Privacy Policy (California Consumers)

CONTENTS OF THIS POLICY

A. WHO WE ARE

B. ABOUT THIS POLICY

C. WHAT TYPE OF PERSONAL INFORMATION DO WE COLLECT?

D. HOW DO WE USE YOUR INFORMATION?

E. HOW AND WHEN DO WE SHARE PERSONAL INFORMATION WITH THIRD PARTIES?

F. HOW LONG DO WE STORE PERSONAL DATA?

G. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

H. YOUR RIGHTS

Access to Specific Information and Data Portability Rights

Deletion Request Rights

Exercising Access, Data Portability, and Deletion Rights

Response Timing and Format

I. NON-DISCRIMINATION

J. CHANGES TO THIS POLICY

K. HOW TO CONTACT US

A. WHO WE ARE

Paragon Vision Sciences is a part of CooperVision Specialty EyeCare. This group addresses the unmet needs of practitioners and patients worldwide whose ocular challenges compromise not only vision, but quality of life.

Paragon is a pioneer and leader in the field of orthokeratology. It’s Paragon CRT® and CRT Dual Axis® for Corneal Astigmatism Contact Lenses are distributed in over 50 countries.

The company embraces the important role of learning and shared knowledge. The Paragon Education and Training Academy is an industry center of excellence providing training for eyecare professionals globally.

World class practitioner support is one of the many ways Paragon differentiates itself. Innovative marketing materials designed to drive awareness and interest are available to all certified Paragon CRT® practitioners.

In this California Privacy Policy, Paragon Vision Sciences, Inc. may refer to itself as “we”, “us” or “our”, and doing so may also include our related companies.

B. ABOUT THIS POLICY

We are committed to providing products and services that help people improve the way they see. To do this we may obtain personal information about consumers, including those of you residing in California. Although this information helps us to serve you,
we take pride in safeguarding your privacy.

The California Consumer Privacy Act of 2018 (CCPA) is a law related to protecting the privacy of consumers who reside in the State of California. This California Privacy Policy is a notice to you that describes when, why and how we collect, use and otherwise
handle personal information of California consumers.

This California Privacy Policy also applies to consumer-related personal information we receive through your use of third-party sites or platforms (for example, via our applications developed by third-parties) where your information may be provided. While
those third-party sites or platforms may have their own privacy policies, the information we collect is covered by our privacy policy. Any privacy choices you have made on the third-party site or platform will not apply to our use of the information
we have collected directly through our applications.

Please also keep in mind that our sites and applications may contain links to other sites not owned or controlled by us. We encourage you to be aware when you leave our sites or applications and to read the privacy policies of other sites that may collect
your personal information.

“Personal Information” is any information relating to you, which can be used to personally identify you, either directly or indirectly. Examples include an individual’s name, postal address, email address, and telephone number – though these may not be
the only types of information that you provide or that we collect. Additional details of the information covered by this policy are described in the “WHAT PERSONAL INFORMATION DO WE COLLECT?” section of this California Privacy Policy.

C. WHAT PERSONAL INFORMATION DO WE COLLECT?

The types of personal information we collect is described below. Sometimes we collect anonymous information so that you are not personally identified. Also, and we may use personal information and anonymous information to create aggregate information.

Here is a list of the categories of personal information (and an indication of what we collected during the last 12 months):

Categories of Information

Examples

Collected

Identifiers

Your name(s), an alias or unique personal/online identifier (such as user name or login name), address, email address, username, internet protocol (IP) address.

Yes

Additional Identifiers

Your signature: photograph; voice, physical characteristics or description; social security number (or portions thereof); state identification card number; insurance policy number; bank account number, credit card number, debit card number,
or any other financial information; medical information (including your contact lens prescription) or health insurance information.

Yes

Characteristics of Protected Classifications Under California or Federal Law

Age (over 40), race, religion, gender, national origin, or sexual orientation.

No

Commercial Information

Records, dates and locations of products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies.

Yes

Biometric information

Height; Weight.

No

Internet or Other Electronic Network Activity information (“Electronic Information”)

Browsing history; search history; information regarding a consumer’s interaction with an internet website, application, or advertisement; cookies; IP address of your device, information about the operating system and/or app you are using;
unique device identifiers; pages that you navigate to and links that you click; your preferences and settings.

Yes

Geolocation Data

Location information collected by a browser or inferred by IP addresses, mobile device signals.

Yes

Sensory Information

Audio, electronic, visual, thermal, olfactory, or similar

Yes

Professional or employment-related information

Job titles; location of employment or workplace; work history

No

Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Schools attended; grades; qualifications; resumes

No

Inferences Drawn From Personal Information

Consumer type; potential purchasing behavior.

Yes

Personal information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection
      Act of 1994

D. HOW DO WE USE YOUR INFORMATION?

We use personal information for some general purposes. The informationallows us to provide you with products, services, and customer support,to bill you for products and services you request, to market productsand services which we think may be of interest to you, or tocommunicate with you for other purposes. The types of general usesinclude:

· record keeping, statistical analysis, internal reporting and research

· hosting, maintaining and otherwise supporting the operation of our websites and other communication platforms, and helping to customize your and improve your experience with our websites and other platforms

· ensure the quality of the products and services we provide to you and to investigate complaints made by you

· investigating, resolving or otherwise addressing any disputes between you and us

· detecting and preventing fraud or other criminal offenses

· risk management

· business and disaster recovery (e.g. to create back-ups)

· network and information security

· document and data retention/storage

We also use Identifiers, Additional Identifiers, Commercial Information, Electronic Information, Geolocation Data to help us establish and maintain a relationship with you, through things like:

· creating an account(s) with us or for identification purposes

· your request for us to send products to you or to provide services to you

· communicating with you, including with non-marketing materials or marketing materials about our company or our products/services, and to provide you with email alerts or other notices concerning our products or services, events or news that may
be of interest to you

· linking your profile on a third-party site or platform with any account(s) with us

· entering a promotion, contest, sweepstakes, etc.

· requesting or submitting a rebate and rebate fulfillment

· fulfilling orders, including direct delivery of contact lenses

· processing a payment at your request or on your behalf

· confirming your authorization of transactions

When you use our websites, or third-party platforms or applications, we collect Identifiers, Additional Identifiers, Electronic Information and Geolocation Data about your usage of the service for:

· personalize your experience with us

· enabling your use of the services available on our sites, applications or platforms

· contacting you about our products, services or other news that may be of interest to you

Cookies are small pieces of information sent to your browser and stored on your computer’s hard drive. We use information collected by cookies to help improve the contents of our websites and to compile aggregate statistics about people using our site
for our internal usage statistics and market research purposes. When installed, cookies collect the domain name of the user, your internet service provider, your operating system, and the date and time of access. You can set your browser to notify
you when you receive a cookie, this will enable you to decide if you want to accept it or not. You can also refuse cookies altogether. However, if you do not accept our cookies, you may not be able to use all functionalities of our website.

We use Geolocation Data to identify the location from where you are contacting us. Geolocation Data may be collected from your computer, your devices, you telephone, and your use of applications or platforms.

We may be required to collect your personal information to comply with our legal requirements, to enable us to fulfil the terms of any contract that we have with or in preparation of us entering into a contract with you.

E. HOW AND WHEN DO WE SHARE PERSONAL INFORMATION WITH THIRD PARTIES?

We may share your Personal Information with members of our corporategroup (details of the locations, are listed here) in order to provide the products and/or services or information that you have requested.
We may also share your information with other members of our corporate group for the purposes of IT support and maintenance, internal governance and administration, and to comply with our legal or regulatory obligations.

We will not share your personal information with a third party outside our corporate group, except:

· when you permit us to do so

· where you have instructed us to share your personal information with third-party sites or platforms, such as social networking sites (Please note that once we share your personal information with another company, the information received by the
other company is controlled by that company and becomes subject to the other company’s privacy practices)

· when parties perform services on our behalf, like product delivery, marketing and advertising, customer service, IT services and solutions (e.g. providing data storage, assisting us with database management) or rebate fulfillment. These companies
are prohibited from using your personal information for purposes other than those requested by us or required by law

· when we share your personal information with third-parties in connection with the sale of a business

We may also share your personal information with:

· our accountants, auditors, lawyers or other professional advisers when we ask them to provide us with professional advice

· any other third party if we are under a duty to disclose or share your personal information in order to comply with any legal obligation

· any other third party to comply with legal process; or in other cases if we believe in good faith that disclosure is required by law. However, nothing in this California Privacy Policy is intended to limit any legal defenses or objections that
you may have to a third-party’s, including a government’s, request to disclose your personal information

· any other third party to enforce our terms or rules; to ensure the safety and security of you or others; or to protect our rights and property and the rights and property of you and others;

· any other third party to address fraud, security, or technical issues

We do not (and during the last 12 months, we did not) share, sell, rent, or trade personal information with third-parties for their commercial purposes.

F. HOW LONG DO WE STORE PERSONAL DATA?

It is our policy to retain your personal information for the length of time required for the specific purpose or purposes for which it was collected (e.g., for the fulfilment of an agreement with you). However, we may be obliged to store some personal
information for a longer time, taking into account factors including:

· legal obligation(s) under applicable law to retain data for a certain period of time (e.g. compliance with tax and accountancy requirements)

· the establishment, exercise or defense of legal claims (e.g., for the purposes of a potential dispute)

If you would like to find out how long we keep your personal information for a particular purpose, you can contact us at:dpo@coopervision.com.

G. HOW DO WE PROTECT YOUR PERSONAL INFORMATION?

We implement technical and organizational security measures to protect your personal information against the risk of loss, misuse, or unauthorized alteration or destruction. Such measures may include the use of firewalls, encryption (where appropriate),
access rights management processes, careful selection of processors and other technically and commercially reasonable measures to provide appropriate protection for your personal information. Where appropriate, we may also make backup copies and use
other such means to prevent accidental damage to or destruction of your personal information.

Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you online we will use a recognized online secure payment system.

H. YOUR RIGHTS

The CCPA grants you certain rights that you can exercise. This section explains those rights and how to exercise them.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive your request and verify you as the person whose information is being requested
(see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:

· The categories of personal information we collected about you

· The categories of sources for the personal information we collected about you

· Our business or commercial purpose for collecting or selling that personal information

· The categories of third parties with whom we share that personal information

· The specific pieces of personal information we collected about you (also called a data portability request)

· If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

· sales, identifying the personal information categories that each category of recipient purchased

· disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained

Deletion Request Rights

You have the right to request us to delete any of your personal information that we collected and retained, subject to certain exceptions. Once we receive and verify you as the person whose information is being requested (see Exercising Access, Data Portability, and Deletion Rights),
we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:

  • Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our
    contract with you
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
  • Debug products to identify and repair errors that impair existing intended functionality
  • Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law
  • Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.)
  • Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair
    the research’s achievement, if you previously provided informed consent
  • Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us
  • Comply with a legal obligation
  • Make other internal and lawful uses of that information that are compatible with the context in which you provided it

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

· Calling us toll-free at (855) 526-6737, or

· Making a request at https://coopervision.com/ccpa-common-request-form

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of
your minor child.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it

Before assessing any of your requests, we may request additional information in order to verify your identity. If you do not provide the requested information and, as a result, we are unable to identify you, we may refuse to action your request.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.

We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We will consider and respond to a verifiable consumer request within forty-five (45) days of its receipt. However, if we require more time (up to 90 days), we will inform you of the reason and extension period in writing.

Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we
will provide requested personal information in a structured, commonly used and machine-readable format and for it to be transferred to you or another organization, where it is technically feasible.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with
a cost estimate before completing your request.

I. NON-DISCRIMINATION

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

· Deny you goods or services

· Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties

· Provide you a different level or quality of goods or services

· Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services

However, we may offer you certain financial incentives permitted by the CCPA that might result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s
value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.

J. CHANGES TO THIS POLICY

We may revise this California Privacy Policy from time to time to accommodate new technologies, industry practices, regulatory requirements or for other purposes. By continuing to access or use the Services after those changes become effective, you agree
to be bound by the revised California Privacy Policy.

K. HOW TO CONTACT US

If you wish to request further information regarding this California Privacy Policy or the way we use your person information you can contact our Data Protection Officer at: dpo@coopervision.com.


Paragon Group

  • The Cooper Companies, 6101 Bollinger Canyon Rd #500, San Ramon, CA 94583 USA
  • CooperVision, Inc., 6101 Bollinger Canyon Rd #500, San Ramon, CA 94583 USA
  • Blanchard Vision Corp., 1552 Rue King Ouest, Sherbrooke, Quebec J1J 2C3, Canada
  • Eye Care Prime, LLC, 5870 Stoneridge Drive, Suite 1 Pleasanton, CA 94588
  • CooperVision Limited (company number 03685161) with its registered address at Delta Park, Concorde Way, Segensworth North, Fareham, Hampshire, PO15 5RL, UK

· CooperVision Manufacturing Limited (company number 02737396) with its registered address at Delta Park, Concorde Way, Segensworth North, Fareham, Hampshire, PO15 5RL, UK

· CooperVision SAS (company number 392 002 218) with its registered address at Les Collines De Sophia, 1800 Route Des Cretes, Sophia Antipolis 06905, Cedex, France

  • CooperVision Italia, S.R.L. (company number 10653750157) with its registered address at Via Meravigli, 16 – 20123 Milan, Italy
  • CooperVision Iberia, S.L. (company number 79424594) with its registered address at Ronda de Poniente, 12, 28760 Tres Cantos, Madrid, Spain
  • CooperVision Nordic AB (company number 556568-1243) with its registered address at Johan Willins gata 8, SE-41664 Goteborg, Sweden
  • CooperVision GmbH (company number HRB 33358) with its registered address at Siemensstraße 3, 64859, Epperthausen, Germany
  • CooperVision Nederland B.V. (company number 23075034) with its registered address at Avelingen – West 40, 4202, MS Gorinchem, Netherlands
  • CooperVision Poland Sp. z o.o. (company number 0000464435) with its registered address at Przemysława Gintrowskiego 53, 02-697 Warsaw, Poland
  • CooperVision Kft (company number 01-09-166734) with its registered address at Sopron ut 25-27, Budapest, 1117, Hungary
  • CooperVision Limited, organizacni slozka (company number 24838411) with its registered address at Na Pankráci 1724/129, Praha 4, 140 00, Czech Republic
  • CooperVision Distribution Sprl (company number 0879.484.449) with its registered address at Premiere Avenue 32, B-4040, Belgium