Privacy Policy

Privacy Policy Data controller data:

Legal background, legal basis, purpose of the data processing performed on the website, the scope of the processed personal data and the duration of the data processing.Data processing, Rights of the data subject.

Data controller:

Name: Luxury Eye Ltd

Headquarters: 33 Aerodrome Lane, Witney, OX29 7BE

Mailing address, complaint handling: 33 Aerodrome Lane, Witney, OX29 7BE

E-mail: info@luxuryeye.co.uk

Phone number: +447404 241288 Website: www.luxuryeye.co.uk

Organisation number: 11667461

Hosting provider:

Name: Endurance International Group

Phone number: +18884014678

E-mail address: corporatecommunications@newfold.com

Head office: Utah , USA

Description of the data management performed during the operation of the webshop.

Information on the use of cookies:

What is a cookie?

The Data Controller uses so-called cookies when visiting the website. The information package consisting of cookie letters and numbers that our website sends to your browser for the purpose of saving certain settings, facilitating the use of our website and helping to collect some relevant, statistical information about our visitors.

Some cookies do not contain personal information and are not suitable for identifying an individual user, but some contain a unique identifier – a secret, randomly generated sequence of numbers – that is stored by your device, thus ensuring your identification. The operation period of each cookie (cookie) is described in the relevant description of each cookie (cookie).

Legal background and legal basis of cookies:The legal basis for data processing under Article 6 (1) (a) of the Regulation is your consent.The main features of the cookies used by the website are:

Cookies strictly necessary for operation: These cookies are essential for the use of the website and allow you to use the basic functions of the website. Without these, many features of the site will not be available to you. The lifespan of these types of cookies is limited to the duration of the session only.

Cookies to improve the user experience: These cookies collect information about the user’s use of the website, such as which pages you visit most often or what error message you receive from the website. These cookies do not collect information that identifies the visitor, ie they work with completely general, anonymous information. The data obtained from these is used to improve the performance of the website. The lifespan of these types of cookies is limited to the duration of the session only.

Employee_login_last_email: When logging in, the email address is stored until the browser is closed.

Ealrm, ealem, ealpw: Provides permanent access. Shelf life 180 days.

Come_from: Login redirects. Lifespan is 10 minutes.

Predictionio: User ID cookie for recommending personalized ads. Shelf life 3 months.

Currency: Stores the buyer’s currency. Shelf life is 30 days.

Google Adwords cookie: When someone visits our site, the visitor’s cookie ID is added to the remarketing list. Google uses cookies, such as NID and SID cookies, to customize the ads that appear in Google products, such as Google Search. For example, you use such cookies to remember your recent searches, past interactions with individual advertisers ‘ads or search results, and visits to advertisers’ websites. AdWords Conversion Tracking uses cookies. It tracks cookies on a user’s computer to track sales and other conversions resulting from an ad when that person clicks on an ad. Here are some common ways to use cookies: selecting ads based on what’s relevant to that user, improving campaign performance reports, and avoiding ads that the user has already viewed.

Google Analytics Cookie: Google Analytics is Google’s analytics tool that helps website and application owners gain a more accurate picture of their visitors’ activities. The Service may use cookies to collect information and report on statistics about your use of the Website without individually identifying visitors to Google. The main cookie used by Google Analytics is the “__ga” cookie. In addition to reporting from site usage statistics, Google Analytics, along with some of the advertising cookies described above, can also be used to show more relevant ads on Google products (such as Google Search) and across the web.

Remarketing cookies: For past visitors or users to appear when browsing other sites on the Google Display Network or searching for terms related to their products or servicesSession cookie: These cookies store the visitor’s location, browser language, payment currency, lifetime when the browser is closed, or up to 2 hours.

Referrer cookies: Record what external page the visitor came to the site from. Their lifespan lasts until the browser is closed.Last viewed product cookie: Records the products that the visitor last viewed. Their lifespan is 60 days.Last viewed category cookie: Records the last viewed category. Shelf life 60 days.

Recommended products cookie: The “recommend to a friend” function records the list of products you want to recommend. Shelf life 60 days.

Mobile version, design cookie: Detects the device used by the visitor and switches to full view on mobile. Shelf life 365 days.

Cookie acceptance cookie: Upon arrival at the site, you accept the cookie storage statement in the warning window. Shelf life 365 days.

Basket Cookie: Records the products placed in the basket. Shelf life 365 days.

Smart Bid Cookie: Record the conditions for displaying smart bids (e.g., whether the visitor has already been to the site or has an order). Shelf life is 30 days.

Exit # 2 cookie: Option # 2 exits the visitor after 90 days. Shelf life 90 days.

Backend ID cookie: The ID of the backend server serving the page. It lasts until you close your browser.

Facebook pixel: A Facebook pixel is a code that is used to report conversions on a website, compile target audiences, and provide the site owner with detailed analytics about visitors ’use of the website. With the help of the Facebook pixel, you can display personalized offers and advertisements to the visitors of the website on the Facebook interface. You can read Facebook’s privacy policy here: https://www.facebook.com/privacy/explanationIf you do not accept the use of cookies, certain features will not be available to you.

You can find more information about deleting cookies at the following links:

Internet Explorer: http://windows.microsoft.com/en-us/internet-explorer/delete-manage-cookies#ie=ie-11

Firefox: https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer

Mozilla: https://support.mozilla.org/en/kb/websites-all–placed-sutik-torlese-szamito

Safari: https://support.apple.com/kb/ph21411?locale=en_US

Chrome: https://support.google.com/chrome/answer/95647

Data processed for contracting and performance purposes.

Several data management cases may be implemented for the conclusion and performance of the contract. We would like to inform you that data processing related to complaint handling and warranty administration will only take place if you exercise one of these rights.

If you do not make a purchase through the webshop, you are only a visitor to the webshop, then what is written in the data management for marketing purposes may apply to you, if you give us consent for marketing purposes.

Data processing for the conclusion and performance of contracts in more detail:

Contact:

For example, if you contact us by email, contact form, or phone with a question about a product.Pre-contact is not obligatory, you can order it from the webshop at any time, omitting it.

Managed data:The information you provided during the contact.Duration of data management:Data will only be processed until the contact is completed.

Legal basis for data management:Whether it is your voluntary decision to contact us in the case of warranty administration, however, if you are contacted, see the 1997 CLV on Consumer Protection. Act 17 / A. § (7), we are obliged to keep the complaint for 5 years [data processing according to Article 6 (1) c) of the Decree].

Handling of other consumer complaints:The data management process is in place to handle consumer complaints. If you have complained to us, data management and the provision of data is essential.

Managed data: Customer’s name, telephone number, email address, content of the complaint.Duration of data management:Warranty claims are retained for 5 years under the Consumer Protection Act.

Legal basis for data management:Whether you have a complaint about your voluntary decision, however, if you do, contact us under the Consumer Protection Act 1997 CLV. Act 17 / A. § (7), we are obliged to keep the complaint for 5 years [data processing according to Article 6 (1) c) of the Decree].

Data processed in relation to the verifiability of consent:During registration, ordering and subscribing to the newsletter, the IT system stores the IT data related to the consent for later proof.

Managed data:

Date of consent and IP address of the person concerned.

Duration of data management: Due to legal requirements, the consent must be able to be verified later, therefore the duration of the data storage will be stored for the limitation period after the termination of the data processing.

Legal basis for data management: Article 7 (1) of the Regulation provides for this obligation. [Data processing pursuant to Article 6 (1) (c) of the Regulation].

Data management for marketing purposes.

Data management related to newsletter sending.

Managed data:Name, address, e-mail address, telephone number.

Duration of data management: Until the withdrawal of the data subject’s consent.

Legal basis for data management: Your voluntary consent to the Data Controller by subscribing to the newsletter [Data processing under Article 6 (1) (a) of the Regulation]Data management related to the sending and display of personalized advertisements

Managed data: Name, address, e-mail address, telephone number.Duration of data management: Until the withdrawal of your consent.

Legal basis for data management: Your voluntary, specific consent to be provided to the Data Controller during data collection [Data processing pursuant to Article 6 (1) (a) of the Regulation].

Remarketing: Data management as a remarketing activity is implemented with the help of cookies.

Managed data: Data handled by cookies specified in the cookie information.

Duration of data management: The data storage period of the given cookie, more information is available here:

Google General Cookie Information: https://www.google.com/policies/technologies/types/Google Analitycs Information: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage?hl=en

Facebook info: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Legal basis for data management: Your voluntary consent, which you provide to the Data Controller using the website [Data processing pursuant to Article 6 (1) (a) of the Regulation].

Sweepstakes: The data management process takes place in order to conduct the sweepstakes.

Managed data: Name, email address, phone number.

Duration of data management: The data will be deleted after the closing of the prize draw, except for the data of the winner, which the Data Controller is obliged to keep for 8 years according to the Accounting Act.

issue of an invoice: The data management process takes place in order to issue an invoice in accordance with the law and to fulfill the obligation to keep accounting documents. The Stv. Pursuant to Section 169 (1) – (2), companies must keep the accounting document directly and indirectly supporting the accounting.

Managed data: Name, address, e-mail address, telephone number.

Duration of data management: The issued invoices are issued in accordance with the Act. Pursuant to Section 169 (2), it must be retained for 8 years from the date of issue of the invoice.Legal basis for data management:Act CXXVII of 2007 on Value Added Tax. Pursuant to Section 159 (1), the issue of an invoice is mandatory and must be kept for 8 years pursuant to Section 169 (2) of Act C of 2000 on Accounting [Data Management pursuant to Article 6 (1) (c) of the Decree].

Freight data management: The data management process takes place in order to deliver the ordered product.

Managed data: Name, address, e-mail address, telephone number.

Duration of data management: The Data Controller manages the data for the duration of the delivery of the ordered goods.

Legal basis for data management: Performance of contract [Data processing pursuant to Article 6 (1) (b) of the Regulation].

Guarantee service:

The data management process is done to handle warranty complaints. If you have requested warranty administration, data management and data provision are essential.

Managed data: Customer’s name, telephone number, email address, content of the complaint.

Duration of data management: Warranty claims are retained for 5 years under the Consumer Protection Act.

Legal basis for data management: Your voluntary consent, which you provide to the Data Controller using the website. [Data processing pursuant to Article 6 (1) (a) of the Regulation].

Additional data management: If the Data Controller wishes to perform further data management, it shall provide preliminary information on the essential circumstances of the data management (legal background and legal basis of data management, purpose of data management, scope of data processed, duration of data management).

We would like to inform you that written requests for data from the authorities based on legal authorization must be complied with/by the Data Controller. The Data Controller shall inform Infotv. In accordance with Section 15 (2) – (3), it keeps records (to which authority, what personal data, on what legal basis, when was transmitted by the Data Controller), the content of which the Data Controller provides on request, unless its disclosure is excluded by law.

On the use of data processors and their activities related to data management:

Data processing for the storage of personal data.

Name of the data processor: Endurance International Group

Contact details of the data processor:

Phone number: +18884014678

E-mail address: corporatecommunications@newfold.com

Head office: Utah , USA

The Data Processor stores personal data on the basis of a contract concluded with the Data Controller. You are not entitled to access personal data.

Data processing activities related to freight transport:

Name of the data processor: DPD Group.

The registered office of the data processor: Woodside, Holytown, North Lanarkshire ML1 4XL.

Telephone number of the data processor: +44 121 275 0500

The e-mail address of the data processor is customerservices@dpd.co.uk

The Data Processor participates in the delivery of the ordered goods on the basis of the contract concluded with the Data Controller. In doing so, the Data Processor may manage the name, address and telephone number of the customer until the end of the calendar year following the dispatch of the postal item, after which it shall be deleted immediately.

Data processing activities related to newsletters:

Name of the company operating the newsletter system: The Rocket Science Group LLC.Newsletter company

headquarters: 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA

Phone number of the company operating the newsletter system:

The e-mail address of the company operating the newsletter system is privacy@mailchimp.com

The Data Processor participates in the sending of newsletters on the basis of a contract concluded with the Data Controller. In doing so, the Data Processor handles the name and e-mail address of the data subject to the extent necessary for sending the newsletter, and deletes it immediately upon the data subject’s request.

The Data Processor participates in the registration of accounting documents on the basis of a contract concluded with the Data Controller. In doing so, the Data Processor shall provide the name and address of the data subject to the extent necessary for the accounting records, in accordance with the provisions of the Act. It shall be managed for a period in accordance with Section 169 (2), after which it shall be canceled.

The Data Processor participates in the registration of orders on the basis of the contract concluded with the Data Controller. In doing so, the Data Processor handles the name, address, telephone number, number and date of the orders within the civil law limitation period.

Right to restrict data management:You have the right, at the request of the Data Controller, to restrict data processing if any of the following is met:

You dispute the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to check the accuracy of the personal data, if the exact data can be established immediately, the restriction will not take place;the data processing is illegal, but you object to the deletion of the data for any reason (for example, because the data is important to you in order to enforce a legal claim), so you do not request the deletion of the data, but instead request a restriction on its use;

the Data Controller no longer needs the personal data for the purpose of the designated data processing, but you request it in order to submit, enforce or protect legal claims;

obsessionYou have objected to the data processing, but the data controller’s legitimate interest may also justify the data processing, in which case until the data controller’s legitimate reasons take precedence over your legitimate reasons, the data processing must be restricted.

The data controller will inform you in advance (at least 3 working days before the lifting of the restriction) of the lifting of the data management restriction.

Right to delete: You have the right to have the Data Controller delete your personal data without undue delay if any of the following reasons exist:

Personal data is no longer required for the purpose for which they were collected or otherwise processed by the Data Controller;

You withdraw your consent and there is no other legal basis for the processing;

You object to the processing of data on the basis of a legitimate interest and there is no overriding legitimate reason (ie a legitimate interest) in the processing of the data,the personal data was processed unlawfully by the Data Controller and this was established on the basis of the complaint,personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the Data Controller.

If, for any lawful reason, the Data Controller has disclosed personal data processed about you and is obliged to delete it for any of the reasons set out above, it shall take reasonable steps, including technical measures, to inform the data, taking into account available technology and implementation costs. other data controllers that you have requested the deletion of the links to the personal data in question or of a copy or duplicate of this personal data.

Deletion does not apply if data processing is required: for the purpose of exercising the right to freedom of expression and information;to fulfill an obligation under EU or Member State law to process personal data (such as data processing in the context of invoicing, as the retention of the account is required by law) or in the public interest or in the exercise of a public authority conferred on the data controller;to submit, enforce or protect legal claims (eg if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data processing complaint is being processed).

Access to personal data: You have the right to receive feedback from the Data Controller as to whether your personal data is being processed and, if data is being processed, you are entitled to: Have access to the personal data processed andinform the Data Controller of the following information:

the purposes of data management;
categories of personal data processed about you;
information on the recipients or categories of recipients with whom or with whom the Personal Data has been or will be communicated by the Data Controller;
the intended period for which the personal data will be stored or, if that is not possible, the criteria for determining that period;
your right to request the Data Controller to rectify, delete or restrict the processing of personal data concerning you and to object to the processing of such personal data in the event of data processing based on a legitimate interest;the right to lodge a complaint with the supervisory authority;
if the data was not collected from you, all available information about their source;
the fact of automated decision-making (if such a procedure has been used), including profiling, and, at least in these cases, understandable information on the logic used and the significance of such data processing and the expected consequences for you.

The purpose of exercising the right may be to establish and verify the lawfulness of the data processing, therefore in case of multiple requests for information, the Data Controller may charge a fair fee for the provision of the information.

Access to personal data is ensured by the Data Controller by sending you the processed personal data and information by e-mail after your identification. If you have a registration, we will provide access so that you can view and verify the personal information we manage about you by logging into your user account.Please indicate in your request whether you are requesting access to personal data or requesting data management information.

Right to rectification: You have the right, at the request of the Data Controller, to correct inaccurate personal data concerning you without delay.

Right to restrict data management: You have the right, at the request of the Data Controller, to restrict data processing if any of the following is met:

You dispute the accuracy of the personal data, in which case the restriction applies to the period of time that allows the Data Controller to check the accuracy of the personal data, if the exact data can be established immediately, the restriction will not take place;the data processing is illegal, but you object to the deletion of the data for any reason (for example, because the data is important to you in order to enforce a legal claim), so you do not request the deletion of the data, but instead request a restriction on its use;
the Data Controller no longer needs the personal data for the purpose of the designated data processing, but you request it in order to submit, enforce or protect legal claims;
obsession: You have objected to the data processing, but the data controller’s legitimate interest may also justify the data processing, in which case until the data controller’s legitimate reasons take precedence over your legitimate reasons, the data processing must be restricted.

Where data processing is restricted, such personal data may be processed, with the exception of storage, only with the consent of the data subject or for the purpose of bringing, enforcing or protecting legal claims or protecting the rights of another natural or legal person or in the important public interest of the Union or a Member State. The data controller will inform you in advance (at least 3 working days before the lifting of the restriction) of the lifting of the data management restriction.

Right to delete:

You have the right to have the Data Controller delete your personal data without undue delay if any of the following reasons exist:

Personal data are no longer required for the purpose for which they were collected or otherwise processed by the Data Controller;
You withdraw your consent and there is no other legal basis for the processing;
You object to the processing of data on the basis of a legitimate interest and there is no overriding legitimate reason (ie a legitimate interest) in the processing of the data,the personal data was processed unlawfully by the Data Controller and this was established on the basis of the complaint, personal data must be deleted in order to fulfill a legal obligation under Union or Member State law applicable to the Data Controller. If, for any lawful reason, the Data Controller has disclosed personal data processed about you and is obliged to delete it for any of the reasons set out above, it shall take reasonable steps, including technical measures, to inform the data, taking into account available technology and implementation costs. Other data controllers that you have requested the deletion of the links to the personal data in question or of a copy or duplicate of this personal data.

Deletion does not apply if data processing is required:

for the purpose of exercising the right to freedom of expression and information;
to fulfill an obligation under EU or Member State law to process personal data (such as data processing in the context of invoicing, as the retention of the account is required by law) or in the public interest or in the exercise of a public authority conferred on the data controller;
to submit, enforce or protect legal claims (eg if the Data Controller has a claim against you and has not yet fulfilled it, or a consumer or data processing complaint is being processed).

Right to protest: You have the right to object at any time for reasons related to your situation to the processing of your personal data on the basis of a legitimate interest. In this case, the Data Controller may not further process the personal data, unless it proves that the data processing is justified by compelling legitimate reasons which take precedence over your interests, rights and freedoms, or which are related to the submission, enforcement or protection of legal claims.If personal data is processed for the purpose of direct business acquisition, you have the right to object at any time to the processing of personal data concerning you for this purpose, including profiling, if it is related to direct business acquisition. If you object to the processing of personal data for the purpose of direct business acquisition, the personal data may no longer be processed for this purpose.

Right to portability: If the data processing is carried out automatically or if the data processing is based on your voluntary consent, you have the right to ask the Data Controller to receive the data provided by you to the Data Controller, which the Data Controller provides to you in xml, JSON or csv format. if this is technically feasible, it may request that the Data Controller transfer the data in this form to another data controller.

Automated decision making: You have the right not to be covered by a decision (including profiling) based solely on automated data processing that would have legal effect on you or affect you to a similar extent. In such cases, the Data Controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the data subject, to express his or her views and to object to the decision.

The above does not apply if the decision: Necessary for the conclusion or performance of a contract between you and the data controller;is made possible by EU or Member State law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; obsessionbased on your express consent.

Login to the privacy register Infotv. Pursuant to the provisions of the Act, the Data Controller had to notify certain data processing operations to the data protection register. This notification obligation ceased on 25 May 2018.

Data security measures:

The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and becoming inaccessible due to changes in the technology used.

The Data Controller will make every effort to ensure that its data controllers also take appropriate data security measures when working with your personal data.

Automated decision making:

You have the right not to be covered by a decision (including profiling) based solely on automated data processing that would have legal effect on you or affect you to a similar extent. In such cases, the Data Controller shall take appropriate measures to protect the rights, freedoms and legitimate interests of the data subject, including at least the right of the data subject to request human intervention on the data subject, to express his or her views and to object to the decision.

The above does not apply if the decision is: Necessary for the conclusion or performance of a contract between you and the data controller;made possible by EU or Member State law applicable to the controller, which also lays down appropriate measures to protect your rights and freedoms and legitimate interests; obsessionbased on your express consent.

Data security measures:The Data Controller declares that it has taken appropriate security measures to protect personal data against unauthorized access, alteration, transmission, disclosure, deletion or destruction, as well as accidental destruction and damage, and becoming inaccessible due to changes in the technology used.

The Data Controller will make every effort to ensure that its data controllers also take appropriate data security measures when working with your personal data.

Remedies:

If, in your opinion, the Data Controller has violated any legal provision on data processing or has not complied with any of its requests, the National Data Protection and Freedom of Information Authority may initiate an investigation procedure to terminate the alleged unlawful data processing.We also inform you that in case of violation of the legal provisions on data processing, or if the Data Controller has not complied with any of its requests, it may file a civil lawsuit against the Data Controller in court.

Modification of data management information: The Data Controller reserves the right to amend this data management information in a manner that does not affect the purpose and legal basis of the data management. By using the website after the entry into force of the amendment, you accept the amended data management information.

If the Data Controller wishes to perform further data processing in connection with the collected data for a purpose other than the purpose of their collection, it shall inform you of the purpose of the data processing and the following information prior to the further data processing:

the duration of the storage of personal data or, if that is not possible, the criteria for determining the duration;
the right to request the Data Controller to access, rectify, delete or restrict the processing of personal data concerning you and to object to the processing of personal data in the case of data processing based on a legitimate interest and to request data portability in the case of data processing based on consent or contractual relationship the right to justice;in the case of data processing based on consent, that you may withdraw your consent at any time,the right to lodge a complaint with the supervisory authority;
whether the provision of personal data is based on a law or a contractual obligation or a precondition for concluding a contract, and whether you are obliged to provide personal data, and what the possible consequences of non-disclosure may be;the fact of automated decision-making (if such a procedure has been used), including profiling, and, at least in these cases, understandable information on the logic used and the significance of such data processing and the expected consequences for you.

The data processing can only start after that, if the legal basis of the data processing is consent, in addition to the information, you must also consent to the data processing.This document contains all relevant data management information related to the operation of the webshop in accordance with the General Data Protection Regulation 2016/679 of the European Union (hereinafter: Regulation GDPR) and the 2011 CXII. TV. (hereinafter: Infotv.).

Postage and postage delivery:

Please note that DPD Group identifies the recipient in accordance with the data management information in force at any time, therefore, if necessary, you may request the provision of your personal data upon delivery by post or post point.