Privacy Policy

OCUWELL (“we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This privacy policy describes how we collect, use, and disclose personal information that we collect through our website, mobile applications, and other services (collectively, the “Services”). This policy also describes your choices regarding the use, access, and correction of your personal information.

What Information We Collect: we collect personal information from you when you use our Services, such as:

  • Contact Information: We may collect your name, email address, phone number, postal address, city, country and other contact information when you sign up for our Services, request information from us, or contact us.

  • Medical Information: We may collect information about your medical history, prescriptions, treatment plans, or other health-related information when you use our medical services or interact with our healthcare professionals.

  • Financial Information: We may collect your payment information, such as your credit card number or bank account information, when you make a payment for our Services.

  • Technical Information: We may collect information about your device or browser, such as your IP address, operating system, or browser type, when you use our Services.

  • Usage Information: We may collect information about your use of our Services, such as the pages you visit, the features you use, and the content you view.

We may combine personal information we collect from you with information we receive from other sources, such as public databases or social media platforms.

How We Collect Information: we collect personal information from you when you:

  • Create an account with us or use our Services

  • Request information from us or contact us

  • Make a payment for our Services

  • Submit a review or feedback

  • Participate in a survey or research study

  • Use social media features on our website or apps

We may also collect personal information from third-party sources, such as healthcare providers or insurance companies, with your consent.

How We Use Information: we use the personal information we collect from you to:

  • Provide our Services, such as medical treatment, billing, and customer support

  • Improve our Services, such as by analysing user behaviour or conducting research studies

  • Communicate with you about our Services, such as by sending newsletters or promotional emails

  • Comply with legal or regulatory requirements, such as responding to a subpoena or court order

We may also use personal information for other purposes, with your consent.

How We Share Information: we may share personal information with third-party service providers, such as payment processors or data analytics companies, that help us operate our Services. We may also share personal information with our affiliates or subsidiaries for business purposes.

We may disclose personal information if required by law or if we believe that disclosure is necessary to protect our rights, property, or safety or the rights, property, or safety of others.

We may also disclose personal information in connection with a merger, acquisition, or sale of all or a portion of our assets.

Security

We take the security of your personal information very seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, disclosure, or destruction.

Our security measures include:

  • Risk assessment: We regularly assess the risks to the confidentiality, integrity, and availability of your personal information, and take appropriate measures to mitigate those risks.

  • Access controls: We limit access to your personal information to authorised personnel who have a legitimate need to access it, and we use strong authentication mechanisms to ensure that only authorised personnel can access it.

  • Encryption: We use industry-standard encryption technologies to protect data in transit and at rest, including TLS encryption for data in transit and AES encryption for data at rest.

  • Incident management: We have an incident management process in place to detect, respond to, and recover from security incidents, and we regularly test our incident response plan to ensure its effectiveness.

  • Data backup and recovery: We regularly back up your personal information and maintain a data recovery plan to ensure that we can recover data in the event of a disaster.

  • Employee training: We provide regular training to our employees on data security best practices and make them aware of their roles and responsibilities in protecting personal information.

  • Regular security audits: We conduct regular security audits to ensure that our security measures are effective and to identify any areas for improvement.

Please note that no method of transmission over the internet or electronic storage is completely secure, and we cannot guarantee absolute security of your personal information. However, we continually monitor and update our security measures to ensure that your personal information is protected to the best of our abilities.

If you have reason to believe that your interaction with us is no longer secure, please immediately notify us of the problem by contacting us at security@ocuwell.com.

Cookies and Other Tracking Technologies

We may use cookies, web beacons, and other tracking technologies to collect information about your use of our Services. Cookies are small text files that are stored on your device by a website. Web beacons are small graphic images that are embedded in a web page or email to track your activity.

We use cookies and other tracking technologies to:

  • Remember your preferences or settings

  • Improve our Services and personalise your experience

  • Analyse user behaviour and usage patterns

  • Serve targeted advertisements

You may be able to disable cookies or other tracking technologies through your browser settings. Please note that if you disable cookies or other tracking technologies.

Opt-out

You may choose to opt-out of receiving certain communications from us or our partners, such as newsletters or promotional emails. If you wish to opt-out, please follow the instructions included in such communications or contact us at security@ocuwell.com. Please note that even if you opt-out of receiving promotional communications, we may still send you transactional or administrative messages, such as billing notices or security alerts, that are necessary to provide you with our Services.

You may also have the right to opt-out of certain data collection or processing activities, such as targeted advertising or the use of cookies or other tracking technologies. Please refer to the Cookies and Other Tracking Technologies section of this privacy policy for more information on how to manage your cookie preferences.

Transfer of Personal Information

We may transfer your personal information to other countries, including the United States, for processing and storage. If we transfer your personal information outside of your country of residence, we will take appropriate measures to ensure that such transfers comply with applicable data protection laws and regulations, such as the European Union’s General Data Protection Regulation (GDPR) and the U.S. Federal Risk and Authorisation Management Program (FedRAMP).

These measures may include:

  • Using standard contractual clauses approved by the European Commission

  • Transferring personal information to countries that the European Commission has deemed to have an adequate level of data protection

  • Obtaining your explicit consent to the transfer

  • Ensuring that our third-party service providers are ISO 27001 certified and FedRAMP authorised

We take the security of your personal information very seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, disclosure, or destruction. We are on track to become ISO 27001 certified, which means that we have an information security management system (ISMS) that is compliant with international standards for data security. We are also working to become FedRAMP authorised, which means that we will be assessed and authorised to provide cloud services to U.S. government agencies.

If you have any questions or concerns about the transfer of your personal information, please contact us at security@ocuwell.com.

Retention of Personal Data

We will retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, to comply with our legal obligations, and to protect our rights, property, or safety or the rights, property, or safety of others.

If you are a resident of the European Economic Area, we will comply with the requirements of the General Data Protection Regulation (GDPR) when determining the retention period for your personal information. This may include retaining your personal information for a period of time that is necessary to achieve the purposes for which it was collected, to comply with legal obligations, or to establish, exercise, or defend legal claims.

If you are a resident of the United States, we will comply with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) when determining the retention period for your personal health information. This may include retaining your personal health information for a period of time that is necessary to comply with legal and regulatory requirements, to fulfil our obligations under our agreements with you, or to establish, exercise, or defend legal claims.

​Your Rights under GDPR and EEA

If you are a resident of the European Economic Area (EEA), you have certain rights under the General Data Protection Regulation (GDPR) with respect to your personal information. These rights include:

  • Right of access: You have the right to request access to your personal information and to receive a copy of it.

  • Right of rectification: You have the right to request that we correct or update your personal information if it is inaccurate or incomplete.

  • Right of erasure: You have the right to request that we delete your personal information if we no longer need it for the purposes for which it was collected, if you withdraw your consent to its processing, or if it is being processed unlawfully.

  • Right of restriction: You have the right to request that we restrict the processing of your personal information if you contest its accuracy, if its processing is unlawful, or if we no longer need it for the purposes for which it was collected.

  • Right of data portability: You have the right to receive a copy of your personal information in a structured, commonly used, and machine-readable format and to transmit it to another controller.

  • Right to object: You have the right to object to the processing of your personal information for certain purposes, such as direct marketing, and to request that we stop processing your personal information for those purposes.

To exercise these rights, please contact us at security@ocuwell.com. We will respond to your request within a reasonable timeframe and may require you to provide additional information to verify your identity. If you are not satisfied with our response, you may also have the right to lodge a complaint with a supervisory authority in the EEA.

Analytics Web Services

We may use analytics web services, such as Google Analytics, to collect and analyse information about how you use our Services. These web services may use cookies or other tracking technologies to collect information about your use of our Services, such as your IP address, the pages you visit, and the time and date of your visits.

The information collected by these web services may be transmitted to and stored by the web service providers on servers in the United States or other countries. These web service providers may use this information to evaluate your use of our Services, to compile reports on website activity for us, and to provide other services related to website activity and internet usage.

We use the information collected by these web services to improve our Services and to provide a better user experience for you. We do not use this information to identify individual users or to associate it with other personal information that we hold about you.

If you do not want your information to be collected by these web services, you can adjust your browser settings or use browser add-ons to block cookies or other tracking technologies. Please refer to the help pages of your browser for more information on how to manage your cookie preferences.

Payment Processor

We use a third-party payment processor to process payments for our Services. This payment processor is ISO 27001 certified and compliant with the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA).

When you make a payment through our Services, we will collect and transmit certain information, such as your name, email address, billing address, and payment card information, to our payment processor for processing. We do not store your payment card information on our servers.

Our payment processor may also collect information about your transaction, such as the amount and date of the transaction, and use this information to comply with legal and regulatory requirements, to prevent fraud, and to provide customer support.

Contact Us

If you have any questions or concerns about our privacy policy or data collection practices, please contact us at security@ocuwell.com. We will respond to your request within a reasonable timeframe.