Privacy Policy

We are committed to protecting your personal data under the UK GDPR and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website and services.

Last Updated: September 2025

1. Information We Collect

1.1 Information You Provide

• Order Information: Name, address, phone number, email address
• Prescription Data: Optical prescription details, pupillary distance (classified as special category health data)
• Payment Information: Billing address, payment method details (processed securely by third-party providers)
• Communication: Messages sent through our contact forms or customer service

1.2 Information We Collect Automatically

• Website Usage: Pages visited, time spent, clicks, and navigation patterns
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies: Technical and analytics cookies (see our Cookie Policy for details)

2. How We Use Your Information

2.1 Lawful Bases

We process your personal data based on the following lawful bases under UK GDPR:

2.2 Special Category Data

We process your prescription data (health data) under Article 9(2)(h) GDPR - processing necessary for the purposes of healthcare and ensuring high standards of quality and safety of healthcare.

2.3 Purposes

• Processing and fulfilling your lens reglazing orders
• Communicating about your order status and delivery
• Providing customer support and responding to inquiries
• Improving our website and services through analytics
• Sending marketing communications (with your consent)
• Preventing fraud and maintaining security
• Complying with legal and regulatory requirements

3. Information Sharing

We do not sell your personal data. We may share your information with:

• Service Providers: POG Lenses (lens manufacturing), payment processors, shipping companies, email services
• Professional Advisors: Legal, IT, accounting, and business advisors under confidentiality agreements
• Legal Requirements: When required by law, court order, or to protect our rights and safety
• Business Transfers: In case of merger, acquisition, or sale of business assets (with appropriate safeguards)

All third parties are required to maintain the confidentiality and security of your information and process it only for specified purposes.

4. International Transfers

Some of our service providers may be located outside the UK/EEA. Where this occurs, we ensure adequate protection through:

• EU adequacy decisions for countries with equivalent data protection
• Standard Contractual Clauses approved by the UK ICO
• Other approved transfer mechanisms under UK GDPR

5. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes outlined in this policy:

• Order Data: 7 years (for accounting, tax, and warranty purposes)
• Prescription Data: 7 years (for customer service, re-orders, and regulatory compliance)
• Marketing Data: Until you unsubscribe or withdraw consent
• Website Analytics: 26 months (Google Analytics default)
• CCTV/Security Data: 30 days (if applicable)

6. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

• Right of Access: Request copies of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal requirements)
• Right to Restrict Processing: Limit how we process your data
• Right to Data Portability: Receive your data in a structured format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: For processing based on consent
• Right to Lodge a Complaint: With the Information Commissioner's Office (ICO)

To exercise these rights, contact us at support@relensify.co.uk. We will respond within one month.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data:

• SSL/TLS encryption for all data transmission
• Secure payment processing through PCI DSS compliant providers
• Access controls and regular staff training on data protection
• Regular security assessments and software updates
• Secure backup and disaster recovery procedures
• Secure destruction of data when no longer needed

8. Cookies and Tracking

We use cookies to improve your experience on our website. Cookie categories include:

• Essential Cookies: Required for website functionality (no consent required)
• Analytics Cookies: To understand website usage and improve performance
• Marketing Cookies: To show relevant advertisements and measure campaign effectiveness

You can manage your cookie preferences through our cookie banner or your browser settings. For detailed information, see our Cookie Policy.

9. Marketing Communications

We may send you marketing emails about our services, special offers, and updates. You can:

• Opt-in during checkout or through our website
• Unsubscribe at any time using the link in our emails
• Contact us to update your communication preferences
• Withdraw consent without affecting the lawfulness of processing before withdrawal

10. Children's Privacy

Our services are not directed at children under 16. We do not knowingly collect personal data from children under 16 without parental consent. If we become aware that we have collected such data, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Changes will be posted on this page with an updated revision date. For significant changes, we may notify you by email or through a prominent notice on our website.

12. Contact & Complaints

For questions about this Privacy Policy, to exercise your rights, or to make a complaint: