Lenstore.co.uk is committed to protecting your personal information and upholding privacy and data protection laws.
What Personal Information does Lenstore.co.uk Collect?
Personal data or personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store different kinds of personal data about you which we have detailed below.
(1) Visiting our Website
WWhen you access our website, we automatically collect and store some of your data in our servers and in our cookies, which are small files sent to your device when you access the website.
The following information will therefore be collected until they are deleted automatically after 30 days:
- IP address
- The date and time of access
- The name and URL of the file accessed
- Details of browser
- Details of device such as operating system
We also use 3rd party services to enhance and secure our website and some essential digital information may be shared with those 3rd parties in order to provide that service. Examples of these services include live chat, web analytics, usability improvement and on-site survey tools.
Our legal basis for the processing of the above information is our legitimate interests which are derived from the purposes of the collection. The purpose of processing is mainly to improve our website, services and customer experiences. The data will be stored for a period of 30 days and subsequently deleted automatically.
(2) Fulfilment of orders placed with us
We collect, store and process personal data for the fulfilment of your order placed with us. This includes the following:
- Title, first name and last name
- Invoice and delivery address
- Email address
- Payment information which is tokenised
- Telephone number
- Date of birth
Where you purchase contact lenses from us, we also gather and store contact lenses values.
Should you have given your telephone number, we will use it to contact you in relation to the order processing procedures to make sure that you receive your products, and not for any other purposes.
The processing of the above information is necessary for the fulfilment of your order or in order to implement pre-order measures.
The protection of minors is of importance to us. We only process orders from persons who, at the time of placing the order, have attained the age of 16. For this reason, we also collect information concerning your date of birth for verification purposes when an order is placed.
Where you ask our opticians a question by using the “Ask our Opticians a Question” service, we gather and store information about how you use contact lenses and the advice we provide to you. Contact establishment is voluntary in this respect and the collection of data is based on legitimate interest for us to be able to contact you on the basis of your enquiry. Note that our opticians do not provide any diagnosis services, therefore diagnosis related information must not be provided. The advice we provide to you may be stored on the basis of necessity to comply with a legal obligation under medical laws to which Lenstore.co.uk is subject to when providing optical advice.
We will store your personal information as long as you have an active business relationship with us. After the termination of the business relationship, we will archive the information pertaining to our relationship according to commercial, taxation and medical requirements as prescribed by relevant laws.
Personal data that is not subject to these legal requirements will be deleted on termination of the business relationship.
When making a payment to Lenstore.co.uk, you will use one of our carefully selected and authorised payment service providers who will process the transaction independently and securely. Lenstore.co.uk will not have access to your payment card or bank details. If you choose to store your card details for future purchases with us, we will use secure tokenisation to “remember” your payment details for next time. In this way, neither we, nor anyone else, can access your payment information (other than the last four digits of your card number and your card expiry date), but you won’t have to enter your payment details a second time.
(3) Other Data Collection on our website Lenstore.co.uk
(i) Registering a Customer Account
To place an order with us, you will be required to register a customer account with us at the same time. By registering an account with us, you are able to get an overview of your order history, re-order and where you buy contact lenses, you are able to review the advice we have provided to you.
A customer may request to cancel their account. Following a cancellation, we will delete your data, unless we are legally permitted to continue processing in certain circumstances.
As long as your customer account exists, the data that you have communicated in connection with your orders will be stored there in addition to those orders. You have the right to demand information concerning the data stored in your customer account at any time. Access to your customer account is only possible after the entry of your personal password. You should always treat your access information as confidential and close your browser window after ending your communication with us, particularly if you share usage of the computer with others.
(ii) Getting in Touch by Phone, Social Media, in Writing and Other Means
You may choose from a variety of communication methods to contact us. Contact establishment is voluntary. If you choose to contact us via social media, phone, email, in writing, through our Contact Us form or any other form of communication, your contact details will be used to identify you and message may be recorded to process your concerns, requests and for quality control. The collection of data is carried out on the basis of our legitimate interest in being able to contact you as part of your inquiry. The data will be deleted after the statutory storage obligations have expired.
We will always deal with enquiries and correspondence with due care and confidentiality. Occasionally we may circulate customer feedback internally if we feel it may help to improve our service, but this would always be made anonymous.
We use a third-party service provider called Zendesk to manage our customer support services and Zendesk provides us with support statistics to help us improve our services to you.
(iii) Mention me
We operate a refer-a-friend program to enable our customers to recommend Lenstore.co.uk to their friends and family. Our refer-a-friend program is operated by Mention me Limited as our processor. Mention me Limited is a UK company who registered office address is at 20-22 Wenlock Road, London, N1 7GU.
You can object to us processing your personal information with our refer-a-friend program at any time by contacting Mention Me via their data protection form which has an unsubscribe option and can be found here:
(iv) Trustpilot rating
We use the rating service of Trustpilot A/S, Pilestræde 58, 3rd floor, 1112 Copenhagen K, Denmark. By clicking on the Trustpilot link on the website, you will be re-directed to the Trustpilot platform where you can leave a rating for Lenstore.co.uk.
Only when you click on the link, we will forward your details (order date and number, email address, product name and code) based on our legitimate interest. The submission of rating is voluntary. Details regarding data collection by Trustpilot on their platform can be found here:
We have also integrated the Trustpilot widget to display the reviews collected. This serves to protect our legitimate interests for the marketing of our offers.
(v) Communications Preferences
We use your personal data to track your communications preferences in relation to our contact with you. If you would like to change your communications preferences, you may do so at any time by updating your preferences in the Communications Preference Center.
(4) Processing personal data for marketing purposes
(i) Discounts and offers that could be of interest to you
Where you conclude a contract with us and are therefore our customer, we process your name and contact details in order to inform you about our similar products and offers that are of interest to you based on your preferences. You may object at any time by unsubscribing from our communications as per ‘opt-outs’ information provided, by updating your preferences in the Preference Center or by using the contact details provided in the Contact Section. The legal basis for the processing is our legitimate interests.
(ii) Newsletters by email
We offer you the possibility to register for our newsletter. The processing of your electronic contact data for this purpose is thus affected solely on the basis on your consent, these data will be stored until your consent is revoked. You may revoke your consent at any time. For this purpose, you may either click on the relevant ‘unsubscribe’ or ‘opt-out’ link in every newsletter.
Where you conclude a contract with us and are our customer, we process your email address in order to send you our newsletter which contains useful vision and medical care related information, the latest trends and new promotions based on your preference. You may object at any time by clicking on the ‘opt-out’ link in such emails, or by using the contact details provided in the Contact Section. The legal basis for the processing is our legitimate interests.
(iii) Product upgrade recommendations
Where you buy contact lenses from us, we process your name and contact details to inform you about product upgrade options based on your preferences. Depending on the contact lenses you are currently using, we would like to make sure that you have the most preferred lenses which would suit your current needs. You may object at any time by unsubscribing from our communications as per ‘opt-outs’ information provided, by updating your preferences in the Preference Center, or by using the contact details provided in the Contact Section. The legal basis for the processing is our legitimate interests.
Where you conclude a contract with and are therefore our customer, we process your name and contact details in order to provide you with dispatch and delivery updates so that you can track your order when it leaves the warehouse. The processing of your data is necessary for us to provide the service you have requested from us.
Where you buy contact lenses from us and would like to receive reminders, we process your name and contact details to provide you with helpful reminders to ensure you have adequate supply of contact lenses when you need them. You may object at any time by unsubscribing from our communications as per ‘opt-outs’ information provided, by updating your preferences in the Preference Center or by using the contact details provided in the Contact Section. The legal basis for the processing is our legitimate interests.
(v) Customer satisfaction feedback
We offer you the choice to decide whether you would like to provide us with your feedback on our services so that we can improve our customer service experience. We will use your name and contact details for this purpose. You may object at any time by clicking on the ‘opt-out’ link in such emails, by updating your preferences in the Preference Center or by using the contact details provided in the Contact Section. The legal basis for the processing is our legitimate interests.
(5) Interest related advertising
To make sure that you only receive information you may be interested in, we rely on your marketing preferences and information related to your account are used. The aim is to be able to send you only advertising that is relevant to you and we do not cause nuisance with unnecessary advertising. The processing of regular customer data for our own advertising purposes is to be regarded as the legitimate interest of our business.
How does Lenstore.co.uk Protect your Data?
The security and confidentiality of your personal data is very important to us, so we take extra care to ensure it is protected.
We use strong encryption where necessary as an added layer of protection.
We will always confirm your identity before discussing your account with you.
We only collect information we need and we only provide access to your data to members of staff who require it as part of their role in providing our products and services to you.
Almost everything we do is digital which makes looking after your data easier.
We use modern firewalls and have multiple layers of active protection and monitoring in place to prevent cyber-attacks.
We perform penetration testing and security scanning on our systems to ensure our protections are up to the job.
Our staff are trained specifically in data protection and cybersecurity.
How Long does Lenstore.co.uk Retain your Data?
We do not keep your data forever.
The amount of time data is kept for will depend on what the data is and for what purpose it was collected. In general, we will only keep or process your data for as long as necessary to provide our services to you or as required by laws and regulations.
Once the data retention period has passed, we will delete the data or anonymise it, so it cannot be used to identify you as an individual. When your information is removed or anonymised within our organisation, it will also be removed or anonymised by any 3rd parties we may have shared it with as part of providing our service to you (for example, payment service providers or couriers).
We may continue to use anonymised data in aggregate form for the purpose of business analysis and reporting.
Who does Lenstore.co.uk Share your Data with?
Trusted 3rd Party Services and Partners
On some occasions, we rely on 3rd parties to deliver and improve our products and services and we may need to share some of your personal data for that purpose.
Examples of 3rd parties we share data with include payment service providers, couriers, web analytics, infrastructure and IT providers, live chat platform for customer support, referral program service company and security providers.
We take steps to ensure that where a 3rd party is handling your data on our behalf that we:
- Only provide the information that is needed to perform the specific task
- Have agreements in place to ensure that processing is limited to the purpose we have specified
- Are sure that your rights and freedoms under EU data protection laws are met
- Have assurances that data is not kept beyond use, for example, if we decide to no longer use a 3rd party or once the specific task the 3rd party performs is completed
- Are able to confirm that the 3rd party is subject to the same or equivalent levels of data protection obligations as exists within the EU, for example within a data protection framework such as the EU-US Privacy Shield, and that your rights over your data are not compromised.
The following recipient has its head office outside the European Union: Zendesk Inc. The transfer of personal data is subject to the EU-US Privacy Shield arrangements.
Working with Vision Express & Other GrandVision Companies
We work with Vision Express - part of the same GrandVision group of companies as Lenstore.co.uk - to provide vision care services to our customers in certain circumstances. For example, our contact lens customers are entitled to free eye sight tests and contact lens checks at Vision Express stores across the UK and Ireland, while Vision Express provides support to our staff to ensure the best level of vision care for you.
To ensure this partnership delivers the best service and value for our customers, we may share some of your personal information with Vision Express, such as:
- Your full name, contact details and date of birth - The purpose is to allow Vision Express to make contact with the relevant customer to book them for an appointment, to make sure that customer files are not duplicated and customers are identified properly.
- Your most recent contact lenses and prescriptions to allow Vision Express to make suitable adjustments to the prescription and offer suitable management advice.
We may review summary information about customers’ appointments at Vision Express stores for verifying whether our customers are getting booked in for appointments in a reasonably timely manner.
On occasion, we may also share your information securely with other companies within the GrandVision group in order to provide our services, such as UK EFS Ltd.
We have appointed UK EFS Ltd, our subsidiary, incorporated and registered in England and Wales with company number, 6463540 with registered office at Unit A, Gresham Way, London, England, SW19 8ED as our processor to provide us with us some services such as operational, clinical, marketing, customer services and financial services.
For this purpose, we share personal information of our customers with UK EFS Ltd. The services provided are subject to a data processing agreement entered between LGL Ltd and UK EFS Ltd to ensure the protection of our customers’ information.
Your Data, Your Rights
Under data protection laws, under certain circumstances, you have the right to access the information we hold about you as well as to request that the information is corrected if it is incorrect or incomplete.
Likewise, you have the right to know what personal data we collect and why. You also have the right to data portability in certain circumstances, meaning that you can ask us for a copy of personal data held by us in a format easy to transfer to another service or business, or ask us to transfer this for you.
If you prefer that we delete your personal data, you have the right to request this in certain circumstances, such as where holding the personal data is no longer necessary for the purposes for which we collected it, and where we are not bound by law to keep the data, we will respond without undue delay.
In certain circumstances, for example with respect to a legal claim, you have the right to restrict further processing of your data for a period of time.
You have the right to object to our legitimate interests and our profiling activities where these are based on our legitimate interests.
If we are processing your information because you have given your consent to do so, you can withdraw your consent at any time. For example, we include opt out links in all marketing emails. You may also object to processes that are carried out solely for our own legitimate interests as a business.
Legal Bases for Data Processing
Data protection law states that we must have a legal basis for every aspect of personal data processing we undertake. We have stated our legal basis in respect to processing detailed above. With respect to the nature of our processing, we have assessed the below as being the most relevant grounds for processing:
Performance of Contract with you
In the majority of cases, we process your data because we need to do so in order to serve you. The lawful basis in these cases is contractual obligation.
In each case where we process your information on the legitimate interest basis, we make sure that the legitimate interests of our business do not override the freedoms, rights and expectation of our customers.
In some instances, we may need to perform certain processes because the law says we must. For example, retaining transaction data for a certain period of time for accounting compliance.
On certain occasions, we will seek your consent, in writing or electronically.
When we seek your consent, we will be clear and specific about what we are seeking your consent for.
Where you provide consent for a particular activity, you will also be able to ‘opt out’ at a later stage, and a simple process for doing so will be made clear.
Third - party links
For updates to the information on your account, including corrections to your personal data, changes to your communication preferences, managing your consent or if you would like us to stop processing your information, please contact our Customer Services team:
0800 010 6865
For any other data protection enquiries, please email us at:
Please note: Before we can act on a request regarding access to your personal data, we may need to verify your identity.
Relevant Data Protection Supervisory Authority
If you feel that your data or your rights over your data are not being handled correctly, you may contact the Office of the Data Protection Commissioner (ODPC) in Guernsey (https://odpa.gg/).
We would, however, appreciate the chance to deal with your concerns before you approach the ODPC, so please contact us in the first instance. Contact details for the Guernsey ODPC are as follows:
Office of the Data Protection Commissioner
Guernsey Information Centre
North Esplanade, St Peter Port
Guernsey GY1 2LQ
Telephone: +44 (0)1481 742074
Changes to this policy
Any changes will apply from the time that they are posted to this page. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.
If you have any questions at all about the ways in which we collect and use your personal information, please contact us at email@example.com at any time.
As of January 2020