Pivacy Staytment GDPR / General Data Protection Regulation.
1. Your data given to us by
You As part of you registering for or using our Services, we will collect personal data or information meaning any information about an individual from which that individual can be identified (“Personal Data”). The Personal Data we collect can fall into several types as below:
1. first name; last name; username or similar identifier; (“Identity Data”)
2. billing address; delivery address; email address; telephone numbers (“Contact Data”)
3. details about payments to and from you; details of the Services you have purchased from us (“Transaction Data”)
4. internet protocol (IP) address; your login data and the time and date the Services were used; browser type and version; time zone setting and location;
browser plug-in types and versions; operating system and platform and other technology on the devices you use to access the Services; error data
5. your username and password; purchases or orders made by you; your interests; preferences; feedback and survey responses (“Profile Data”)
6. information about how you use our Services (“Usage Data”)
7. your preferences in receiving marketing from us and our third parties and your communication preferences (“Marketing and Communications Data”)
Personal Data will be collected by your direct interactions with us by post, phone, e-mail or online or by automated technologies like cookies, server logs, analytics providers, advertising networks, search information providers and other similar technologies.
We will not collect any data about your race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health or genetic or biometric data, or any criminal convictions or offences.
Where we need to collect your Personal Data by law, or under the terms of a contract we have with you with respect to our Services, and you fail to provide that Personal Data when requested, we may not be able to provide you with the Services and may have to cancel some or all of the Services you use but we will notify you if this is the case at the time.
Our Services are available for purchase only for those over the age of 18. Our Services are not targeted to, intended to be consumed by or designed to entice individuals under the age of 18. If you know of or have reason to believe anyone under the age of 18 has provided us with any Personal Data, please contact us.
2. How we use your Personal Data
We have set out below a description of all the ways we plan to use your Personal Data and which legal basis we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your Personal Data for more than one lawful ground depending on the specific purpose for which we are using your Personal Data.
If you have given us your express opt-in consent, we may offer you certain marketing services through analysis of your Identity Data, Profile Data, Technical Data and Usage Data. You have the right to withdraw consent to marketing at any time by contacting us.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
3. Disclosures of your Personal Data
We may disclose your Personal Data to our external service providers acting as processors who provide IT and system administration services and also to our professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers, as the case may be, who provide consultancy, banking, legal, insurance and accounting services, as the case may be.
We may also disclose your Personal Data to HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
We may also disclose your Personal Information to external third parties who provide electronic / computing services, as listed below:
We require all third parties to respect the security of your Personal Data and to treat it in accordance with all relevant laws. We do not allow our third-party service providers to use your Personal Data for their own purposes and only permit them to process your Personal Data for specified purposes and in accordance with our instructions.
We may also disclose your Personal Data to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets but only provided that the new owners use your Personal Data in substantially the same way as set out in this Privacy and Data Protection Policy.
Your Personal Data will be located in datacenters located inside the European Economic Area (EEA) and which treat your Personal Data in accordance with all relevant EEA laws. If we do transfer any of your Personal Data outside of the EEA we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
8. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
9. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
10. Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.
Please note that we may process your Personal Data without your knowledge or consent where this is required or permitted by law.
4. Retention of your Personal Data
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we must keep basic information about our customers (including Contact Data, Identity Data, Financial Data and Transaction Data) for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your Personal Data (see “Your rights in respect of your Personal Data” below).
5. Your rights in respect of your Personal Data Under the GDPR you have the following rights:
The right to be informed:
We have set out in this Privacy and Data Protection Policy details on the Personal Information we collect from you and what we do with it and set out your rights in respect of such Personal Data.
The right of access:
You have the right to request access to your Personal Data which enables you to receive a copy of your Personal Data, so you can check that it is accurate and that we are lawfully processing it. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right of rectification:
You have the right to request correction of your Personal Data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new Personal Data you provide to us. We will correct the information we store, then inform any third parties that we may have provided that information to requesting that they rectify the information they hold too. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to erasure:
You have the right to request erasure of your Personal Data (also known as the right to be forgotten). This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your Personal Data unlawfully or where we are required to erase your Personal Data to comply with respective laws. We will do this within one month unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to restrict processing:
You have the right to object to the processing of your Personal Data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. We will consider these requests and take appropriate action within one month of the request (including where appropriate informing any third parties of this restriction) unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we may need an extension of time.
The right to data portability:
You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format (such as in Excel or Word format). Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you. We will provide this free of charge within one month of the request unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we will be using the extension of time we are allowed under such circumstances.
The right to object:
You have the right to request restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of your Personal Data in the following scenarios: (a) if you want us to establish your Personal Data's accuracy; (b) where our use of your Personal Data is unlawful but you do not want us to erase it; (c) where you need us to hold the Personal Data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your Personal Data but we need to verify whether we have overriding legitimate grounds to use it. If we agree with your written objection then we will not use the data in the way to which you are objecting within one month, unless the request is complex, or we have too many requests to deal with, in which case, we will inform you within one month that we may need an extension of time.
Rights of automated decision making and profiling:
We may make automated decisions (via a computer algorithm) on certain aspects of the marketing materials that we send to you. We do not make any other automated decisions on your information. We do not make any decision on what the GDPR regulations suggest is a ‘special category’ of personal information; nor make any decisions based on ethnicity, race, sex, gender or disability. If you object to the automated data processing that we perform on your personal information, then you may ask us not to do this. Since this decision making is integral to how we send marketing materials, then we will simply remove any marketing consent that you have given to us, which will result in your data not being processed in this way. We will do this free of charge within one month, unless the request is complex, or we have too many requests to deal with, in which case we will inform you within one month that we may need an extension of time.
The right to withdraw consent:
You have the right to withdraw consent at any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide some or all of the Services to you. We will advise you if this is the case at the time you withdraw your consent.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights), however, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
6. Data Security
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your Personal Data. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. We will store all your Personal Data on our secure servers, however, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. You are responsible for keeping your password and user details confidential for accessing any of our Services. We will never ask you for your password. In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and to notify you and any applicable regulator if the security, integrity or confidentiality of your Personal Data has been compromised, in accordance with any applicable laws and regulations.
7. Amendments to our Privacy and Data Protection Policy
We reserve the right to change our Privacy and Data Protection Policy at any time by posting revisions to https://www.eye-cs.com and we encourage you to read our Privacy and Data Protection Policy periodically to ensure that you are at all times fully aware of it. Any changes are effective immediately upon posting to https://www.eye-cs.co.uk 8. Contact us
If you have any inquiries or requests in respect of your Personal Data or our Privacy and Data Protection Policy, you may contact us at:
firstname.lastname@example.org Mob.: +44 (0) 74600 74940