United Kingdom | English

Effective June 2018

VSP Privacy Notice


This website including the user portal (this “Site”) is operated by Vision Service Plan, a not-for-profit corporation registered in California whose principal place of business is at 3333 Quality Drive, Rancho Cordova, CA, 95670 (“Vision Service Plan”).

VSP Vision Care – UK LTD is a wholly owned subsidiary of Vision Service Plan through which it provides the vision benefit services in the UK, Ireland and France (and such other European countries VSP may elect from time to time) (the “Services”).

VSP Vision Care – UK LTD, is registered in the UK under company number 07000582 with its registered office at The Broadgate Tower, Third Floor, 20 Primrose Street, London, EC2A 2RS, United Kingdom and its principal place of business at The Dairy Stonor Estate Henley on Thames Oxon RG9 6HF, United Kingdom (“VSP UK”).

Vision Service Plan and VSP UK are hereinafter collectively referred to as the “Company”, “we” or “VSP”.

We respect your rights to privacy and to the protection of your personal data. The purpose of this Privacy Notice is to explain how we collect and use your personal data when you visit this Site or for the provision of the Services. References to “you” and “your” in this Privacy Notice refer to the individual about whom VSP collects personal data (e.g. member, member’s dependents, eye-care professional or non-registered visitor).

If you receive the Services through VSP UK in jurisdictions such as but not including UK, Ireland, France or such other EU or EEA Member State as may be defined by VSP from time to time, Vision Service Plan and VSP UK shall for the purpose defined in this Privacy Notice be regarded the “data controllers” and your personal data shall be processed in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data Protection Regulation” or “GDPR”).

VSP UK is regulated by the Information Commissioner’s Office or ICO (www.ico.org.uk) and registered under Z2027437.

More information on VSP UK is available at the ICO at https://ico.org.uk/ESDWebPages/Entry/Z2027437.


(a) We may obtain your personal data from a variety of sources, including information you give to us, or that we gather or learn from how you use this Site or our Services and the technology you use (for example location data from an Internet Protocol (IP) address).

(b) We may also receive your personal data from third parties (including other VSP companies), third parties who provide services to you or us (for example the eye-care professional that submits the benefits claim to VSP on your behalf) or the bank(s) involved to reimburse the benefit claims.

(c) We also gather information from public sources, such as the press and online search engines.


(a) Personal Data You Provide: When you wish to register an account on this Site or receive our Services, we may ask that you provide us with certain personal data to facilitate your use of the Site or our Services.

Members: We collect and process various categories of personal data throughout your relationship with us, including basic personal data such as your name, personal or work-related email address, postal address, contact details, date of birth, gender, VSP user ID, employer’s name, benefit entitlements, bank account details, name and relationship of other persons with benefit entitlements such as your spouse, partner or children (“dependents”).

In addition, as part of submitting your benefit claims, you may be required to provide us with sensitive personal data related to your or your dependent’s health, such as your eye-care diagnosis and details about the eye-care treatment received and products or services purchased or received.

In those cases where you have visited an eye care professional that is affiliated to VSP’s network, VSP shall receive the (sensitive) personal data associated with your benefit claim directly from the respective eye-care professional that provided you with the treatment.

The health-related personal data that VSP receives about you is limited to the information that is recorded on the invoice submitted as part of a benefits claim process on this Site. VSP maintains a record of the invoices for the purpose of fulfilling certain legal, accounting, financial, risk assessment and audit requirements in relation to the claims and not for any other purpose.

VSP does not use any of the health-related data that is recorded on the invoices. In some cases though, VSP may be obligated to disclose as described in 5(v)(“Required Disclosures”).

Please note that some information we ask you to provide is identified as mandatory, and some as voluntary. If you do not agree to the way we process your personal data or otherwise choose not to provide us with the mandatory data, it may not be possible for us to continue to operate your account and/or provide the Services to you.

Eye-Care Professionals: Personal data we collect may include your name, practice name, address and contact information (incl. email address), professional details such as your certification/qualification, VSP user ID, bank account details, billing information, details of the services and products you provided to our members and foreign language capability (if applicable).

Non-Registered Users and Visitors: Any visitor of our Site can access the publicly available areas of our Site without the need to login or provide any personal data. Some features may allow us to collect personal data relating to your use of the Site (see “Cookies and other Technologies”) and information provided by you in comments and feedback regarding the Site. If you want to access the restricted non-public area of the Site, you will also be required to create a username and password to establish an account.

(b) Cookies and other Technologies: In addition to the information you provide to us, we and our service providers may use cookies, web beacons – also referred to as single-pixel gifs – and other technologies. Cookies are identifiers that the Site stores on your computer's hard drive or your mobile device to facilitate the interaction between your computer or mobile device and the Site. Our cookies mainly serve the purpose of making the Site run more smoothly and to maintain a secure Site by tracking your access to and use of our Site, including recognizing log files, your VSP user ID and password, the domain from which you access the Site, the date and time you access the Site, what areas of the Site you access, the IP address, unique device identifier, and the type of device and/or web browser you use to access the Site. For more information on our use of cookies and how you can adjust your browser settings to disable our cookies, please read our Cookie Policy.


We collect, use, store and share your personal data to facilitate the use of the Site and for the purposes more particularly described below:

  • User Registration and Account Management: To register your account and to authenticate you so that we know it is you and not someone else. To communicate with you about our services (for example, if you lose your VSP user ID or password), identity and credential management, verification and access control.
  • Member Service Delivery: Some personal data is necessary to allow us to provide you the Services and to allow you to operate your online account to manage, administer, coordinate and review the enrolment and provision of your entitlements under the Services, verify your eligibility and coverage, process, administer your claims or to receive payments associated with a claim, respond to your inquiries and requests, conduct surveys, carry out research and analysis relating to our Services and to improve our Services, compliance, review and resolve issues, complaints and grievances raised by you or an eye-care professional or for other legitimate business interests of VSP, such as the prevention and detection of fraud/attempted fraud, occupational health, rehabilitation, underwriting, internal auditing, consolidated reporting, legal compliance, including mandatory filings.
  • Eye-Care Professionals Service Delivery: To manage, administer, coordinate and review the provision of our member’s entitlements and related services and to process and administer claims you submit on our member’s behalf and to reimburse you in relation to covered services and/or products subject of such a claim. Further purposes may include quality assessment and improvement, performance evaluations and conducting claim- and payments audits.
  • System and Network Security: System and network administration and security, including infrastructure monitoring, participate in cybersecurity, anti-fraud and anti-money laundering initiatives or programs, data de-identification and aggregation of de-identified data for data minimization and analysis of our Services, hosting, storage, and other processing needed for business continuity and disaster recovery, including making back-up and archive copies of personal data.
  • Improvement of our Services: To understand your preferences and expectations to help us improve or develop new products or services and the relevance of offers from VSP companies and that we continually develop and improve as an organization.
  • Marketing & Surveys: We may on occasion make use of your personal data that we collect for marketing purposes or to ask you to participate in surveys about our Services. We may for instance send you information about our Services that we feel might be of particular interest to you.

If you do not wish us to make use of your personal data in this way, please let us know here at Contact Us. You can opt out from receiving future marketing messages or survey requests at any time by contacting us at UKMember@vsp.com or use the opt-out function in our messages you receive.

VSP will not share your personal data with third parties for their own marketing purposes without your permission.


  • Third Party Services: For any of the purposes listed in paragraph 4, we sometimes hire or partner with other companies to provide part of the Services on our behalf. We will only provide those companies with your personal data that they need to perform their obligations to us. We shall require them to process your personal data in strict accordance with our instructions and implement adequate technical and organizational security measures to prevent unauthorized access to or disclosure of your personal data.
  • Affiliate Sharing: Subject to the terms of this Privacy Notice, in the normal course of performing our Services, for the day to day running of our business, to manage the security of our properties and to protect our business and as otherwise permitted by applicable law, the Company may share your personal data with any of its affiliates or subsidiaries.
  • Sharing of De-Identified Personal Data: Personal data that is collected by our Company may be shared in a de-identified and/or aggregated format as part of statistics before being disclosed to such third parties.
  • Other Sharing: Where required for a sale, reorganisation, transfer, financial arrangement, sub-participation, asset disposal or other transaction relating to VSP’s business, your personal data may also be disclosed to third parties.
  • Required Disclosures: We reserve the right to disclose your personal data, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (1) comply with laws, legal process, or government or regulatory requests; (2) protect and defend our rights, property or business and, (3) protect the safety and security of our users, this Site, or the public.

Except as mentioned above, we will not sell, distribute or lease your personal data to third parties.


Because VSP UK is a wholly-owned subsidiary company of Vision Service Plan, a US not for profit-corporation that operates the Site and ancillary IT systems, your personal data will be processed for the purposes set out in this Privacy Notice, transferred to and stored by Vision Service Plan in the United States. It may be accessed and processed by VSP staff in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union. For the transfer of personal data between VSP UK and Vision Service Plan, we rely on standard data protection clauses (“model clauses”) adopted by the European Commission. In addition, in those cases where we collect and transfer personal data from you that are not covered by latter mentioned model clauses, VSP relies on derogations for specific situations as set forth in Article 49 of the GDPR, such as (i) VSP’s obligation to perform a contract with you or to allow you the benefit of VSP’s Services; (ii) or to fulfill a compelling legitimate interest of VSP in a manner that does not outweigh your rights and freedoms; (iii) the establishment, exercise or defence of legal claims. Should you wish to obtain a copy of the model clauses, you may contact us at gdpr@vsp.com.


In the course of providing the Services, we create records including your personal data that can be held on a variety of media (physical or electronic). Records help us serve you well, to demonstrate that we are meeting our obligations and to keep as evidence of our business activities.

In the normal course of business, we retain your personal data for up to ten years after your relationship ends with us, unless we have an obligation to keep it longer (for example due to a court order or investigation by law enforcement agencies or regulators).


You have certain legal rights to control your personal data and the manner in which we process it. These rights include the possibility to request us to give you access to all personal data we have about you, request us to correct inaccurate or update incomplete information, object to or restrict the processing on legitimate grounds, withdraw your consent for certain processing at any time where previously we have asked for your permission or to delete the data we have about you if one of the grounds of article 17 GDPR applies, specifically where the personal data we have about you is no longer necessary in relation to the purposes for which they were collected by us or where you withdraw your previously granted consent and there is no other legal ground to process your personal data.

Please send your request to gdpr@vsp.com and we will use reasonable efforts to respond to you in a timely manner.

To process such a request, we may ask you to verify your identity and cooperate with us in our effort.


We are committed to ensuring that your personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect about you. Access by you to your personal data is available through the Site after you provide your unique VSP Login ID (username and password) selected by you. We recommend that you do not divulge your password to anyone. We employ internal policies pursuant to which only selected individuals have access to your personal.


This Privacy Notice only applies to this Site provided by the Company, and does not apply to any third parties or their products, services or websites. If other websites are accessible through our Site, they will have their own privacy policies and practices, and the use of any personal data provided by you to such a third party will be governed by that party’s privacy policy. Please consult each website's privacy policy. We are not responsible for the policies or practices of third parties, and we do not control, operate, or endorse any information, products, or services of any third-party or third-party web sites that may be accessed through links from this Site.


You must be at least 16 years old to access and use this Site. We shall not knowingly collect personal data from visitors that are under 16 years of age, unless parental consent has been given.


We may change this Privacy Notice from time to time, and if we do we’ll post any changes on this Site. If you continue to use the Site after those changes are in effect, you agree to the revised Privacy Notice, provided, that we will not retroactively change how we handle your personal data without your consent. If the changes are significant, we may provide more prominent notice or get your consent as required by law.


If you are concerned that we have breached a privacy law or code binding on us, please contact us at gdpr@vsp.com or send your concern by regular mail to VSP’s registered address at:

VSP Vision Care – UK LTD
Attn: Data Protection Officer
The Broadgate Tower Third Floor
20 Primrose Street
London EC2A 2RS

Our Data Protection Officer or a designated representative will manage your complaint and will give you additional information about how it will be handled.

We hope that we can address any concerns you may have, but you can always contact the Information Commissioner's Office (ICO) or the local Supervisory Authority in the country you live in. For information on contacting the ICO please see their website (www.ico.org.uk).