Renewed 30 April 2025
Customers / Patients are our greatest asset, which is why OC VISON, as a responsible company, complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as the General Data Protection Regulation.
This Privacy Policy, hereinafter referred to as the Policy, describes the manner in which OC VISION Ltd, registration No. 40003105710, Elijas iela 17 – 4, Rīga, LV – 1050, hereinafter referred to as OC VISION, processes personal data.
The term OC VISION shall also be understood to include the companies of the OC VISION Group – SIA “VISION EXPRESS BALTIJA”, registration No. 40003047732, Elijas iela 17 – 4, Rīga, LV – 1050, as well as SIA “Optometrijas serviss”, registration No. 40103100298, Elijas iela 17 – 4, Rīga, LV – 1050, as well as the brands OptiO, Vision Express, VIZIONETTE, Lornete, Dr.Lensor, Opptica, Diviniti, the websites www.ocvision.eu, www.optio.lv, www.visionexpress.lv, www.vizionette.lv, www.lornete.lv, www.lensor.eu, www.opptica.eu, www.diviniti.eu,
This Policy shall apply if the Client / Patient uses, has used or has expressed a wish to use the services provided by OC VISION or is otherwise connected with the services provided by OC VISION, including in a relationship with the Client / Patient established prior to the entry into force of this Policy.
This Policy also applies where a person has contacted us to request a medical service. In such cases, the person is referred to as the “Patient” in accordance with the legal framework. This Policy applies to cases where an individual is a Client as well as to cases where an individual is a Patient.
1. Definitions
Processing means any operation or set of operations which is performed upon personal data or upon sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The actual address for the provision of services: both the registered office of the Manager and the Manager’s stores, a list of which is available at www.ocvision.eu and is updated as soon as a new store is opened, OC VISION online stores and, exceptionally, off-site sales outlets.
Customer / Patient – any natural person who uses, has used, or has expressed a wish to use any of the services, goods for sale provided by the Company or is in any other way connected with them;
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as his or her name, personal identification number, telephone number, e-mail address, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Applicable Law
2.1. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
2.2. Law on the processing of personal data.
2.3. Law on medical treatment.
2.4. Patients’ Rights Act.
2.5. Consumer Rights Protection Act.
2.6. Distance contract rules.
2.7. Advertising Law, etc.
3. General Provisions
3.1. This Policy provides general information about how OC VISION processes personal data. More detailed information about the processing of personal data is provided to Clients/Patients in response to requests, by informing them personally, or is included in contracts and other documents related to OC VISION’s services, as well as on OC VISION’s designated websites.
3.2. OC VISION, within the framework of applicable laws and regulations, shall ensure the confidentiality of personal data and has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction.
3.3. OC VISION may use personal data processors of its choice for the processing of personal data. In such cases, OC VISION shall take the necessary measures to ensure that such processors process personal data in accordance with OC VISION’s instructions, ensuring an adequate level of security, and in compliance with applicable laws and regulations. You can find out which processors OC VISION works with by contacting us at the email address provided in this policy.
3.4. If OC VISION updates this Policy, the current version of the Policy will be posted on OC VISION’s websites, while previous versions of the Policy may be viewed by contacting us at the email address provided in this Policy.
3.5. In order to provide better and more appropriate products and services to the Customer/Patient, and to provide, maintain, protect and improve existing products and services, OC VISION processes data collected from the provision of services.
3.6. In order to remind the Client / Patient of the need for a vision check, OC VISION may contact the Client / Patient using the contact information provided by the Client / Patient.
3.7. This Privacy Policy has been prepared in the Latvian language, which is the original, governing instrument and the basis of the parties’ agreement. In the event of any contradictions, ambiguities, or differing interpretations arising between the Latvian version of this document and any of its translations into another language, the Latvian version shall be the prevailing and legally binding version.
4. Purpose of processing and categories of personal data processed
4.1. Purpose – Client / Patient Identification
Identification data – name, surname, personal identification number (if no personal identification number, date of birth, place of birth), identity document
Contact – phone, email, place of residence
Other personal data (in certain cases) – basis of representation, gender, language of communication, profession, etc.
4.2. Purpose – To make and record an appointment/visit
Identification data – name, surname, personal identification number (if no personal identification number, date of birth, place of birth), identity document
Contact – phone, email, place of residence
Health insurance policy details
Other personal data (in certain cases) basis of representation, gender, language of communication, profession, etc.
Data indicating the need for an eye test, complaints, diagnosis, grounds for examination, results
Details of reminders to have an eye test, including voice recording, data on the need for a sight test
Data of performed/cancelled routine (location, time, specialist, wheelchair access required in exceptional cases).
4.3. Purpose – processing, execution of medical service, ordering, fitting, dispensing of spectacles and other vision corrective devices, guarantees, claims
Identification data – name, surname, personal identification number (if no personal identification number, date of birth, place of birth), identity document
Contact – phone, email, place of residence
Health data i.e. vision test data, complaints, diagnosis, reasons for the test, results, prescription for spectacles, prescription for contact lenses;
Details of reminders to have an eye test, including voice in case of a call for sight test
Payment details – (invoice/receipt No, bank, account No, card No, amount payable, insurance policy details and amount covered, information on sending data to the SRS)
Loyalty programme details
Warranty data – terms, duration, type of guarantee
4.4. Purpose – To legislate on the presentation, storage and use of patient medical records
Identification data – name, surname, personal identification number (if no personal identification number, date of birth, place of birth), identity document
Contact – phone, email, place of residence
Health data i.e. vision test data, complaints, diagnosis, results, prescription data for spectacles, prescription data for contact lenses;
4.5. Purpose – Provision of medical services
Identification data – Name, surname, personal identification number (if no personal identification number, date of birth, place of birth), identity document
Contact – phone, email, place of residence, place of work;
Health data
Payment details – (invoice/receipt No, bank, account No, card No, amount payable, insurance policy details and amount covered)
Data on the person’s reduced mobility (in exceptional cases)
4.6. Purpose – Organisation, administration, dispatch of in-store and webshop purchases
Identification data – name, surname, personal identification number (if no personal identification number, date of birth, place of birth), identity document
Contact – Telephone, email, place of residence, delivery address
Payment details – (invoice/receipt No, bank, account No, card No, amount payable, insurance policy details and amount covered, information on sending data to the SRS)
Contact details – data on notifications to Customers/Patients that an order is ready, etc.
Data required for ordering and fitting spectacles, contact lenses and hearing aids
Creditworthiness check for hire purchase
Purchase history
4.7. Purpose – Monitoring the quality of services provided / goods sold, Customer / Patient satisfaction
Customer / Patient complaints, feedback and evaluation – summary, analysis, solutions
Guarantees, analysis of their use
Customer / Patient surveys
Communication with customers/patients in this context
4.8. Keeping accounts, making declarations and notifications, providing information to the authorities on payments received
Identification data – Name, surname, personal identification number
Contact – phone, email
Payment details – (invoice/receipt No, bank, account No, card No, amount due, insurance policy details and amount covered), outstanding balance;
Services received (used) / goods purchased
4.9. Purpose – Reminder of the need for an eye test
Identification data – Name, surname
Contact – Telephone, email
Date of previous sight test and/or purchase of vision correction
4.10. Purpose – To maintain the Loyalty Programme
Identification data – Name, surname, loyalty No.
Contact – phone, email
Consent data – data on consent or non-consent to receive marketing communications
4.11. Purpose – Sending marketing communications
Identification data – Name, surname
Contact – phone, email
Consent data – data on consent to receive marketing communications
4.12. Purpose – Maintenance and operation of websites
Consent to relevant types of cookies
Visit information, habits
Profile, user name, profile history, purchase history, payment details in the online shop
4.13 Purpose – Billing, email hosting, use of courier and postal services, use of call centre services, etc., i.e. attracting business partners
Identification data – Name, surname
Contact – Telephone, email, delivery address
Correspondence data
Voice recording data
4.14. Video surveillance data, from stores under video surveillance
4.15. Photos and images from OC VISION public events
5. Legal basis for data processing
5.1 Consent of the Client / Patient (Article 6(1)(a) of the General Data Protection Regulation) – The Client / Patient, as the data subject, gives consent to the collection and processing of personal data for specified purposes. Customer / Patient consent to participate in a loyalty program, for direct marketing purposes, to make new and personalized offers based on the analysis of their purchase history or expressed preferences. The Client’s / Patient’s consent is his free will and independent decision, which may be given at any time, thus allowing OC VISION to process personal data for the purposes set out. The Client’s / Patient’s consent is binding on him/her if it is given orally and recorded in OC VISION’s systems, in writing or electronically, for example by completing a consent to participate in a loyalty programme or by sending an electronic request after the Client’s / Patient’s identification. The Client’s / Patient’s consent may also be given by implicit actions, e.g. the Client / Patient inserts his/her own data into the OC VISION systems, sends and transmits data to OC VISION himself/herself. If the Customer/Patient has given his/her consent to OC VISION to process his/her data, the Customer/Patient is deemed to have given his/her consent to the processing of his/her data within the OC VISION Group, also in the context of OC VISION’s representative brands. The Client / Patient has the right to be informed about the processing of his/her data at any time and has the right to withdraw his/her previously given consent at any time through the indicated communication channels with OC VISION. The notified changes will take effect within three working days. The withdrawal of consent shall not affect the lawfulness of processing based on consent prior to the withdrawal. OC VISION, for reasons of data minimisation and resource economy, has the right not to store the written consents provided by Clients / Patients for a long period of time.
5.2.Conclusion and performance of the contract (Article 6(1)(b) of the General Data Protection Regulation) – in order for OC VISION to conclude and perform the contract with the Client/Patient, to provide quality services and to serve the Client/Patient, it must collect and process certain personal data that is collected before entering into a contract with OC VISION or during a contract already concluded, when providing a service, selling a product. In cases where the Customer / Patient has opted to receive the purchased goods via postal or courier service, OC VISION shall be entitled to transfer the Customer’s patient delivery data and contact details to the postal / courier service provider.
5.3.OC VISION’s legitimate interests (Article 6(1)(f) of the General Data Protection Regulation) – OC VISION has the right to process the Client’s/Patient’s personal data to the extent objectively necessary in accordance with OC VISION’s interests, which are based on providing quality services and timely support to the Client/Patient, as well as protecting its property. The processing of personal data for the purposes of internal administrative processes (registration of purchase/order, follow-up, complaint handling, after-sales follow-up and related services, etc.) is also considered to be a legitimate interest. OC VISION’s legitimate interests include the processing of personal data through direct marketing resulting in new and/or individual offers of OC VISION products and services to the Customer/Patient, the creation of internal customer/patient databases, video surveillance in several stores, etc. Given that OC VISION has several group companies and brands that it represents, within the OC VISION group, companies are entitled to transfer personal data between themselves to other group companies for internal administrative purposes, as well as to offer all customers/patients of the OC VISION group their services and products, provided that they have consented to receive such communications. The above activities are attributable to the legitimate interest of OC VISION. Reminders about the need for an eye examination, a visit to a specialist, communications about orders placed, etc. are not considered to be direct marketing communications.
5.4.Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation) – OC VISION is entitled to process personal data in order to comply with the requirements of laws and regulations, for example, to submit necessary reports and declarations, etc., as well as to respond to lawful requests of the state and local government.
5.5 Protection of vital interests (Article 6(1)(d) of the General Data Protection Regulation and Article 5(5) of the Patients’ Rights Act) – OC VISION is entitled to process personal data in order to protect the vital interests of the Client/Patient or another natural person, e.g., if the processing is necessary for humanitarian purposes, for the monitoring of natural and man-made disasters, in particular epidemics and their spread, or in humanitarian emergencies (acts of terrorism, technogenic disasters, etc.). It is also in the vital interest of the Client/Patient to be reminded in good time of the need for regular eye examinations, and it is the duty of the optometrist, ophthalmologist as a medical practitioner to implement such reminders as part of the follow-up treatment.
5.6 Exercise of official authority or public interest (Article 6(1)(e) of the General Data Protection Regulation) – OC VISION is entitled to process data for the performance of a task carried out in the public interest or in the exercise of official authority vested by law in OC VISION. In such cases, the basis for the processing of personal data is included in the laws and regulations.
6. Client’s / Patient’s rights as a data subject
The Client / Patient has rights regarding the processing of his/her data classified as personal data under applicable laws and regulations. In general, the rights are the following:
6.1. Receive information about the processing of your personal data, access your personal data;
6.2. Request rectification of your personal data if it is inadequate, incomplete or incorrect;
6.3. Object to the processing of your personal data;
6.4. Request the erasure of your personal data, for example, where personal data is processed on the basis of consent and the Customer/Patient has withdrawn their consent. This right does not apply if the personal data whose erasure is requested is also processed on the basis of another legal basis, such as a contract or obligations arising from relevant laws and regulations, or if its retention is required by applicable laws and regulations.
6.5. Restrict the processing of their personal data in accordance with applicable laws and regulations, for example, while OC VISION is assessing whether the Client/Patient has the right to have their data erased.
6.6. To receive their personal data provided by the Client/Patient to OC VISION and processed on the basis of consent and contractual performance in written form or in one of the commonly used electronic formats and, where possible, to transfer such data to another service provider (data portability).
6.7. Withdraw your consent to the processing of your personal data.
6.8. Not to be subject to fully automated decision-making, including profiling, where such decision-making has legal consequences or similarly significantly affects the Client/Patient.
6.9. Submit complaints about the use of personal data to the Data Inspectorate (www.dvi.gov.lv) if the Client / Patient believes that the processing of his/her personal data violates his/her rights and interests in accordance with the applicable laws and regulations.
7. Responsibilities of the Client / Patient
7.1. The Client / Patient is not entitled to transfer his/her access data to OC VISION systems to other persons, Each Client / Patient is responsible for any access to OC VISION systems with his/her access data.
7.2. Each Client / Patient is responsible for the accuracy of the data provided to OC VISION. In the event of a change in the Client’s / Patient’s personal data, it is the Client’s / Patient’s responsibility to notify OC VISION.
7.3. In cases when the Client / Patient visits OC VISION medical specialist, the Client / Patient is obliged to present a valid identity document, which in the Republic of Latvia is a passport or identity card (ID card), in cases when the Client / Patient wishes to use the insurance policy, any discounts, the Client / Patient must present the relevant document. The insurance policy may only be used by the person in whose name the policy is issued.
7.4. In cases where the Client/Patient has logged into the OC VISION system (portal), the Client/Patient is responsible for logging out/terminating the work session from the OC VISION system (portal) when the work is completed.
8. Profiling of Customer/Patient Personal Data as Data Processing
8.1. Profiling is any type of automated processing of personal data manifested as the use of personal data for the purposes of assessing certain personal aspects related to a natural person, especially in order to analyse or predict aspects in relation to the personal wishes, interests, loyalty, behaviour, location or movement of the said natural person;
8.2. OC VISION may carry out profiling when processing the Client’s / Patient’s personal data, but this will not have legal consequences for the Client / Patient. The Client / Patient has the right at any time to object to an automated decision and not to be the subject of such a decision.
8.3. Direct marketing and basis for sending commercial communications to the Customer: if the Customer/Patient has ever given his/her freely given consent and has not withdrawn it, OC VISION carries out direct marketing by sending commercial communications to the Customer so that the Customer/Patient is always informed about new, modern and/or tailor-made products, services, as well as special contractual terms (e.g. discounts). The Client / Patient has the right to unsubscribe from receiving commercial communications at any time and free of charge by informing OC VISION.
9. Cookies
9.1. Cookies are small text files that are created and stored on the Client’s / Patient’s device (computer, tablet, mobile phone, etc.) when visiting OC VISION websites. Cookies “remember” the user’s experience and basic information and thus improve the user-friendliness of the OC VISION websites.
9.2. By using the cookies, common habits of users and history of using the website are processed, problems and shortcomings of website operation are diagnosed, statistics of user habits are gathered, as well as full and convenient use of the functionality of the website is ensured.
9.3. If the Client / Patient does not wish to allow the use of cookies or any form of cookies, the Client / Patient may do so in their browser settings, however in this case the use of the website may be significantly disrupted and impeded. Deletion of the saved cookies is possible by using the settings section of the browser on the device and deleting the history of saved cookies.
9.4. The sites maintained by OC VISION use necessary, statistical and marketing.
10. Retention Period
Personal data will only be processed for as long as is necessary for the purpose of the processing, for example:
- the data are necessary for the purpose for which they were collected;
- for as long as the contract with you is in force or the service is being provided;
- pending full consideration and/or implementation of the application;
- until OC VISION or the Client/Patient can exercise their legitimate interests in accordance with the procedures established by law;
- as long as OC VISION is legally bound to keep the data;
- as long as the Client’s / Patient’s consent to the processing of personal data is valid, unless there are other legal grounds for the processing;
The retention period may be justified by OC VISION’s legitimate interests or applicable laws and regulations (e.g. accounting laws, the Law on Money Laundering and the Prevention of the Financing of Terrorism and Proliferation, the Civil Code, etc.), the need to complete legal proceedings, etc.
The Client / Patient can find out more about the retention periods for personal data by contacting us at the email address provided in this Policy.
The Client’s / Patient’s consent to be a member of the loyalty programme and/or consent to receive direct marketing offers shall be retained by OC VISION for the duration of the loyalty programme and/or for 3 (three) years.
11. Collection Types of Personal Data
OC VISION obtains the Client’s / Patient’s personal data when the Client / Patient:
11.1. make an appointment with a specialist;
11.2. take a vision test
11.3. create a customer profile on the OC VISION website, enter your personal data;
11.4. purchase and use OC VISION products or services, including any warranties offered by OC VISION;
11.5. sign up for a loyalty programme and/or sign up for newsletters or other services from OC VISION;
11.6. ask OC VISION for more information about the product or service purchased by the Customer/Patient;
11.7. contact OC VISION with a complaint or request for information;
11.8. Expresses objections, requests guarantees for the product sold or service provided by OC VISION;
11.9. participate in competitions, lotteries, surveys, give feedback/evaluation on goods purchased, services received;
11.10. visit or browse OC VISION’s websites, take actions on them;
11.11. is filmed by OC VISION video surveillance equipment in OC VISION stores;
11.12. being filmed and photographed, interviewed at OC VISION public events, etc.
12. Customer’s Data Protection
12.1 OC VISION shall ensure, continuously review and improve the security measures to protect the Client’s / Patient’s personal data from unauthorised access, accidental loss, disclosure or destruction. To ensure this, OC VISION shall apply modern technology, technical and organisational requirements, including the use of firewalls, intrusion detection, analysis software and data encryption.
12.2. OC VISION carefully checks all service providers that process the Client’s / Patient’s personal data on behalf of and on behalf of OC VISION, as well as assesses whether the cooperation partners (personal data processors) apply appropriate security measures to ensure that the processing of the Client’s / Patient’s personal data is carried out in accordance with OC VISION’s delegation and the requirements of regulatory enactments. The Affiliates are not allowed to process the Client’s/Patient’s personal data for their own purposes.
12.3. OC VISION shall not be liable for any unauthorised access to and/or loss of personal data where this is beyond the control of OC VISION, for example due to the fault and/or negligence of the Client/Patient.
12.4. If the Client/Patient visits an OC VISION website, the processing of his/her data (e.g. IP address) is initiated; if the Client/Patient continues to visit the website, the processing continues; if Facebook, Instagram or other links are clicked, the data processing of the Client/Patient is initiated by the operators of the respective website, such as Facebook, Instagram, etc., and they will access the Client/Patient’s data in accordance with their terms, which we recommend you consult on the respective service provider’s website. OC VISION is not responsible for the processing of personal data by other service providers.
13. Territory of Processing
13.1 Personal data is generally processed within the European Union/European Economic Area (EU/EEA), but may in some cases be transferred to and processed in countries outside the EU/EEA.
13.2 The transfer and processing of Personal Data outside the EU/EEA may take place where there is a lawful basis for doing so, namely to comply with a legal obligation, to enter into or perform a contract, or in accordance with the consent of the Client/Patient, and appropriate safeguards have been put in place. Adequate security measures shall be, for example:
— An agreement has been entered into, including EU standard contractual clauses or other approved provisions, a code of conduct, certification, etc., approved in accordance with the General Data Protection Regulation;
— In the country outside EU/EEA, where the recipient is located, sufficient data protection level is provided in accordance with the decision of the EU Commission;
13.3 Upon request, the Client / Patient may obtain further information on the transfer of personal data to countries outside the EU/EEA.
14. Contact Information
14.1 The Client / Patient may contact OC VISION about this Privacy Policy, about its application, about issues related to the processing of his/her personal data, about withdrawal of consent, about requests, about the exercise of data subjects’ rights and complaints about the processing of personal data.
14.2. OC VISION’s contact details are available at www.ocvision.eu in the contact section.
14.3. OC VISION Data Protection Officer contact details: gdpr@ocvision.eu or Elijas iela 17 – 4, Rīga, LV – 1050 marked “Data Protection Officer”.
