the processing of your personal data where such is based on consent or legitimate interest.
This includes your right to object to the processing of your personal data for direct marketing, automated processing, or profiling.
You likewise have the right to be notified and be given an opportunity to withhold consent to the processing in case of changes to the information given to you regarding the processing of your information.
- Right to erasure or blocking – You have the right to request for the suspension, withdrawal, blocking, removal or destruction of your personal data from our system. You may exercise this right upon discovery and substantial proof of any of the following:
- Your personal data is incomplete, outdated, false, or unlawfully obtained;
- It is being used for purposes you did not authorize;
- The data is no longer necessary for the purposes for which they were collected;
- You decided to withdraw consent, or you object to its processing, and there is no overriding legal ground for its processing;
- The data concerns personal information prejudicial to the data subject — unless justified by freedom of speech, of expression, or of the press; or otherwise authorized;
- The processing is unlawful; or
- The Company violated your rights as a data subject.
- Right to damages – You may claim compensation if you suffered damages due to inaccurate, incomplete, outdated, false, unlawfully obtained, or unauthorized use of personal data, considering any violation of your rights and freedoms as the data subject.
- Right to file a complaint – You have the right to file a complaint with the NPC if your data privacy has been violated.
- Right to rectification – You have the right to dispute any inaccuracy or error in your personal data and have the Company correct it within a reasonable period of time, unless the request is vexatious or unreasonable.
- Right to data portability – Where your personal information is processed by electronic means and in a structured and commonly used format, you have the right to obtain from the Company a copy of your personal data. You may also exercise this right when the processing of your personal data is based on consent or contract.
To give you guidance on how you can exercise these rights, you may contact our Privacy team with the contact details provided at the end of this Privacy Notice.
WITHDRAWAL OF CONSENT
You can withdraw your consent by submitting a written notice. However, depending on the circumstances, nature, or extent, the withdrawal of consent may result in our inability to provide the required services to you. Any legal effect created before your consent is withdrawn shall stand and shall not be affected by your withdrawal.
If you wish to stop receiving marketing and promotional communications and newsletters, you may unsubscribe from receiving them at any time by following the instructions provided in each communication.
UPDATE AND REVISION
The Company reserves the right to update and revise this Privacy Notice at any time to align with our policies and procedures, and the Data Privacy Laws. Prior versions of the Privacy Notice will be kept by the Company and may be provided upon proper request.
CONTACT INFORMATION
For questions, comments, or concerns regarding this Privacy Notice, or our use of your personal information, you may contact us through:
Data Protection Officer
E-mail: dpo@eo-executiveoptical.com
Address 1: 11/F One Oculus Center, 2120 Don Chino Roces Ave., Pio Del Pilar, Makati City
Address 2: 6/F Cedar Executive Bldg. II, 26 Timog Ave. cor. Sct. Tobias St., Laging Handa, Quezon City