Lenstore.co.uk’s Privacy Statement has Changed
This privacy statement has been updated to reflect changes in data protection law that come into effect on 25th May 2018 and apply to any organisation that handles personal data relating to EU citizens.
Lenstore.co.uk is a trading name of LGL Ltd, Anson Court, La Route des Camps, St Martin, Guernsey, GY4 6AD registered in the Island of Guernsey under company number 51990, being the Data Controller.
Lenstore.co.uk is committed to protecting your personal information and upholding privacy and data protection laws. This privacy statement explains what information we collect and how we protect it and use it, our obligations to you and your rights over your data.
What Personal Information does Lenstore.co.uk Collect?
We only collect the information we need to provide products and services to you, our customer. Without this information we may not be able to provide products or services to you.
Visiting our Website
When using our website, we may collect some common digital information provided by your browser or device such as your IP address and browser type.
If you fill in a form on our website, that information will be collected and processed for the intended purpose. For example you might provide your name, email address and contact telephone number when using our Contact Us form, which would be sent electronically to our Customer Services team to respond to.
We use 3rd party services to enhance and secure our website and some essential digital information may be shared with those 3rd parties in order to provide that service. Examples of these services include live chat, web analytics, usability improvement and on-site survey tools.
Registering an Account or Placing an Order with us
When you register or place an order with us, we will collect the information we need to process your orders safely and securely and provide vision care services. For example, we may ask for:
- Email address
- Name and telephone number
- Date of birth
- Billing address
- Delivery address
- Your contact lens prescription
- Information about your contact lens use
- Your Optician’s contact details
- Information about purchases
When making a payment to Lenstore.co.uk, you will use one of our carefully selected and authorised payment service providers who will process the transaction independently and securely. Lenstore.co.uk never has access to your payment card or bank details. If you decide to store your card details for future purchases with us, we will use secure tokenisation to “remember” your payment details for next time. In this way, neither we, nor anyone else, can access your payment information (other than the last four digits of your card number and your card expiry date), but you won’t have to enter your payment details a second time.
Getting in Touch by Phone, Social Media, in Writing and Other Means
If you choose to contact us via social media, phone, email, in writing or any other form of communication, your contact details and message may be recorded for reference and for quality control.
We will always deal with enquiries and correspondence with due care and confidentiality. Occasionally we may circulate customer feedback internally if we feel it may help to improve our service, but this would always be made anonymous.
How does Lenstore.co.uk use your Personal Data?
We use your personal information to process your orders and to provide vision care services to you.
We may contact you about your order and your account, and as part of our vision care service.
We may contact you with news, recommendations and other offers that we feel are relevant to you.
You can control what communications you receive within your account and you can opt out of any marketing communications easily using the instructions contained within the message.
We use your purchase and browsing history to monitor and improve our website and service.
We may use your Optician’s contact details to verify your contact lens prescription.
How does Lenstore.co.uk Protect your Data?
The security and confidentiality of your personal data is very important to us, so we take extra care to ensure it is protected.
We use strong encryption where necessary as an added layer of protection.
We will always confirm your identity before discussing your account with you.
We only collect information we need and we only provide access to your data to members of staff who require it as part of their role in providing our service to you.
Almost everything we do is digital which makes looking after your data easier.
We use modern firewalls and have multiple layers of active protection and monitoring in place to prevent cyber-attacks.
We perform penetration testing and security scanning on our systems to ensure our protections are up to the job.
Our staff are trained specifically in data protection and cybersecurity.
How Long does Lenstore.co.uk Retain your Data?
We do not keep your data forever.
The amount of time data is kept for will depend on what the data is and for what purpose it was collected. In general, we will only keep or process your data for as long as necessary to provide our services to you or as required by laws and regulations.
Here are some examples of how long we keep your data for:
- Your IP address, which is logged every time you visit our website, is deleted automatically on a monthly cycle
- Order information including your billing and delivery address as well as the details of the products you ordered are retained for 8 years
- Financial records are retained for 7 years (6 full years of accounting)
- Email correspondence and telephone recordings are retained for 3 years
- Information related to complaints is kept for 15 years
- Your account, including your login, personal information and order history is retained for 8 years
- Live chat and server access logs are retained for up to 2 months
Once the data retention period has passed, we will delete the data or anonymise it, so it cannot be used to identify you as an individual. When your information is removed or anonymised within our organisation, it will also be removed or anonymised by any 3rd parties we may have shared it with as part of providing our service to you (for example, payment service providers or couriers).
We may continue to use anonymised data in aggregate form for the purpose of business analysis and reporting.
Who does Lenstore.co.uk Share your Data with?
Trusted 3rd Party Services and Partners
We rely on 3rd parties to deliver and improve our products and services and we may need to share some of your personal data for that purpose.
Examples of 3rd parties we share data with include payment service providers, couriers, web analytics, infrastructure and IT providers, live chat and security providers.
We take steps to ensure that where a 3rd party is handling your data on our behalf that we:
- Only provide the information that is needed to perform the specific task
- Have agreements in place to ensure that processing is limited to the purpose we have specified
- Are sure that your rights and freedoms under EU data protection laws are met
- Have assurances that data is not kept beyond use, for example, if we decide to no longer use a 3rd party or once the specific task the 3rd party performs is completed
- Are able to confirm that the 3rd party is subject to the same or equivalent levels of data protection obligations as exists within the EU, for example within a data protection framework such as the EU-US Privacy Shield, and that your rights over your data are not compromised.
Working with Vision Express & Other GrandVision Companies
We work with Vision Express - part of the same GrandVision group of companies as Lenstore.co.uk - to provide vision care services to our customers. For example, our contact lens customers are entitled to free sight tests and contact lens checks at Vision Express stores across the UK and Ireland, while Vision Express provides support to our staff to ensure the best level of vision care for you.
To ensure this partnership delivers the best service and value for our customers, we may share your information with Vision Express and we may hold summary information about your appointments and purchases at Vision Express stores. On occasion, we may also share your information securely with other companies within the GrandVision group in order to provide our services.
Your Data, Your Rights
Under data protection laws, you have the right to access the information we hold about you as well as to request that the information is corrected if it is incorrect or incomplete.
Likewise, you have the right to know what personal data we collect and why. You also have the right to data portability in certain circumstances, meaning that you can ask us for a copy of personal data held by us in a format easy to transfer to another service or business, or ask us to transfer this for you.
If you prefer that we delete your personal data, you have the right to request this in certain circumstances , such as where holding the personal data is no longer necessary for the purposes for which we collected it, and where we are not bound by law to keep the data, we will respond without undue delay.
In certain circumstances, for example with respect to a legal claim, you have the right to restrict further processing of your data for a period of time.
If we are processing your information because you have given your consent to do so, you can withdraw your consent at any time. For example, we include opt out links in all marketing emails. You may also object to processes that are carried out solely for our own legitimate interests as a business.
Legal Bases for Data Processing
Data protection law states that we must have a legal basis for every aspect of personal data processing we undertake.
In the majority of cases, we process your data because we need to do so in order to serve you. The lawful basis in these cases is contractual obligation.
For example, we will collect your delivery address when you place an order with us and we will pass that information on to a 3rd party courier so that they are able to deliver your order.
We will also store your information so that you are able to log in to your account, view your order history and review the advice we have provided.
We may perform some processes, such as making backups, fraud screening, marketing or enabling certain tools on our website, that are done in our own or a 3rd party’s interests. For example, we collect your billing and delivery address for the purposes of preparing and dispatching your order (as part of our contract with you) but we also process this data to create a personalised address book for you to use on our website. This way, you won’t have to enter the same address details each time you place an order with us. Of course, you can edit or remove your addresses at any time via your account.
In each case where we process your information on a legitimate interest basis, we make sure that the interest is legitimate, lawful and does not impact your rights and freedoms over your personal data and that the purpose for processing cannot be achieved otherwise.
In some instances we may need to perform certain processes because the law says we must. For example, sharing some personal data as part of a police investigation or retaining transaction data for a certain period of time for accounting compliance.
We may contact you or share your information with a 3rd party healthcare provider in order to protect your health and prevent serious harm to you or others.
On occasion, where a particular process is desirable for the benefit of either party, but where no other legal basis is present, we will seek your consent either verbally, in writing or electronically.
When we seek your consent we will be clear and specific about what we are seeking your consent for.
For example, we may seek your consent for sharing your details with a specified 3rd party where the transfer is not protected in law or by a legally binding contract, similarly we may seek your consent for certain marketing communications.
Where you provide consent for a particular activity, you will also be able to ‘opt out’ at a later stage, and a simple process for doing so will be made clear.
Data Protection Enquiries and Requests about your Information
For updates to the information on your account, including corrections to your personal data, changes to your communication preferences, managing your consent or if you would like us to stop processing your information, please contact our Customer Services team:
0800 010 6865
For freedom of information requests, a copy of your data, or any other data protection enquiries:
Please note: Before we can act on a request regarding your personal data, we will need to verify your identity.
If you feel that your data or your rights over your data are not being handled correctly, you may contact the Office of the Data Protection Commissioner (ODPC).
Office of the Data Protection Commissioner
Guernsey Information Centre
North Esplanade, St Peter Port
Guernsey GY1 2LQ
Telephone: +44 (0)1481 742074