Privacy Policy

1 INTRODUCTION

The Sunray Vision Privacy Notice and the protection of your personal data. This Privacy Notice applies to all your Personal Information [Data] collected by Sunray Vision [SV]. SV is a controller in respect of your Data acquired in connection with the products and services provided.

The SV [Premises] are at

Unit 12
The Sycamores
Heatherwood Grove
Darlington
County Durham DL3 9PH
England.

SV contact details can be located at www.sunrayvision.co.uk [Website].

SV respects an individual’s rights to privacy and to the protection of your Data. The purpose of this Privacy Notice is to explain how SV collect and use your Data in connection with the business. Data means information about an individual who can be identified from that information. This Privacy Notice may be updated occasionally. Any changes to the Privacy Notice will be shown on the Website.

2 DATA PROTECTION OFFICER

The Sunray Vision Privacy Notice and the protection of your personal data is a top priority. Therefore, the Data Protection Officer is

Clive Durham [CD]

Unit 12
The Sycamores
Heatherwood Grove
Darlington
County Durham DL3 9PH
England.

support@sunrayvision.co.uk

3 WHOSE DATA IS ACQUIRED ?

Anyone that orders from or makes an enquiry of SV.

4 DATA ACQUISITION PROCESSES

SV limits the acquisition and storage of your Data to the minimum necessary to fulfil its contractual obligations. Your Data is acquired through five processes:

4.1 When you enter the Website, a Cookie stores specific technical information about your shopping session only, not your Data.

4.2 When goods are ordered online using the Website, you enter your Data into a form on the ‘Checkout’ and Secure Payment webpages.

4.3 When you send an enquiry online using the Website, you enter your Data into a form on the ‘Contact’ webpage.

4.4 When you email directly online other than via the Website, your Data is acquired via the email address support@sunrayvision.co.uk.

4.5 When goods are ordered by post in a letter or a downloaded order form, your Data is received in hard copy form.

5 DATA ACQUIRED

5.1 Cookie

Start time of your shopping session is acquired automatically. Your Data is not acquired.

5.2 Online Orders

On the ‘Checkout’ webpage, your Data entered comprises:

a) Billing Title and Last Name.
b) Billing Address.
c) Billing Post/Zip Code.
d) Delivery Title and Last Name.
e) Delivery Address.
f) Delivery Post/Zip Code.
g) Email Address.
h) Payment Currency.
i) Comments (optional).

On submission of your details on the ‘Checkout’ webpage, the next Secure Payment Page requires the your following Data:

a) Language
b) Payment Method

On selecting Payment Method, the next Secure Payment Page then requires your card details:

a) Card Number
b) Security Code
c) Expiry Date
d) Country
e) Telephone (optional)

5.3 Online Enquiries

On the ‘Contact’ webpage, your Data entered comprises:

a) Title.
b) Last Name.
c) Email Address.
d) Enquiry.

5.4 Emails

When you use the email address support@sunrayvision.co.uk your following Data is acquired:

a) Email Address.
b) Any email attachments.

5.5 Offline

Data from you arriving at the Premises by post in the form of a letter or a downloaded order form contains the following information:

a) Title and Last Name.
b) Address.
c) Post/Zip Code.
d) Email Address.
e) Prescription.

6 DATA USAGE

6.1 Cookie

The start time of your shopping session is acquired to calculate when the shopping session duration expiry time or session inactivity time has been exceeded. When these times have expired, you are automatically logged out of the session.

6.2 Online Orders

a) Billing Title and Last Name. a), b) and c) are used by WorldPay to verify and authenticate card details.
b) Billing Address.
c) Billing Post/Zip Code.
d) Delivery Title and Last Name. d), e) and f) are used for the delivery of the goods ordered.
e) Delivery Address.
f) Delivery Post/Zip Code.
g) Email Address. This is used to give you notification if:
g1) the goods ordered are out of stock
g2) there are any delivery delays
g3) clarification of order if needed
g4) clarification of prescription
g5) For sending an auto-response email confirming details of your order and delivery
h) Payment Currency. Your payment currency is acquired so that WorldPay can process an order in a foreign currency.
i) Comments (optional). Your comments are acquired to allows you to provide additional instructions for
i1) delivery, such as an alternative address if no one is home to sign for recorded delivery packages
i2) an alternative choice of goods if out of stock.

6.3 Online Enquiries

On the ‘Contact’ webpage, the Data you enter is used as follows.
a) Title. a) and b) are acquired so you can be addressed personally in the response email.
b) Last Name.
c) Email Address. This is acquired so an auto-response email can be sent to you confirming receipt of your enquiry and for the response.
d) Enquiry. Obviously acquired so it can be answered.

6.4 Emails

When you use the email address support@sunrayvision.co.uk your email address is acquired in the usual way for response purposes. Email attachments
like prescriptions are acquired so that prescription lenses can be made by Technicians.

6.5 Offline

Your Data in orders sent by post or posted a downloaded order form is used for the delivery of the goods ordered. Your Data on any enclosed cheques is used by the bank for payment processing.

6.6 Goods Delivery

Your name and address are copied onto the packaging of the goods for sending to Technicians. Goods are sent via a local post office. The Technicians then use your name and address for sending goods to you. The Technicians provide custom-made and prescription goods.

7 DATA FLOW

7.1 Cookie

Sent from the Website host server to your web browser.

7.2 Online Orders

On submitting the Website ‘Checkout’ form, your details are sent straight to a script resident on the Website host server. This script processes your Data and generates an order confirmation page on the Website and two auto-response emails. One auto-response email is sent to you and the other to SV at support@sunrayvision.co.uk. The email sent to SV contains your Data comprising:

a) Delivery Title and last name
b) Delivery Last Name
c) Delivery Address
d) Delivery Post/Zip Code.
e) Payment currency.
f) Order details

You then send your prescription, as an email attachment, to SV. Your goods are obtained and the details of your prescription are transcribed to a covering letter and posted to the Technicians. Your address is copied onto the packaging so the Technicians can sent the goods to you direct. When the Technicians have finished your goods, they inform SV. An email is then sent to you that links to a payment form. On submitting the Website payment form and Secure Payment Page, your Data is sent to WorldPay for secure payment processing. WorldPay then send two emails, a direct email (receipt) to you and to SV, regarding payment status. Your details in the email sent to SV comprise:

a) Delivery Title
b) Delivery Last Name
c) Delivery Address
d) Telephone Number (optional)
e) IP Address
f) Email Address
g) AVS Results
h) Payment success or failure notification

WorldPay also send callback parameters to a script resident on the Website host server. This script processes your Data from WorldPay and generates an order confirmation page on the Website and two auto-response emails. One auto-response email is sent to you and the other to SV at support@sunrayvision.co.uk. Your details in the the email sent to SV comprises:

a) Billing Title
b) Billing Last Name
c) Billing Address.
d) Post/Zip Code.
e) Email Address.
f) Card Type
g) Delivery Title and last name
h) Delivery Address.
i) Delivery Post/Zip Code.
j) Order details

Once payment is received, the Technicians are instructed to post your goods to you. The covering letter and prescription are sent back to SV by the Technicians. Along with this is an invoice containing your last name only. The Technicians do not retain any of your Data. Your Data on Recorded Delivery slips obtained at the Post Office by the Technicians, when completed goods are sent to you, is sent back to us.

7.3 Online Enquiries

On submitting the Website ‘Contact’ form, your Data is sent to a script resident on the Website host server. This script processes your Data from you and generates an enquiry acknowledgement page on the Website and two auto-response emails. One auto-response email is sent to you and one auto-response email is sent to SV at support@sunrayvision.co.uk. These emails confirm enquiry receipt, your title and name, the enquiry itself and your email address.

7.4 Emails

When you use the email address support@sunrayvision.co.uk the email gets stored on Website host mail server.

7.5 Offline

Orders in writing are delivered by Royal Mail to the Premises. Any payment cheques enclosed in the letter are stored in secure cabinet until deposited in the bank. Downloaded order forms received by SV by post stay in the office.

7.6 Goods Delivery

Your name and address labelled packages go to the Post Office, Royal Mail then to your address or to the Technicians. The Technicians then send the package to you via their local post office then Royal Mail. Any Recorded Delivery slips, with your address details, are collected from the post office and returned to the Premises.

8 DATA STORAGE

8.1 Cookies

Stored on your computer for the shopping session.

8.2 Online Order Data

Stored on the Website host mail server as an email and then copied to a PC and backup PC.
Recorded Delivery slips are stored securely in a file.

8.3 Online Enquiry Data

Stored on the Website host mail server as an email and then copied to a PC and backup PC.

8.4 Online Email Data

Stored on the Website host mail server as an email and then copied to a PC and backup PC.

8.5 Offline

Orders posted to SV are kept in a secure filing cabinet along with any cheque payment. Downloaded order forms containing your Data are kept in a secure filing cabinet along with any cheque payment.

8.6 Recorded Delivery Slips

These items show your delivery details and are stored in a secure filing cabinet.

9 ONLINE DATABASES

Your Data is not stored in a database on the Website host server.

10 REASONS FOR DATA STORAGE

10.1 Cookie

This is used to restrict a shopping session to a limited duration to reduce the risk of session highjacking.

10.2 Online Order Data

Your order Data is retained for the following reasons:

a) You may want a repeat order and you may have lost the details of your previous order.
b) You may have lost your prescription and want a repeat order.
c) In case the goods go missing in the post and replacement goods have to be sent.
d) You may require an explanation of your prescription so you can order the correct strength goods.
e) SV stores your order Data for determining how long you have had the goods.
f) Your Data is retained in case it needs to be referenced in the future.
g) Your Data is retained in case you want to change or return your goods.

10.3 Online Enquiry Data

Same reasons as some of those with 10.2

10.4 Online Email Data

Same reasons as some of those with 10.2

10.5 Offline Orders

Same reasons as some of those with 10.2

10.6 Recorded Delivery Slips

These are stored to track and trace goods that are not delivered within an expected time. Also used as proof of posting if the goods go missing.

11 DURATION OF DATA STORAGE

11.1 Cookie

The Cookie stored on your computer for the length of the shopping session, then it is deleted.

11.2 Online Order Data

The order email is deleted from the Website host mail server six months after receipt.
The order email is deleted from the PC and backup PC one year after receipt.

11.3 Online Enquiry Data

The enquiry email is deleted from the Website host mail server six months after receipt.
The enquiry email is deleted from the PC and backup PC one year after receipt.

11.4 Online Email Data

Emails are deleted from the Website host mail server six months after receipt.
Emails are deleted from PC and backup PC one year after receipt.

11.5 Offline

Your order data in letter form is retained for one year then shredded. Any enclosed cheque payments are taken to the bank within one week of receipt. Downloaded order forms containing your Data are stored securely for one year then shredded.

11.6 Recorded Delivery Slips

Recorded Delivery slips are shredded after six months.

12 DATA SHARING

We only share your Data with the following organisations:

a) One.com. (SV website host) ( https://www.one.com/en/info/privacy-policy )

b) WorldPay ( https://www.worldpay.com/uk/privacy-policy )

c) The Post Office ( https://www.postoffice.co.uk/privacy )

d) Royal Mail ( https://www.royalmail.com/privacy-policy )

e) Technicians (Privacy Policy link available on request)

f) NatWest Bank ( https://personal.natwest.com/global/privacy.html )

13 REASONS FOR DATA SHARING

a) Your Data is shared with the one.com because they host the Website and email server.

b) Your Data is shared with the Payment gateway WorldPay so that they can run authentication checks and acquire payment for goods.

c) Your Data is shared with the Post Office so that they can arrange for delivery, provide proof of posting and provide recorded delivery slips.

d) Your Data is shared with the Royal Mail so they can deliver the goods to you.

e) Your Data is shared with the Technicians so they can provide the goods to your specification then send direct to you using the Post Office.

f) Your Data is shared with the Bank so they can process cheque payments.

14 TECHNICAL SECURITY MEASURES

Anti-virus, firewall and anti-malware software is running on the PCs constantly. All passwords are changed regularly.

15 PREMISES SECURITY MEASURES

All your Data is kept on one PC and one backup PC in an office. Both devices need passwords to login that are only known to the Data Protection Officer. Both devices are kept on the first floor of the Premises with the main entrance door requiring a security key fob to get access. The second door requires a key to get access to the office. Only one person has access to the office. There is only ever one person present in the office. No one else has access to secure areas. A secure filing cabinet holds all hard copies of your Data in the office. Only one person can get access to the filing cabinet.

16 DATA USAGE OFF PREMISES

Your Data is never accessed on any device when I, CD, am off the Premises. Your Data is only ever accessed whilst I, CD, am on the Premises in the office.

17 DATA STORAGE FORMAT

Each order and enquiry email or prescription from you is stored as a text or PDF file.

18 YOUR ACCESS TO DATA

You have a right to get access to the Data SV holds about you. If you would like a copy of your Data,
please email support@sunrayvision.co.uk

19 DATA DELETION

You have a right to request that SV deletes your Data. If you would like to delete your Data,
please email SV at support@sunrayvision.co.uk

20 DATA CORRECTNESS

You have a right to rectification of inaccurate Data and to update incomplete Data. If you believe that any of the Data that SV holds is inaccurate, you have a right to request restricted processing of your Data and to the rectification of that inaccurate Data.

21 YOUR DATA AND MARKETING

SV will never use your Data to contact you about promotions, products or for marketing purposes. You will never receive unsolicited emails from SV.

22 DATA BREACHES

If ever your Data is involved in a data breach, you will be notified within 72 hours. SV will do its utmost to rectify any data breach and you will be informed regularly as to the status of the rectification.

23 COMPLAINTS

You have a right to lodge a complaint against SV with the regulator. If you wish to raise a complaint about how your Data has been handled, you can contact the Data Protection Officer, CD, and this Officer will investigate the matter. It is hoped that any concerns that you have may be addressed, but you can always contact the Information Commissioner’s Office (ICO). For more information, visit ico.org.uk