- Separate consent is sought for each different product or service.
- This Policy does not cover how our users may use or share data that they collect using our Sites and services.
Type of Personal Information Collected
- For our services to operate, we need to collect certain personal information about visitors, users and customers of our Sites.
- The type of information we collect and hold includes:
- Information that you provide to us such as your name, address, telephone numbers, and e-mail addresses.
- Information contained in feedback that you give to us by e-mail, phone, post, and social media.
- Information about the services that we provide to you. This includes, for example, the products you have ordered, the products we have supplied to you, when and where they were supplied, and how much they were purchased for.
- Your account login details, including your username and password.
- Information related to the system, device and platform you have used to access our services. Examples include your device’s make and model, browser and IP address.
- Prescription information for contact lenses and eyeglasses.
- Statistics on how you use our services, including our website.
- We do not store your credit/debit card or other payment details. We use trusted, GDPR-compliant payment processing services (PayPal and Skrill) to process your payment (see also section on security).
Ways of Collecting Personal Information
- Most of your personal information is collected directly when you provide it to us. Other, mostly anonymous, information is collected automatically as you navigate through the Sites.
- We collect your personal information when you provide it to us when you complete membership registration and buy items or services on our Sites, subscribe to a newsletter, e-mail list, submit feedback, enter a contest, fill out a survey, or send us a communication.
Personal Information About You Collected From Other Sources
- Personal information about yourself is collected directly from you. However, there are instances, and on occasion, where we collect certain categories of personal information about you from other sources. In particular:
- financial and/or transaction details from payment providers located in the EU and the US, in order to process a transaction;
- third party service providers (like Google, Facebook, Instagram, etc) who are located in the US or EU, which may provide information about you when you link, connect, or login to your account with the third party provider and they send us information such as your registration and profile from that service. The information varies and is controlled by that service provider or as authorized by you via your privacy settings at that service provider.
How Your Personal Information Is Used
- We use the personal information you provide to us:
- To fulfill a contract, or take steps linked to a contract. Such actions include processing transactions related to purchasing products from our Sites. Further actions include shipping the product and providing feedback and support.
- Personal information is also used where this is necessary for purposes which are in the legitimate interests of us or other third parties which we use to operate the Sites and provide our services. These interests include:
- Make our products and services available to you, operating the Sites and providing you with the products and services described on the Sites;
- Verifying your identity when you sign in to any of our Sites;
- Verifying your identity in order to fulfill our obligations to you as a customer, e.g. process your order, packaging and delivering a purchased product;
- Verifying your prescription information in order to process and fulfill your order;
- Help us to ensure that our customers are genuine and to prevent fraud;
- Responding to support tickets, queries, comments, social media communication and e-mails;
- Asking for your feedback or whether you want to participate in a survey;
- Facilitating the resolution of any disputes;
- Updating you with operational news (such as website disruptions), security updates and other relevant information about our Sites;
- Monitoring activity on the Sites, e.g. to identify potential fraudulent activity and to ensure compliance with the user terms that apply to the Sites;
- Managing our legal and operational affairs (including, managing risks relating to content and fraud matters);
- Carrying out technical and statistical analysis to determine how to improve the Sites, the products and services we provide;
- Providing general administrative and performance functions and activities; and
- Training Vision Marketplace staff about how to best serve our customers.
- In cases where you give us consent:
- Providing you with marketing information about products and services which we feel may interest you, and which may include offers, promotions, and reminders; and
- For purposes which are required by law.
- For the purpose of responding to requests by government, a court of law, or law enforcement authorities conducting an investigation.
When Is Your Personal Information Disclosed or Shared
- At Vision Marketplace we do not sell, rent or lease your personal information to third parties.
- The data processors we work with and with whom we share and receive your information in order to conduct our business and fulfill our obligations to our customers are GDPR-compliant, both those based in the EU and those not based in the EU. Such data processors include payment gateways; delivery services; advertising networks; analytics providers; and e-mail providers.
- However, for fulfilling our obligations to you as a customer (or otherwise contractually affiliated with us) and for the lawful operation of our Sites (which includes preventing fraud or enforcing or protecting the rights and properties of Vision Marketplace and the safety and well being of our employees), we may disclose or share some personal information with the following recipients:
- Our professional advisers, such as lawyers, accountants, and financial advisers;
- Regulators, government and state authorities in connection with our compliance procedures and obligations;
- Law enforcement and judicial authorities in order to comply with any law, regulation, subpoena, or court order;
- A purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
- A third party to respond to requests relating to a criminal investigation or alleged or suspected illegal activity;
- A third party, in order to enforce or defend our rights, or to address financial or reputational risks;
- Other recipients where we are authorized or required by law to do so.
Where Is Your Personal Information Transferred and/or Stored
- We are based in Cyprus, therefore your data is protected by strict local and European legislation. Your data will be processed in Cyprus, the EU and the US. We do this on the basis of your consent to this Policy. To ensure the protection of your information, we take care where possible to work with subcontractors and service providers who we believe maintain an high standard of data security compliance.
How Is Your Personal Information Kept Secured
- The transmission of information on the internet, and through networks in general, is not completely secure and there are always risks. We strive to protect your personal data and we utilize best practices in the field of e-commerce to ensure their security.
- We store personal information on secure servers that are managed by us and our service providers, and occasionally on hard copy backup files that are kept in a secure location in Cyprus.
- Personal information related with your orders is collected, transferred and stored at BigCommerce, a trusted, GDPR-compliant e-commerce software company.
- Personal information related with your communication with us in the form of tickets is collected, transferred and stored at Zendesk, a trusted, GDPR-compliant customer service software company.
- Personal information stored or transmitted by our staff and through our systems is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate. In addition, and wherever possible, we keep data off networked systems.
- Your full credit/debit card or other payment details will need to be entered on the PCI-compliant payment gateway websites. Vision Marketplace uses trusted, GDPR-compliant payment processing services (PayPal and Skrill) to process your payment. We do not store, nor we have access, to your credit/debit card or other payment information.
- Your personal information, provided through your registered account on our Site, is encrypted. To encrypt personal information we use secure socket software (SSL). This technology prevents you from inadvertently revealing personal information using an unsecure connection. Our website is certified with an SSL certificate, which verifies that it is secure.
Your Access to Your Personal Information
- Personal information that we collect about you, including some of those you provide to us, can be accessed by logging in to your account.
- If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority in the EU and EEA will be the data protection authority of the country: (i) of your habitual residence; (ii) of your place of work; or (iii) in which you consider the alleged infringement has occurred.
Your Control over Your Personal Information
- You can restrict the processing of your personal information, or object to some processing that is based on our legitimate interests.
- You can withdraw consent that you have previously given for processing your data.
- These rights are limited in situations where it can be demonstrated that we have a legal requirement to process your personal information. In such rare cases, this means that we may retain some data even if you withdraw your consent.
- If any of the data we hold about you is false, untrue, incorrect, or falsely represented you can request corrections.
- You can close your account(s) in any of our Sites whenever you wish to do so. This includes customer accounts, as well as accounts otherwise affiliated with us.
- You can ask for personal information about you to be erased whenever you wish to do so.
- Please remember that where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: If such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us, such as processing an order or delivering products. In all other cases, provision of requested personal information is optional.
Your Personal Information and Marketing Choices
- Whenever we communicate with you we do so after we have obtained your consent. This includes you having subscribed to our mailing lists or otherwise clearly indicating that you are interested in receiving offers and other information from us.
- Like many other commercial sites, we utilize a standard internet technology called a “cookie” file. To use our Sites and our services you need to have cookies enabled. Cookies are tiny text files stored on your computer in your browser’s cache folder. Cookies are designed to help a web server recognize a user’s browser as a previous visitor and to save and remember preferences that may have been set while the user was visiting the site. A cookie cannot be read by any web server other than the one that set the cookie. Cookies can securely store a customer’s username and password, identify which parts of our Site have been visited or keep track of selections, such as those selected in your “shopping cart”. A cookie cannot retrieve any other data from your hard drive, pass on a computer virus, or capture your e-mail address. (For more general information on cookies, consult http://www.allaboutcookies.org).
- When you visit our Sites, there’s certain information that’s recorded which is generally anonymous information and does not reveal your identity. If you’re logged into your account, and/or as a result of allowing cookies, some of the following type of information could be associated with your account:
- Your IP address or proxy server IP address;
- The domain name you requested;
- The name of your internet service provider is sometimes captured depending on the configuration of your ISP connection;
- The date and time of your visit to the website;
- The length of your session;
- The pages which you have accessed;
- The number of times you access our site within any month;
- The file URL you look at and information relating to it;
- The website which referred you to our Sites; and
- The operating system which your computer or device uses.
Information About Children
- Our Sites are not suitable for children under the age of 16 years. If you are under 16 we ask that you do not use our Sites or give us your personal information.
- If your age range is 16 to 18 years, you can browse and use the Sites only under the supervision of a parent or guardian. Additionally, they must give permission for you to become a registered user and provide us with your personal information.
- Parents or guardians have full responsibility to monitor their children’s use of our Sites and services and protect their personal information.
Information You Share with Others or Make Public
Personal Information Retention
- Your personal information is retained for as long as is necessary to provide you with our services and to fulfil our contractual obligations, such as processing an order you have placed.
- Personal information is also retained where it is necessary to comply with our legal obligations.
- This Policy may be updated from time to time in order to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices.
- When the Policy does change, we will notify you about such changes, where required.
- If you have any questions about our privacy practices or the way in which we have been managing your personal information, please contact our privacy representative in writing at Vision Marketplace, P.O. Box 12213, Nicosia, 2342, Cyprus or firstname.lastname@example.org.