Privacy Policy

Last Updated: 26 August 2024

PRIVACY POLICY

At Pair Eyewear, we take your privacy seriously. Please read this Privacy Policy to learn how we treat your personal data. By using or accessing our Services in any manner, you acknowledge that you accept the practices and policies outlined below, and you hereby consent that we will collect, use and share your information as described in this Privacy Policy.

Remember that your use of Pair Eyewear’s Services is at all times subject to our Terms of Use, which incorporates this Privacy Policy. Any terms we use in this Policy without defining them have the definitions given to them in the Terms of Use.

You may print a copy of this Privacy Policy by clicking here.

As we continually work to improve our Services, we may need to change this Privacy Policy from time to time. Upon such changes, we will alert you to any such changes by placing a notice on the Pair Eyewear website, by sending you an email and/or by some other means. Please note that if you’ve opted not to receive legal notice emails from us (or you haven’t provided us with your email address), those legal notices will still govern your use of the Services, and you are still responsible for reading and understanding them. If you use the Services after any changes to the Privacy Policy have been posted, that means you agree to all of the changes.

WHAT THIS PRIVACY POLICY COVERS

This Privacy Policy covers how we treat Personal Data that we gather when you access or use our Services. “Personal Data” means any information that identifies or relates to a particular individual and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules or regulations. This Privacy Policy does not cover the practices of companies we don’t own or control or people we don’t manage.

YOUR PERSONAL DATA

Personal Data Provided By You

You may provide to us (whether by uploading, email, telephone, post or otherwise) the following types of personal data when interacting with us, which we may then collect, use, store and/or transfer in accordance with this Notice:

  • Contact Data.

    • Physical address (billing and delivery)

    • Email address

    • Telephone numbers

  • Identity Data.

    • First name

    • Last name

    • Date of Birth

  • Payment Data.

    • Payment card type

    • Last 4 digits of payment card

  • Profile Data.

    • Username and password

    • Purchases or orders made

    • Interests

    • Preferences

    • Feedback

    • Survey responses

  • Transaction Data.

    • Details about payments to and from you

    • Purchases or orders made

  • Health Data – Special Category Data.

    • Ophthalmic prescriptions

    • Eye measurements

    • Eye health and other details regarding your eyes

    • Other medical conditions

    • Doctor or Clinic Contact Information

  • Marketing and Communications Data.

    • Preferences in receiving marketing from us and third parties

    • Communication preferences

Automatically Collected Personal Data

The following types of personal data may be automatically collected or logged when you access and use the Website or otherwise interact with us, which we may then collect, use, store and/or transfer in accordance with this Notice:

  • Web Page Interaction Data:

    • Information about how the Website is used

    • Cookies – see section 5 (Cookies)

    • Internet protocol (IP) address

    • Browser type and version

    • Time zone setting and location

    • Browser plug-in types and versions

    • Operating system and platform

    • Geolocation data

    • Other technology on the devices used to access the Website

Third Party Provided Personal Data

We may also obtain your personal data from the following third parties:

  • Parents / Guardians: information obtained from Parent or Guardian in relation to a purchase of our products and/or services for a child

    • Contact Data

    • Identity Data

    • Profile Data

    • Transaction Data

    • Health Data

  • Service Providers: information obtained from Contracts, Purchase orders, Financial/bank transfer information, Fraud prevention tools, and Marketing lists.

    • Contact Data

    • Identity Data

  • Healthcare providers: information obtained from Prescription and other information referrals.

    • Contact Data

    • Identity Data

    • Health Data

 Our Commercial or Business Purposes for Collecting or Disclosing Personal Data

  • To monitor the use of our Website: To improve the functionality and content of the Website. We have legitimate interest in processing this information.

    • Web Page Interaction Data

  • To provide our products and services (including necessary communications other than marketing): To enable us to provide our products and services to you. We process all payment card transactions in accordance with the Payment Card Industry Data Security Standard and use secure connections on our Website to ensure that your personal data is encrypted and sent directly to the payment processor. This means that we convert your personal data into computer code, which will make it harder for hackers to access your personal data on our Website. We process this data with Explicit Consent, Explicit Consent from Parents/Guardians (with respect to children), Performance of a contract with you, and Provision of healthcare.

    • Identity Data

    • Contact Data

    • Payment Data

    • Transaction Data

    • Health Data

  • To create and maintain an account with us: To enable you to set up an account and to access their account on a self-service basis, which may include access to account details (past orders, order status, account preferences). To improve the speed at which you can purchase our products and services. We process this data with legitimate interest and Explicit Consent – where Health Data is included in the account or where the user is a child.

    • Identity Data

    • Contact Data

  • To contact users who request such contact: To respond to your contact requests. We process this data with Consent. We process this data to respond to your contact requests.

    • Identity Data

    • Contact Data

  • To manage and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data): To manage our business and ensure the effective provision of our products and services and to prevent fraud. We process this data with Legitimate interests and Consent – where Health Data is included in the account or where the user is a child.

    • Identity Data

    • Contact Data

    • Web Page Interaction Data

    • Payment Data (Payment Card Type and Last 4 digits of Payment Card)

    • Health Data

  • To undertake identification verification: To protect our business and to prevent fraud. We process this data with Legitimate Interest.

    • Identity Data

    • Contact Data

  • To send personal marketing and promotional materials to you: To promote our products and services. We process this data with Legitimate Interest and Consent.

    • Identity Data

    • Contact Data

    • Marketing and Communications Data

  • To enable you to complete a survey: To obtain feedback from you on our products and services so that we can make improvements to them. We process this information with Consent.

    • Identity Data

    • Contact Data

    • Profile Data

    • Web Page Interaction Data

  • To enable you to participate in a prize draw or competition: To promote our business through prize draws and competitions to you. We will not send you any electronic marketing to you in a personal capacity unless you have expressly consented to receive it. We process this information with Consent and Performance of the prize draw or completion of terms and conditions.

    • Identity Data

    • Contact Data

    • Profile Data

    • Web Page Interaction Data

If you have provided consent to processing and subsequently withdraw that consent, we may still process your personal data where we have another lawful basis for doing so, provided that you have not expressly asked us to stop processing your personal data in accordance with your Legal Rights.

Where we need to collect personal data by law or under the terms of a contract that we have with you and you fail to provide that personal data when requested, we may not be able to perform the contract we have with  you (for example, to provide our products and services).

We will not collect additional categories of Personal Data or use the Personal Data we collected for materially different, unrelated or incompatible purposes without providing you notice.

HOW WE DISCLOSE YOUR PERSONAL DATA

We may share your information with the following categories of third parties:

  • Service Providers: Our service providers include third parties that provide us with services such as IT services, hosting services, payment processing services, debt collection services, administration services, and other business process services, and marketing services. Such third parties will act as our processors.

  • Professional advisors: We may need to provide your personal data to our professional advisers that provide services to us. Our professional advisors include lawyers, accountants, bankers, auditors and insurers. Such third parties may act as our processors or independent controllers.

  • Doctors or Clinics: We may need to provide your personal data to doctors and clinics in order to confirm or obtain health data in order to provide our services.

  • Authorities: We may disclose personal data where required in order to respond to requests from regulatory or governmental authorities, court orders, legal process, or to establish or exercise our legal rights or defend against legal claims. It may also be necessary for use to share personal data in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law. In such circumstances, we will take appropriate measures to ensure that the recipient understands the sensitive nature of the personal data that they may receive.

  • Other Third Parties: We may share your personal data with third parties to whom we may choose to transact business with. We may share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets (including in relation to restructuring/insolvency situations). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this policy. Your personal data may be a transferred asset in any sale of all or part of our business.

  • Affiliates: Your personal data might also be transmitted within our group of companies for internal administrative purposes.

We require all third parties that we provide your  personal data to respect the security of your personal data and to treat it in accordance with applicable law.

We do not allow our third parties to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Legal Obligations

We may share any Personal Data that we collect with third parties in conjunction with any of the activities set forth under “Meeting Legal Requirements and Enforcing Legal Terms” in the “Our Commercial or Business Purposes for Collecting Personal Data” section above.

Business Transfers

All of your Personal Data that we collect may be transferred to a third party if we undergo a merger, acquisition, bankruptcy or other transaction in which that third party assumes control of our business (in whole or in part). Should one of these events occur, we will make reasonable efforts to notify you before your information becomes subject to different privacy and security policies and practices.

Data that is Not Personal Data

We may create aggregated, de-identified or anonymized data from the Personal Data we collect, including by removing information that makes the data personally identifiable to a particular user. We may use such aggregated, de-identified or anonymized data and share it with third parties for our lawful business purposes, including to analyze, build and improve the Services and promote our business, provided that we will not share such data in a manner that could identify you.

NOTICE OF FINANCIAL INCENTIVE

The Program is Pair Eyewear’s rewards program in which users earn points for purchase and non-purchase activities and then redeem those points for rewards like $10 off for every 100 Points earned. The Program is free to all customers.  In connection with the Program, we may offer financial incentives and/or price or service differences (“Incentives”) to Program Participants based on points earned as described in Section C, in exchange for our use of Pair Eyewear Rewards members’ Rewards Data (defined below).

To offer these Incentives, we must track the personal information You provide when You sign up for Pair Eyewear Rewards or engage in activities to earn Points, such as contact information, purchase history, date of birth, and engagement with and promotion of Pair Eyewear on social media (“Pair Eyewear Rewards Data”). You can join Pair Eyewear Rewards here, and You can withdraw from Pair Eyewear Rewards at any time by contacting us. The value of Pair Eyewear Rewards Data to Pair Eyewear is calculated by determining the approximate additional spending of Pair Eyewear Rewards customers against the spending of individuals who are not enrolled in Pair Eyewear Rewards. The value of Pair Eyewear Rewards Data is reasonably related to the costs associated with offering the Incentives.

TRACKING TOOLS, ADVERTISING, AND OPT-OUT

The Services use cookies and similar technologies such as pixel tags, web beacons, clear GIFs and JavaScript (collectively, “Cookies”) to enable our servers to recognize your web browser, tell us how and when you visit and use our Services, analyze trends, learn about our user base and operate and improve our Services. Cookies are small pieces of data– usually text files – placed on your computer, tablet, phone or similar device when you use that device to access our Services. We may also supplement the information we collect from you with information received from third parties, including third parties that have placed their own Cookies on your device(s). Please note that because of our use of Cookies, the Services do not support “Do Not Track” requests sent from a browser at this time.

We use the following types of Cookies:

  • Essential Cookies. Essential Cookies are required for providing you with features or services that you have requested. For example, certain Cookies enable you to log into secure areas of our Services. Disabling these Cookies may make certain features and services unavailable.

  • Functional Cookies. Functional Cookies are used to record your choices and settings regarding our Services, maintain your preferences over time and recognize you when you return to our Services. These Cookies help us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).

  • Performance/Analytical Cookies. Performance/Analytical Cookies allow us to understand how visitors use our Services. They do this by collecting information about the number of visitors to the Services, what pages visitors view on our Services and how long visitors are viewing pages on the Services. Performance/Analytical Cookies also help us measure the performance of our advertising campaigns in order to help us improve our campaigns and the Services’ content for those who engage with our advertising. For example, Google LLC (“Google”) uses cookies in connection with its Google Analytics services. Google’s ability to use and share information collected by Google Analytics about your visits to the Services is subject to the Google Analytics Terms of Use and the Google Privacy Policy. You have the option to opt-out of Google’s use of Cookies by visiting the Google advertising opt-out page at www.google.com/privacy_ads.html or the Google Analytics Opt-out Browser Add-on at https://tools.google.com/dlpage/gaoptout/.

  • Retargeting/Advertising Cookies. Retargeting/Advertising Cookies collect data about your online activity and identify your interests so that we can provide advertising that we believe is relevant to you. For more information about this, please see the section below titled “Information about Interest-Based Advertisements.”

You can decide whether or not to accept Cookies through your internet browser’s settings. Most browsers have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allow you to decide on acceptance of each new Cookie in a variety of ways. You can also delete all Cookies that are already on your device. If you do this, however, you may have to manually adjust some preferences every time you visit our website and some of the Services and functionalities may not work.

To explore what Cookie settings are available to you or to modify your preferences with respect to Cookies, you can access your Cookie management settings in your browser. To find out more information about Cookies generally, including information about how to manage and delete Cookies, please visit http://www.allaboutcookies.org/ or https://ico.org.uk/for-the-public/online/cookies/ if you are located in the European Union.

Information about Interest-Based Advertisements:

We may serve advertisements, and also allow third-party ad networks, including third-party ad servers, ad agencies, ad technology vendors and research firms, to serve advertisements through the Services. These advertisements may be targeted to users who fit certain general profile categories or display certain preferences or behaviors (“Interest-Based Ads”). Information for Interest-Based Ads (including Personal Data) may be provided to us by you, or derived from the usage patterns of particular users on the Services and/or services of third parties. Such information may be gathered through tracking users’ activities across time and unaffiliated properties, including when you leave the Services. To accomplish this, we or our service providers may deliver Cookies, including a file (known as a “web beacon”) from an ad network to you through the Services. Web beacons allow ad networks to provide anonymized, aggregated auditing, research and reporting for us and for advertisers. Web beacons also enable ad networks to serve targeted advertisements to you when you visit other websites. Web beacons allow ad networks to view, edit or set their own Cookies on your browser, just as if you had requested a web page from their site.

DATA SECURITY

We seek to protect your Personal Data from unauthorized access, use and disclosure using appropriate physical, technical, organizational and administrative security measures based on the type of Personal Data and how we are processing that data. You should also help protect your data by appropriately selecting and protecting your password and/or other sign-on mechanism; limiting access to your computer or device and browser; and signing off after you have finished accessing your account. Although we work to protect the security of your account and other data that we hold in our records, please be aware that no method of transmitting data over the internet or storing data is completely secure.

Data Retention

We retain Personal Data about you for as long as necessary to provide you with our Services or to perform our business or commercial purposes for collecting your Personal Data. When establishing a retention period for specific categories of data, we consider who we collected the data from, our need for the Personal Data, why we collected the Personal Data, and the sensitivity of the Personal Data. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation. We may further retain information in an anonymous or aggregated form where that information would not identify you personally.

For example:

  • We retain your profile information and credentials for as long as you have an account with us.

  • We retain your order history for as long as we need it for business operations and financial reporting.

PERSONAL DATA OF CHILDREN

As noted in the Terms of Use, we do not knowingly collect or solicit Personal Data about children under 16 years of age; if you are a child under the age of 16, please do not attempt to register for or otherwise use the Services or send us any Personal Data. If we learn we have collected Personal Data from a child under 16 years of age, we will delete that information as quickly as possible. If you believe that a child under 16 years of age may have provided Personal Data to us, please contact us.

CALIFORNIA RESIDENT RIGHTS

If you are a California resident, you have the rights set forth in this section. Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data.

If there are any conflicts between this section and any other provision of this Privacy Policy and you are a California resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us.

Access

You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. In response, we will provide you with the following information:

  • The categories of Personal Data that we have collected about you.

  • The categories of sources from which that Personal Data was collected.

  • The business or commercial purpose for collecting or selling your Personal Data.

  • The categories of third parties with whom we have shared your Personal Data.

  • The specific pieces of Personal Data that we have collected about you.

If we have disclosed your Personal Data to any third parties for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third party recipient. If we have sold your Personal Data over the past 12 months, we will identify the categories of Personal Data sold to each category of third party recipient.

Deletion

You have the right to request that we delete the Personal Data that we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested, or if deletion of your Personal Data involves disproportionate effort. If your deletion request is subject to one of these exceptions, we may deny your deletion request.

Correction

You have the right to request that we correct any inaccurate Personal Data we have collected about you. Under the CPRA, this right is subject to certain exceptions: for example, if we decide, based on the totality of circumstances related to your Personal Data, that such data is correct. If your correction request is subject to one of these exceptions, we may deny your request.

Processing of Sensitive Personal Information Opt-Out

Consumers have certain rights over the processing of their sensitive information. However, we do not collect sensitive categories of personal information.

Personal Data Sales Opt-Out and Opt-In

In this section, we use the term ‘sell’ as it is defined in the CPRA. We sell your Personal Data, subject to your right to opt-out of these sales.

As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt out of these sales by following the instructions in this section.

We sell your Personal Data to the following categories of third parties:

  • Ad Networks

  • Data brokers

  • Marketing providers

Over the past 12 months, we have sold the following categories of your Personal Data to categories of third parties listed above:

  • Profile or Contact Data

  • Commercial Data

  • Device/IP Data

  • Consumer Demographic Data

  • Geolocation Data

  • Inferences Drawn From Other Personal Data Collected

  • Other Identifying Information that You Voluntarily Choose to Provide

We have sold the foregoing categories of Personal Data for the following business or commercial purposes:

  • Improving the Services, including testing, research, internal analytics and product development.

  • Personalizing the Services, website content and communications based on your preferences.

  • Doing fraud protection, security and debugging.

  • Marketing and selling the Services.

  • Showing you advertisements, including interest-based or online behavioral advertising.

You have the right to opt-out of the sale of your Personal Data. You can opt-out using the following methods:

  • You can complete the online form found here: Do Not Sell or Share My Personal Information.

  • Email us: https://paireyewearhelp.zendesk.com/hc/en-us/requests/new

  • By implementing the Global Privacy Control or similar control that is legally recognized by a government agency or industry standard and that complies with the CPRA. The signal issued by the control must be initiated by your browser and applies to the specific device and browser you use at the time you cast the signal. Please note this does not include Do Not Track signals.

Once you have submitted an opt-out request, we will not ask you to reauthorize the sale of your Personal Data for at least 12 months.

To our knowledge, we do not sell the Personal Data of minors under 16 years of age.

Personal Data Sharing Opt-Out and Opt-In

Under the CPRA, California residents have certain rights when a business “shares” Personal Data with third parties for purposes of cross-contextual behavioral advertising. We have shared the foregoing categories of Personal Data for the purposes of cross-contextual behavioral advertising.

  • Profile or Contact Data

  • Commercial Data

  • Device/IP Data

  • Web Analytics

  • Social Network Data

  • Consumer Demographic Data

  • Geolocation Data

  • Inferences Drawn From Other Personal Data Collected

  • Other Identifying Information that You Voluntarily Choose to Provide

As described in the “Tracking Tools, Advertising and Opt-Out” section above, we have incorporated Cookies from certain third parties into our Services. These Cookies allow those third parties to receive information about your activity on our Services that is associated with your browser or device. Those third parties may use that data to serve you relevant ads on our Services or on other websites you visit. Under the CPRA, sharing your data through third party Cookies for online advertising may be considered a “sale” of information. You can opt out of data selling and/or sharing by following the instructions in this section.

We share Personal Data with the following categories of third parties:

  • Ad Networks

  • Data brokers

  • Marketing providers (including for cross-contextual behavioral advertising purposes)

Over the past 12 months, we have shared the following categories of Personal Data with the categories of third parties listed for the following purposes:

  • Marketing and selling the Services

  • Showing you advertisements, including interest-based or online behavioral advertising

You have the right to opt-out of the sharing of your Personal Data. You can opt-out using the following methods:

  • You can complete the online form found here: Do Not Sell or Share My Personal Information.

  • You can email us at https://paireyewearhelp.zendesk.com/hc/en-us/requests/new

  • You can use a Global Privacy Control or similar control that is legally recognized by a government agency or industry standard and that complies with the CCPA. The signal issued by the control must be initiated by your browser and applies to the specific device and browser you use at the time you cast the signal. Please note this does not include Do Not Track signals.

Once you have submitted an opt-out request, we will not ask you to reauthorize the sharing of your Personal Data for at least 12 months.

To our knowledge, we do not share the Personal Data of minors under 16 years of age.

We Will Not Discriminate Against You for Exercising Your Rights Under the CPRA

We will not discriminate against you for exercising your rights under the CPRA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CPRA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CPRA) with varying prices, rates or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.

VIRGINIA RESIDENT RIGHTS

If you are a Virginia resident, you have the rights set forth under the Virginia Consumer Data Protection Act (“VCDPA”). Please see the “Exercising Your Rights” section below for instructions regarding how to exercise these rights. Please note that we may process Personal Data of our customers’ end users or employees in connection with our provision of certain services to our customers. If we are processing your Personal Data as a service provider, you should contact the entity that collected your Personal Data in the first instance to address your rights with respect to such data. Additionally, please note that these rights are subject to certain conditions and exceptions under applicable law, which may permit or require us to deny your request.

If there are any conflicts between this section and any other provision of this Privacy Policy and you are a Virginia resident, the portion that is more protective of Personal Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us.

Access

You have the right to request confirmation of whether or not we are processing your Personal Data and to access your Personal Data.

Correction

You have the right to correct inaccuracies in your Personal Data, to the extent such correction is appropriate in consideration of the nature of such data and our purposes of processing your Personal Data.

Portability

You have the right to request a copy of your Personal Data in a machine-readable format, to the extent technically feasible.

Deletion

You have the right to delete your Personal Data.

Opt-Out of Certain Processing Activities

You have the right to opt-out of the processing of your Personal Data for targeted advertising purposes. We process your Personal Data for targeted advertising purposes. To opt-out of our processing of Personal Data for targeted advertising purposes, please fill out this form with your request with the relevant details. You can also enhance the Privacy and Security options in your web browser from its Settings menu.

  • You have the right to opt-out to the sale of your Personal Data. We do not currently sell your Personal Data as defined under the VCDPA.

  • You have the right to opt-out from the processing of your Personal Data for the purposes of profiling in furtherance of decisions that produce legal or similarly significant effects to you, if applicable.

Appealing a Denial

If we refuse to take action on a request within a reasonable period of time after receiving your request in accordance with this section, you may appeal our decision. In such an appeal, you must (1) provide sufficient information to allow us to verify that you are the person about whom the original request pertains and to identify the original request, and (2) provide a description of the basis of your appeal. Please note that your appeal will be subject to your rights and obligations afforded to you under the VCDPA. We will respond to your appeal within 60 days of receiving your request. If we deny your appeal, you have the right to contact the Virginia Attorney General using the methods described at https://www.oag.state.va.us/consumer-protection/index.php/file-a-complaint.

You may appeal a decision by us using the following methods:

Phone: (646) 389-9692 Email: https://paireyewearhelp.zendesk.com/hc/en-us/requests/new

EXERCISING YOUR RIGHTS UNDER CPRA AND VCDPA

To exercise the rights described in this Privacy Policy, you or, if you are a California resident, your Authorized Agent (defined below) must send us a request that (1) provides sufficient information such as a driver’s license or a utility bill to allow us to verify that you are the person about whom we have collected Personal Data, and (2) describes your request in sufficient detail to allow us to understand, evaluate and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify your identity and complete your request. You do not need an account to submit a Valid Request.

We will work to respond to your Valid Request within the time period required by applicable law. We will not charge you a fee for making a Valid Request unless your Valid Request(s) is excessive, repetitive or manifestly unfounded. If we determine that your Valid Request warrants a fee, we will notify you of the fee and explain that decision before completing your request.

You may submit a Valid Request using the Contact Us methods below:

Phone: (646) 389-9692Email: https://paireyewearhelp.zendesk.com/hc/en-us/requests/new

If you are a California resident, you may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to exercise your rights on your behalf, and we may request a copy of this written permission from your Authorized Agent when they make a request on your behalf.

OTHER STATE LAW PRIVACY RIGHTS

California Resident Rights

Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to contact us to prevent disclosure of Personal Data to third parties for such third parties’ direct marketing purposes; in order to submit such a request, please contact us.

Nevada Resident Rights

If you are a resident of Nevada, you have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting us with the subject line “Nevada Do Not Sell Request” and providing us with your name and the email address associated with your account. Please note that we do not currently sell your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

Contact Information:

If you have any questions or comments about this Privacy Policy, the ways in which we collect and use your Personal Data or your choices and rights regarding such collection and use, please do not hesitate to contact us at: Phone: (646) 389-9692 Email: https://paireyewearhelp.zendesk.com/hc/en-us/requests/new 44 W 28th Street 15th Floor, New York, NY 10001

UK AND EU DATA PROTECTION NOTICE

This data protection notice (this "Notice") describes how Pair Eyewear 44 W. 28th St. Floor 15, New York, NY 10001, and its affiliates ("us", "we", or "our") collect, handle, share and use the personal data of customers who purchase our products or services via https://paireyewear.com (the “Website”), the personal data of other users of the Website, and the personal data of individuals in relation to other interactions, transactions, sites or applications that reference this Notice (the "Processing Activities"), such users and individuals being “Data Subjects”.

This Notice applies only to the personal data of Data Subjects who are resident in the European Economic Area (EEA) or the United Kingdom (UK).

We shall act as a controller of Data Subjects’ personal data that is collected or received in accordance with this Notice. If we process personal data as a data processor, we will process such personal data in accordance with the terms of the contract we have with the third party for whom we act as data processor, and this Notice shall not apply to the processing of such personal data.

If you require this notice in another format (for example, audio, large print, braille) please contact us using the contact details in section 12 (How to Contact Us) below.

Data Subject Provided Personal Data

Data Subjects may provide to us (whether by uploading, email, telephone, post or otherwise) the following types of personal data when interacting with us, which we may then collect, use, store and/or transfer in accordance with this Notice:

  • Contact Data.

    • Physical address (billing and delivery)

    • Email address

    • Telephone numbers

  • Identity Data.

    • First name

    • Last name

    • Date of Birth

  • Payment Data.

    • Payment card type

    • Last 4 digits of payment card

  • Profile Data.

    • Username and password

    • Purchases or orders made

    • Interests

    • Preferences

    • Feedback

    • Survey responses

  • Transaction Data.

    • Details about payments to and from Data Subjects

    • Purchases or orders made

  • Health Data – Special Category Data.

    • Ophthalmic prescriptions

    • Eye measurements

    • Eye health and other details regarding your eyes

    • Other medical conditions

    • Doctor or Clinic Contact Information

  • Marketing and Communications Data.

    • Preferences in receiving marketing from us and third parties

    • Communication preferences

Automatically Collected Personal Data

The following types of personal data may be automatically collected or logged when Data Subjects access and use the Website or otherwise interact with us, which we may then collect, use, store and/or transfer in accordance with this Notice:

  • Web Page Interaction Data:

    • Information about how the Website is used

    • Cookies – see section 5 (Cookies)

    • Internet protocol (IP) address

    • Browser type and version

    • Time zone setting and location

    • Browser plug-in types and versions

    • Operating system and platform

    • Geolocation data

    • Other technology on the devices used to access the Website

Third Party Provided Personal Data

We may also obtain Data Subjects’ personal data from the following third parties:

  • Parents / Guardians: information obtained from Parent or Guardian in relation to a purchase of our products and/or services for a child

    • Contact Data

    • Identity Data

    • Profile Data

    • Transaction Data

    • Health Data

  • Service Providers: information obtained from Contracts, Purchase orders, Financial/bank transfer information, Fraud prevention tools, and Marketing lists.

    • Contact Data

    • Identity Data

  • Healthcare providers: information obtained from Prescription and other information referrals.

    • Contact Data

    • Identity Data

    • Health Data

Children

We may process the personal data of children where the child is 13 years and over or, where the child is under 13, when such personal data is provided by their parent or guardian in relation to the purchase of our products or services for such children. A parent or guardian of a child under the age of 13 may review and request deletion of such child's personal data as well as prohibit the use thereof, in accordance with this Notice.

Cookies

Please see section 5 (Cookies) below for details on how we use cookies.

Personal data and the internet

While we will use all reasonable efforts to safeguard your personal information, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information that are transferred from you or to you via the internet. If you have any particular concerns about your personal information, please contact us using the contact details at section 12 (How to Contact Us) below.

How We Use Personal Data

  • To monitor the use of our Website: To improve the functionality and content of the Website. We have legitimate interest in processing this information.

    • Web Page Interaction Data

  • To provide our products and services (including necessary communications other than marketing): To enable us to provide our products and services to Data Subjects. We process all payment card transactions in accordance with the Payment Card Industry Data Security Standard and use secure connections on our Website to ensure that Data Subjects’ personal data is encrypted and sent directly to the payment processor. This means that we convert Data Subjects’ personal data into a computer code, which will make it harder for hackers to access Data Subjects’ personal data on our Website. We process this data with Explicit Consent, Explicit Consent from Parents/Guardians (with respect to children), Performance of a contract with you, and Provision of healthcare.

    • Identity Data

    • Contact Data

    • Payment Data

    • Transaction Data

    • Health Data

  • To create and maintain an account with us: To enable Data Subjects to set up an account and to access their account on a self-service basis, which may include access to account details (past orders, order status, account preferences). To improve the speed at which Data Subjects can purchase our products and services. We process this data with legitimate interest and Explicit Consent – where Health Data is included in the account or where the Data Subject is a child.

    • Identity Data

    • Contact Data

  • To contact Data Subjects who request such contact: To respond to Data Subjects’ contact requests. We process this data with Consent. We process this data to respond to Data Subjects’ contact requests.

    • Identity Data

    • Contact Data

  • To manage and protect our business (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data): To manage our business and ensure the effective provision of our products and services and to prevent fraud. We process this data with Legitimate interests and Consent – where Health Data is included in the account or where the Data Subject is a child.

    • Identity Data

    • Contact Data

    • Web Page Interaction Data

    • Payment Data (Payment Card Type and Last 4 digits of Payment Card)

    • Health Data

  • To undertake identification verification: To protect our business and to prevent fraud. We process this data with Legitimate Interest.

    • Identity Data

    • Contact Data

  • To send personal marketing and promotional materials to Data Subjects: To promote our products and services. We process this data with Legitimate Interest and Consent.

    • Identity Data

    • Contact Data

    • Marketing and Communications Data

  • To enable Data Subjects to complete a survey: To obtain feedback from Data Subjects on our products and services so that we can make improvements to them. We process this information with Consent.

    • Identity Data

    • Contact Data

    • Profile Data

    • Web Page Interaction Data

  • To enable you to participate in a prize draw or competition: To promote our business through prize draws and competitions to you. We will not send you any electronic marketing to you in a personal capacity unless you have expressly consented to receive it. We process this information with Consent and Performance of the prize draw or completion of terms and conditions.

    • Identity Data

    • Contact Data

    • Profile Data

    • Web Page Interaction Data

If a Data Subject has provided consent to processing and subsequently withdraws that consent, we may still process that Data Subject's personal data where we have another lawful basis for doing so, provided that the Data Subject has not expressly asked us to stop processing their personal data in accordance with section 10 (Legal Rights).

Where we need to collect personal data by law or under the terms of a contract that we have with a Data Subject and the Data Subject fails to provide that personal data when requested, we may not be able to perform the contract we have with the Data Subject (for example, to provide our products and services).

Sharing of Personal Data

We may share Data Subjects' information with the following categories of third parties:

  • Service Providers: Our service providers include third parties that provide us with services such as IT services, hosting services, payment processing services, debt collection services, administration services, and other business process services, and marketing services. Such third parties will act as our processors.

  • Professional advisors: We may need to provide Data Subjects' personal data to our professional advisers that provide services to us. Our professional advisors include lawyers, accountants, bankers, auditors and insurers. Such third parties may act as our processors or independent controllers.

  • Doctors or Clinics: We may need to provide Data Subjects’ personal data to doctors and clinics in order to confirm or obtain health data in order to provide our services.

  • Authorities: We may disclose personal data where required in order to respond to requests from regulatory or governmental authorities, court orders, legal process, or to establish or exercise our legal rights or defend against legal claims. It may also be necessary for use to share personal data in order to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or as otherwise required by law. In such circumstances, we will take appropriate measures to ensure that the recipient understands the sensitive nature of the personal data that they may receive.

  • Other Third Parties: We may share Data Subjects' personal data with third parties to whom we may choose to transact business with. We may share Data Subjects’ personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets (including in relation to restructuring/insolvency situations). Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use Data Subjects’ personal data in the same way as set out in this Notice. Data Subjects’ personal data may be a transferred asset in any sale of all or part of our business.

  • Affiliates: Data Subjects’ personal data might also be transmitted within our group of companies for internal administrative purposes.

We require all our data processors and any other third party that we provide Data Subjects' personal data to respect the security of Data Subjects' personal data and to treat it in accordance with applicable law.

We do not allow our data processors to use Data Subjects' personal data for their own purposes and only permits them to process Data Subjects' personal data for specified purposes and in accordance with our instructions.

Please see Section 7 (International Transfers) below for information on international transfers to such third parties.

Cookies

Our Websites use cookies. Please see One Trust which provides details of the cookies used on our Website and how Data Subjects can reject or accept such cookies.

Marketing

We may send Data Subjects marketing communications (including newsletters) if they have requested such communications from us or if we are otherwise allowed to do so under applicable law.

Third Party Marketing Companies

We will obtain Data Subjects' consent before we share their personal data with any company outside of our group of companies for marketing purposes.

Opt-Out

If a Data Subject does not wish to receive marketing information from us, the Data Subject can opt-out by contacting us using the contact details at section 12 (How to Contact Us) below or by clicking the opt-out link in our electronic marketing communications.

International Transfers

Data Subjects' personal data collected by us in the UK or the EEA may be transferred outside of the UK or the EEA (as applicable) to those third parties specified in section 4 (Sharing of Personal Data) above; however, in such circumstances, to the extent we are required to do so under applicable law, we will ensure contractual or other measures that have been adopted or approved by the UK Government or the European Commission (as applicable) are taken (such as ensuring applicable standard contractual clauses are in place).

Data Subjects can obtain more information about the countries to which their personal data is transferred and copies of the additional measures put in place by contacting us using the contact details at section 12 (How to Contact Us) below.

Automated Decision Making

We do not make any decisions regarding Data Subjects solely using automated decision making (including profiling) based on Data Subjects’ personal data.

Retention of Personal Data and Anonymization

We will only retain Data Subjects' personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, regulatory requirements, the potential risk of harm from unauthorized use or disclosure of the personal data, the purposes for which we process the personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. Details of retention periods for personal data are available from us on request using the contact details at section 12 (How to Contact Us) below.

We may anonymize Data Subjects’ personal data so that it can no longer be associated with you and is no longer classed as personal data. In such circumstances we may use such information without further notice to the Data Subject.

Legal Rights

Data Subjects may have the following rights under applicable data protection laws in relation to their personal data:

  • Request access to the Data Subject's personal data: This enables the Data Subject to receive a copy of its personal data that we hold and to check that we are lawfully processing it. Data Subjects will not have to pay a fee to access their personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if a Data Subject’s request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with the Data Subject’s request in these circumstances.

  • Request correction of the personal data that we hold about the Data Subject: The Data Subject can require us to correct any mistakes in the Data Subject's personal data. The Data Subject must provide us with enough information to identify the Data Subject (e.g., username, institution's details) and let us know the information that is incorrect and what it should be replaced with.

  • Request erasure of the Data Subject's personal data: This enables the Data Subject to ask us to delete or remove the Data Subject's personal data where there is no permitted reason for us to continue to process it. The Data Subject can ask us to erase the Data Subject's personal data where: The Data Subject does not believe that we need the Data Subject's personal data in order to process it for the purposes set out in this Notice; If the Data Subject has given us consent to process the Data Subject's personal data, the Data Subject withdraws that consent and we cannot otherwise legally process the Data Subject's personal data; The Data Subject objects to our processing and we do not have any legitimate interests that mean we can continue to process the Data Subject's personal data; or The Data Subject's personal data has been processed unlawfully or has not been erased when it should have been.

  • Object to processing of the Data Subject's personal data: Where we are relying on a legitimate interest (or those of a third party) and there is something about the Data Subject's particular situation that makes the Data Subject want to object to processing on this ground as the Data Subject feels it impacts on the Data Subject's fundamental rights and freedoms. The Data Subject also has the right to object where we are processing the Data Subject's personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process the Data Subject's personal data which override the Data Subject's rights and freedoms.

  • Request restriction of processing of the Data Subject's personal data: This enables the Data Subject to ask us to suspend the processing of the Data Subject's personal data in the following scenarios: If the Data Subject wants us to establish the accuracy of the personal data; where our use of the personal data is unlawful but the Data Subject does not want us to erase it; Where the Data Subject needs us to hold the personal data even if we no longer require it as the Data Subject needs it to establish, exercise or defend legal claims; or the Data Subject has objected to our use of the personal data, but we need to verify whether we have overriding legitimate grounds to use it.

  • Request the transfer of the Data Subject's personal data to the Data Subject or to a third party: The Data Subject can require us to provide to the Data Subject, or a third party the Data Subject has chosen, the Data Subject's personal data in a structured, commonly used, machine-readable format. This right only applies to automated personal data that the Data Subject initially provided consent for us to use or where we used the personal data to perform a contract with the Data Subject.

  • Withdraw consent at any time where we are relying on consent to process the Data Subject's personal data: This will not affect the lawfulness of any processing carried out before the Data Subject withdraws its consent. If the Data Subject withdraws its consent, we may not be able to provide the Data Subject with access to the Services or certain functionalities. We will advise the Data Subject if this is the case at the time that the Data Subject withdraws consent.

To exercise any of the rights set out above, please contact us using the contact details provided in section 12 (How to Contact Us) below. Where the Data Subject has any such rights under applicable laws, we will respond to any such rights that a Data Subject wants to exercise within one (1) month of receiving the request, unless the request is complex, in which case it may take longer.

We may need to request specific information from a Data Subject to help it confirm that Data Subject's identity and that Data Subject's right to access its personal data (or to exercise any of its other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact the Data Subject to ask it for further information in relation to its request to speed up our response.

Please be aware that there are exceptions and exemptions that apply to some of the rights, which we will apply in accordance with the applicable data protection laws. In addition to the above rights, Data Subjects’ have the right to lodge a complaint with a supervisory authority.

Links to Other Websites

Our Website may contain links to other websites. These websites may have separate privacy and data collection practices, independent of our practices, and Data Subjects’ use and access to such sites is subject to those terms and policies. We have no responsibility or liability for these independent policies or actions and we are not responsible for the privacy practice or the content of such websites.

How to Contact Us

To ask any questions regarding this Notice or to exercise any rights, please contact us using the following contact details:

Address: DP Data Protection Services UK Ltd. Attn: Pair Eyewear 16 Great Queen Street Covent Garden, London, WC2B 5AH United Kingdom Email: [email protected] Website: www.dp-dock.com

Amendments to This Notice

This Notice may be revised from time to time, including where we add new features and services, as laws change, and as industry privacy and security best practices evolve. We display a “Last Updated” date at the top of this Notice so it is clear when there has been a change. If we make any change to this Notice regarding use or disclosure of personal data, we will provide notice on the Website and as otherwise required. Small changes or changes that do not significantly affect Data Subjects’ privacy interests may be made at any time and without prior notice.