PRIVACY POLICY

1 INTRODUCTION
2 DATA PROTECTION OFFICER
3 WHOSE DATA IS ACQUIRED ?
4 DATA ACQUISITION PROCESSES
5 DATA ACQUIRED
6 DATA USAGE
7 DATA FLOW
8 DATA STORAGE
9 ONLINE DATABASES
10 REASONS FOR DATA STORAGE
11 DURATION OF DATA STORAGE
12 DATA SHARING
13 REASONS FOR DATA SHARING
14 TECHNICAL SECURITY MEASURES
15 PREMISES SECURITY MEASURES
16 DATA USAGE OFF PREMISES
17 DATA STORAGE FORMAT
18 YOUR ACCESS TO DATA
19 DATA DELETION
20 DATA CORRECTNESS
21 YOUR DATA AND MARKETING
22 DATA BREACHES
23 COMPLAINTS

1 INTRODUCTION

This Privacy Notice applies to all your Personal Information [Data] collected by Online Reading Glasses [ORG]. ORG is a controller in respect of your Data acquired in connection with the products and services provided.

The ORG [Premises] are at

Online Reading Glasses
Unit 12
The Sycamores
Heatherwood Grove
Darlington
County Durham DL3 9PH
England.

My contact details can be located at www.onlinereadingglasses.co.uk [Website].

I respect an individual's rights to privacy and to the protection of your Data. The purpose of this Privacy Notice is to explain how ORG collect and use your Data in connection with the business. Data means information about an individual who can be identified from that information. This Privacy Notice may be updated occasionally. Any changes to the Privacy Notice will be shown on the Website.

2 DATA PROTECTION OFFICER

The Data Protection Officer is

Clive Durham [CD]
Online Reading Glasses
Unit 12
The Sycamores
Heatherwood Grove
Darlington
County Durham DL3 9PH
England.

support@onlinereadingglasses.co.uk

3 WHOSE DATA IS ACQUIRED ?

Anyone that orders from or makes an enquiry of ORG.

4 DATA ACQUISITION PROCESSES

ORG limits the acquisition and storage of your Data to the minimum necessary to fulfil its contractual obligations. Your Data is acquired through five processes:

a) When you enter the Website, a Cookie stores specific technical information about your shopping session only, not your Data.

b) When goods are ordered online using the Website, you enter your Data into a form on the 'Checkout' and Secure Payment webpages.

c) When you send an enquiry online using the Website, you enter your Data into a form on the 'Contact' webpage.

d) When you email directly online other than via the Website, your Data is acquired via the email address support@onlinereadingglasses.co.uk.

e) When goods are ordered by post in a letter or a downloaded order form, your Data is received in hard copy form.

5 DATA ACQUIRED

5.1 Cookie

Start time of your shopping session is acquired automatically. Your Data is not acquired.

5.2 Online Orders

On the 'Checkout' webpage, your Data entered comprises:

a) Billing Title and Last Name.
b) Billing Address.
c) Billing Post/Zip Code.
d) Delivery Title and Last Name.
e) Delivery Address.
f) Delivery Post/Zip Code.
g) Email Address.
h) Payment Currency.
i) Comments (optional).

On submission of your details on the 'Checkout' webpage, the next Secure Payment Page requires the your following Data:

a) Language
b) Payment Method

On selecting Payment Method, the next Secure Payment Page then requires your card details:

a) Card Number
b) Security Code
c) Expiry Date
d) Country
e) Telephone (optional)

5.3 Online Enquiries

On the 'Contact' webpage, your Data entered comprises:

a) Title.
b) Last Name.
c) Email Address.
d) Enquiry.

5.4 Emails

When you use the email address support@onlinereadingglasses.co.uk your following Data is acquired:

a) Email Address.
b) Any email attachments.

5.5 Offline

Data from you arriving at the Premises by post in the form of a letter or a downloaded order form contains the following information:

a) Title and Last Name.
b) Address.
c) Post/Zip Code.
d) Email Address.
e) Prescription.

6 DATA USAGE

6.1 Cookie

The start time of your shopping session is acquired to calculate when the shopping session duration expiry time or session inactivity time has been exceeded. When these times have expired, you are automatically logged out of the session.

6.2 Online Orders

a) Billing Title and Last Name. a), b) and c) are used by WorldPay to verify and authenticate card details.
b) Billing Address.
c) Billing Post/Zip Code.
d) Delivery Title and Last Name. d), e) and f) are used for the delivery of the goods ordered.
e) Delivery Address.
f) Delivery Post/Zip Code.
g) Email Address. This is used to give you notification if:

g1) the goods ordered are out of stock,
g2) there are any delivery delays,
g3) clarification of order if needed,
g4) clarification of prescription.
g5) For sending an auto-response email confirming details of your order and delivery.

h) Payment Currency. Your payment currency is acquired so that WorldPay can process an order in a foreign currency.
i) Comments (optional). Your comments are acquired to allows you to provide additional instructions for

i1) delivery, such as an alternative address if no one is home to sign for recorded delivery packages
i2) an alternative choice of goods if out of stock.

6.3 Online Enquiries

On the 'Contact' webpage, the Data you enter is used as follows. a) Title. a) and b) are acquired so you can be addressed personally in the response email. b) Last Name. c) Email Address. This is acquired so an auto-response email can be sent to you confirming receipt of your enquiry and for the response. d) Enquiry. Obviously acquired so it can be answered.

6.4 Emails

When you use the email address support@onlinereadingglasses.co.uk your email address is acquired in the usual way for response purposes. Email attachments like prescriptions are acquired so that prescription lenses can be made by Technicians.

6.5 Offline

Your Data in orders sent by post or posted a downloaded order form is used for the delivery of the goods ordered. Your Data on any enclosed cheques is used by the bank for payment processing.

6.6 Goods Delivery

Your name and address are copied onto the packaging of the goods for sending to Technicians. Goods are sent via a local post office. The Technicians then use your name and address for sending goods to you. The Technicians provide custom-made and prescription goods.



7 DATA FLOW

7.1 Cookie

Sent from the Website host server to your web browser.

7.2 Online Orders

7.2.1 Ready-Made Goods

On submitting the Website 'Checkout' form and Secure Payment Page, your Data is sent to WorldPay for secure payment processing. WorldPay then send two emails, a direct email (receipt) to you and to ORG, regarding payment status. Your details in the email sent to ORG comprise:

a) Delivery Title
b) Delivery Last Name
c) Delivery Address
d) Telephone Number (optional)
e) IP Address
f) Email Address
g) AVS Results
h) Payment success or failure notification

WorldPay also send callback parameters to a script resident on the Website host server. This script processes your Data from WorldPay and generates an order confirmation page on the Website and two auto-response emails. One auto-response email is sent to you and the other to ORG at support@onlinereadingglasses.co.uk. Your details in the the email sent to ORG comprises:

a) Billing Title
b) Billing Last Name
c) Billing Address.
d) Post/Zip Code.
e) Email Address.
f) Card Type
g) Delivery Title and last name
h) Delivery Address.
i) Delivery Post/Zip Code.
j) Order details

At this point, the goods are either sent to you by ORG or sent to the Technicians if additional processing is required. Your address is copied onto the packaging so the Technicians can send the goods to you direct. The covering letter, enclosed in the packaging, details the instructions to the Technicians. This covering letter is sent back to ORG to confirm that the goods have been sent to you by the Technicians. Along with this is the Technicians invoice containing your last name only. The Technicians do not retain any of your Data. Your Data on Recorded Delivery slips obtained at the Post Office by the Technicians, when completed goods are sent to you, is sent back to us.

7.2.2 Prescription Goods

Orders for prescription goods are processed in a slightly different way. On submitting the Website 'Checkout' form, your details are sent straight to a script resident on the Website host server. This script processes your Data and generates an order confirmation page on the Website and two auto-response emails. One auto-response email is sent to you and the other to ORG at support@onlinereadingglasses.co.uk. The email sent to ORG contains your Data comprising:

a) Delivery Title and last name
b) Delivery Last Name
c) Delivery Address
d) Delivery Post/Zip Code.
e) Payment currency.
f) Order details

You then send your prescription, as an email attachment, to ORG. Your goods are obtained and the details of your prescription are transcribed to a covering letter and posted to the Technicians. Your address is copied onto the packaging so the Technicians can sent the goods to you direct. When the Technicians have finished your goods, they inform ORG. An email is then sent to you that links to a payment form. Completing the form follows the same procedures as with 7.2.1. Once payment is received, the Technicians are instructed to post your goods to you. The covering letter and prescription are sent back to ORG by the Technicians. Along with this is an invoice containing your last name only. The Technicians do not retain any of your Data. Your Data on Recorded Delivery slips obtained at the Post Office by the Technicians, when completed goods are sent to you, is sent back to us.

7.3 Online Enquiries

On submitting the Website 'Contact' form, your Data is sent to a script resident on the Website host server. This script processes your Data from you and generates an enquiry acknowledgement page on the Website and two auto-response emails. One auto-response email is sent to you and one auto-response email is sent to ORG a tsupport@onlinereadingglasses.co.uk. These emails confirm enquiry receipt, your title and name, the enquiry itself and your email address.

7.4 Emails

When you use the email address support@onlinereadingglasses.co.uk the email gets stored on Website host mail server.

7.5 Offline

Orders in writing are delivered by Royal Mail to the Premises. Any payment cheques enclosed in the letter are stored in secure cabinet until deposited in the bank. Downloaded order forms received by ORG by post stay in the office.

7.6 Goods Delivery

Your name and address labelled packages go to the Post Office, Royal Mail then to your address or to the Technicians. The Technicians then send the package to you via their local post office then Royal Mail. Any Recorded Delivery slips, with your address details, are collected from the post office and returned to the Premises.



8 DATA STORAGE

8.1 Cookies

Stored on your computer for the shopping session.

8.2 Online Order Data

Stored on the Website host mail server as an email and then copied to a PC and backup PC. Recorded Delivery slips are stored securely in a file.

8.3 Online Enquiry Data

Stored on the Website host mail server as an email and then copied to a PC and backup PC.

8.4 Online Email Data

Stored on the Website host mail server as an email and then copied to a PC and backup PC.

8.5 Offline

Orders posted to ORG are kept in a secure filing cabinet along with any cheque payment. Downloaded order forms containing your Data are kept in a secure filing cabinet along with any cheque payment.

8.6 Recorded Delivery Slips

These items show your delivery details and are stored in a secure filing cabinet.

9 ONLINE DATABASES

Your Data is not stored in a database on the Website host server.

10 REASONS FOR DATA STORAGE

10.1 Cookie

This is used to restrict a shopping session to a limited duration to reduce the risk of session highjacking.

10.2 Online Order Data

Your order Data is retained for the following reasons:

a) You may want a repeat order and you may have lost the details of your previous order.
b) You may have lost your prescription and want a repeat order.
c) In case the goods go missing in the post and replacement goods have to be sent.
d) You may require an explanation of your prescription so you can order the correct strength goods.
e) ORG stores your order Data for determining how long you have had the goods.
f) Your Data is retained in case it needs to be referenced in the future.
g) Your Data is retained in case you want to change or return your goods.

10.3 Online Enquiry Data

Same reasons as some of those with 10.2

10.4 Online Email Data

Same reasons as some of those with 10.2

10.5 Offline Orders

Same reasons as some of those with 10.2

10.6 Recorded Delivery Slips

These are stored to track and trace goods that are not delivered within an expected time. Also used as proof of posting if the goods go missing.



11 DURATION OF DATA STORAGE

11.1 Cookie

The Cookie stored on your computer for the length of the shopping session, then it is deleted.

11.2 Online Order Data

The order email is deleted from the Website host mail server six months after receipt. The order email is deleted from the PC and backup PC one year after receipt.

11.3 Online Enquiry Data

The enquiry email is deleted from the Website host mail server six months after receipt. The enquiry email is deleted from the PC and backup PC one year after receipt.

11.4 Online Email Data

Emails are deleted from the Website host mail server six months after receipt. Emails are deleted from PC and backup PC one year after receipt.

11.5 Offline

Your order data in letter form is retained for six months then shredded. Any enclosed cheque payments are taken to the bank within one week of receipt. Downloaded order forms containing your Data are stored securely for one year then shredded.

11.6 Recorded Delivery Slips

Recorded Delivery slips are shredded after six months.

12 DATA SHARING

We only share your Data with the following organisations:

a) One.com. (ORG website host) ( https://www.one.com/en/info/privacy-policy )

b) WorldPay ( https://www.worldpay.com/uk/privacy-policy )

c) The Post Office ( https://www.postoffice.co.uk/privacy )

d) Royal Mail ( https://www.royalmail.com/privacy-policy )

e) Technicians (Privacy Policy link available on request)

f) NatWest Bank ( https://personal.natwest.com/global/privacy.html )

13 REASONS FOR DATA SHARING

a) Your Data is shared with the one.com because they host the Website and email server.

b) Your Data is shared with the Payment gateway WorldPay so that they can run authentication checks and acquire payment for goods.

c) Your Data is shared with the Post Office so that they can arrange for delivery, provide proof of posting and provide recorded delivery slips.

d) Your Data is shared with the Royal Mail so they can deliver the goods to you.

e) Your Data is shared with the Technicians so they can provide the goods to your specification then send direct to you using the Post Office.

f) Your Data is shared with the Bank so they can process cheque payments.

14 TECHNICAL SECURITY MEASURES

Anti-virus, firewall and anti-malware software is running on the PCs constantly. All passwords are changed regularly.

15 PREMISES SECURITY MEASURES

All your Data is kept on one PC and one backup PC in an office. Both devices need passwords to login that are only known to the Data Protection Officer. Both devices are kept on the first floor of the Premises with the main entrance door requiring a security key fob to get access. The second door requires a key to get access to the office. Only one person has access to the office. There is only ever one person present in the office. No one else has access to secure areas. A secure filing cabinet holds all hard copies of your Data in the office. Only one person can get access to the filing cabinet.

16 DATA USAGE OFF PREMISES

Your Data is never accessed on any device when I, CD, am off the Premises. Your Data is only ever accessed whilst I, CD, am on the Premises in the office.

17 DATA STORAGE FORMAT

Each order and enquiry email or prescription from you is stored as a text or PDF file.

18 YOUR ACCESS TO DATA

You have a right to get access to the Data ORG holds about you. If you would like a copy of your Data, please email support@onlinereadingglasses.co.uk

19 DATA DELETION

You have a right to request that ORG deletes your Data. If you would like to delete your Data, please email ORG at support@onlinereadingglasses.co.uk

20 DATA CORRECTNESS

You have a right to rectification of inaccurate Data and to update incomplete Data. If you believe that any of the Data that ORG holds is inaccurate, you have a right to request restricted processing of your Data and to th rectification that inaccurate Data.

21 YOUR DATA AND MARKETING

ORG will never use your Data to contact you about promotions, products or for marketing purposes. You will never receive unsolicited emails from ORG.

22 DATA BREACHES

If ever your Data is involved in a data breach, you will be notified within 72 hours. ORG will do its utmost to rectify any data breach and you will be informed regularly as to the status of the rectification.

23 COMPLAINTS

You have a right to lodge a complaint against ORG with the regulator. If you wish to raise a complaint about how your Data has been handled, you can contact the Data Protection Officer, CD, and this Officer will investigate the matter. It is hoped that any concerns that you have may be addressed, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk