This is the privacy and cookies policy (the “Privacy and Cookies Policy”) for eyetest.co.uk (the “Site”). The Site is operated by or on behalf of Vision Services, doing business as eyetest.co.uk (“eyetest.co.uk”, “we”, “us” and “our”). For the purposes of the EU General Data Protection Regulation (GDPR), we are the controller of your personal data. You can contact us at any time at the contact details set out below at the end of this Privacy and Cookies Policy.
We are committed to protecting your privacy online. We appreciate that you do not want your personal data distributed indiscriminately and here we explain how we collect information, what we do with it and what controls and rights you have regarding the processing of your personal data.
We collect and use certain information related to you in accordance with this Privacy and Cookies Policy, and only to the extent necessary for the specific purposes (as set out under section 3 below). We reserve the right to change this Privacy and Cookies Policy from time to time by changing it on the Site, in case of which we will give you prior notice. This Privacy and Cookies Policy was last updated on July 11, 2021.
We care a whole lot about your vision so thanks for taking the time to visit the website. You can take a free eye check at any point completely free of charge and if you feel you need a more comprehensive eye test you can take a full test online or find a recommended local optician in the Opticians Directory. We hope you enjoy your experience to make your eye care more accessible.
- Personal Data we may collect directly from you
We may collect and process the following personal data about you:
- Registration Information: namely, your name, email address, postal address and telephone number, that you provide by completing forms on the Site, including if you register as a user of the Site, subscribe to any service, upload or submit any material via the Site, request any information, or enter into any competition or promotion we may sponsor;
- Information About Your Vision Prescription: namely, the power for each eye which we require when you undertake the experience on eyetest.co.uk;
- Transactions Details: details of any transactions made by you through the Site (e.g., when you place a test with us) such as identifying what you will be receiving and the cost thereof;
- Communications You Send to Us: for example, to report a problem or to submit queries, concerns or comments regarding the Site or its content or any concern you have about the results you receive.
- Information from Surveys: we may, from time to time, run surveys on the Site for eye care research purposes, if you choose to respond to or participate in them, which may include information around your eye test experience online, in-store, in-kiosk etc.
- Uses made of your personal data
We use the types of personal data which we collect to:
- enable us to process your free or paid service: we use relevant personal data described above (including your name, address and payment details) to process and deliver your order; to notify you of the status of your order; to respond to your inquiries; and to verify and carry out financial transactions in relation to your online payment. It is necessary to process your personal data in this way for the performance of our relationship with you, including our obligations under the Terms of Supply;
- improve our products and services: we will use your personal data to build a profile on you in order to understand how you use our products and services; to develop more interesting and relevant products and services; to improve our website; to analyze how our website is used; to analyze user demographics; to analyze system data; as well as to personalise the products, services and experience we offer you. We process your personal data in this way as it is necessary for the purposes of our legitimate interests in providing better products and services for you and our other customers. We take steps to ensure your rights are not disproportionately infringed, including allowing you to change your details/personal data to make sure it is accurate, and making sure that we do not start to use your personal data for new purposes without giving you prior notice;
- comply with applicable laws: we will use your personal data if necessary to comply with laws applicable to us, such as tax laws;
- provide you with Product(s) that meet your specification requirements: we will process your personal data regarding the powers of your prescription on the basis of your specific prior consent and the information that you provide us with for this purpose when undertaking an experience on eyetest.co.uk.
- Storage and sharing of your personal data
Your personal data which we collect is sent to and stored on secure servers located in the United States or in the systems of third parties located in the United States that we use to store personal data on our behalf. Such storage is necessary in order to provide the services outlined on EyeTest.co.uk.
We may disclose anonymized aggregate statistics about visitors to the Site in order to describe our services to prospective partners, advertisers, sponsors and other reputable third parties and for other lawful purposes, but these statistics will include no personal data and ultimately offer you a better experience in the future.
We may disclose your personal data to any of our affiliates, to our agents or contractors who assist us in providing the services we offer through the Site, storing your personal data, processing transactions, fulfilling requests for information, receiving and sending communications, providing customer service, analysing data, providing IT and other support services or in other tasks, from time to time in compliance with this Privacy and Cookies Policy. Our affiliates, agents and contractors will only act as processors on our behalf and use your information to the extent and for the duration necessary to perform their functions.
Our affiliates, agents and contracts may be located outside the European Economic Area (EEA), in particular in the United States, and thus in a country which is not subject to an adequacy decision of the European Commission and which may not provide for the same level of data protection as considered adequate in the European Union. For instance, we use Amazon AWS in the United States to store your personal data collected through our European Site. In the event your personal data is transferred to a recipient outside the EEA, we will ensure that such recipient offers an adequate level of protection, for instance by entering into model contracts for the transfer of data as approved by the European Commission (see Art. 46 GDPR). As applicable, we will also comply with our obligations under the EU-U.S. Privacy Shield Framework (see below section 10). For more information about the service providers we use, the specific countries where the recipients of your personal data are located, on the appropriate safeguards in place, and how to obtain a copy of them, please contact us.
Please see section 8 below for our use of Stripe as our payment gateway provider.
In the event that we undergo re-organisation or are sold to a third party, we will inform you if any personal data we hold about you may be transferred to the extent necessary to that re- organised entity or third party as may be required for the purposes set out above under section 3.
We may disclose your personal data if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Site or the rights, property or personal safety of any person. We do not sell, rent, or lease our customer lists to third parties.
- Cookies and other technologies
When you visit the Site (or any website for that matter), a web server sends a cookie or other similar technology to your device. Cookies are small pieces of information which are stored on your device when you visit a website or access or use a mobile application, and they store and sometimes track information. We may, by means of cookies and/or other similar technologies, automatically collect additional information about you – such as the type of internet browser or mobile device you use, any website from which you have come to the Site, your IP address (the unique address which identifies your computer or mobile device on the internet) and/or the operating system of your computer or mobile device.
Types of cookies we use
A number of cookies we use last only for the duration of your web session and expire when you close your browser or exit the Site (these are marked as “session” cookies in our cookie overview below). Other types of cookies are used to remember you when you return to the Site and will last for longer (these are marked as “persistent” cookies in our cookie overview below). This provides you with a better site experience which is important to us.
Most cookies are necessary to provide the requested services on our Site (these are marked as “essential” in our cookie overview below). Other cookies may not be strictly necessary but help us to with respect to the below purposes (these are marked as “non-essential” in our cookie overview below). Where required by law, we will obtain your prior explicit consent before a non-essential cookie is placed on your device.
Some of the cookies used by the Site are set by us, and some are set by third parties who are delivering services on our behalf. Below you can find an overview of the cookies we and/or third parties acting on our behalf place on your device when you visit the Site.
- facilitate your use of the Site;
- remember that you have visited us before. This means we can identify the number of unique visitors we receive. This allows us to make sure we have enough capacity for the number of users that we get;
- customise elements of the promotional layout and/or content of the pages of the Site;
- collect anonymous statistical information about how you use the Site (including how long you spend on the Site) and where you have come to the Site from, so that we can improve the Site experience and learn which parts of the Site and are most popular with users;
- and ascertaining how our customers found out about us.
Managing your cookies
Most web and mobile device browsers automatically accept cookies but, if you prefer, you can change your browser to prevent that or to notify you each time a cookie is set. You can also learn more about cookies by visiting www.allaboutcookies.org which includes additional useful information on cookies and how to block cookies using different types of browser or mobile device. Please note, however, that by blocking or deleting cookies used on the Site, you may not be able to take full advantage of the Site experience.
Where required by law, we will obtain your prior explicit consent before we place non-essential cookies that are not strictly necessary to provide you with the requested services. You always have the right to withdraw your consent to the use of these types of cookies effective as of the moment that you make use of such right. For this purpose, you can contact us using the details set out in section 13 below. To opt-out of tracking by Google Analytics, please use the specific opt-out mechanism as indicated further below in the section on Google Analytics.
Use of Google Analytics
Google will use this information as our processor to help us evaluate the use of our Site, to compile reports on website activity and to provide other statistical and analytical services relating to usage of our Site. The IP address transmitted by your browser within the framework of Google Analytics will not be associated with any other data held by Google.
You can withdraw your consent and prevent the collection of data generated by the cookie about your use of our Site (including your IP address) at any time as follows:
To opt-out of being tracked by Google Analytics across all websites, please download and install a browser-plugin which is available from Google.
For an overview of privacy at Google, please click here.
- Child safety
Protecting the safety of children when they use the Internet is important to us. The Site is intended for use only by persons who are at least 16 years of age and we do not solicit or knowingly collect personal data from children under the age of 16 without the verifiable permission of a parent or guardian. If we learn that a child under the age of 16 has provided personal data without the consent of a parent or guardian, we will take all reasonable steps to delete that information from our databases (or advise any third-party service provider to do so). Should you become aware that we have collected personal data from a child under the age of 16 without the requisite permission, you may contact us as provided below.
- External links
The Site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.
We have no control over how third-party websites and services process your personal data. We do not review third party websites and services, and we are not responsible for such third-party websites and services or their privacy practices. Please read the privacy statements of any third- party websites or services that you access from our websites or services.
- Payment processing
We place great importance on the security of all personal data associated with our users. We have security measures in place to attempt to protect against the unauthorized access and disclosure, accidental or unlawful destruction, loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that unauthorized access and disclosure, accidental or unlawful destruction, loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.
You should bear in mind that submission of information over the Internet is never entirely secure. We cannot guarantee the security of information you submit via the Site whilst it is in transit over the Internet and any such submission is at your own risk.
It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal data if you use a shared computer or a computer in a public place.
- Adhesion to the Privacy Shield Framework
As our technology is based in the United States, we will process your personal data in the United States. To provide for an adequate level of protection, we have certified to and comply with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, processing, use, and retention of personal data transferred from the European Union to the United States. If there is any conflict between the terms in this Privacy and Cookies Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield Framework please visit https://www.privacyshield.gov/list
Accountability for onward transfers
We are responsible and remain liable for the processing of personal data we receive, under the Privacy Shield Framework, and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the European Union, including the onward transfer liability provisions. For more information on the appropriate safeguards in place, please contact us at the contact details below.
- Your rights in relation to your personal data
Fair play and transparency are important to us. We are open about the personal data we collect and have implemented mechanisms to enable you to exercise any rights you might have with respect to your personal data.
Where we have obtained your consent in relation to any matter in relation to your personal data (e.g. your consent to the placement of cookies on your device), you can withdraw this consent at any time, without affecting the lawfulness of any processing based on consent before its withdrawal, by contacting us using the contact details set out below or changing your cookie settings as specified in section 5 above on cookies. All our marketing communications contain an easy way to opt out from receiving future messages, such as a link through which you can unsubscribe.
Access to, erasure, rectification, restriction of processing and portability of personal data
If you have ordered products or registered an account with us, you can access a significant amount of your personal data through our website. Our website generally presents you with the option to add, update or remove information we have about you.
If any personal data we have about you is not accessible through our website, you can send us a request for access to this information at no cost using the contact details set out at the end of this Privacy and Cookies Policy.
After receiving your request and sufficient information to verify your identity we will provide you with a copy of the personal data we have about you which you are entitled to have under applicable law. We will also confirm the purposes for which such personal data is being used, its recipients and the origin of the information.
You may write to us at any time requesting the rectification of personal data that is incorrect or, taking into account the purposes of the processing, the completion of incomplete data; or requesting that we erase or otherwise remove your personal data. You may also write to us at any time to restrict our processing of your personal data; or request that we provide your personal data in a structured, commonly used electronic format and, where technically feasible, transmit it to a third party (right to data portability). We will comply with these requests in relation to your personal data in line with applicable law.
Right to object to the processing of your data
You further have the right to object at any time, on grounds relating to your particular situation and in accordance with applicable law, to any processing of your personal data based on the ground that the processing is necessary for purposes of legitimate interests pursued by us. Where your personal data are processed by us for direct marketing purposes, you further have the right to object at any time to such processing without having to provide any specific reason for such objection.
Automated individual decision making
You further have the right not to be subject to an automated individual decision making in scenarios where the statutory requirements are not fulfilled. An automated individual decision making is not taking place.
Complaint with a supervisory authority
You further have the right to lodge a complaint with a supervisor authority, in particular with the supervisory protection authority competent for your place of habitual residence or the place of the alleged infringement.
Resolution of Privacy Shield queries and complaint mechanism
In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your personal data. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact our data protection officer at firstname.lastname@example.org.
We are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. We may be required to share your personal data, including the disclosure of EU personal data, to public authorities and law enforcement agencies in response to lawful requests, including requests to meet national security and law enforcement requirements.
We keep personal data stored only to the extent and duration necessary for the purposes described in this Privacy and Cookies Policy as updated from time to time. When determining this period, we take into account our legal obligations (such as financial reporting obligations) and the expectations of regulators (including data protection regulators), as well as the amount of time which personal data is actually useful for the purposes described in this Privacy and Cookies Policy. Without limitation of the foregoing, we keep your personal health data for two (2) years after you are no longer a customer. For detailed information on applicable data retention periods, please contact us via the contact details listed below.
- Contacting us
You can contact us if you have any questions about the way in which your personal data is being collected or used which are not answered by this Privacy and Cookies Policy.
Our contact details as controller
At any point you can contact us via email at email@example.com.