Get your first PAIR for $125 with code NEWFRAME

Privacy Policy

Last Updated: 16 May 2024

INTRODUCTION AND SCOPE

This data protection notice (this "Notice") describes how Pair Eyewear 44 W. 28th St. Floor 15, New York, NY 10001, and its affiliates ("us", "we", or "our") collect, handle, share and use the personal data of customers who purchase our products or services via https://paireyewear.com (the “Website”), the personal data of other users of the Website, and the personal data of individuals in relation to other interactions, transactions, sites or applications that reference this Notice (the "Processing Activities"), such users and individuals being “Data Subjects”.

This Notice applies only to the personal data of Data Subjects who are resident in the European Economic Area (EEA) or the United Kingdom (UK).

We shall act as a controller of Data Subjects’ personal data that is collected or received in accordance with this Notice. If we process personal data as a data processor, we will process such personal data in accordance with the terms of the contract we have with the third party for whom we act as data processor, and this Notice shall not apply to the processing of such personal data.

If you require this notice in another format (for example, audio, large print, braille) please contact us using the contact details in section 12 (How to Contact Us) below.

WHAT PERSONAL DATA DO WE PROCESS AND HOW IS IT COLLECTED

Data Subject Provided Personal Data

Data Subjects may provide to us (whether by uploading, email, telephone, post or otherwise) the following types of personal data when interacting with us, which we may then collect, use, store and/or transfer in accordance with this Notice:

  • Contact Data.

    • Physical address (billing and delivery)

    • Email address

    • Telephone numbers

  • Identity Data.

    • First name

    • Last name

    • Date of Birth

  • Payment Data.

    • Payment card type

    • Last 4 digits of payment card

  • Profile Data.

    • Username and password

    • Purchases or orders made

    • Interests

    • Preferences

    • Feedback

    • Survey responses

  • Transaction Data.

    • Details about payments to and from Data Subjects

    • Purchases or orders made

  • Health Data – Special Category Data.

    • Ophthalmic prescriptions

    • Eye measurements

    • Eye health and other details regarding your eyes

    • Other medical conditions

    • Doctor or Clinic Contact Information

  • Marketing and Communications Data.

    • Preferences in receiving marketing from us and third parties

    • Communication preferences

Automatically Collected Personal Data

The following types of personal data may be automatically collected or logged when Data Subjects access and use the Website or otherwise interact with us, which we may then collect, use, store and/or transfer in accordance with this Notice:

  • Web Page Interaction Data:

    • Information about how the Website is used

    • Cookies – see section 5 (Cookies)

    • Internet protocol (IP) address

    • Browser type and version

    • Time zone setting and location

    • Browser plug-in types and versions

    • Operating system and platform

    • Geolocation data

    • Other technology on the devices used to access the Website

Third Party Provided Personal Data

We may also obtain Data Subjects’ personal data from the following third parties:

  • Parents / Guardians: information obtained from Parent or Guardian in relation to a purchase of our products and/or services for a child

    • Contact Data

    • Identity Data

    • Profile Data

    • Transaction Data

    • Health Data

  • Service Providers: information obtained from Contracts, Purchase orders, Financial/bank transfer information, Fraud prevention tools, and Marketing lists.

    • Contact Data

    • Identity Data

  • Healthcare providers: information obtained from Prescription and other information referrals.

    • Contact Data

    • Identity Data

    • Health Data

Children

We may process the personal data of children where the child is 13 year and over or, where the child us under 13, when such personal data is provided by their parent or guardian in relation to the purchase of our products or services for such children. A parent or guardian of a child under the age of 13 may review and request deletion of such child's personal data as well as prohibit the use thereof, in accordance with this Notice.

Cookies

Please see section 5 (Cookies) below for details on how we use cookies.

Personal data and the internet

While we will use all reasonable efforts to safeguard your personal information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information that are transferred from you or to you via the internet. If you have any particular concerns about your personal information, please contact us using the contact details at section 12 (How to Contact Us) below.

HOW WE USE PERSONAL DATA

  • To monitor the use of our Website: To improve the functionality and content of the Website. We have legitimate interest in processing this information.

    • Web Page Interaction Data

  • To provide our products and services (including necessary communications other than marketing): To enable us to provide our products and services to Data Subjects. We process all payment card transactions in accordance with the Payment Card Industry Data Security Standard and use secure connections on our Website to ensure that Data Subjects’ personal data is encrypted and sent directly to the payment processor. This means that we convert Data Subjects’ personal data into a computer code, which will make it harder for hackers to access Data Subjects’ personal data on our Website. We process this data with Explicit Consent, Explicit Consent from Parents/Guardians (with respect to children), Performance of a contract with you, and Provision of healthcare.

    • Identity Data

    • Contact Data

    • Payment Data

    • Transaction Data

    • Health Data

  • To create and maintain an account with us: To enable Data Subjects to set up an account and to access their account on a self-service basis, which may include access to account details (past orders, order status, account preferences). To improve the speed at which Data Subjects can purchase our products and services. We process this data with legitimate interest and Explicit Consent – where Health Data is included in the account or where the Data Subject is a child.

    • Identity Data

    • Contact Data

  • To contact Data Subjects who request such contact: To respond to Data Subjects’ contact requests. We process this data with Consent. We process this data to respond to Data Subjects’ contact requests.

    • Identity Data

    • Contact Data

  • To manage and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data): To manage our business and ensure the effective provision of our products and services and to prevent fraud. We process this data with Legitimate interests and Consent – where Health Data is included in the account or where the Data Subject is a child.

    • Identity Data

    • Contact Data

    • Web Page Interaction Data

    • Payment Data (Payment Card Type and Last 4 digits of Payment Card)

    • Health Data

  • To undertake identification verification: To protect our business and to prevent fraud. We process this data with Legitimate Interest.

    • Identity Data

    • Contact Data

  • To send personal marketing and promotional materials to Data Subjects: To promote our products and services. We process this data with Legitimate Interest and Consent.

    • Identity Data

    • Contact Data

    • Marketing and Communications Data

  • To enable Data Subjects to complete a survey: To obtain feedback from Data Subjects on our products and services so that we can make improvements to them. We process this information with Consent.

    • Identity Data

    • Contact Data

    • Profile Data

    • Web Page Interaction Data

  • To enable you to participate in a prize draw or competition: To promote our business through prize draws and competitions to you. We will not send you any electronic marketing to you in a personal capacity unless you have expressly consented to receive it. We process this information with Consent and Performance of the prize draw or completion of terms and conditions.

    • Identity Data

    • Contact Data

    • Profile Data

    • Web Page Interaction Data

If a Data Subject has provided consent to processing and subsequently withdraws that consent, we may still process that Data Subject's personal data where we have another lawful basis for doing so, provided that the Data Subject has not expressly asked us to stop processing their personal data in accordance with section 10 (Legal Rights).

Where we need to collect personal data by law or under the terms of a contract that we have with a Data Subject and the Data Subject fails to provide that personal data when requested, we may not be able to perform the contract we have with the Data Subject (for example, to provide our products and services).

SHARING OF PERSONAL DATA

We may share Data Subjects' information with the following categories of third parties:

  • Service Providers: Our service providers include third parties that provide us with services such as IT services, hosting services, payment processing services, debt collection services, administration services, and other business process services, and marketing services. Such third parties will act as our processors.

  • Professional advisors: We may need to provide Data Subjects' personal data to our professional advisers that provide services to us. Our professional advisors include lawyers, accountants, bankers, auditors and insurers. Such third parties may act as our processors or independent controllers.

  • Doctors or Clinics: We may need to provide Data Subjects’ personal data to doctors and clinics in order to confirm or obtain health data in order to provide our services.

  • Authorities: We may disclose personal data where required in order to respond to requests from regulatory or governmental authorities, court orders, legal process, or to establish or exercise our legal rights or defend against legal claims. It may also be necessary for use to share personal data in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law. In such circumstances, we will take appropriate measures to ensure that the recipient understands the sensitive nature of the personal data that they may receive.

  • Other Third Parties: We may share Data Subjects' personal data with third parties to whom we may choose to transact business with. We may share Data Subjects’ personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets (including in relation to restructuring/insolvency situations). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use Data Subjects’ personal data in the same way as set out in this Notice. Data Subjects’ personal data may be a transferred asset in any sale of all or part of our business.

  • Affiliates: Data Subjects’ personal data might also be transmitted within our group of companies for internal administrative purposes.

We require all our data processors and any other third party that we provide Data Subjects' personal data to respect the security of Data Subjects' personal data and to treat it in accordance with applicable law.

We do not allow our data processors to use Data Subjects' personal data for their own purposes and only permits them to process Data Subjects' personal data for specified purposes and in accordance with our instructions.

Please see Section 7 (International Transfers) below for information on international transfers to such third parties.

COOKIES

Our Websites use cookies. Please see One Trust which provides details of the cookies used on our Website and how Data Subjects can reject or accept such cookies.

MARKETING

We may send Data Subjects marketing communications (including newsletters) if they have requested such communications from us or if we are otherwise allowed to do so under applicable law.

Third Party Marketing Companies

We will obtain Data Subjects' consent before we share their personal data with any company outside of our group of companies for marketing purposes.

Opt-Out

If a Data Subject does not wish to receive marketing information from us, the Data Subject can opt-out by contacting us using the contact details at section 12 (How to Contact Us) below or by clicking the opt-out link in our electronic marketing communications.

INTERNATIONAL TRANSFERS

Data Subjects' personal data collected by us in the UK or the EEA may be transferred outside of the UK or the EEA (as applicable) to those third parties specified in section 4 (Sharing of Personal Data) above; however, in such circumstances, to the extent we are required to do so under applicable law, we will ensure contractual or other measures that have been adopted or approved by the UK Government or the European Commission (as applicable) are taken (such as ensuring applicable standard contractual clauses are in place).

Data Subjects can obtain more information about the countries to which their personal data is transferred and copies of the additional measures put in place by contacting us using the contact details at section 12 (How to Contact Us) below.

AUTOMATED DECISION MAKING

We do not make any decisions regarding Data Subjects solely using automated decision making (including profiling) based on Data Subjects’ personal data.

RETENTION OF PERSONAL DATA AND ANONYMIZATION

We will only retain Data Subjects' personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, regulatory requirements, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for personal data are available from us on request using the contact details at section 12 (How to Contact Us) below.

We may anonymize Data Subjects’ personal data so that it can no longer be associated with you and is no longer classed as personal data. In such circumstances we may use such information without further notice to the Data Subject.

LEGAL RIGHTS

Data Subjects may have the following rights under applicable data protection laws in relation to their personal data:

  • Request access to the Data Subject's personal data: This enables the Data Subject to receive a copy of its personal data that we hold and to check that we are lawfully processing it. Data Subjects will not have to pay a fee to access their personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if a Data Subject’s request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with the Data Subject’s request in these circumstances.

  • Request correction of the personal data that we hold about the Data Subject: The Data Subject can require us to correct any mistakes in the Data Subject's personal data. The Data Subject must provide us with enough information to identify the Data Subject (e.g., username, institution's details) and let us know the information that is incorrect and what it should be replaced with.

  • Request erasure of the Data Subject's personal data: This enables the Data Subject to ask us to delete or remove the Data Subject's personal data where there is no permitted reason for us to continue to process it. The Data Subject can ask us to erase the Data Subject's personal data where: The Data Subject does not believe that we need the Data Subject's personal data in order to process it for the purposes set out in this Notice; If the Data Subject has given us consent to process the Data Subject's personal data, the Data Subject withdraws that consent and we cannot otherwise legally process the Data Subject's personal data; The Data Subject objects to our processing and we do not have any legitimate interests that mean we can continue to process the Data Subject's personal data; or The Data Subject's personal data has been processed unlawfully or has not been erased when it should have been.

  • Object to processing of the Data Subject's personal data: Where we are relying on a legitimate interest (or those of a third party) and there is something about the Data Subject's particular situation that makes the Data Subject want to object to processing on this ground as the Data Subject feels it impacts on the Data Subject's fundamental rights and freedoms. The Data Subject also has the right to object where we are processing the Data Subject's personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process the Data Subject's personal data which override the Data Subject's rights and freedoms.

  • Request restriction of processing of the Data Subject's personal data: This enables the Data Subject to ask us to suspend the processing of the Data Subject's personal data in the following scenarios: If the Data Subject wants us to establish the accuracy of the personal data; where our use of the personal data is unlawful but the Data Subject does not want us to erase it; Where the Data Subject needs us to hold the personal data even if we no longer require it as the Data Subject needs it to establish, exercise or defend legal claims; or the Data Subject has objected to our use of the personal data, but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of the Data Subject's personal data to the Data Subject or to a third party: The Data Subject can require us to provide to the Data Subject, or a third party the Data Subject has chosen, the Data Subject's personal data in a structured, commonly used, machine-readable format. This right only applies to automated personal data that the Data Subject initially provided consent for us to use or where we used the personal data to perform a contract with the Data Subject.

  • Withdraw consent at any time where we are relying on consent to process the Data Subject's personal data: This will not affect the lawfulness of any processing carried out before the Data Subject withdraws its consent. If the Data Subject withdraws its consent, we may not be able to provide the Data Subject with access to the Services or certain functionalities. We will advise the Data Subject if this is the case at the time that the Data Subject withdraws consent.

To exercise any of the rights set out above, please contact us using the contact details provided in section 12 (How to Contact Us) below. Where the Data Subject has any such rights under applicable laws, we will respond to any such rights that a Data Subject wants to exercise within one (1) month of receiving the request, unless the request is complex, in which case it may take longer.

We may need to request specific information from a Data Subject to help it confirm that Data Subject's identity and that Data Subject's right to access its personal data (or to exercise any of its other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact the Data Subject to ask it for further information in relation to its request to speed up our response.

Please be aware that there are exceptions and exemptions that apply to some of the rights, which we will apply in accordance with the applicable data protection laws. In addition to the above rights, Data Subjects’ have the right to lodge a complaint with a supervisory authority.

LINKS TO OTHER WEBSITES

Our Website may contain links to other websites. These websites may have separate privacy and data collection practices, independent of our practices, and Data Subjects’ use and access to such sites is subject to those terms and policies. We have no responsibility or liability for these independent policies or actions and we are not responsible for the privacy practice or the content of such websites.

HOW TO CONTACT US

To ask any questions regarding this Notice or to exercise any rights, please contact us using the following contact details:

Address: DP Data Protection Services UK Ltd., Attn: Pair Eyewear, 16 Great Queen Street, Covent Garden, London, WC2B 5AH, United Kingdom

Email: [email protected] Website: www.dp-dock.com

AMENDMENTS TO THIS NOTICE

This Notice may be revised from time to time, including where we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display a “Last Updated” date in at the top of this Notice so it is clear when there has been a change. If we make any change to this Notice regarding use or disclosure of personal data, we will provide notice on the Website and as otherwise required. Small changes or changes that do not significantly affect Data Subjects’ privacy interests may be made at any time and without prior notice.