Privacy Notice for Adaro Optics Ltd
Last Updated December 2023
Your Privacy
We are committed to the highest level of data privacy standards and customer confidentiality. We only collect data that is necessary for us to deliver the best service possible. This privacy notice provides information on:
- What data we collect from you.
- How and why we process it.
- Your privacy rights and how the law protects you.
- Who we may share it with and why.
We adopt the six core principles of data protection which are:
- Lawfulness, fairness and transparency - we process personal data lawfully, fairly and in a transparent manner in relation to you, the data subject.
- Purpose limitation - we only collect personal data for a specific, explicit and legitimate purpose. We clearly state what this purpose is in this Privacy Notice, and we only collect data for as long as necessary to complete that purpose.
- Data minimisation - we ensure that personal data we process is adequate, relevant and limited to what is necessary in relation to the processing purpose.
- Accuracy - we take every reasonable step to update or remove data that is inaccurate or incomplete. You have the right to request that we erase or rectify erroneous data that relates to you, and we will complete this task as soon as possible but guarantee to do so within a month.
- Storage limitation - we delete personal data when we no longer need it. Whilst the timescales in most cases aren't set, we outline our retention strategy within this Privacy Notice.
- Integrity and confidentiality - we keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Information about Adaro Optics and the collection of Personal Data
Adaro Optics Limited is registered with Companies House (Company Number 00889226) and the Information Commissioner’s Office as a Data Controller. This privacy notice sets out our privacy policy.
In this privacy notice any reference to you is the person whose personal information we collect, use and process. This will include anyone who contacts us in connection with the products and services we provide or who interacts with us via our website www.adarodirect.com, telephone or email.
Categories and Type of Personal Data Collected and processed
We collect the following contact details from you:
- Name
- Address
- Telephone number(s) (including mobile)
- Email addresses
- Personal identifiers (such as date of birth)
In addition to this contact information we collect clinical data including:
- Details of contact lenses, solutions and hearing instruments prescribed for you
We collect financial information where appropriate including
- Your payment card details
- Banking details for Direct Debit mandates
When visiting the Adaro customer facing websites (any in the lensreorder.com domain) any information you provide by filling in forms on the websites (any in the lensreorder.com domain) you provide by filling in forms on the website
- Details of your visit to the website and any transactions you carry out on the website
- Any other information voluntarily provided by you.
This information is generally collected from you as you have voluntarily provided to us. Where lawful to do so we may also collect information from other sources such as our Optician or Hearing Care customers.
Why we collect and process your personal data and how is it used
The information we collect about you is for the purposes of providing healthcare and subscription services to our Optician or Hearing Care customers who are your Data Controllers and to whom we are Data Processors.
- to confirm your identity and address
- to respond to queries from you
- banking, payment and order details to fulfill an order, deal with queries or refunds and collect Direct Debit payments as agreed with our Optician or Hearing Care customers
- to maintain records for legal, regulatory, tax and other corporate purposes
- to ensure that content from “the website” is presented in the most effective manner for you and your computer
Our legal basis for processing your personal data
- Contract - carrying out an agreement we have with our Optician or Hearing Care customers to provide the specified services to you
- Fulfilling a legal obligation
- Legitimate interest -in providing efficient online services to your Optician or Hearing Care providers
How long is your information kept for?
Your personal information will be retained by Adaro Optics Ltd for as long as reasonably necessary (and as defined by health, legal and tax laws and regulations) for us to continue to provide your Optician or Hearing Care customers with products and services. We are also required to maintain records for legitimate purposes e.g. to satisfy tax and other legal requirements.
How we hold and share your personal data
We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Patient data is only accessible to those who need to have access in order that we can fulfil our contractual obligations
We process the following categories of data and retain this for different periods of time:
Contact information and Clinical data is retained as long as the data subject is a subscription customer of our Optician or Hearing Care customers. Where the data subject has not used our services recently, and in the absence of a direct data subject request, we hold contact information for a period of 8 years from their last engagement with us.
Payment information is held by us only as long as is necessary to process the payment, to set up a direct debit mandate and meet all UK Financial Regulations.
In the course of processing your personal data we may share it with:
- The Optician or Hearing Care customers who is your Data Controller for any of the purposes set out in this Privacy Policy
- Software providers, invoicing systems, and financial institutions, so that we can keep patient records up-to-date and arrange payment for services provided to you
- The police for the prevention and detection of fraud and criminal activities
- Postal service providers so they can effect delivery of orders
- A full list of Data Processors is available from our Data Protection Officer
Credit Reference Agencies
In order to process your application, we will perform credit and identity checks on you with one or more CRAs. To do this, we will supply your personal information to CRAs and they will give us information about you. This will include information from your credit application and about your financial situation and financial history. CRAs will supply to us both public (including the electoral register) and shared credit, financial situation and financial history information and fraud prevention information.
We will use this information to:
- Assess your creditworthiness and whether you can afford to take the product;
- Verify the accuracy of the data you have provided to us;
- Prevent criminal activity, fraud and money laundering;
- Manage your account(s);
- Trace and recover debts; and
- Ensure any offers provided to you are appropriate to your circumstances.
We will continue to exchange information about you with CRAs while you have a relationship with us. We will also inform the CRAs about your settled accounts. If you borrow and do not repay in full and on time, CRAs will record the outstanding debt. This information may be supplied to other organisations by CRAs.
When CRAs receive a search from us they will place a search footprint on your credit file; for our initial search on application this may be a 'soft footprint' which cannot be seen by other lenders but if you proceed to take out a loan with us this footprint will be visible to others who search you credit record.
Records remain on file with CRAs and FPAs for 6 years after they are closed, whether settled by you or defaulted.
More information about CRAs and how they use personal information is available at transunion.co.uk/legal/privacy-centre/pc-credit-reference or you can contact the agencies below:
Transunion Customer Relations, TransUnion Information Group, One Park Lane, Leeds, LS3 1EP or visit www.transunion.co.uk
Equifax PLC Credit File Advice Centre, PO Box 3001, Bradford, BD1 5US Tel: 0870 010 0583 or visit www.myequifax.co.uk
Experian Consumer Help Service, PO Box 8000, Nottingham, NG80 7WF Tel: 0870 241 6212 or visit www.experian.co.uk or you can contact the agencies below:
Transferring your information overseas
The data we collect from you may be electronically transferred to, stored and processed outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who works for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. For any personal data transfer outside the EEA, we will ensure that we have a contractual agreement in place with the supplier, which incorporates the EU approved Standard Contractual Clauses and that they are applying adequate Technical and Organisational measures.
We will ensure all reasonable steps are taken so that your data is treated securely and in accordance with this privacy notice and the requirements of The Data Protection Act 2018.
Use of Cookies on the website
A cookie is a small text file containing information that a website transfers to your computer's hard disk for record-keeping purposes. A cookie cannot give us access to your computer or to your personal information and will not identify you by name. However, it will use a numeric identifier which analyses navigation and use of the website.
Most web browsers automatically accept cookies; consult your browser's manual or online help if you want information on restricting or disabling the browser's handling of cookies. If you refuse or disable some or all cookies, you can still view the information on our website, but the functionality of certain areas may be reduced.
Your Rights
You have certain legal rights under The Data Protection Act 2018 in respect of the personal data we hold about you. The rights that are most relevant to the way in which we use your personal data include:
- The right to be informed about how we use personal data – this privacy notice gives that information
- The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
- The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, where possible we will do so within a month (unless we need longer, in which case we will discuss this with you). It’s important to keep us up-to-date with your latest contact details.
- The right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes or where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests.
- The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete data before our usual time limit where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you.
- Data Portability – allows individuals to obtain and reuse their personal data for their own purposes across different services.
Updating your contact details and preferences:
To ensure we can continue to provide you with excellent subscription management, orders and other services eye and hearing healthcare, we are required to send you ‘operationally necessary’ non-marketing material such as confirmations of payment set up, despatch information etc.
You can contact us via your portal access on your website from within the lensreorder.com domain, or via the Data Controller for whom we are providing services as a Data Processor, that’s your Opticians and/or Hearing Care provider to update your contact details and preferences
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We are ISO27001 certified and annually audited to maintain that certification, this ensures our data security management systems are constantly reviewed and updated to the best possible standards.
Modern physical and electronic security systems are not entirely secure and we cannot guarantee the complete security of our database. The transmission of information through the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to the website through the internet; any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Privacy Policy Updates
We reserve our right to make any changes and updates to this privacy policy without giving notice as and when we need to. Our up-to-date privacy policy is always available on our website and takes immediate effect.
https://adarodirect.com/Policy/DataProtection.aspx
Contacting us and the ICO about your personal data
Please speak to us first if you have any questions or concerns about the way in which we process personal data.
You can contact our Data Protection Officer by emailing AdaroDPO@adaro.net, or by telephone on 01622 833 075.
You can contact the ICO at: The Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Web: https://ico.org.uk Tel Number 0303 123 1113