Privacy Policy

Privacy policy

This policy explains how we collect and use your information and relates to websites operated from time to time by Opticron. We collect various types of information about you through your use of our websites to help us improve the services we offer and to allow us to deliver certain services. In doing this we may collect anonymous information about you through the use of cookies.

What information do we collect?

In order to process requests for product information and to provide other services that you request including processing and taking payment for orders for goods or services, it may be necessary to collect and store personally identifiable information about you.

The type of personally identifiable information that may be collected includes, but is not limited to: your name, address, e-mail address, types of product purchased and telephone number. This information is only used to enable us to deliver the specific service requested and will not used for any marketing or other distance selling activities unless you give us specific permission to do so.

In addition, we may collect anonymous information about you and your website usage through the use of cookies. Such information will not be personally identifiable to you. If you choose, you may opt out of allowing our cookies to collect information about you. For further information please go to the section on cookies below.

How we use cookies

Opticron uses Google Analytics to help improve the content shown on its websites. Google Analytics uses cookies to define user sessions, as well as to provide a number of key features in the reports that we use. Google Analytics sets or updates cookies only to collect data required for the reports. Additionally, Google Analytics uses first-party cookies. This means that all cookies set by Google Analytics send data only to the servers for Opticron domains. The data cannot be altered or retrieved by any service on another domain.

The following cookies are set and used by Google Analytics on Opticron websites:

___utmb - used to set browsing session information
___utmc - used to set browsing session information
___utma - used to set unique visitor information
___utmz - used to set traffic source and navigation information

More information on Google Analytics cookies can be found here

How to manage or refuse cookies

If you do not want your browser to accept and use cookies, it is possible to change your browser settings. It is also possible to delete existing cookies from your browser. However, blocking all cookies will affect your browsing experience and may result in some parts of some websites not functioning properly. The procedure for modifying your privacy preferences is different for each internet browser and we recommend you visit the following websites for further information on altering your cookie settings:

www.aboutcookies.org
www.allaboutcookies.org

For more detailed information on how to clear or disable all of your browser cookies, please click here.

Data processing & General Data Protection Regulation ("GDPR")

The data we collect on this website is stored on servers based in the UK and the relevant data protection regime that applies to our processing is the UK GDPR and Data Protection Act 2018 (referred to jointly as GDPR hereafter)*. We ask that you read this Privacy Notice carefully as it contains important information about our processing of data and your rights.

Under the GDPR the following provisions apply where "we" means you as a user of the website and data subject and Opticron as the operator of the website and data processor:

  1. we both acknowledge and agree that we both will comply with our obligations under the GDPR;
  2. Opticron shall:
    1. process personal data only on documented instructions from you (which instructions include the submission of an order for processing via the website or by telephone), including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by UK law to which Opticron is subject; in such a case, Opticron shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
    2. ensure that persons authorised to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
    3. take all measures required pursuant to articles of the GDPR relating to security of processing including by taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Opticron shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk;
    4. respect the conditions referred to in the GDPR for engaging another processor including that (i) Opticron shall not engage another processor without prior specific or general written authorisation of you. In the case of general written authorisation, Opticron shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes and (ii) where Opticron engages another processor for carrying out specific processing activities on behalf of you, the same data protection obligations as set out in this agreement or other legal act between you and Opticron shall be imposed on that other processor by way of a contract or other legal act under UK law, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR and where that other processor fails to fulfil its data protection obligations, Opticron shall remain fully liable to you for the performance of that other processor's obligations;
    5. taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject's rights;
    6. assist you in ensuring compliance with the obligations pursuant to security of processing, notification of a personal data breach to the supervisory authority, communication of a personal data breach to the data subject, data protection impact assessment and prior consultation that are contained in the GDPR taking into account the nature of processing and the information available to Opticron;
    7. at your choice, delete or return all the personal data to you after the end of the provision of services relating to processing, and delete existing copies unless UK law requires storage of the personal data;
    8. make available to you all information necessary to demonstrate compliance with the obligations laid down in these provisions and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you;
    9. maintain a record of all categories of processing activities carried out on behalf of you, containing: (a) the name and contact details of the processor or processors and of you on behalf of who Opticron is acting, and, where applicable, of you or our representative, and the data protection officer; (b) the categories of processing carried out on behalf of you; (c) where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and the documentation of suitable safeguards if applicable; (d) where possible, a general description of the technical and organisational security measures referred to in articles relating to security of processing.

* Please note that as of 1st January 2021, data protection laws in the UK changed. The General Data Protection Regulation (EU) 2016/679(GDPR) no longer applies to the UK. However, the UK has incorporated GDPR into domestic law subject to minor technical changes. The Data Protection, Privacy and Electronic Communications (Amendment etc.) EU exit Regulations (DPPEC) came into force in the UK on 1st January 2021. This consolidates and amends the GDPR and UK Data Protection Act 2018 to create the new UK GDPR.