Privacy policy

This Privacy Policy describes how www.liberatedeyewear.com (the “Site” or “we”) collects, uses, and discloses your Personal Information when you visit or make a purchase from the Site. Including HIPPA compliance for prescription glasses.

Contact

After reviewing this policy, if you have additional questions, want more information about our privacy practices, or would like to make a complaint, please contact us through the contact form on our website or by mail using the details provided below:

3680 Wilshire Boulevard

SuiteP04-1546

Los Angeles, CA 90010

United States

Collecting Personal Information

When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support and virtual styling sessions. In this Privacy Policy, we refer to any information about an identifiable individual (including the information below) as “Personal Information”. See the list below for more information about what Personal Information we collect and why.

Device information

Purpose of collection: to load the Site accurately for you, and to perform analytics on Site usage to optimize our Site.
Source of collection: Collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.
Disclosure for a business purpose: shared with our processor Shopify and payment vendors.
Personal Information collected: version of web browser, IP address, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Shopify site.

Order information

Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify.
Personal Information collected: name, billing address, shipping address, payment information (including credit card numbers, email address, and phone number.

Customer support information

Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify.
Personal Information collected: email address and payment information, name and address for delivery
Purpose of collection: to provide customer support.
Source of collection: collected from you
Disclosure for a business purpose: Email address and payment information, name and address for delivery. Required for shipments.
Personal Information collected: Email address and payment information, name and address for delivery. Required for shipments. Your personal information and pictures are never shared or stored unless for review purposes.

Virtual Styling Session

Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify.
Personal Information collected: email address and payment information, name and address for delivery
Purpose of collection: to provide customer support.
Source of collection: collected from you
Disclosure for a business purpose: Email address and payment information, name and address for delivery. Required for shipments.
Personal Information collected: Email address and payment information, name and address for delivery. Required for shipments.Your personal information and pictures are never shared or stored unless for review purposes.

Frame Finder Services

Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify.
Personal Information collected: email address and payment information, name and address for delivery
Purpose of collection: to provide customer support.
Source of collection: collected from you
Disclosure for a business purpose: Email address and payment information, name and address for delivery. Required for shipments.
Personal Information collected: Email address and payment information, name and address for delivery. Required for shipments. Your personal information and pictures are never shared or stored unless for review purposes.

Virtual Try on

Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify.
Personal Information collected: email address and payment information, name and address for delivery
Purpose of collection: to provide customer support.
Source of collection: collected from you
Disclosure for a business purpose: Email address and payment information, name and address for delivery. Required for shipments.
Personal Information collected: Email address and payment information, name and address for delivery. Required for shipments. Your personal information and pictures are never shared or stored unless for review purposes.

Prescription lenses

Purpose of collection: to provide products or services to you to fulfill our contract, to process your payment information, arrange for shipping, and provide you with invoices and/or order confirmations, communicate with you, screen our orders for potential risk or fraud, and when in line with the preferences you have shared with us, provide you with information or advertising relating to our products or services.
Source of collection: collected from you.
Disclosure for a business purpose: shared with our processor Shopify.
Personal Information collected: email address and payment information, name and address for delivery
Purpose of collection: to provide customer support and fulfill prescription needs.
Source of collection: collected from you.
Disclosure for a business purpose: Email address and payment information, name and address for delivery. Required for shipments.
Personal Information collected: Email address and payment information, name and address for delivery. Required for shipments. Your personal information and pictures are never shared or stored unless for review purposes.
Your prescription is kept private on a secured drive and will never be sold or shared among any entity outside of our laboratory for prescription lenses. Your prescription is subject to be kept in our files for no more than 30 days following each purchase. Thereafter, your prescription is securely discarded from our records. Should you experience any issues with your prescription you may be asked to provide a copy again for verification and resolution.

HIPPA Clause

Every prescription submitted for eyewear is compliant with HIPPA.The regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which protect the privacy and security of individuals' identifiable health information and establish an array of individual rights with respect to health information, have always recognized the importance of providing individuals with the ability to access and obtain a copy of their health information. With limited exceptions, the HIPAA Privacy Rule (the Privacy Rule) provides individuals with a legal, enforceable right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans. Our online prescription services are HIPPA complained and patient information are stored on encrypted with AWS S3 via our partners.

HIPAA overview

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the regulations issued under HIPAA are a set of US healthcare laws that, among other provisions, establish requirements for the use, disclosure, and safeguarding of protected health information (PHI). The scope of HIPAA was extended in 2009 with the enactment of the Health Information Technology for Economic and Clinical Health (HITECH) Act that was created to stimulate the adoption of electronic health records and supporting information technology.

HIPAA applies to covered entities – doctors’ offices, hospitals, health insurers, and other healthcare companies – that create, receive, maintain, transmit, or access PHI. HIPAA further applies to business associates of covered entities that perform certain functions or activities involving PHI as part of providing services to the covered entity or on behalf of the covered entity. When a covered entity engages the services of a cloud service provider (CSP), such as Microsoft, the CSP becomes a business associate under HIPAA. Moreover, when a business associate subcontracts with a CSP to create, receive, maintain, or transmit PHI, the CSP also becomes a business associate.

Together, HIPAA and HITECH Act rules include:

· The Privacy Rule, which requires appropriate safeguards to protect the privacy of PHI and imposes restrictions on the use and disclosure of PHI without patient authorization. It also gives patients the rights over their health information, including rights to examine their health records and request corrections.

· The Security Rule, which sets the standards for administrative, technical, and physical safeguards to ensure the confidentiality, integrity, and security of electronic PHI.

· The Breach Notification Rule, which requires covered entities and their business associates to provide notification when a breach of unsecured PHI occurs.

Verification

The Privacy Rule requires a covered entity to take reasonable steps to verify the identity of an individual making a request for access. See 45 CFR 164.514(h). The Rule does not mandate any particular form of verification (such as obtaining a copy of a driver's license), but rather generally leaves the type and manner of the verification to the discretion and professional judgment of the covered entity, provided the verification processes and measures do not create barriers to or unreasonably delay the individual from obtaining access to her PHI, as described below. Verification may be done orally or in writing and, in many cases, the type of verification may depend on how the individual is requesting and/or receiving access – whether in person, by phone (if permitted by the covered entity), by faxing or e-mailing the request on the covered entity's supplied form, by secure web portal, or by other means. For example, if the covered entity requires that access requests be made on its own supplied form, the form could ask for basic information about the individual that would enable the covered entity to verify that the person requesting access is the subject of the information requested or is the individual's personal representative. For those covered entities providing individuals with access to their PHI through web portals, those portals should already be set up with appropriate authentication controls, as required by 45 CFR 164.312(d) of the HIPAA Security Rule, to ensure that the person seeking access is the individual or the individual's personal representative.

Providing Access

Form and Format and Manner of Access

The Privacy Rule requires a covered entity to provide the individual with access to the PHI in the form and format requested, if readily producible in that form and format, or if not, in a readable hard copy form or other form and format as agreed to by the covered entity and individual. See 45 CFR 164.524(c)(2)(i). If the individual requests electronic access to PHI that the covered entity maintains electronically, the covered entity must provide the individual with access to the information in the requested electronic form and format, if it is readily producible in that form and format, or if not, in an agreed upon alternative, readable electronic format. See 45 CFR 164.524(c)(2)(ii). The terms "form and format" refer to how the PHI is conveyed to the individual (e.g., on paper or electronically, type of file, etc.) Thus:

Requests for Paper Copies – Where an individual requests a paper copy of PHI maintained by the covered entity either electronically or on paper, it is expected that the covered entity will be able to provide the individual with the paper copy requested.
Requests for Electronic Copies – Where an individual requests an electronic copy of PHI that a covered entity maintains only on paper, the covered entity is required to provide the individual with an electronic copy if it is readily producible electronically (e.g., the covered entity can readily scan the paper record into an electronic format) and in the electronic format requested if readily producible in that format, or if not, in a readable alternative electronic format or hard copy format as agreed to by the covered entity and the individual.
Where an individual requests an electronic copy of PHI that a covered entity maintains electronically, the covered entity must provide the individual with access to the information in the requested electronic form and format, if it is readily producible in that form and format. When the PHI is not readily producible in the electronic form and format requested, then the covered entity must provide access to an agreed upon alternative readable electronic format. See 45 CFR 164.524(c)(2)(ii). This means that, while a covered entity is not required to purchase new software or equipment in order to accommodate every possible individual request, the covered entity must have the capability to provide some form of electronic copy of PHI maintained electronically.; It is only if the individual declines to accept any of the electronic formats readily producible by the covered entity that the covered entity may satisfy the request for access by providing the individual with a readable hard copy of the PHI.

The covered entity also may provide the individual with a summary of the PHI requested, in lieu of providing access to the PHI, or may provide an explanation of the PHI to which access has been provided in addition to that PHI, so long as the individual in advance: (1) chooses to receive the summary or explanation (including in the electronic or paper form being offered by the covered entity); and (2) agrees to any fees (as explained below in the Section describing permissible Fees for Copies) that may be charged by the covered entity for the summary or explanation. See 45 CFR 164.524(c)(2)(iii).

A covered entity also must provide access in the manner requested by the individual, which includes arranging with the individual for a convenient time and place to pick up a copy of the PHI or to inspect the PHI (if that is the manner of access requested by the individual), or to have a copy of the PHI mailed or e-mailed, or otherwise transferred or transmitted to the individual to the extent the copy would be readily producible in such a manner. Whether a particular mode of transmission or transfer is readily producible will be based on the capabilities of the covered entity and the level of security risk that the mode of transmission or transfer may introduce to the PHI on the covered entity's systems (as opposed to security risks to the PHI once it has left the systems). A covered entity is not expected to tolerate unacceptable levels of risk to the security of the PHI on its systems in responding to requests for access; whether the individual's requested mode of transfer or transmission presents such an unacceptable level of risk will depend on the covered entity's Security Rule risk analysis. See 45 CFR 164.524(c)(2) and (3), and 164.308(a)(1). However, mail and e-mail are generally considered readily producible by all covered entities. It is expected that all covered entities have the capability to transmit PHI by mail or e-mail (except in the limited case where e-mail cannot accommodate the file size of requested images), and transmitting PHI in such a manner does not present unacceptable security risks to the systems of covered entities, even though there may be security risks to the PHI while in transit (such as where an individual has requested to receive her PHI by, and accepted the risks associated with, unencrypted e-mail). Thus, a covered entity may not require that an individual travel to the covered entity's physical location to pick up a copy of her PHI if the individual requests that the copy be mailed or e-mailed.

Minors

The Site is not intended for individuals under the age of 18 years of age. We do not intentionally collect Personal Information from children. If you are the parent or guardian and believe your child has provided us with Personal Information, please contact us at the address above to request deletion.

Sharing Personal Information

We share your Personal Information with service providers to help us provide our services and fulfill our contracts with you, as described above. For example:

We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.
We may share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

Behavioural Advertising

As described above, we use your Personal Information to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example: We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location). YOUR PERSONAL INFORMATION WILL NEVER BE SHARED.
We use Shopify Audiences to help us show ads on other websites with our advertising partners to buyers who made purchases with other Shopify merchants and who may also be interested in what we have to offer. We also share information about your use of the Site, your purchases, and the email address associated with your purchases with Shopify Audiences, through which other Shopify merchants may make offers you may be interested in.
Social Medial channels; Instagram, Facebook, Twitter, TicTock.

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by:

INCLUDE OPT-OUT LINKS FROM WHICHEVER SERVICES BEING USED. COMMON LINKS INCLUDE:

FACEBOOK - https://www.facebook.com/settings/?tab=ads
GOOGLE - https://www.google.com/settings/ads/anonymous

BING - https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

Using Personal Information

We use your personal information to provide our services to you, which include: offering products for sale, virtual try videos and pictures, processing payments, shipping and fulfillment of your order, and keeping you up to date on new products, services, and offers.

Lawful basis

Pursuant to the General Data Protection Regulation (“GDPR”), if you are a resident of the European Economic Area (“EEA”), we process your personal information under the following lawful bases:

Your consent;
The performance of the contract between you and the Site;
Compliance with our legal obligations;
To protect your vital interests;
To perform a task carried out in the public interest;
For our legitimate interests, which do not override your fundamental rights and freedoms.

Retention

When you place an order through the Site, we will retain your Personal Information for our records unless and until you ask us to erase this information. For more information on your right of erasure, please see the ‘Your rights’ section below.

Automatic decision-making

If you are a resident of the EEA, you have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you.

We Do Not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

Services that include elements of automated decision-making include:

Temporary blacklist of IP addresses associated with repeated failed transactions. This blacklist persists for a small number of hours.
Temporary blacklist of credit cards associated with blacklisted IP addresses. This blacklist persists for a small number of days.

Selling Personal Information

Our Site sells Personal Information, as defined by the California Consumer Privacy Act of 2018 (“CCPA”).

categories of information sold;
IF USING SHOPIFY AUDIENCES: information about your use of the Site, your purchases, and the email address associated with your purchase
instructions on how to opt-out of sale;
whether your business sells information of minors (under 16) and whether you obtain affirmative authorization;
if you provide a financial incentive to sell information, provide information about what that incentive is.]

Your rights

GDPR

If you are a resident of the EEA, you have the right to access the Personal Information we hold about you, to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.

Your Personal Information will be initially processed in Ireland and then will be transferred outside of Europe for storage and further processing, including to Canada and the United States. For more information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper: https://help.shopify.com/en/manual/your-account/privacy/GDPR.

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above.

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address above.

Cookies

A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. We use a number of different cookies, including functional, performance, advertising, and social media or content cookies. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor.

We use the following cookies to optimize your experience on our Site and to provide our services.

[Be sure to check this list against Shopify’s current list of cookies on the merchant storefront: https://www.shopify.com/legal/cookies

Cookies Necessary for the Functioning of the Store

Name	Function	Duration
_ab	Used in connection with access to admin.	2y
_secure_session_id	Used in connection with navigation through a storefront.	24h
_shopify_country	Used in connection with checkout.	session
_shopify_m	Used for managing customer privacy settings.	1y
_shopify_tm	Used for managing customer privacy settings.	30min
_shopify_tw	Used for managing customer privacy settings.	2w
_storefront_u	Used to facilitate updating customer account information.	1min
_tracking_consent	Tracking preferences.	1y
c	Used in connection with checkout.	1y
cart	Used in connection with shopping cart.	2w
cart_currency	Used in connection with shopping cart.	2w
cart_sig	Used in connection with checkout.	2w
cart_ts	Used in connection with checkout.	2w
cart_ver	Used in connection with shopping cart.	2w
checkout	Used in connection with checkout.	4w
checkout_token	Used in connection with checkout.	1y
dynamic_checkout_shown_on_cart	Used in connection with checkout.	30min
hide_shopify_pay_for_checkout	Used in connection with checkout.	session
keep_alive	Used in connection with buyer localization.	2w
master_device_id	Used in connection with merchant login.	2y
previous_step	Used in connection with checkout.	1y
remember_me	Used in connection with checkout.	1y
secure_customer_sig	Used in connection with customer login.	20y
shopify_pay	Used in connection with checkout.	1y
shopify_pay_redirect	Used in connection with checkout.	30 minutes, 3w or 1y depending on value
storefront_digest	Used in connection with customer login.	2y
tracked_start_checkout	Used in connection with checkout.	1y
checkout_one_experiment	Used in connection with checkout.	session

Reporting and Analytics

Name	Function	Duration
_landing_page	Track landing pages.	2w
_orig_referrer	Track landing pages.	2w
_s	Shopify analytics.	30min
_shopify_d	Shopify analytics.	session
_shopify_s	Shopify analytics.	30min
_shopify_sa_p	Shopify analytics relating to marketing & referrals.	30min
_shopify_sa_t	Shopify analytics relating to marketing & referrals.	30min
_shopify_y	Shopify analytics.	1y
_y	Shopify analytics.	1y
_shopify_evids	Shopify analytics.	session
_shopify_ga	Shopify and Google Analytics.	session

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as: www.allaboutcookies.org.

Additionally, please note that blocking cookies may not completely prevent how we share information with third parties such as our advertising partners. To exercise your rights or opt-out of certain uses of your information by these parties, please follow the instructions in the “Behavioural Advertising” section above.

Do Not Track

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

Changes

We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons.

Complaints

As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact” above.

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority. You can contact your local data protection authority, or our supervisory authority here: [Add contact information or website for the data protection authority in your jurisdiction. For example: https://ico.org.uk/make-a-complaint/]

Last updated: 2024