Renewed 30 April 2025
Customers/Patients are our greatest asset, which is why OC VISION, as a responsible company, complies with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, also known as the General Data Protection Regulation.
This Privacy Policy, hereinafter referred to as the Policy, describes the manner in which SIA OC VISION, registration No. 40003105710, Elijas iela 17 - 4, Riga, LV-1050, hereinafter referred to as OC VISION, processes personal data.
The term OC VISION shall also be understood to include the companies of OC VISION Group ā SIA VISION EXPRESS BALTIJA, registration No. 40003047732, Elijas iela 17 - 4, Riga, LV-1050, as well as SIA Optometrijas serviss, registration No. 40103100298, Elijas iela 17 - 4, Riga, LV-1050, as well as the brands OptiO, Vision Express, VIZIONETTE, Lornete, Dr.Lensor, Opptica, Diviniti, the websites www.ocvision.eu, www.optio.lv, www.visionexpress.lv, www.vizionette.lv, www.lornete.lv, www.lensor.eu, www.opptica.eu, www.diviniti.eu, www.redzesparbaude.lv, www.dzirdesparbaude.lv.
The Policy is applicable if the Customer/Patient uses, has used or has expressed their will to use services provided by OC VISION, or is otherwise connected with the services provided by OC VISION, including Customer/Patient relationships established before the Policy came into effect.
This Policy is also applicable in cases in which a person has contacted us with a request to provide a medical service. In such cases, the person is referred to as the "Patient" under the legal framework. This Policy shall apply both to cases where an individual is a Customer and to cases where an individual is a Patient.
1. Definitions
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or being made available otherwise, alignment or combination, restriction, erasure or destruction.
Controller ā OC VISION, the actual address for the provision of services: both the registered office of the Controller and the Controllerās stores, a list of which is available at www.ocvision.eu and is updated as soon as a new store is opened, OC VISION online stores and, exceptionally, off-site sales outlets.
Customer/Patient ā any natural person who uses, has used, or has expressed a wish to use any services, goods for sale provided by the Company or is otherwise related to them;
Personal data ā any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be directly or indirectly identified, in particular by referring to an identifier, such as the name, surname, personal identity number, phone number, email address, location data, online identifier of that person or one or more physical, physiological, genetic, mental, economic, cultural or social identity.
2. Governing law
2.1. Regulation No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
2.2. Personal Data Processing Law.
2.3. Medical Treatment Law.
2.4. Law on Patient Rights.
2.5. Law on Consumer Rights Protection.
2.6. Distance contract rules.
2.7. Advertising Law, etc.
3. General provisions
3.1. This Policy provides general information about how OC VISION processes personal data. Further information regarding the processing of personal data is provided to Customers/Patients in response to requests, by informing them personally, or is included in agreements and other documents related to OC VISION services, as well as on OC VISIONās designated websites.
3.2. OC VISION, within the framework of applicable laws and regulations, shall ensure the confidentiality of personal data and has implemented appropriate technical and organisational measures to protect personal data against unauthorised access, unlawful processing or disclosure, accidental loss, alteration or destruction.
3.3. For the processing of personal data, OC VISION may use the personal data processors of its choice. In such cases, OC VISION shall take the necessary measures to ensure that such processors process personal data in accordance with OC VISIONās instructions, ensuring an adequate level of security, and in accordance with applicable laws and regulations. To find out the processors OC VISION is cooperating with, contact us at the email address provided in this policy.
3.4. If OC VISION updates this Policy, the current version of the Policy will be posted on OC VISION's websites, while previous versions of the Policy may be viewed by contacting us at the email address provided in this Policy.
3.5. In order to provide better and more suitable products and services for the Customer/Patient, and also in order to ensure, maintain, protect and improve present products and services, OC VISION processes data collected from the provision of services.
3.6. In order to remind the Customer/Patient of the need for an eye exam, OC VISION may contact the Customer/Patient using the contact information provided by the Customer/Patient.
3.7. This Privacy Policy has been prepared in the Latvian language, which is the original, governing instrument and the basis of the parties' agreement. In the event of any contradictions, ambiguities, or differing interpretations arising between the Latvian version of this document and any of its translations into another language, the Latvian version shall be the prevailing and legally binding version.
4. Purpose of processing and categories of personal data processed
4.1. Purpose - Customer/Patient Identification
Identification data - name, surname, personal identity number (if no personal identity number, then date of birth, place of birth), personal identification document data
Contact details - phone number, email, place of residence
Other personal data (where applicable) - basis of representation, gender, language of communication, profession, etc.
4.2. Purpose - to make and record an appointment/visit
Identification data - name, surname, personal identity number (if no personal identity number, then date of birth, place of birth), personal identification document data
Contact details - phone number, email, place of residence
Health insurance policy data
Other personal data (where applicable) - basis of representation, gender, language of communication, profession, etc.
Data indicating the need for an eye exam, complaints, diagnosis, reasons for the exam, results
Reminder data on the need to perform an eye exam, including voice recording, if a call has been made regarding the need to perform an eye exam
Details of the appointment made/cancelled (location, time, specialist, wheelchair access required in exceptional cases).
4.3. Purpose - processing, execution of medical service, ordering, fitting, dispensing of eyeglasses and other vision corrective devices, warranties, claims
Identification data - name, surname, personal identity number (if no personal identity number, then date of birth, place of birth), personal identification document data
Contact details - phone number, email, place of residence
Health data, i.e. eye exam data, complaints, diagnosis, reasons for the examination, results, prescription for eyeglasses, prescription for contact lenses;
Reminder data on the need to perform an eye exam, including voice recording, if a call has been made regarding the need to perform an eye exam
Payment details - (invoice/receipt no., bank, account no., card no., amount payable, insurance policy details and amount covered, information on sending data to the SRS)
Loyalty programme details
Warranty details - terms, duration, type of warranty
4.4. Purpose - execution, storage and use of the patient medical records in accordance with the regulatory framework.
Identification data - name, surname, personal identity number (if no personal identity number, then date of birth, place of birth), personal identification document data
Contact details - phone number, email, place of residence
Health data, i.e. eye exam data, complaints, diagnosis, results, prescription for eyeglasses, prescription for contact lenses;
4.5. Purpose - provision of medical services
Identification data - name, surname, personal identity number (if no personal identity number, then date of birth, place of birth), personal identification document data;
Contact details - phone number, email, place of residence, place of work;
Health data
Payment details - (invoice/receipt no., bank, account no., card no., amount payable, insurance policy details and amount covered)
Data on reduced mobility (in exceptional cases)
4.6. Purpose - organisation, administration, dispatch of in-store and online store purchases
Identification data - name, surname, personal identity number (if no personal identity number, then date of birth, place of birth), personal identification document data
Contact details - phone number, email, place of residence, delivery address
Payment details - (invoice/receipt no., bank, account no., card no., amount payable, insurance policy details and amount covered, information on sending data to the SRS)
Communication data - data about notifications to Customers/Patients that an order is ready, etc.
Data needed for ordering and fitting eyeglasses, contact lenses and hearing aids
Creditworthiness check for purchase in instalments
Purchase history
4.7. Purpose - monitoring the quality of services provided/goods sold, monitoring of Customer/Patient satisfaction
Customer/Patient complaints, feedback and evaluation - summary, analysis, solutions
Guarantees, analysis of their use
Customer/Patient surveys
Communication with Customers/Patients in this context
4.8. Keeping accounts, making declarations and notifications, providing information to the authorities on payments received
Identification data - name, surname, personal identity number
Contact details - phone number, email
Payment details - (invoice/receipt no., bank, account no., card no., amount payable, insurance policy details and amount covered), outstanding balance;
Services received (used)/goods purchased
4.9. Purpose - reminder of the necessity to perform an eye test
Identification data - name, surname
Contact details - phone number, email
Date of previous eye exam and/or purchase of vision correction tools
4.10. Purpose - maintenance of the Loyalty programme
Identification data - name, surname, allocated loyalty No.
Contact details - phone number, email
Consent data - data about consent or non-consent to receive marketing communications
4.11. Purpose - sending marketing communications
Identification data - name, surname
Contact details - phone number, email
Consent data - data about consent to receive marketing communications
4.12. Purpose - maintenance and operation of websites
Consent to relevant types of cookies
Visit information, habits
Profile, user name, profile history, purchase history, payment details in the online shop
4.13. Purpose - billing, email hosting, use of courier and postal services, use of call centre services, etc., i.e. attracting business partners
Identification data - name, surname
Contact details - phone number, email, delivery address
Correspondence data
Voice recording data
4.14. Video surveillance data, from stores where video surveillance is carried out
4.15. Photos and images for OC VISION public events.
5. Legal grounds for data processing
5.1. Customer's/Patient's consent (Article 6(1)(a) of the General Data Protection Regulation) - the Customer/Patient, as the subject of the personal data, gives their own consent to the collecting and processing of personal data for specific purposes. The Customerās/Patient's consent to participate in a loyalty programme, for direct marketing purposes, to make new and personalised offers based on an analysis of their purchase history or expressed preferences. The Customerās/Patient's consent is his or her free will and a permanent decision which may be given at any time, thus allowing OC VISION to process personal data for the purposes laid down. The Customerās/Patient's consent shall be binding if it is given orally and recorded in the OC VISION systems, and/or if it is given in writing or electronically, for example, by completing a consent form to participate in a loyalty programme or by sending an electronic request after the Customer/Patient has been identified. The Customerās/Patient's consent may also be given by tacit acts, e.g., the Customer/Patient uploads his/her own data to OC VISION systems, sends and transfers data to OC VISION himself/herself. If the Customer/Patient has given his/her consent to OC VISION to process his/her data, the Customer/Patient shall be deemed to have given his/her consent to the processing of his/her data within OC VISION Group, including in the context of the brands represented by OC VISION. The Customer/Patient has the right to receive information about the processing of his/her data at any time and has the right to withdraw his/her prior consent at any time through the indicated communication channels with OC VISION. The applied changes shall come into effect within three working days. Revocation of consent shall not affect the lawfulness of processing, which is based on the consent given prior to revocation. OC VISION, for data minimisation and resource saving purposes, has the right not to store the written consents of Customers/Patients for a long period of time.
5.2. Entering into the agreement and the performance thereof (Article 6(1)(b) of the General Data Protection Regulation) ā in order for OC VISION to enter into an agreement with the Customer/Patient and perform said agreement, providing services and servicing the Customer/Patient to a level of good quality, it must collect and process certain personal data which are collected before entering into an agreement with OC VISION or during the agreement already entered into, when providing a service and/or when selling a product. In cases where the Customer/Patient has chosen to receive the purchased goods via postal or courier service, OC VISION shall be entitled to transfer the Customer's patient delivery details and contact information to the postal/courier service provider.
5.3. Legitimate interests of OC VISION (Article 6(1)(a) of the General Data Protection Regulation) ā in accordance with the interests of OC VISION, on the basis of which are provided qualitative services and timely support to the Customer/Patient, as well as the protection of its property, OC VISION has the right to process personal data of the Customer/Patient to the extent that is objectively necessary. The processing of personal data for the purposes of internal administrative processes (purchase/order registration, follow-up, complaints handling, after-sales follow-up and related services, etc.) is also a legitimate interest. Personal data processing for marketing purposes, as a result of which new and/or individual offers of OC VISION products and services are expressed to the Customer/Patient, internal customer/patient databases created, video surveillance performed in several stores, etc., shall be regarded as legitimate interests of OC VISION. Given the fact that OC VISION has several group companies and brands that it represents, within OC VISION group, companies are entitled to transfer personal data between themselves to other group companies for internal administrative purposes and to offer their services and goods to all customers/patients of OC VISION Group, provided that they have consented to receive such communications. The above-mentioned actions are attributable to the legitimate interest of OC VISION. Reminders about the necessity to perform an eye test, appointments with specialists, communications about orders placed, etc. are not considered direct marketing communications.
5.4. Compliance with the legal obligations ((Article 6(1)(c) of the General Data Protection Regulation) ā OC VISION is entitled to process personal data in order to comply with the requirements of regulatory enactments, for example, submit necessary reports and declarations, etc., as well as to respond to lawful requests of the state and local government.
5.5. Protection of essential interests (Article 6(1)(d) of the General Data Protection Regulation and Section 5, Paragraph 5 of the Law on the Rights of Patients) ā OC VISION is entitled to process personal data in order to protect the essential interests of the Customer/Patient or other natural person, for example, if processing is necessary for humanitarian purposes, monitoring of natural disasters and epidemics caused by human beings and the spread thereof, or in emergency humanitarian situations (acts of terror, in technogenic disaster situations and similar). It is also in the essential interests of the Customer/Patient to be reminded in a timely manner of the necessity to perform a regular eye exam, while the optometrist, ophthalmologist as a medical practitioner is obliged to implement such reminders as part of the follow-up care.
5.6. Performance of official authorities or interests of the public Law on the Rights of Patients (Article 6(1)(e) of the General Data Protection Regulation) ā OC VISION is entitled to process data in order to perform the task which is carried out in the interests of the public or when implementing official interests lawfully granted to OC VISION. In such cases, the grounds for personal data processing are included in the laws and regulations.
6. Rights of the Customer/Patient as a data subject
The Customer/Patient has rights with respect to the processing of his/her data that is classified as personal data under applicable laws and regulations. These rights are, broadly, to:
6.1. Receive information about the processing of their personal data, access their personal data;
6.2. Request the rectification of their personal data if the data is inaccurate, incomplete or incorrect;
6.3 Object to the processing of their personal data;
6.4. Request the deletion of their personal data if, for example, the personal data are processed based on the consent of the Customer/Patient, and this has been withdrawn. This right does not apply if the Personal data requested for deletion is being processed on another legal basis, such as a contract or obligations of relevant laws and regulations, or if their preservation is required by existing legal requirements.
6.5. Limit the processing of their personal data in accordance with applicable laws and regulations when, for example, OC VISION is evaluating whether the Customer/Patient has the right to the deletion of their Personal data.
6.6. Receive the personal data that the Customer/Patient has provided to OC VISION and which are processed on the basis of consent and the contract in writing, or in one of the frequently used electronic formats and, if possible, to transfer such data to another service provider (data portability).
6.7. Withdraw consent regarding the processing of their personal data.
6.8. Not be subject to fully automated decision-making, including profiling, where such decision-making has legal consequences or similarly significantly affects the Customer/Patient.
6.9. File complaints about the use of personal data to the Data State Inspectorate (www.dvi.gov.lv) if the Customer/Patient believes that the processing of their personal data infringes their rights and interests in accordance with the applicable laws and regulations.
7. Obligations of the Customer/Patient
7.1. The Customer/Patient is not entitled to transfer his/her OC VISION systems access data to other persons; each Customer/Patient is responsible for any access to OC VISION systems involving the use of his/her access data.
7.2. Each Customer/Patient is responsible for the accuracy of the data provided to OC VISION. In the event of a change in the Customer's/Patient's personal data, the Client is obliged to notify OC VISION.
7.3. In cases when the Customer/Patient visits an OC VISION medical specialist, the Customer/Patient is obliged to present a valid personal identification document, which in the Republic of Latvia is a passport or identity card (ID card); in cases when the Customer/Patient wishes to use the insurance policy and/or any discounts, the Customer/Patient must present the relevant document. The insurance policy can only be used by the person in whose name it is issued.
7.4. In cases when the Customer/Patient has logged into the OC VISION system (portal), the Customer/Patient is responsible for logging out/terminating the work session from the OC VISION system (portal) when the work is completed.
8. Profiling of the personal data of the Customers/Patients as data processing
8.1. Profiling is automated personal data processing of any type which expresses itself as the use of personal data with a view to assess particular personal aspects related to a natural person, especially to analyse or forecast aspects in relation to personal desires, interests, reliability, location or movement of the abovementioned natural person;
8.2 OC VISION may carry out profiling when processing the Customer's/Patient's personal data, but this will not have legal consequences for the Customer/Patient. The Customer/Patient has the right to object to automated decision-making at any time and to not be the subject of such a decision.
8.3. Direct marketing and justification to send commercial notifications to the Customer: If the Customer/Patient has ever provided his/her freely given consent and has not recalled it, OC VISION carries out direct marketing (marketing) by distributing commercial notifications in order for the Customer/Patient to be kept informed regarding new, modern products and/or services created especially for the Customer/Patient, and also special contract provisions (for example, discounts). The Customer/Patient has the right to refuse the receipt of commercial communications at any time and free of charge by informing OC VISION.
9. Cookies
9.1. Cookies are small text files which are created and saved on the device of the Customer/Patient (computer, tablet, mobile phone and similar) upon visiting the internet sites of OC VISION. Cookies ārememberā the experience and basic information of the user and thus improve the convenience of use of OC VISION websites.
9.2. With the help of cookies, the common habits and history of use of the site by users are processed, problems and deficiencies in the operation of the site are diagnosed, statistics of user habits are collected, and the complete and convenient use of the functionality of the site is ensured.
9.3. If the Customer/Patient does not want to allow the use of cookies or any form of cookies, the Customer/Patient can change this function in the settings of his or her browser. However, in such a case, the use of the site may be significantly disturbed and encumbered. Deletion of saved cookies is possible in the settings of the browser of the device by deleting the history of saved cookies.
9.4. OC VISION-maintained sites use necessary statistical and marketing data.
10. Retention period
Personal data is only processed for as long as necessary for achieving the purpose of processing, for example:
-
the data are necessary for the purpose for which they were collected;
-
while there is a valid agreement concluded with you or service is being provided;
-
while the application is fully considered and/or executed;
-
while OC VISION or the Customer/Patient can exercise their legitimate interests in accordance with the procedures established by law;
-
while OC VISION is legally bound to retain the data;
-
while the Customer's/Patient's consent to the relevant processing of personal data is in force, unless there is no other legitimate basis for the processing of data;
The storage period can be justified with OC VISIONās legitimate interests or applicable laws and regulations (e.g., laws and regulations on accounting, Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing, Civil Law, etc.), the need to complete legal proceedings, etc.
The Customer/Patient can find out more about the retention periods for personal data by contacting us at the email address provided in this Policy.
The Customerās/Patient's consent to be a member of the loyalty programme and/or consent to receive direct marketing offers shall be retained by OC VISION for the duration of the loyalty programme and/or for 3 (three) years.
11. Method of data collection
OC VISION obtains personal data of the Customer/Patient when the Customer/Patient:
11.1. makes an appointment with a specialist;
11.2. undergoes an eye exam;
11.3. creates a customer profile on the OC VISION website, entering his/her personal data;
11.4. purchases and uses OC VISION products or services, including warranties offered by OC VISION;
11.5. signs up for the loyalty programme and/or signs up for newsletters or receiving other services from OC VISION;
11.6. asks OC VISION for more information about the product or service purchased by the Customer/Patient;
11.7. contacts OC VISION in connection with a complaint or request for information;
11.8. expresses objections, requests guarantees for the product sold or service provided by OC VISION;
11.9. participates in competitions, lotteries, surveys, provides feedback/evaluation of goods purchased, services received;
11.10. visits or browses the OC VISION websites, performs any actions on them;
11.11. is filmed by OC VISION video surveillance equipment in OC VISION stores;
11.12. is filmed and photographed, interviewed at OC VISION public events, etc.
12. Protection of Customer's/Patient's data
12.1. OC VISION ensures, reviews on a regular basis and improves protection measures in order to protect the personal data of the Customer/Patient from unauthorised access, accidental loss, disclosure or destruction. In order to ensure this, OC VISION uses modern technologies, technical and organisational requirements, including using firewalls, break-in detection, analysis software and data encryption.
12.2. OC VISION carefully checks all service providers which process the personal data of the Customer/Patient on behalf of and in accordance with the assignment by OC VISION, and also assesses whether co-operation partners (personal data processors) use appropriate security measures in order for the processing of personal data of the Customer/Patient to be performed in conformity with the policy of OC VISION and the requirements of laws and regulations. Co-operation partners are not permitted to process personal data of the Customer/Patient for their own purposes.
12.3. OC VISION shall not be held liable for any unauthorised access to personal data and/or personal data loss if such is not dependent on OC VISION, for example, due to the fault and/or negligence of the Customer/Patient.
12.4. If the Customer/Patient visits an OC VISION website, the processing of his/her data (e.g., IP address) is initiated; if he/she continues to visit the website, the processing continues; if he/she clicks on Facebook, Instagram or other links, the data subjectās data will be processed by the operators of the website, such as Facebook or Instagram, and they will access the data of the Customer/Patient in accordance with their terms, which we recommend consulting on the website of the respective service provider. OC VISION is not responsible for the processing of personal data by other service providers.
13. Processing area
13.1. Personal data is generally processed within the European Union/European Economic Area (EU/EEA), but may in some cases be transferred to and processed in countries outside the EU/EEA;
13.2. The transfer and processing of personal data outside the EU/EEA may take place where there are legal grounds for doing so, namely, to comply with a legal obligation, to enter into or perform an agreement, or in accordance with the Customerās/Patient's consent, and appropriate security measures have been taken. Examples of appropriate security measures include:
- There is an agreement in place, including standard clauses or other approved terms of an EU agreement, code of conduct, certifications, etc., which have been approved under the General Data Protection Regulation;
- In the non-EU/EEA country where the recipient is located, an adequate level of data protection is ensured in accordance with the EU Commission Decision;
13.3. Upon request, the Customer/Patient may obtain more detailed information on the transfer of personal data to countries outside the EU/EEA.
14. Contact details
14.1. The Customer/Patient may contact OC VISION about this Privacy Policy, its application, issues related to the processing of his/her personal data, withdrawal of consent, requests, exercise of data subjectsā rights and complaints about the processing of personal data.
14.2. OC VISIONās contact details are available at: www.ocvision.eu in the contact section.
14.3. Contact details of the Data Protection Officer of OC VISION: gdpr@ocvision.eu or Elijas iela 17 - 4, Riga, LV-1050 marked āData Protection Officerā.