Updated on January 16, 2024
Customers are our greatest asset, therefore OC VISON as a responsible company complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data – also known as the General Data Protection Regulation.
This privacy policy, hereinafter referred to as the Policy, describes the procedure in which SIA OC VISION, registration No. 40003105710, Elijas iela 17 – 4, Riga, LV – 1050, hereinafter referred to as OC VISION, processes personal data.
The term OC VISION also includes OC VISION group companies – SIA “VISION EXPRESS BALTIJA”, registration No. 40003047732, Elijas iela 17 – 4, Riga, LV – 1050, as well as SIA “Optometrijas serviss”, registration No. 40103100298, Elijas iela 17 – 4, Riga, LV – 1050, as well as the brands OptiO, Vision Express, VIZIONETTE, Lornete, Dr.Lensor, Opptica, Diviniti, websites www.ocvision.eu, www.optio.lv, www.visionexpress.lv, www.vizionette.lv, www.lornete.lv, www.lensor.eu, www.opptica.eu, www.diviniti.eu, www.redzesparbaude.lv, www.dzirdesparbaude.lv.
This Policy is applicable if the Client uses, has used or has expressed a desire to use the services provided by OC VISION, or is otherwise related to the services provided by OC VISION, including in relations with the Client established before the entry into force of this Policy.
1. Definitions
Processing — is any action or an aggregate of actions performed with personal data or sets of personal data by automated means or without automated means, for example, data collection, registration, organisation, structuring, storage, adjustment or manipulation, restoring, viewing, use, disclosure by sending, distributing or otherwise making the data available, harmonisation or combination, restriction, deletion or destruction.
Controller — SIA “OC Vision”, unified registration No. 40003105710, Elijas iela 17–4, Riga, LV–1050, the actual address of service provision: both the registered office of the Controller, and the Controller’s shops the list whereof is available at www.OC VISION.eu and is updated as soon as a new shop is opened.
Customer — any natural person who uses, has used or has expressed a desire to use any services provided, goods sold by the company or is in any other way related thereto;
Personal data any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier, for example, name, surname, identification number, location data, online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of the said natural person.
2. Applicable Law
2.1. Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
2.2. Medical Treatment Law
2.3. Advertising Law, etc.
3. General Provisions
3.1. The Policy provides general information on how OC Vision processes personal data. Further information on processing of personal data is provided to the Customers, including it in the agreements and other documents related to OC Vision services, as well as on OC Vision home page www.ocvision.eu
3.2. Within the framework of applicable regulatory enactments, OC Vision ensures confidentiality and has applied reasonable technical and organisational measures in order to protect personal data from unauthorised access, illegal processing or disclosure, accidental loss, modification or destruction.
3.3. For processing of personal data, OC Vision may use personal data processors at its own discretion. In such cases OC Vision applies the necessary measures in order to ensure that such processors of personal data perform the processing of personal data in accordance with instructions given by OC Vision and in accordance with the applicable regulatory enactments and requests the performance of adequate security measures.
3.4. If OC Vision updates the Policy, the new wording of the Policy shall be published on OC Vision home page www.ocvision.eu
3.5. In order to provide the Customer with better and more suitable products and services, as well as to provide, maintain, protect and improve the current products and services, OC Vision processes data aggregated from the provision of services.
4. Categories of Personal Data
4.1. Personal identification data — first name, surname, identity number/ID, date of birth, gender, language of communication, place of residence;
4.2. Personal contact information: address, telephone number, e-mail address;
4.3. Data of special categories (sensitive): data on person’s eye health;
4.4. Purchase data: purchase history, settlement data;
4.5. Customers’ questionnaire data: questionnaire title, date of sending, date of provided reply, questions of the questionnaire and provided replies;
4.6. Actions performed on the Internet home pages: IP address, titles of performed action, section of the Internet page, date and time;
4.7. Video data in shops with CCTV cameras;
4.7. Photographs and images from customer events, photo shoots.
5. Legal Basis for Data Processing
5.1. Customer’s consent — Customer, as the subject of personal data, gives consent for collection and processing of personal data for certain purposes. Customer’s consent for the purposes of direct marketing in order to provide new and individual offers. Customer’s consent is an expression of his/her free will and an independent decision that may be given at any moment, thus permitting OC Vision to process the personal data for the specified purposes. Customer’s consent is binding if expressed in writing (by completing an agreement form, sending an electronic request after Customer identification or by using OC VISION.eu.). Customer has the right to withdraw the previously given consent at any time by using the specified communication channels with OC Vision. The applied for changes shall become effective within three business days. Withdrawal of consent shall not affect legitimacy of processing based on consent before withdrawal.
5.2. Entering into and fulfilment of an agreement — in order for OC Vision to enter into and fulfil the agreement with the Customer, providing quality services and servicing the Customer, it needs to collect and process certain personal data collected before entering into the agreement with OC Vision or already during the performance of a signed agreement.
5.3. OC Vision legitimate interests in compliance with OC Vision interests, which are based on the provision of quality services and timely support to the Customer, OC Vision is entitled to process Customer’s personal data to such extent as objectively necessary. Legitimate interests of OC Vision shall include processing of personal data while performing direct marketing, as a result of which new and/or individual offers of OC Vision products and services are made to the Customer. Taking into account that OC Vision represents several companies of the group and brands, OC Vision has legitimate interests to process the Customer data by sending them to other companies of the group for internal administrative purposes, including the offer of the products and services corresponding to the contemporary requirements at the level of OC Vision companies to the Customers.
5.4. Performance of legal obligations — OC Vision is entitled to process personal data in order to meet the requirements of the regulatory enactments, as well as to provide replies to legitimate requests by the state and local governments.
5.5. Protection of vital interests — OC Vision is entitled to process personal data in order to protect vital interests of the Customer or another natural person, for example, if processing is necessary for humanitarian purposes, monitoring of epidemics and spreading thereof caused by natural disasters and human-caused epidemics or in emergency humanitarian situations (acts of terrorism, situations of technogenic disasters, etc.).
5.6. Execution of official powers or public interests — OC Vision is entitled to process data in order to perform a task in the public interests or while exercising the official powers legitimately assigned to OC Vision. In such cases, the basis for processing of personal data is included in the regulatory enactments.
6. Purposes of Data Processing
6.1. For general management of customer relations and approach to providing products and services, and for administration — in order to enter into and perform an agreement with the Customer, in order to ensure the relevance and correctness of data by verifying and supplementing the data.
6.2. OC Vision processes personal data in order to provide a qualitative, timely and convenient service to the Customer during the validity period of contractual relationships:
6.2.1. For management (including remote) of Customer relationships by ensuring entering into and performance of the Agreements, as well as the implementation of related processes;
6.2.2. For the verification of the Customer’s creditworthiness in order to offer the Customer new and more advanced products and services, as well as leasing services;
6.2.3. For the examination of the Customer’s complaints and the provision of support in relation to provided services and sold goods;
For the efficient management of cash flow, including the administration of the Customer’s payments and debts;
6.2.5. For informing the Customer regarding products and services of all OC Vision companies;
6.2.6. Video surveillance with a purpose of preventing criminal offences and protecting the property of OC Vision and customers;
6.2.7. For the registration of services of the Customer’s interest; for the management of changes to existing services and the generation of statistics and reports in self-service portals.
OC Vision processes personal data in order to promote development of the sector and offer new services to the Customers, including:
6.3.1. For the development of new products and providing these in offers;
6.3.2. Processing of statistical data of OC Vision customers is performed for the purposes of performing market analysis and developing a business model;
6.3.3. OC Vision processes personal data in order to build and maintain the internal processes of OC Vision, to ensure circulation of documents and other internal processes (for example, archiving of agreements and other documents) to the necessary and adequate extent.
6.4. OC Vision is entitled to process the data for the following and other purposes by receiving freely provided and explicit consent from the Customer:
6.4.1. Verification of the Customer’s personal data in databases of debt history prior to entering into an agreement in order to assess the Customer’s ability to perform the contractual obligations;
6.4.2. For promoting OC Vision image in the market by sending congratulations to the Customer on holidays, providing bonuses, organising surveys for the improvement of customer satisfaction, current products and services, as well as for the development of new products.
7. Rights of the Customer as Data Subject
The Customer (data subject) has the rights in relation to their data processing which in accordance with the applicable regulatory enactments are classified as personal data. In general, the rights are the following:
7.1. To request the correction of their personal data if the data are discrepant, incomplete or incorrect.
7.2. To object to the processing of their personal data if the processing is based on legitimate interests, including objections to personal data profiling.
7.3. To request the deletion of their personal data, for example, if the personal data are processed on the basis of consent, and the Customer has withdrawn the consent. These rights shall not be effective if the Personal Data whose deletion is requested are also processed on the basis of other legitimate grounds, for example, an agreement or obligations arising out of the respective regulatory enactments, or the data storage is prescribed by the requirements of the effective regulatory enactments.
7.4. To restrict the processing of their personal data in accordance with the applicable regulatory enactments, for example, at the time when OC Vision evaluates whether the Customer has the right to the deletion of their data.
7.5. To receive the information whether OC Vision processes the Customer’s personal data, and, if so, to access the data.
7.6. To receive their personal data that have been submitted by the Customer to OC Vision and that are processed on the basis of consent and the performance of an agreement in a written form or in any of the frequently used electronic formats and, if possible, to transfer such data to another service provider (data portability).
7.7. To withdraw the consent to Processing of their Personal Data.
7.8. Not to be subject to fully automated decision-making, including profiling, if such decision-making has legal consequences or it significantly affects the Customer in a similar way.
7.9. To submit complaints on the use of personal data to the Data State Inspectorate (www.dvi.gov.lv), if the Customer believes that processing of their personal data violates their rights and interests in accordance with the applicable regulatory enactments.
8. Profiling of the Customers’ Personal Data as Data Processing
8.1. Profiling is any type of automated processing of personal data manifested as the use of personal data for the purposes of assessing certain personal aspects related to a natural person, especially in order to analyse or predict aspects in relation to the personal wishes, interests, loyalty, behaviour, location or movement of the said natural person;
by processing the Customer’s personal data, OC Vision may perform profiling in order to send well wishes, gifts, grant bonuses, create and provide individual offers or perform customer surveys. Automated individual decisions shall be made only for business purposes and shall not cause legal consequences to the Customer. The Customer has the right to object against automated decision-making at any time and not to be subject to such decision.
8.2. irect marketing and the basis for sending commercial notifications to the Customer: OC Vision performs direct marketing by distributing commercial notifications to the Customer in order for the Customer to be always informed about new, modern and/or directly for the Customer tailored products, services, as well as special provisions of the agreement (for example, discounts). The Customer has the right to refuse the receipt of commercial notifications at any time and free of charge by informing OC Vision thereof.
9. Cookies
9.1. Cookies are small text files created and stored on the Customer’s device (computer, tablet, mobile phone, etc.) when the Customer visits OC Vision websites. Cookies ‘remember’ user’s experience and basic information and thus improve the convenience of using the OC Vision home page.
9.2. By using the cookies, common habits of users and history of using the website are processed, problems and shortcomings of website operation are diagnosed, statistics of user habits are gathered, as well as full and convenient use of the functionality of the website is ensured.
9.3. If the Customer does not wish to permit the use of cookies, the Customer may do it by using the browser settings; though in such case the use of the website may be significantly disrupted and encumbered. Deletion of the saved cookies is possible by using the settings section of the browser on the device and deleting the history of saved cookies.
9.4. Websites maintained by OC Vision use functional, analytical, advertising and mandatory cookies.
10. Retention Period
Personal data will be processed only as long as necessary in order to fulfil the purpose of processing. Retention period may be based on an agreement with the Customer, legitimate interests of OC Vision or applicable regulatory enactments (for example, laws on accounting, prevention of money laundering, limitation period, civil law, etc.).
11. Collection Types of Personal Data
11.1. OC Vision collects the Customer’s personal data when the Customer:
11.1.1. Purchases or uses products or services of OC Vision;
11.1.2. Subscribes for the receipt of news or other services from OC Vision;
11.1.3. Requests further information from OC Vision about the product used by the Customer or service connection to the Customer, or communicates with OC Vision in relation to a complaint or request for information, identifying the Customer;
11.1.4. Participates in competitions, lotteries or surveys;
11.1.5. Visits or browses OC Vision website;
11.1.6. Is being filmed by CCTV equipment of OC Vision located in OC Vision shops;
12. Customer’s Data Protection
12.1. OC Vision ensures, continuously reviews and improves protection measures in order to protect the Customer’s personal data from unauthorised access, accidental loss, disclosure or destruction. In order to ensure it, OC Vision uses advanced technologies, applies technical and organisational requirements, including the use of firewalls, software to discover hacking, analysis software and data encryption.
12.2. OC Vision thoroughly verifies all service providers that process the Customer’s personal data on behalf of OC Vision, and evaluates whether cooperation partners (processors of personal data) take adequate security measures in order to perform processing of the Customer’s personal data in accordance with the delegation of OC Vision and requirements of the regulatory enactments. Cooperation partners are not permitted to process the Customer’s personal data for their own purposes.
12.3. OC Vision shall not be liable for any unauthorised access to the personal data and/or loss of personal data if it does not depend on OC Vision, for example, it happens due to Customer’s fault and/or negligence.
13. Territory of Processing
13.1. Usually the Personal Data are processed within the European Union/European Economic Area (EU/EEA); yet, in separate cases the data may be transferred and processed in countries outside EU/EEA
13.2. Transfer and processing of personal data outside EU/EEA may take place on the basis of legal grounds, that is, in order to fulfil a legal obligation, to enter into or perform an agreement, or in accordance with the Customer’s consent, and adequate security measures have been taken. Adequate security measures shall be, for example:
— An agreement has been entered into, including EU standard contractual clauses or other approved provisions, a code of conduct, certification, etc., approved in accordance with the General Data Protection Regulation;
— In the country outside EU/EEA, where the recipient is located, sufficient data protection level is provided in accordance with the decision of the EU Commission;
— Recipient has been certified in accordance with the Privacy Shield (in relation to recipients located in the United States of America).
13.3. Upon request, the Customer may receive detailed information on transfer of the Personal Data to the countries outside EU/EEA.
14. Contact Information
4.1. The Customer may contact OC Vision in relation to questions, the withdrawal of consent, inquiries, the use of data subject’s rights and complaints regarding the use of personal data.
14.2. Contact information of OC Vision is available on the website: OC VISION.eu section Contacts.
14.3. OC VISION Data Protection Officer’s contact information: or Elijas iela 17 – 4, Riga, LV – 1050 with the note “Data Protection Officer”.
