Data management policy
For the purposes of applying Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”), OPTICAL CENTER (hereinafter “Optical Center” or “we”) has introduced a management policy for personal data that it may collect and process in connection with the use of its services by users (hereinafter “you”), in compliance with the requirements of the GDPR (hereinafter the “Personal Data Management Policy”).
Demonstrating its strong commitment to protecting your data, Optical Center has also appointed a Data Protection Officer who can be contacted by email at email@example.com.
Optical Center’s Personal Data Management Policy is likely to be updated according to legal developments and/or any personal data processing that we may carry out.
Commitment to the confidentiality of your personal data
To respond to requests, ship your orders, ensure the security of your data or gather your opinion on specific pages, we collect personal data about you. Optical Center collects the data required to handle your requests and files and their follow-up.
Optical Center processes your personal data carefully and confidentially to maximise the protection of your private life.
Who is responsible for the processing of your data on optical-center.fr, as part of a contractual relationship with Optical Center or sales prospecting by Optical Center?
Your data controller is:
SAS OPTICAL CENTER
74/76 rue Laugier
Company registration no.: 382 372 993.
Who is responsible for processing in the case of competitions and events organised by Optical Center on Facebook?
In this case, the joint controllers are:
- OPTICAL CENTER and
- FACEBOOK, Facebook Ireland Ltd. 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Please find below the three main commitments we make in our capacity as data controller:
We never share your personal data with third parties without a valid reason or your consent.
We protect and process your personal data as if it was our own.
We only use your personal data for the purposes set out below.
Why do we process your data?
The main purposes for which we may process your data are set out below :
- Administration purposes, managing and shipping your orders, paying your online orders, managing invoices, outstanding payments and claims,
- Managing reimbursements from the social security system and private health insurance companies,
- Registering and setting up your customer account to place orders on our website,
- Tracking browsing: cookies may contain personal data about you, such as your browsing behaviour and areas of interest. We also store the type of device used when browsing for maintenance purposes in the event of a problem.
- Managing customer relations in general,
- After sales service,
- Sales prospecting,
- Sending newsletters if non-customer web users have expressly signed up for them. Web users, whether customers or not, can unsubscribe at any time using the opt-out facility provided when the information email is sent,
- Marketing: we may use data concerning your purchases, visits and searches on our website, and your orders to improve and analyse our services, gain a better understanding of your requirements and interests, target our advertisements and marketing campaigns, and personalise our content and offers,
- Maintaining and optimising the website to check/improve quality of service and service availability and performance, solve any operating problems or faults, and secure the website against fraud or identity theft.
What is our legal basis for processing your data?
Your data is processed either with your consent or on the basis of a legitimate interest (e.g. to keep you informed of developments in products and services that are identical or similar to those you use as a customer), a legal requirement or an agreement you have entered into.
Who do we share your data with and why?
Optical Center works only with partners who observe our security standards.
Your data is shared only with health care organisations (supplementary health insurance organisations, etc.) and our subcontractors to handle your requests: we may share your data for computer processing by our IT service providers, for payment by our banks and trusted third parties, for orders with lens and glasses manufacturers, and for the shipment of your orders by our sales partners.
We limit storage time for your Data – OPTICAL CENTER shall retain your Data in accordance with its legal requirements and for the time necessary for processing purposes (e.g. in the case of a business relationship, for a maximum of 5 years from the end of this relationship).
Your rights regarding your personal data
Within the limits set by the GDPR and the French Data Protection Act (“Loi Informatique et Libertés”), you have rights concerning your data. These are:
* Right of access to personal data: this right enables you to receive a copy of the personal data about you that we hold and to check whether we process it in accordance with applicable law;
* Right to rectification of personal data: this right enables you to correct any incomplete or inaccurate data about you that we hold;
* Right to erasure of personal data: this right enables you to ask us to erase your personal data if we do not have legitimate grounds to continue processing it. In most cases, the services that we provide you with must be cancelled and the products paid for. The account balance must be zero;
* Right to object to processing of personal data: when the legal basis for processing is legitimate interest, you may object for reasons pertaining to your specific situation;
* Right to restrict processing of personal data: this right enables you to ask us to restrict processing of personal data about you;
* Right to portability of personal data: this right enables you to receive the personal data that we process about you in a structured, commonly used, machine-readable format and to transmit it to another data controller without hindrance.
You can exercise your rights by sending a request to our department at the email address below. We will respond to your request within 30 days, providing a link so you can easily recover your data, except in specific cases.
Please write to the following address and provide proof of identity so that we can be sure that the data is sent to you only: firstname.lastname@example.org
Optical Center Data Protection Officer (DPO)
The Data Protection Officer ensures that Optical Center activities are compliant in terms of data processing. S/he has the necessary means to perform his or her duties with no conflicts of interest, in compliance with the requirements and good practices that Optical Center must implement regarding personal data protection. S/he is your contact person for any and all requests relating to the data management policy and can be contacted at the following address: email@example.com
If your question cannot be answered, you can send your request to the French Data Protection Authority (CNIL) directly at www.cnil.fr.
Here are a few measures that we implement to help you to protect your identity and your personal data:
- We encrypt the personal data that you send us via online forms using the latest encryption technology to prevent anyone from intercepting your data.
- We do not store payment data but use an alias to identify your credit card with our partner.
- Our employees are trained each year and regularly made aware of best practices to guarantee the confidentiality of your personal data.
- We protect our company network with a multilayered security approach.
- We use physical protection measures to guarantee the security of our employees and their equipment.
- We use a combination of software and devices to protect our network against any breaches or weaknesses.
- Our IT service providers are security professionals who oversee security practices linked to devices and applications.
Transfers of your personal data outside of the European Economic Area
All the servers of service providers used by Optical Center and on which personal data is stored are located in two European countries in Tier 3 and 4 data centres and in one country observing European law under article 45.1 and will not be involved in personal data transfer outside of these countries.
Optical Center cannot guarantee the security of your personal data without your cooperation. We recommend observing the recommendations below to protect your personal data as best as possible:
- Use complex passwords that are different for each of your internet accounts.
- Never reveal your passwords.
- Log out of your Optical Center account when using a shared computer.
- Change your account password at least once a year.
- Install reputable antivirus software on your computer.
* * * *
Please contact us if you have any questions