Updated on April 30, 2025
Clients / Patients are our greatest value, therefore OC VISON as a responsible company complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – also known as the General Data Protection Regulation.
This privacy policy, hereinafter referred to as the Policy, describes the procedure in which SIA OC VISION, registration No. 40003105710, Elijas iela 17 – 4, Riga, LV – 1050, hereinafter referred to as OC VISION, processes personal data.
The term OC VISION also includes the companies of the OC VISION group – SIA “VISION EXPRESS BALTIJA”, registration No. 40003047732, Elijas iela 17 – 4, Riga, LV – 1050, as well as SIA “Optometrijas serviss”, registration No. 40103100298, Elijas iela 17 – 4, Riga, LV – 1050, as well as the brands OptiO, Vision Express, VIZIONETTE, Lornete, Dr.Lensor, Opptica, Diviniti, websites www.ocvision.eu, www.optio.lv, www.visionexpress.lv, www.vizionette.lv, www.lornete.lv, www.lensor.eu, www.opptica.eu, www.diviniti.eu, www.redzesparbaude.lv, www.dzirdesparbaude.lv.
This Policy is applicable if the Client / Patient uses, has used or has expressed a desire to use the services provided by OC VISION, or is otherwise related to the services provided by OC VISION, including in relationships with the Client / Patient established before the entry into force of this Policy.
This Policy is also applicable in cases where a person has approached us with a request to provide medical services. In such cases, the person, in accordance with the legal framework, is referred to as the “Patient”. This Policy applies both to cases where a natural person is a Client and to cases where a natural person is a Patient.
1. Definitions
Processing – is any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Controller – OC VISION, actual address for the provision of services: both the Controller’s registered office and the Controller’s stores, the list of which is available at www.ocvision.eu and is updated as soon as a new store is opened, OC VISION online stores and, in exceptional cases, mobile sales outlets.
Customer / Patient – any natural person who uses, has used, or has expressed a desire to use any services provided by the company, goods for sale or is in any other way related to them;
Personal data – any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as the name, surname, personal identification number, telephone number, email address, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Applicable Law
2.1. Regulation No. 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (April 27, 2016).
2.2. Law on the Processing of Personal Data.
2.3. Medical Treatment Law.
2.4. Patients’ Rights Law.
2.5. Consumer Rights Protection Law.
2.6. Regulations on Distance Contracts.
2.7. Advertising Law, etc.
3. General Provisions
3.1. This Policy provides general information on how OC VISION processes personal data. More detailed information on the processing of personal data is provided to Clients/Patients in response to requests, by informing them personally, or is included in contracts and other documents related to OC VISION services, as well as on websites specified by OC VISION.
3.2. OC VISION, within the framework of applicable laws and regulations, ensures the confidentiality of personal data and has implemented appropriate technical and organizational measures to protect personal data from unauthorized access, unlawful processing or disclosure, accidental loss, alteration or destruction.
3.3. OC VISION may use personal data processors at its discretion to process personal data. In such cases, OC VISION takes the necessary measures to ensure that such personal data processors process personal data in accordance with OC VISION’s instructions, ensuring an appropriate level of security, as well as in accordance with applicable laws and regulations. You can find out which processors OC VISION cooperates with by contacting us at the email address specified in this policy.
3.4. If OC VISION updates this Policy, the current version of the Policy will be published on OC VISION’s websites, while previous versions of the Policy can be found by contacting us at the email address specified in this policy.
3.5. In order to provide the Client / Patient with better and more suitable products and services, as well as to ensure, maintain, protect and improve existing products and services, OC VISION processes data collected from the provision of services.
3.6. To remind the Client / Patient of the need to undergo an eye examination, OC VISION may contact the Client / Patient using the contact information provided by him / her.
4. Purpose of personal data processing and categories of personal data to be processed
4.1. Purpose – Identification of the Client / Patient
Identification data – name, surname, personal identification number (if there is no personal identification number, then date of birth, place), personal identification document data
Contact information – telephone, e-mail, place of residence
Other personal data (in some cases) – basis of representation, gender, language of communication, profession, etc.
4.2. Purpose – Registration and registration of an appointment / visit
Identification data – name, surname, personal identification number (if there is no personal identification number, then date of birth, place), personal identification document data
Contact information – telephone, e-mail, place of residence
Health insurance policy data
Other personal data (in some cases) basis of representation, gender, language of communication, profession, etc.
Data indicating the need to perform an eye examination, complaints, diagnosis, justification for the examination, results
Reminder data on the need to perform an eye examination, including voice recording, data on the need to perform an eye examination
Data on the performed / canceled routine (place, time, specialist, in exceptional cases, the need to access with a wheelchair).
4.3. Purpose – registration, execution of the provision of medical services, provision of glasses, etc. ordering, adjusting, issuing vision correction tools, guarantees, claims
Identification data – name, surname, personal identification number (if there is no personal identification number, then date of birth, place), personal identification document data
Contact information – telephone, e-mail, place of residence
Health data, i.e. vision test data, complaints, diagnosis, examination justification, results, prescription for purchasing glasses, prescription for purchasing contact lenses;
Reminder data about the need to perform a vision test, including voicemail, if a call was made about the need to perform a vision test
Payment data – (invoice / receipt No., bank, account No., card No., amount payable, insurance policy data and the amount covered, information about sending data to the SRS)
Loyalty program data
Warranty data – terms, term, type of guarantee
4.4. Purpose – Preparation, storage and use of the patient’s medical documentation as prescribed by law
Identification data – name, surname, personal identification number (if there is no personal identification number, then date of birth, place), personal identification document data
Contact information – telephone, e-mail, place of residence
Health data i.e. vision test data, complaints, diagnosis, results, prescription data for purchasing glasses, prescription data for purchasing contact lenses;
4.5. Purpose – Provision of medical services
Identification data – name, surname, personal identification number (if there is no personal identification number, then date of birth, place), personal identification document data;
Contact information – telephone, e-mail, place of residence, place of work;
Health data
Payment data – (invoice / receipt No., bank, account No., card No., amount payable, insurance policy data and amount covered)
Data on the person’s limited ability to move (in exceptional cases)
4.6. Purpose – Organization, administration, shipping of purchases in the store and online store
Identification data – name, surname, personal identification number (if there is no personal identification number, then date of birth, place), personal identification document data
Contact information – telephone, e-mail, place of residence, delivery address
Payment data – (invoice / receipt number, bank, account number, card number, amount payable, insurance policy data and amount covered, information about sending data to the SRS)
Contact data – data about notifications to Customers / Patients that the order is ready, etc.
Data required for ordering and adjusting glasses, contact lenses and hearing aids
Credit check in case of installment purchase
Purchase history
4.7. Purpose – Quality control of services provided / goods sold, monitoring of customer / patient satisfaction
Customer / patient complaints, feedback and evaluation – their summary, analysis, solutions
Guarantees, analysis of their use
Customer / patient surveys
Communication with customers / patients in this regard
4.8. Handling accounting files, providing declarations and notifications, information on payments received to institutions
Identification data – name, surname, personal identification number
Contact information – telephone, e-mail
Payment data – (invoice / receipt No., bank, account No., card No., amount payable, insurance policy data and amount covered), balance of outstanding liabilities;
Received (used) services / purchased goods
4.9. Purpose – Reminder about the need to perform an eye test
Identification data – name, surname
Contact information – phone number, email
Date of previous eye test and/or purchase of vision correction devices
4.10. Purpose – Loyalty program maintenance
Identification data – name, surname, assigned loyalty number
Contact information – phone number, email
Consent data – data on consent or non-consent to receive marketing communications
4.11. Purpose – Sending marketing communications
Identification data – name, surname
Contact information – phone number, email
Consent data – data on consent to receive marketing communications
4.12. Purpose – Website maintenance and operation
Consent to relevant types of cookies
Visit information, habits
Profile, username, profile history, purchase history, payment data in the online store
4.13. Purpose – Payment processing, email hosting, use of courier and postal services, use of call center services, etc., i.e. attracting cooperation partners
Identification data – name, surname
Contact information – telephone, email, delivery address
Correspondence data
Voice recording data
4.14. Video surveillance data from stores where video surveillance is carried out
4.15. Photos and images from public OC VISION events
5. Legal Basis for Data Processing
5.1. Customer / Patient consent (Article 6(1)(a) of the General Data Protection Regulation) – The Customer / Patient, as the subject of personal data, gives his/her consent to the collection and processing of personal data for certain purposes. Customer / Patient consent to participate in the loyalty program, for direct marketing purposes, to express new and individual offers based on the analysis of his/her purchase history or expressed wishes. Customer / Patient consent is his/her free will and independent decision, which can be given at any time, thus allowing OC VISION to process personal data for the specified purposes. Customer / Patient consent is binding if it is given orally and is noted in OC VISION systems, in writing or electronically, for example, by filling out the consent to participate in the loyalty program or by sending an electronic request after identifying the Customer / Patient. The consent of the Client / Patient may also be given by implicit actions, for example, the Client / Patient himself enters his data into the OC VISION systems, sends and transfers the data to OC VISION himself. If the Client / Patient has given his consent to OC VISION to process his data, it is considered that the Client / Patient has given his consent to process his data within the OC VISION group, also in the context of the brands represented by OC VISION. The Client / Patient has the right to receive information about the processing of his data at any time and has the right to withdraw his previously given consent at any time, using the specified communication channels with OC VISION. The notified changes will enter into force within three business days. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. OC VISION, for the purposes of data minimization and resource saving, has the right not to store the written consents of the Client / Patient for a long time.
5.2. Conclusion and execution of the contract (Article 6, paragraph 1, point b) of the General Data Protection Regulation) – in order for OC VISION to be able to conclude and execute the contract with the Client/Patient, providing quality services and serving the Client/Patient, it must collect and process certain personal data that are obtained before concluding the contract with OC VISION or during the contract already concluded, providing the service, selling the product. In cases where the Client/Patient has chosen to receive the purchased product using a postal or courier service, OC VISION is entitled to transfer the delivery data and contact information of the Client’s patients to the postal/courier service provider.
5.3. Legitimate interests of OC VISION (Article 6, paragraph 1, point f) of the General Data Protection Regulation) – taking into account the interests of OC VISION, which are based on the provision of quality services and timely support to the Client/Patient, as well as the protection of its property, OC VISION has the right to process the personal data of the Client/Patient to the extent that it objectively needs. Legitimate interests also include the processing of personal data for the purposes of internal administrative processes (purchase/order registration, performance monitoring, complaint handling, after-sales monitoring and related services, etc.). OC VISION’s legitimate interests include the processing of personal data for direct marketing purposes, as a result of which new and/or individual offers of OC VISION products and services are made to the Customer/Patient, the creation of internal customer/patient databases, video surveillance in several stores, etc. Given that OC VISION has several group companies and the brands it represents, within the OC VISION group, the companies are entitled to mutually transfer personal data to other group companies for internal administrative purposes, as well as to offer all OC VISION group customers/patients their services and goods, provided that they have agreed to receive such notifications. The above-mentioned activities are attributable to OC VISION’s legitimate interest. Reminders about the need to have an eye examination, a visit to a specialist, as well as communication about orders placed, etc. are not considered direct marketing communications.
5.4. Compliance with legal obligations (Article 6(1)(c) of the General Data Protection Regulation) – OC VISION is entitled to process personal data to comply with regulatory requirements, for example, to submit necessary reports and declarations, etc., as well as to respond to lawful requests from the state and local government.
5.5. Protection of vital interests (Article 6(1)(d) of the General Data Protection Regulation and Article 5(5) of the Patients’ Rights Law) – OC VISION is entitled to process personal data to protect the vital interests of the Client/Patient or another natural person, e.g. if processing is necessary for humanitarian purposes, for monitoring natural and man-made disasters, in particular epidemics and their spread, or in exceptional humanitarian situations (acts of terrorism, man-made disasters, etc.). Likewise, it is the vital interest of the Client/Patient to receive a timely reminder of the need to perform a regular eye examination, while the optometrist, ophthalmologist as a medical professional is obliged to implement such a reminder, as it is part of the ongoing treatment.
5.6. Execution of official authority or public interest (Article 6(1)(e) of the General Data Protection Regulation) – OC VISION is entitled to process data in order to perform a task carried out in the public interest or in the exercise of official authority legally granted to OC VISION. In such cases, the basis for processing personal data is included in regulatory enactments.
6. Rights of the Client / Patient as a data subject
The Client / Patient has rights regarding the processing of their data, which are classified as personal data in accordance with applicable laws and regulations. These rights are generally as follows:
6.1. To receive information about the processing of their personal data, to access their personal data;
6.2. To request the correction of their personal data if they are inadequate, incomplete or incorrect;
6.3. To object to the processing of their personal data;
6.4. To request the deletion of their personal data, for example, if the personal data is processed on the basis of consent and the Client / Patient has withdrawn his/her consent. These rights do not apply if the personal data, the deletion of which is requested, is also processed on the basis of another legal basis, for example, a contract or obligations arising from relevant laws and regulations, or their retention is determined by the requirements of applicable laws and regulations.
6.5. To restrict the processing of your personal data in accordance with applicable laws and regulations, for example, while OC VISION is assessing whether the Client/Patient has the right to erasure of their data.
6.6. To receive your personal data, which the Client/Patient has provided to OC VISION and which are processed on the basis of consent and contract performance, in written form or in one of the most commonly used electronic formats and, if possible, to transfer such data to another service provider (data portability).
6.7. To withdraw your consent to the processing of your personal data.
6.8. Not to be subject to fully automated decision-making, including profiling, if such decision-making has legal consequences or similarly significantly affects the Client/Patient.
6.9. To submit complaints about the use of personal data to the Data State Inspectorate (www.dvi.gov.lv), if the Client/Patient believes that the processing of his/her personal data violates his/her rights and interests in accordance with applicable laws and regulations.
7. Client / Patient Responsibilities
7.1. The Client / Patient does not have the right to transfer his/her access data to OC VISION systems to other persons, Each Client / Patient is responsible for any access to OC VISION systems with his/her access data.
7.2. Each Client / Patient is responsible for the accuracy of his/her data submitted to OC VISION. In cases where the Client / Patient’s personal data changes, the Client / Patient is obliged to notify OC VISION of this.
7.3. In cases where the Client / Patient visits an OC VISION medical specialist, the Client / Patient is obliged to present a valid personal identification document, which in the Republic of Latvia is a passport or identity card (ID card), in cases where the Client / Patient wants to use the insurance policy, any discounts, the Client / Patient must present a relevant document. The insurance policy may be used only by the person in whose name the policy is issued.
7.4. In cases where the Client / Patient is logged in to the OC VISION system (portal), the Client / Patient is responsible for logging out / terminating the work session from the OC VISION system (portal) when the work is completed.
8. Profiling of Client / Patient personal data as data processing
8.1. Profiling is any type of automated processing of personal data, which consists in the use of personal data for the purpose of evaluating certain personal aspects related to a natural person, in particular to analyze or predict aspects related to the personal preferences, interests, reliability, behavior, location or movement of that natural person;
8.2. When processing the Client / Patient’s personal data, OC VISION may perform profiling, but this will not have any legal consequences for the Client / Patient. The Client / Patient has the right to object to the adoption of an automated decision at any time and not to be the subject of such a decision.
8.3. Direct marketing and grounds for sending commercial communications to the Client: If the Client/Patient has ever given his/her freely given consent and has not withdrawn it, OC VISION carries out direct marketing by distributing commercial communications to the Client so that the Client/Patient is always informed about new, modern and/or specifically created products, services, as well as special contractual terms (e.g. discounts). The Client/Patient has the right to refuse to receive commercial communications at any time and free of charge by informing OC VISION thereof.
9. Cookies
9.1. Cookies are small text files that are created and stored on the Client’s / Patient’s device (computer, tablet, mobile phone, etc.) when visiting OC VISION websites. Cookies “remember” the user’s experience and basic information and thus improve the ease of use of OC VISION websites.
9.2. By using cookies, general user habits and website usage history are processed, problems and shortcomings in the website’s operation are diagnosed, user behavior statistics are collected, and full and convenient use of the website’s functionality is ensured.
9.3. If the Client / Patient does not want to allow the use of cookies or any of their types, the Client / Patient can do so in their browser settings, however, in such a case, the use of the website may be significantly disrupted and made more difficult. Deleting saved cookies is possible in the browser settings section of their device by deleting the saved cookie history.
9.4. Websites maintained by OC VISION use cookies for necessary, statistical and marketing purposes.
10. Retention Period
Personal data will be processed only for as long as necessary to fulfill the purpose of the processing, for example:
- the data is necessary for the purpose for which it was collected;
- while the contract concluded with you is valid or the service is provided;
- while the application is fully reviewed and/or fulfilled;
- while OC VISION or the Client / Patient can realize their legitimate interests in accordance with the procedure established by law;
- while OC VISION has a binding legal obligation to store the data;
- while the Client / Patient’s consent to the relevant processing of personal data is valid, if there are no other legal grounds for data processing;
The retention period may be justified by OC VISION’s legitimate interests or applicable regulatory enactments (for example, legal acts on accounting, the Law on the Prevention of Money Laundering and Financing of Terrorism and Proliferation, the Civil Law, etc.), the need to complete the legal process, etc.
The Client / Patient can find out more about the terms of storage of personal data by contacting us by writing to the e-mail address specified in this policy.
OC VISION stores the Client / Patient’s consent to be a member of the loyalty program and / or consent to receive direct marketing offers for the entire period of validity of the loyalty program and / or 3 (three) years.
11. Collection Types of Personal Data
OC VISION obtains the Client / Patient’s personal data when the Client / Patient:
11.1. makes an appointment with a specialist;
11.2. has an eye examination;
11.3. creates his/her client profile on the OC VISION website, enters his/her personal data into it;
11.4. purchases and uses OC VISION products or services, including the guarantees offered by OC VISION;
11.5. applies for the loyalty program and / or signs up to receive news or other services from OC VISION;
11.6. asks OC VISION for more information about the product or service purchased by the Client / Patient;
11.7. contacts OC VISION in connection with a complaint or request for information;
11.8. expresses objections, requests guarantees for the product sold by OC VISION, the service provided;
11.9. participates in competitions, lotteries, surveys, provides feedback / evaluation of the purchased products, the service received;
11.10. visits or browses OC VISION websites, performs actions on them;
11.11. is filmed with OC VISION video surveillance equipment in OC VISION stores;
11.12. is filmed and photographed, interviewed at OC VISION public events, etc.
12. Customer’s Data Protection
12.1. OC VISION ensures, constantly reviews and improves security measures to protect the Client/Patient’s personal data from unauthorized access, accidental loss, disclosure or destruction. To ensure this, OC VISION uses modern technologies, technical and organizational requirements, including using firewalls, intrusion detection, analysis software and data encryption.
12.2. OC VISION carefully checks all service providers that process the Client/Patient’s personal data on behalf of and on behalf of OC VISION, as well as assesses whether cooperation partners (personal data processors) apply appropriate security measures so that the processing of the Client/Patient’s personal data is carried out in accordance with OC VISION’s delegation and the requirements of regulatory enactments. Cooperation partners are not allowed to process the Client/Patient’s personal data for their own purposes.
12.3. OC VISION does not assume responsibility for any unauthorized access to personal data and/or loss of personal data, if this does not depend on OC VISION, for example, due to the fault and/or negligence of the Client/Patient.
12.4. If the Client/Patient visits any OC VISION website, the processing of his/her data (e.g. IP address) is initiated; while continuing to visit the website, the data processing will continue; when clicking on Facebook, Instagram or other links, at the moment of clicking them, the operators of the relevant website, such as Facebook, Instagram, etc., will initiate the processing of the Client/Patient’s data, and will access the Client/Patient’s data, in accordance with their own rules, which we recommend that you familiarize yourself with on the website of the relevant service provider. OC VISION does not assume responsibility for how personal data is processed by other service providers.
13. Territory of Processing
13.1 Personal data is usually processed in the European Union/European Economic Area (EU/EEA), however, in some cases they may be transferred and processed in countries that are not part of the EU/EEA.
13.2 The transfer and processing of personal data outside the EU/EEA may take place if there is a legal basis for this, namely to comply with a legal obligation, to enter into or perform a contract, or in accordance with the consent of the Client/Patient, and appropriate security measures have been taken. Appropriate security measures are, for example:
– An agreement has been concluded, including EU standard contractual clauses or other approved terms, codes of conduct, certifications, etc., which have been approved in accordance with the General Data Protection Regulation;
– The non-EU/EEA country in which the recipient is located ensures an adequate level of data protection in accordance with a decision of the EU Commission;
13.3 Upon request, the Client/Patient can receive more detailed information on the transfer of personal data to countries outside the EU/EEA.
14. Contact Information
14.1 The Client / Patient may contact OC VISION regarding this privacy policy, its application, issues related to the processing of his/her personal data, withdrawal of consent, requests, exercise of data subjects’ rights and complaints regarding the processing of personal data.
14.2. OC VISION’s contact information is available on the website: www.ocvision.eu in the contacts section.
14.3. OC VISION Data Protection Officer’s contact information: gdpr@ocvision.eu or Elijas iela 17 – 4, Riga, LV – 1050 with the note “Data Protection Officer”.
