Topcon Healthcare Group Privacy Statement
Your privacy and trust are important to us. This Privacy Statement (“Statement”) provides important information about how Topcon Healthcare Solutions, Inc., Topcon Medical Systems Inc., Topcon Europe Medical BV, and their affiliates (collectively, “Topcon”, “we,” or “us”) handle Personal Information that we collect through our websites and online services, as well as through our sales and marketing activities (collectively, our “Services”).
As used herein, the terms “Personal Information” or “Personal Data” shall mean all information relating to an identified or identifiable natural person, which may include such information as an individual’s name, birthdate and residential address, email address or telephone number, credit card information and other personal identifiers.
Topcon is committed to complying with privacy legislation applicable to Topcon’s activities throughout the world (collectively, “Applicable Laws”). This policy has been drafted to meet the requirements of these Applicable Laws and is intended to provide you information about Topcon’s practices in managing your Personal Information and protecting it from unauthorized use or disclosure. Applicable Laws include, but are not limited to, Europe’s General Data Protection Regulation (“GDPR”), the UK Data Protection Act 2018 (“UK DPA”), Australia’s Federal Privacy Act 1988, the Australian Privacy Principles (“APP”), the California Consumer Privacy Act (“CCPA”), and Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) and substantially similar applicable provincial legislation in Canada.
It is important that you check back often for updates to this Statement. A current version of this Statement is always accessible on our website.
This Statement was last updated on January 1, 2021.
1. What Information about You is Collected by Topcon?
Topcon may request and/or collect certain Personal Information from you whenever you interact with us, make use of a Service, when you enter Personal Information on our website or provide us with Personal Information in any other way. This information may include, but is not limited to, information related to customer satisfaction surveys, customer purchasing habits, warranty information and/or other purchasing information or other information volunteered by you. Topcon may also collect other technical information such as your IP address, MAC address, internet service provider, computer operating platform, web browser, geolocation and other similar information. We also collect Personal Data such as name, surname, address, e-mail and phone number of the relevant contact person of your company. If you work as an individual, we will also collect payment information such as bank information and Tax ID/VAT number. Topcon limits the collection of personal information to that which is necessary for the purposes identified by it at or prior to the time at which such information is collected. You are under no obligation to provide any Personal Information to Topcon. However, if you don't provide such information, some features of Topcon's websites may not be available to you.
Where your information obtained by us will be subject to the APP, you may be entitled to use a pseudonym when interacting with our Services. We also collect Personal Information from third parties such as our partners, service providers, and publicly available websites, to offer Services we think may be of interest and to help us maintain data accuracy and provide and enhance the Services.
We do not knowingly collect or use Personal Information from children under the age of 13, and we will not do so in the future without first obtaining verifiable consent from a parent or legal guardian. Should a child whom we know to be under the age of 13 send individual identifying information to us, we will only use that information to respond directly to the child, seeking parental consent or to provide parental notice.
2. Name and Contact Details of Data Controller Handling Personal Information
- Topcon Corporation (75-1, Hasunuma-cho, Itabashi-ku, Tokyo 176-8580 Japan) - topcon.co.jp
- Topcon Healthcare Solutions, Inc. (111 Bauer Drive, Oakland, New Jersey 07436 USA) – topconhealth.com
- Topcon Medical Systems, Inc. (111 Bauer Drive, Oakland, New Jersey 07436 USA) - topconmedical.com
- Topcon Medical Laser Systems, Inc. (606 Enterprise Court, Livermore, CA 94550, USA) – pascalvision.com
- Topcon Canada, Inc. (110 Provencher Avenue, Boisbriand QC J7G 1N1, Canada) – topcon.ca
- Topcon Europe Medical B.V. (Essebaan 11, 2908 LJ Capelle a/d IJssel, The Netherlands) – topcon-medical.eu/eu/ and its branch (Topcon Italia, Topcon Denmark, Topcon Ireland and Topcon Germany)
- Topcon Deutschland Medical G.m.b.H. (Hanns-Martin-Schleyer Strasse 41, D-47877 Willich, Germany) – topcon-medical.de/de/
- Topcon España S.A. (Frederic Mompou 4 Esc. A Bajos 3, 08960, Sant Just Desvern Barcelona, Spain) – topcon-medical.es/es/
- Topcon France Medical S.A.S. (1 rue des Vergers, 69760 Limonest, France) – topcon-medical.fr/fr/
- Topcon (Great Britain) Medical Ltd. (Topcon House, Kennet Side, Bone Lane, Newbury, RG14 5PX U.K.) – topcon-medical.co.uk/eu/
- Topcon Healthcare Solutions EMEA Oy (Saaristonkatu 23, 90100 Oulu, Finland) – topconhealth.eu
- Topcon Polska Sp. zo. o. (ul. Warszawska 23, 42-470 Siewierz, Poland) – topcon-medical.pl/pl/
- Topcon Scandinavia A.B. (Neongatan 2, S 431.53 Molndal, Sweden) – topcon-medical.se/se/
- Topcon Singapore Medical Pte. Ltd. (1 Jalan Kilang Timor, #09-01 Pacific Tech Centre, Singapore 159303) – topcon.com.sg
3. How Does Topcon Handle Your Personal Data?
- Topcon collects, obtains, uses, discloses, provides and retains Personal Information in an appropriate manner.
- Topcon makes best efforts to ensure that any Personal Data it uses is accurate, precise, and up to date.
- Topcon takes necessary and appropriate measures to manage and safeguard Personal Data including protecting Personal Data against unauthorized access and disclosure, loss, leak, misuse, or damage.
- Topcon complies with its obligations under the Applicable Laws by keeping Personal Data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting Personal Data from loss, misuse, unauthorized access and disclosure and by ensuring that appropriate technical measures are in place to protect Personal Data. Topcon does not retain Personal Data for longer than is necessary to fulfill the identified purposes. In determining data retention periods, Topcon takes into consideration local laws, contractual obligations, and the expectations and requirements of our customers.
- Topcon complies with laws, regulations, and the guidelines for them as well as internal rules on Personal Information.
- When contracting the handling of Personal Data to a third party, Topcon only entrusts to a contractor who meets Topcon’s requirements based on Topcon’s internal rules. Topcon manages such contractors in an appropriate manner.
- Topcon remains up to date towards any change of the Applicable Laws.
4. What is the Purpose and Legal Basis of Processing Personal Information?
We collect, use, disclose, transfer, and store Personal Information when needed to provide our Services and for our operational and business purposes as described in this Statement.
Topcon ensures that, in the process of providing its products and services, it will obtain only Personal Data necessary to carry out its business through the Topcon business entities for the purposes of use (as identified and described below). Such Personal Information will not be used or disclosed for purposes other than those for which it was collected, except with the consent of the individual concerned or as required or permitted by Applicable Law.
Topcon may process your Personal Information for the following purposes and legal basis:
|Purpose||Nature of Processing||Legal Basis/Purpose|
|Sales of Services||Sales process and managing contractual relationships related to our Services.||Provision of Services and/or the performance of a contract.|
|Use of Services||Performance and use of Services, planning, development, manufacturing, installation, support, training and maintenance of machines and equipment, providing and distributing information such as information on Services, contact about warranty, service and sales issues.||Provision of Services and/or performance of a contract.|
|Marketing and Communication||Information communication and information processing services and advertising and holding campaigns, exhibits and other events to promote products as well as deliver and suggest tailored content such as news, research, reports, and business information and to personalize your experience with our Services and providing and distributing brochures, materials and samples of Products.||Consent: Topcon’s and your legitimate interest to send/receive relevant marketing communications.
Marketing communications allow opt-out from receipt of direct marketing purposes. If for some reason, your efforts to opt out were unsuccessful please email Topcon at [email protected] to unsubscribe. Please note that in some countries, you may be required to opt-in to receive these communications.
|Improvement of our website||Personalising your experience at our websites; selectively sending you information that may be of interest to you; contests and sweepstakes; market research and online surveys; automatic monitoring of statistical information to determine how Topcon's websites are being used.||Improving, maintaining websites. Making use of the websites as easy and efficient as possible.|
|Improvement of the Services||Conducting surveys on Services and analysis of the results.||Improving developing, optimizing Services and user experience Services.|
|Compliance/ Regulatory||Exercising rights and fulfilling obligations provided by and required by laws and regulations, assisting in an investigation, in connection with any legal proceeding, to protect and defend our rights and property, or the rights or safety of third parties, to enforce this Privacy Statement, or agreements with third parties or for fraud/crime-prevention purposes.||Compliance with legal obligations.|
|Application Process||We collect Personal Data relating to job applicants in connection with our employment application/recruiting process. In instances where Personal Data is collected in connection with a specific open position, we will store the subject Personal Data for no more than 30 days following the date on which the subject opening is no longer available. In instances where Personal Data is collected that is not specifically associated to an open position, we will store the subject Personal Data for no more than 180 days. Should we wish to keep your Personal Information on file longer for consideration for future suitable employment opportunities with us we will ask for your consent, which, if given, can be withdrawn at any time.||Consent.|
We store so-called “cookies” in order to offer you a comprehensive range of functions and to make the use of our websites more convenient. Cookies are small files that are stored on your computer with the help of your internet browser.
6. Processing of Sensitive Personal Data
We do not process any sensitive Personal Data (e.g., health, financial or religious data) from you unless we have previously received your written consent, or as otherwise permitted or required by Applicable Law.
7. Sharing Your Personal Data
Your Personal Data will be shared, or will likely be shared, within the following entities:
Corporate Affiliates for internal administrative purposes (e.g., inter-company agreements requiring a specific department or team to process Personal Data collected by various Topcon entities). In these cases, Topcon will weigh its legitimate interest in administrative efficiency against your competing interests prior to sharing your Personal Information.
Third-party service providers to ensure that they are able to fulfill the services they provide to us, such as software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfillment and delivery. Our third-party service providers are not permitted to share or use your Personal Information for any other purpose than to provide services to us. We will enter into the necessary legal agreements with the third-party service providers in order to secure your Personal Information.
Third-party distributors to allow them to notify you about important product updates, service issues, and offerings. We only provide your Personal Information to authorized Topcon distributors and only insofar as it is relevant and necessary for such distributors to market and service our products. We will enter into the necessary legal agreements with our distributors in order to secure your Personal Information. If you are a California resident and do not wish us to provide such information to our distributors, please visit our Do No Sell My Personal Information page.
Business Partners - Topcon may share Personal Information with business partners in order to improve your experience with Topcon and for Topcon's marketing purposes. Topcon may share non-personal aggregate data about sales, customers, visitors to the site and related site information with third parties. We will enter into the necessary legal agreements with our business partners in order to secure your Personal Information.
8. GDPR, UK DPA, and APP Specific Terms
Your Rights and Your Personal Data under GDPR, UK DPA, and APP
The GDPR, UK DPA, and APP afford you certain rights in respect of your Personal Data. There are differences in respect of the GDPR, UK DPA, and APP; in general, however; each law gives you the following rights with respect to your Personal Data.
To assert one of rights below, please send an email to [email protected] indicating that you wish to make a request.
Right of access
You have the right to request from us access to the processed Personal Data concerning you to the extent of Art 15 GDPR, the UK DPA, and the APP at any time.
Right to rectification of incorrect data
You have the right to request from us the immediate rectification of the Personal Data concerning you, if such data is incorrect or incomplete.
Right to erasure
Under Art 17 GDPR and the UK DPA, you have the right to request that Topcon delete any or all of your Personal Data if (i) you object to Topcon’s storage or processing of the data and Topcon has no compelling legitimate interest and/or legal basis in continuing to store or process the data; (ii) you object to processing of the data for marketing purposes; (iii) processing of the data is unlawful; or (iv) the data was collected when you were a minor. If you make such a request, Topcon will delete all applicable Personal Data from its servers and files but will retain your request to delete for purposes of preventing any further storage or collection of the data. Regarding the period for which the Personal Data will be stored, please refer to No. 12 of this data protection Statement.
Right to object
Under Art 21 GDPR and the UK DPA, you have the right to object to Topcon’s processing of your Personal Data at any time on grounds that Topcon does not have a legitimate interest and/or legal basis in processing such data. If you make such an objection, We will cease all processing of your Personal Information unless We can demonstrate that (i) Topcon has a compelling legitimate interest in processing the data which overrides your interests, rights, and freedoms; or (ii) the processing is required for the establishment, exercise, or defense of legal claims.
Right to restriction of processing
Under Art 18 GDPR and the UK DPA, you have the right to request that Topcon restrict or suspend processing of your Personal Data if (i) you want Topcon to verify the accuracy of the data or (ii) you object to Topcon’s processing of the data and Topcon has no compelling legitimate interest and/or legal basis in continuing to process the data. If you make such a request, We will suspend all processing of the data but We will retain your request to suspend for purposes of preventing any further unwanted processing.
Right to data portability
Under Art 20 GDPR and the UK DPA, You have the right to receive the Personal Data concerning you which you have provided to us in a structured, commonly used and machine-readable format.
Right to lodge a complaint
In the event you believe Topcon’s storage or processing of your Personal Data violates GDRP or the UK DPA, you also have the right to lodge a complaint with the responsible supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.
For the UK, complaints can be made at the ICO - https://www.ico.org.uk/make-a-complaint/
To the extent the APP applies to your Personal Information collected by Topcon:
- You may contact Topcon at any time if you have any questions or concerns about this Statement or about the way in which your Personal Information has been handled.
- You may make a complaint about privacy by sending an email to [email protected].
- The privacy officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
- If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents, and speak with individuals involved.
- In most cases, we will investigate and respond to a complaint within 30 calendar days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
- If you are not satisfied with our response to your complaint, or you consider that Topcon may have breached the APP, the UK DPA, or GDPR, and you have the right to make a complaint to the relevant data protection authority.
- Contact information for the Office of the Australian Information Commissioner can be found here:
9. CCPA Specific Terms (residents of the State of California only)
The CCPA provides residents of the State of California with certain rights to make requests to know and/or to delete concerning Personal Information that we may have collected. To initiate the CCPA request process please send an email to [email protected] indicating that you wish to make a request. Requests may also be made via telephone toll-free, at 1-866-922-6278.
The CCPA does not, at this time, apply to employment related Personal Information collected from employees, job applicants, contractors, or similar individuals. In addition, certain requirements of the CCPA do not apply to Personal Information collected reflecting business transactions/communications.
10. Canadian Specific Terms (residents of Canada only)
Opt-in consent to receive electronic messages
We may, with your express opt-in consent, send you information about products or services that may be of interest to you, including information on current activities, general announcements, upcoming products and services, changes to our products or services, and upcoming events. These communications may be sent in various ways, including by e-mail, by text message by another form of electronic message and through the Services. If you choose to sign up to receive information about products or services that may be of interest to you, we will collect and use your contact information, including your email address, for this purpose.
You may withdraw your consent to this use of your personal information by contacting us at [email protected]. You may also opt out of receiving commercial electronic messages to your electronic address by using the unsubscribe mechanism that will be included in each electronic message we send you. Even if you opt-out of receiving marketing communications, we may send certain service communications, such as confirmations or security announcements, by e-mail, through the Services, or by text message or by another form of communications.
If you send an e-mail to us, or provide us feedback through the Services, we will collect your e-mail address and the full content of your e-mail, including attached files, and other information you provide. We may also use and display your full name and email address when you send an email notification to a friend through the Services (such as in an invitation).
Additional Protection of Personal Information
The only employees who are granted access to your Personal Information are those with a business ‘need-to-know’ or whose duties reasonably require such information.
Right of access and correction of Personal Information
To the extent provided by PIPEDA and substantially similar provincial Applicable Laws, you have the right to request from us access to and the correction of Personal Data concerning you. To initiate the request process please send an email to [email protected] indicating that you wish to make a request.
We may request that you provide sufficient identification to permit access to the existence, use or disclosure of your Personal Information or any correction thereto. Any such identifying information shall be used only for this purpose. We will attempt to respond to each of your written requests not later than 30 calendar days after receipt of such requests. We will advise you in writing if we cannot meet your requests within this time limit. A reasonable administration fee may be charged to supply the information. The approximate cost of the administration fee will be communicated to the individual prior to releasing the information.
Cross-border Transfers of Personal Information
Please note that we may transfer information, including Personal Information, to a jurisdiction that does not have the same data protection laws as Canada, as further outlined in Section 11 below. Such information may become accessible to courts, law enforcement and national authorities in the jurisdiction(s) where it is stored. If you do not want your information to be transferred or stored outside Canada, you should not provide us with any Personal Information.
11. Cross-border Personal Data Transfer and Storage of Your Personal Data
Topcon is a global organization, and your Personal Information may be, or is likely to be, stored and processed outside of your home country. We take steps to ensure that the information we collect is processed according to this Statement and the requirements of applicable law wherever the data is located. Regardless of location, Topcon handles Personal Data as described in this Statement.
Topcon has networks, databases, servers, systems, support, and help desks located throughout our offices around the world. We collaborate with third parties such as cloud hosting services, suppliers, and technology support located around the world to serve the needs of our business, workforce, and customers. We take appropriate steps to ensure that Personal Information is processed, secured, and transferred according to applicable law. In some cases, we may need to disclose or transfer your Personal Information within Topcon or to third parties in areas outside of your home country. The areas in which these recipients are located will vary from time to time, but may include the United States of America, Japan, Netherlands, Germany, Belgium, France, Spain, Italy, the United Kingdom, Ireland, Portugal, Australia, Canada, and other countries where Topcon has a presence or uses contractors.
When we transfer Personal Information from the European Economic Area or Canada to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your Personal Information. For example, we use approved contractual clauses, multiparty data transfer agreements, intragroup agreements, and other measures designed to ensure that the recipients of your Personal Information protect it. If you would like to know more about our data transfer practices, please contact us at [email protected].
12. How Long Do We Keep Your Personal Information?
We erase or make your Personal Information anonymous as soon as they are no longer required for the purposes for which we have collected or used them in accordance with this Statement. As a rule, we store your Personal Data for the duration of the usage or purpose for which it was intended or contractual relationship plus a reasonable period of time in which we keep backups after deletion.
13. Security and Safety Measures
Topcon takes data security seriously, and we use appropriate technologies and procedures to protect Personal Information. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements.
14. Links to Other Websites
Topcon's websites may contain links to other websites. These third-party websites have their own privacy policies, including cookies, and we encourage you to review them. They will govern the use of Personal Information that you submit, or which is collected by cookies whilst visiting these websites. This Statement does not apply to third party websites and any Personal Data you provide to third party websites is at your own risk.
15. Consent / Acknowledgment
By using or supplying Personal Information through a Topcon website, you signify your agreement and/or your acknowledgment to the terms and conditions of this Statement. If you do not agree to these terms and conditions, please do not disclose any Personal Information through a Topcon website.