Effective Date: October 1, 2020
If you have any questions, please reach out to us at firstname.lastname@example.org
Personally Identifiable Information
We will never share your e-mail address, name, DOB, or any other personal information for any external use not directed by you. All information collected on this website will be used for fraud control, order verification, communication with your designated Eye Care Professional, or internal marketing purposes only. We may use third party services to help manage communication, but the contracting terms with these services absolutely prohibits their use or distribution of information we store on their servers, and these services use high-level encryption to protect your data. At any time, you have the right to remove your email, contact information, or any other data we have (including facial scans) from our systems by emailing us at email@example.com
When you purchase a pair of custom-tailored eyewear directly from Topology, Topology does not store payment information, but rather encrypts and transmits it directly to Shopify to process all payments. Shopify is an e-commerce platform serving nearly 400,000 online stores and processing $29 billion in payments. They encrypt and secure your payment data, and return to us only the information required to fulfill the order (mailing address, email, phone). Even if you check the box on the shopify webform to save your data for future use, that data is saved by Shopify, not by Topology Eyewear. When you purchase eyewear (including custom-tailored Topology eyewear) from your ECP using the Topology system, Topology never collects or processes payment directly.
If you ask Topology to file an out-of-network insurance claim for you when purchasing Topology custom-tailored eyewear, we will need to request your vision plan carrier, your date of birth, Member ID, and the last four digits of your social security number. These we will store securely and securely transmit to our third-party vendor, who in turn communicates directly with your vision plan. This is not a necessary step for purchasing glasses, but is an optional service we provide for the benefit of our customers. Therefore, in sharing this information with us, either via email or through the app, the customer explicitly grants permission for Topology to share this information with a third party vendor. If a customer shares this with us via email, he or she explicitly grants permission for us to share this information internally as necessary, or back with the customer, over email.
Uploaded 3D Scan Videos
The videos and depth photos recorded in the app’s interactive capture flows used to create a 3D model of your face are private, and not considered “User Content” as defined elsewhere in this policy. We process this facial scan on your device and store the 3D face model on our cloud-based servers, which are then accessible only by our app, administered by your designated Eye Care Professional. We will not share your 3D model or likeness with any third party unless you explicitly ask us to. We will only access your 3D models to respond to technical support inquiries or to improve the fitting algorithm. If at any time, you would like these 3D models removed from our servers, please email us at firstname.lastname@example.org and we will accommodate the request. If we delete your scan at your request, we will be unable to complete an order without your subsequently uploading another scan.
Email Conversations and Chats with Customer Support
Direct communications with the Topology staff exist for the purpose of educating and informing users about our products, helping them make selections, and discussing their orders with them. As such, any information or images shared by email with our customer service inboxes, shared through the chat feature of our website, or sent to us via Direct Message on Facebook or Twitter is not considered User Content as described below. This information will not be shared externally without explicit permission from the user. It may be shared internally within the company as necessary to train our employees or to help a customer fulfill their requests.
California Privacy Rights
If you are a California resident, you have the ability to ask us for a notice identifying the categories of personal information, as defined by California Civil Code Section 1798.83, we share with our affiliates and/or third parties for their direct marketing purposes and the contact information for such affiliates and/or third parties (under California Civil Code Sections 1798.83-1798.84). If you are a California resident and would like a copy of this notice, please submit a written request to email@example.com
We are especially sensitive about children’s information. We do not knowingly collect personal information from children under the age of 13, in accordance with the Children’s Online Privacy Protection Act (“COPPA”). If you are a parent or legal guardian of a minor child, you may use our Services on behalf of such minor child. If you have questions concerning our information practices with respect to children, or if you believe a child under the age of 13 has provided us with personal information, please email us at firstname.lastname@example.org
Biometric Data Collected
As part of the fitting room service, an optional service that customers may elect to participate in to receive frame recommendations, Topology collects a 3D facial scan of customers using the TrueDepth sensor on compatible iPhone or iPad devices. The user turns their head side to side, while the device collects multiple 3D photographs; these photographs are then stitched together via a machine learning algorithm to produce a precise 3D model of the face. The scan quality around the eye provides only enough fidelity to locate the pupils; it cannot be used to diagnose conditions of the eye or for retinal identification.
Biometric Data Stored
The 3D facial scan is stored on an Amazon Web Server in the locality where it is collected (European scans in Europe, American scans in the US, etc.). Scans are encrypted in transmission and encrypted at rest. Direct access to the 3D scan files is carefully controlled: only those employees who have a legitimate business need at Topology can directly access the facial scans, and even they have to follow specific protocols to download a scan directly and delete it immediately after a legitimate business use.
While the facial scans are not stored with PII, there are correspondence tables linking facial scans to user log-in / email addresses. This is necessary so that customer service employees are able to respond to customer requests, for example to generate VTO images and/or lens measurements based on a facial scan, or to delete the facial scan upon a customer’s request.
Biometric data will be retained for 3 years from the last transaction with a customer, after which time it will be deleted or anonymized.
Uses of Biometric Data
3D facial scans are used in the following ways:
Under NO circumstances is any facial recognition algorithm being run against these 3D facial scans.
The 3D scans will never be sold to a 3rd party, or used in any way not enumerated above.