Basket 0

Privacy and security policy

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from http://www.eyewear-accessories.co.uk (the “Site”).

By ticking the check box on the shopping basket page, you accept our Privacy and security policy as set out on this page. Throughout this page, “We” is used to refer to Eyewear Accessories Ltd.

1 What personal information we collect

When you shop on this Website, we will ask you to input and will collect Personal Information from you such as your name, e-mail address, billing address, delivery address, telephone number, product selections, credit card or other payment information. This is used solely for processing and delivering your order.

Like other retail sites, we use cookies to collect information about your site visit in order to help us improve the quality of our service (see “Use of cookies” below).

This includes where you are on the internet (e.g. the URL you came from, IP address, domain types like .co.uk and .com), your browser type, the country and telephone area code where your computer is located, the pages of our website that were viewed during your visit, the advertisements you clicked on, and any search terms that you entered on our website. This is referred to as User information.

2 How we hold your personal and user information

We confirm that any personal Information which you provide to us (or which is available on public registers) and any user Information is held in accordance with the registration we have with the Data Commissioner's Office. We use your information only for the following purposes:

  • Processing your orders;
  • For statistical purposes to improve this Website and its services to you;
  • To administer this website;
  • To contact you when you request to give advice on our products, service, and the fulfillment of your orders, exchanges, returns, and refunds
  • To contact you about leaving a review on a product once your order has been completed;

3 The legal bases for our intended processing of personal data

Our intended processing of personal data has the following legal bases:

  • At the time you purchased a product from us, you ticked a box giving your consent to our Privacy policy as set out here, authorising us to process your personal data for the purposes listed above.
  • The processing is necessary for the fulfillment or your purchase.
  • The processing is necessary to be able to process product exchanges, returns, and refunds
  • The processing is necessary for compliance with legal obligations to which we are subject (eg: Consumer Contracts Regulations).

4 How your data may be shared

Your personal Information may be disclosed to other businesses and to reputable third parties who will help process your order, including Royal Mail, who we use solely to deliver your order, and to Reglaze Glasses Direct if you have requested their help in getting prescription lenses fitted.We will not release your Personal Information to any company for their mailing or marketing purposes.

We require all such third parties to treat your personal information as fully confidential and to fully comply with all applicable UK Data Protection and consumer legislation from time to time in place.

You should be aware that if we are requested by the police or any other regulatory or government authority investigating suspected illegal activities to provide your Personal Information and /or User Information, we are entitled do so.
    We may disclose your personal information if we are required by law to do so or if you violate our Terms of Service.

      5 Secure communications and transfer of data

      We will communicate or transfer data securely using the following:

      • Emails
      • Post/hard-copy documents

      6 How long we keep your data

      We keep your data for 7 years to comply with our legal obligations, such as the Inland Revenue's requirement for all businesses to keep tax records. After that time it is deleted.

      7 How your data is stored

      Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.

      Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall.

      We also store your data securely in paper form to comply with HM Revenue & Customs.

      8 Payment

      If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

      All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. 
      PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers. 

      For more insight, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).

      9 Third party services

      In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

      However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

      For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

      In particular, remember that certain providers may be located in or have facilities that are located a different jurisdiction than either you or us. So if you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

      As an example, if you are located in the UK and your transaction is processed by a payment gateway located in the UK, then your personal information used in completing that transaction may be subject to disclosure under UK legislation.

      Once you leave our store’s website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.

      10 Security

      To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed. 

      If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

      11 Cookies we use

      Here is a list of cookies that we use. We’ve listed them here so you that you can choose if you want to opt-out of cookies or not. 
      _session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc). 
      _shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits 
      _shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer. 
      _cart, unique token, persistent for 2 weeks, Stores information about the contents of your shopping basket (sometimes called “cart”). 
      _secure_session_id, unique token, sessional 
      storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.

      12 Age of consent

      By using this site, you represent that you are at least the age of consent (also called majority in some countries) in your country, state or province of residence. The age of consent in the UK is 16.

      13 Requesting personal data we hold about you

      You have a right to request access to your personal data that we hold. Such requests are known as ‘subject access requests’ (“SARs”).

      To help us provide the information you want and deal with your request more quickly, you should include enough details to enable us to verify your identity and locate the relevant information. For example, you should tell us:

      1. your date of birth
      2. previous or other name(s) you have used
      3. your previous addresses in the past five years
      4. most recent order number
      5. what type of information you want to know

      You must send a copy of:

      • the back page of your passport or a copy of your driving licence; and
      • a recent utility bill.

      DPA 2018 requires that we comply with a SAR promptly and in any event within one month of receipt. There are, however, some circumstances in which the law allows us to refuse to provide access to personal data in response to a SAR (e.g. if you have previously made a similar request and there has been little or no change to the data since we complied with the original request).

      You can ask someone else to request information on your behalf – for example, a friend, relative or solicitor. We must have your authority to respond to a SAR made on your behalf. You can provide such authority by signing a letter which states that you authorise the person concerned to write to us for information about you, and/or receive our reply.

      14 Putting things right (the right to rectification)

      You have a right to obtain the rectification of any inaccurate personal data concerning you that we hold. You also have a right to have any incomplete personal data that we hold about you completed. Should you become aware that any personal data that we hold about you is inaccurate and/or incomplete, please inform us immediately so we can correct and/or complete it.

      15 Deleting your records (the right to erasure)

      In certain circumstances you have a right to have the personal data that we hold about you erased. Further information is available on the ICO website (www.ico.org.uk). If you would like your personal data to be erased, please inform us immediately and we will consider your request. In certain circumstances we have the right to refuse to comply with a request for erasure. If applicable, we will supply you with the reasons for refusing your request.

      16 Your right to restrict processing and the right to object

      In certain circumstances you have the right to ‘block’ or suppress the processing of personal data or to object to the processing of that information. Further information is available on the ICO website (www.ico.org.uk). Please inform us immediately if you want us to cease to process your information or you object to processing so that we can consider what action, if any, is appropriate.

      17 Obtaining and reusing personal data (the right to data portability)

      In certain circumstances you have the right to be provided with the personal data that we hold about you in a machine-readable format, e.g. so that the data can easily be provided to a new professional adviser. Further information is available on the ICO website (www.ico.org.uk).

      The right to data portability only applies:

      • to personal data an individual has provided to a controller;
      • where the processing is based on the individual’s consent or for the performance of a contract; and
      • when processing is carried out by automated means

      We will respond to any data portability requests made to us without undue delay and within one month. We may extend the period by a further two months where the request is complex or a number of requests are received but we will inform you within one month of the receipt of the request and explain why the extension is necessary.

      18 Withdrawal of consent

      Where you have consented to our processing of your personal data, you have the right to withdraw that consent at any time. Please inform us immediately if you wish to withdraw your consent.

      Please note:

      • the withdrawal of consent does not affect the lawfulness of earlier processing
      • if you withdraw your consent, we may not be able to continue to provide services to you
      • even if you withdraw your consent, it may remain lawful for us to process your data on another legal basis (e.g. because we have a legal obligation to continue to process your data)

      19 Changes to this privacy policy

      We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website.

      20 Questions and contact information

      If you would like to access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information, contact our Privacy Compliance Officer, John Waddington at eyewearaccessories@yahoo.co.uk or by post at 
      Eyewear Accessories Ltd 
      Old Well Barn, College Lane, Ide Exeter GB EX2 9TF

      By ticking the check box on the shopping basket page, you accept our Privacy and security policy as set out on this page. Throughout this page, “We” is used to refer to Eyewear Accessories Ltd.