Privacy Policy for the MIRA Professional app
Lateral Reality recognizes the importance of privacy. In this Privacy Policy we describe how we collect, use, disclose and safeguard the personal data that we obtain about individuals who access our App (“end users”). We also refer to end users as “you” in this Privacy Policy.
The MIRA Profession App helps our end users measure the pupillary distance (“PD”) and all other lens fitting parameters (such as monoPD, Fitting height, Vertex distance, Wrap Angle, Pantoscopic Angle, Box dimensions, Near Look Out point, etc.) of their customers to make sure their lenses match perfectly (“Service”). If you decide to use our Service and download the App from the App Store, the use of the App is subject to the MIRA Professional Custom End User License Agreement and this Privacy Policy.
Please note that your visit to our www.mirameasure.com website is not subject to this Privacy Policy, but to the website’s privacy policy. Your use of the App Store is governed by the App Store’s own privacy rules and is not subject to this Privacy Policy. We have no control over the processing of your personal data by the App Store and are not responsible for it.
- 1. Types of personal data we process
- 2. How we use your data
- 3. How we disclose your data
- 4. Security
- 5. Data storage
- 6. Your rights
1. Types of personal data we process
If you download the App, you are required to register in line with section 4.2 of the End User License Agreement. In the course of the registration we collect the following personal data from you: first name, last name, email address.
We automatically collect the following information through your use of our App: the date and time of your access, device type.
2. How we use your data
We use your name and email address to register you as an end user and thereby to enable your use of the App. The registration is strictly necessary to be able to provide our Service. The legal basis for the processing of your personal data is art. 6 (1) f) GDPR (necessary for the purpose of the legitimate interests of the data controller). We have a legitimate interest in providing our Service.
Data that we collect automatically (see section 1.b) above) are necessary for us to be able to provide the technical functions of our App as well as to ensure the security of our App. The legal basis for the processing of such data is art. 6 (1) f) GDPR (necessary for the purpose of the legitimate interests of the data controller). The legitimate interest is to protect our App against data security incidents, to protect the lawful rights and interests of Lateral Reality, and to ensure a high technical quality.
We do not collect or otherwise process any further personal data of our end users or their customers. Except for the case mentioned in the next paragraph, we do not store or have access to the photos made by the end users for the purposes of the measurement of PD or other lens fitting parameters. Such photos will not be uploaded to our cloud.
We only have access to a photo if an end user asks us to double verify a measurement in line with section 6.3 of the End User License Agreement. In this case the end user sends us the photo which was taken by him/her using the App. We do not receive any further information. In such case the end user represents and warrants that it has obtained the necessary consent from its customer for transferring their personal data (photo) to us and that it has provided the necessary information on our data processing to its customer. We use such photos for the purposes of double verification of measurements, which is an essential part of our Service. Thus the processing of such photos is strictly necessary to be able to provide our Service. Please note that we are not able to identify the data subject (i.e. the customer of the end user whose photo has been sent to us).
Photos submitted to us for the purpose of double verification of a measurement may be stored for software development purposes. We only keep such photos to improve our Service and to develop new features or services. We do not use such photos for the purpose of uniquely identifying a data subject and we are not able to identify a data subject. We do not use such photos for any other purpose, do not disclose them to any third party and keep them secured against any unauthorized access. In such case the end user represents and warrants that it has obtained the necessary consent from its customer for transferring their personal data (photo) to us and that it has provided the necessary information on our data processing to its customer.
If you contact us using our email address or postal address for any reason, we store your contact details (e.g. name, email or postal address) solely for the purpose of processing the conversation with you. In this case, the legal basis for the processing of your contact details is art. 6 (1) f) GDPR. It is our legitimate interest is to respond to inquiries of our end users and to communicate with them. Your contact details as well as the conversation will be deleted as soon as the conversation is closed (i.e. when it shows from the circumstances that the given matter is finally clarified).
We use your email address for the purpose of sending you marketing emails or newsletters only in case you explicitly agree hereto by providing your consent. In this case, the legal basis for the processing of your personal data is art. 6 (1) a) GDPR (your consent). You may withdraw your consent anytime by sending us an email. In such case your personal data will no longer be processed for such purpose.
We may process your personal data to comply with applicable legal or regulatory obligations, provided that such processing is necessary for compliance with a legal obligation (such as EU law or member state law provisions) to which Lateral Reality is subject. In such case the processing of your personal data is based on art. 6 (1) c) GDPR (necessary for compliance with a legal obligation).
3. Fow we disclose your data
We may disclose your personal data to our service providers, who perform functions on our behalf (data processors). We may share your personal data with these service providers only for the purposes of performing these functions and subject to the required data processing contracts. We ensure that in connection with the engagement of our service providers we comply with the provisions of art. 28 GDPR. We engage only service providers who provide sufficient guarantees to implement appropriate technical and organizational measures in such a manner that the processing ensures the protection of your rights. In the case of service providers in third countries (i.e. countries outside of the EU/EEA, which do not ensure the same level of data protection as the EU) we make sure that our service providers guarantee an adequate level of data protection and art. 44-49 GDPR are complied with.
We engage service providers for IT functions, in particular cloud storage. Our cloud storage provider is located in the US and is Privacy Shield certified.
We may disclose your personal data to authorities or courts if this is necessary to comply with applicable legal or regulatory obligations or to enforce claims in a lawsuit. In such case the disclosure of your personal data is based on art. 6 (1) c) GDPR (necessary for compliance with a legal obligation) or art. 6 (1) f) GDPR (necessary for the purpose of the legitimate interest of the data controller).
Otherwise we do not disclose your personal data to any third party.
4. Security
We have implemented a number of measures to help protect the personal data we collect. These measures include limiting access to personal data to our employees with a need to access it and encrypting personal data provided through our App using Secure Socket Layer (SSL) technology.
5. Data storage
We store your personal data only for as long as needed for the purposes for which they are processed. Personal data which are no longer needed for the purpose of their collection are erased, unless another legal basis is applicable which permits their retention (e.g. data are necessary for the purposes of compliance with laws or in a judicial proceeding). As a general rule, we delete your registration data (name and email address) immediately after deactivation of your registration or termination of your right to use the App.
Data we collect automatically (see section 1.b) above) are erased 7 days after collection.
6. Your rights
Upon your request, we inform you as to whether and, if so, what personal data we store about you and for which purpose. You may view your personal data at any time free of charge.
You are entitled to request the rectification, erasure or the restriction of processing of your personal data in line with the provisions of art. 15-21 GDPR.
You also have the right to receive the personal data we retain about you in a structured, commonly used and machine-readable format. Furthermore, subject to the conditions set forth in art. 20 GDPR, you have the right to transmit these data to another controller.
You have the right to object to the processing of your personal data that takes place on the basis of art. 6 (1) f) GDPR, or for the purpose of direct advertising.
You have the right to file an appeal with a supervisory authority in connection with the processing of your personal data.
Where processing is based on your consent, you have a right to withdraw consent at any time.
In order to exercise any of the rights mentioned in this section or should you have any questions regarding the processing of your personal data, please contact us at hello@mirameasure.com.