PRIVACY POLICY

At Go Optic - Mobile Optical ("we," "us," or "our"), we are committed to protecting your personal information in compliance with Canada’s federal privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial legislation. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our website, mobile optical services, or interact with us.  

By accessing our website or booking our services, you consent to the practices described in this policy.  

1. Information We Collect

*Personal Information*  
- Contact Details: Name, phone number, email, and shipping/billing address.  
- Payment Information: Credit/debit card details (processed securely via PCI-compliant providers).  
- Insurance Data: Policy numbers and coverage details for direct billing (with consent).  

*Health & Prescription Information*  
Eye measurement results, prescriptions (collected by licensed optician).  
Frame measurements and vision correction needs.  


 *Website Usage Data*  
- Cookies & Analytics: IP address, browser type, pages visited (via Google Analytics).  
- Appointment Bookings: Date/time selections and service preferences.


2. How We Use Your Information
We use your data to:  
✔ Provide mobile eyewear and related services.  
✔ Process payments and insurance claims (with consent).  
✔ Communicate appointment confirmations, delivery updates, and promotions (opt-in only).  
✔ Improve website functionality and user experience.  
✔ Comply with *Canadian healthcare and privacy laws*.  


3. How We Share Your Information  
We *do not sell* your data. Limited sharing occurs with:  
- Licensed Optometrists: For eye exams and prescriptions.  
- Insurance Providers: For direct billing (with explicit consent).  
- Service Providers: Payment processors (e.g., Stripe), shipping carriers (e.g., Canada Post), and IT support (under confidentiality agreements).  
- Legal Requirements: If required by law (e.g., court orders).  


4. Data Security & Retention  
- Encryption: SSL/TLS for online transactions.  
- Access Controls: Staff access restricted to necessary personnel.  
- Retention Periods:  
  - Prescription records: *10+ years* (as per Canadian optometry regulations).  
  - Marketing data: Until you unsubscribe.  


5. Your Rights Under PIPEDA 
You have the right to:  
- *Access* or *correct* your personal information.  
- *Withdraw consent* for data use (may limit services).  
- *File a complaint* with the *Office of the Privacy Commissioner of Canada (OPC)*.  

6. Cookies & Tracking
- Essential Cookies: Required for website functionality (e.g., booking forms).  
- Analytics Cookies: Anonymous usage data (opt-out via [Google Analytics Opt-out](https://tools.google.com/dlpage/gaoptout)).  
- Manage Preferences: Adjust settings in your browser.  

7. Third-Party Links
Our website may link to external sites (e.g., frame manufacturers). We are *not responsible* for their privacy practices.  


8. Updates to This Policy 
Changes will be posted on this page with a revised *"Last Updated"* date. Material changes will be notified via email (if applicable).  


9. Consent for Minors
- We do not knowingly collect personal information from children under *13 years of age* without verifiable parental consent.
- For minors aged *13-17*, we require:
  - Parental/guardian consent for eye exams and data collection
  - Direct parental involvement in prescription eyewear purchases
Parents may:

  - Review their child's personal information
  - Request deletion of collected data
  - Revoke previously given consent

10. Data Breach Notification
In the event of a privacy breach involving your personal information, we will:
1. *Contain* the breach immediately and assess risks
2. *Notify affected individuals* as required by PIPEDA:
   - For breaches creating *real risk of significant harm*: Notice within 72 hours of confirmation
   - Notification methods: Email, phone, or prominent website notice
3. *Report to the Privacy Commissioner* when required by law
4. *Document all breaches* (even those not requiring notification) for 24 months

11. Cross-Border Data Transfers
When your data is transferred outside Canada (e.g., to U.S.-based servers):
We implement additional safeguards including:

  - *Model Clauses* for GDPR compliance (where applicable)
  - *Data anonymization* where possible
  - *Vendor Privacy Assessments* for all third-party processors
You will be notified of significant international data transfers


12. Complaints Process
If you have privacy concerns:
First contact our Privacy Officer at Gooptic.mobile@gmail.com 

2. We will acknowledge your complaint within *5 business days*
3. Investigation will be completed within *30 days* (or we will provide reason for delay)
If unsatisfied, you may contact:
   - *Office of the Privacy Commissioner of Canada*
   - *Provincial regulatory body* (where applicable)

13. Special Provisions for Quebec
In compliance with *Law 25*:
- We designate a *Privacy Officer* accessible to Quebec residents
Provide additional disclosures about:
  - Automated decision-making processes
  - Data collection purposes in clear, plain language
Honor requests for data portability in structured formats

14. Changes to This Policy
Material changes will:
Be posted 30 days before taking effect
Require renewed consent for significant new data uses
Maintain archived versions for transparency

📞: +1 403 968 3979  
✉: gooptic.mobile@gmail.com 
🌐: www.https://gooptic.ca/
This policy meets all requirements under *PIPEDA, provincial health privacy laws, and Quebec's Law 25*. We recommend reviewing it annually.