Waldo Privacy Notice
This is the Privacy Notice of Ainsly Ltd (Company number: 10588575) ('we', 'us'), which trades as Waldo and operates www.hiwaldo.com ('our website'). We refer to our website, all features, functionality and content of our website as the ‘Services’.
The protection of your personal information is of utmost importance to us, so we set out herein how we collect and process personal information about you (referred throughout as ‘Personal Data’), how we use and protect your Personal Data, and your rights in relation thereto. In simplest terms, Personal Data is information, or a combination of pieces of information, that could reasonably allow you to be identified. By using our website and/or using the Services, you are accepting and consenting to the collection, use, disclosure and other handling of your Personal Data as described below.
For the purposes of the EU General Data Protection Regulation (‘GDPR’), we are the controller of your Personal Data.
1. Personal Data collected or received from you
In the course of providing our Services, we collect or receive your Personal Data in a few different ways. Often, you choose what information to provide about yourself, but sometimes we require certain information for you to use and for us to provide you the Services.
A. Personal Data you provide directly to us
When you use the Services or engage in certain activities, such as registering for an account with Waldo, requesting Services or information, or contacting us directly, we may ask you to provide some or all of the following types of information:
- Contact and profile information: namely, your first and last name, email address, postal address (including postcode) and telephone number.
- Account information: namely, your email address, password, log-in details, transaction details and successful referrals.
- Lens prescription: namely, the power for each eye which we require to provide you with the lens products that you order from us and may include any photos of your prescription you email to us or upload to your profile.
- Survey responses: we may, from time to time, run surveys on the website for research purposes. Customers may be asked to provide certain information such as why he or she cancelled their prescription, what they like about the product, and how they feel about interactions with customer service. If you choose to respond to or participate in them, you may be required to provide Personal Data.
- Communications to us: for example reporting a problem or submitting queries, concerns or comments regarding our website, its content or your account.
You are under no obligation to provide any such Personal Data. However, if you should choose to withhold requested information, we may not be able to provide you with certain Services.
B. Personal Data that may be automatically collected
We, along with third parties, also may collect Personal Data about you, your computer or device and your use of the Service via automated means (for more information about these technologies, see our separate Cookies Policy. This Personal Data may include:
- Personal Data about your visits to the website and use of the Services, the resources you access, any data you download and information related to the ways in which you interact with the website and the Services.
- IP addresses (including the general information in such address, such as city, county and postcode), unique device identifiers, other information about your mobile phone or other mobile device(s), browser types and browser language.
- Referral pages and links, URLs, number of clicks, pages viewed, how long you're on a page, your search queries and results.
- Personal Data about your device, computer and/or browser you use as well as the device's operating system. This may include your device hardware model, operating system version, or mobile network information.
We may also combine Personal Data that we collect from you with Personal Data we obtain about you from third parties and affiliates.
C. Personal Data from third parties
We may obtain additional information about you from third parties such as marketers, partners, researchers and others, but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your Personal Data to us.
We use the information we receive from these third parties to maintain and improve the accuracy of the records we hold about you, and to offer you products that we believe you would be interested in.
D. Anonymous, pseudonymous or de-identified data
We may use Personal Data and other information about you to create anonymized and aggregated information, such as de-identified demographic information, de-identified location information, information about the computer or device from which you access the Services, or other analyses we create. Anonymized and aggregated information is used for a variety of functions, including the measurement of visitors’ interest in and use of various portions or features of the Services. Anonymized or aggregated information is not Personal Data, and we may use such information in a number of ways, including research, internal analysis, analytics, and any other legally permissible purposes. Our use and disclosure of anonymised and/or de-identified information is not subject to any restrictions under this Privacy Notice and we may disclose it to others without limitation for any purpose.
We may pseudonymise your data through a technique called "hashing". We may use pseudonymised data with our partners (such as Facebook) to find additional potential customers for our products and services by finding people with similar preferences. These partners will keep the data secure and will only use such data for the purpose for which we provide it to them.
2. How we use your Personal Data and the basis on which we use it
We may use your Personal Data for the following purposes:
- Identification and authentication: we use your identification information to verify your identity when you access and use our website and to ensure the security of your Personal Data. We use your Personal Data for this purpose so that we can comply with our contractual obligations to you.
- Processing orders: we use your Personal Data to process the orders you have requested and notify you of your order status. This is so we can provide the services to you in line with our contractual obligations to you.
- Improving our website and services: we analyse information about how you use our website and services to provide an improved experience for our customers. It is in our legitimate business interests to use the information provided to us for this purpose, so we can understand any issues with our website and services to improve it.
- Communicating with you: we may use any of the categories of your Personal Data when we communicate with you, for example if we are providing information about changes to our website or Services or if you contact us with questions. It is in our legitimate interests that we are able to provide you with appropriate responses and provide you with notice about our services.
- Marketing: we may use your Personal Data to personalize the marketing messages and special offers we send to you, to make them more relevant and interesting, as this is in our legitimate business interests. Where necessary, we will obtain your consent first. If you do not want to receive marketing messages from us, you can opt-out using the 'Unsubscribe' functionality in our communications to you or by contacting us at the details below.
- Exercising our rights: we may use any of the categories of your Personal Data to exercise our legal rights where it is necessary to do so, for example to detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or the contract.
4. Information sharing
We may share your Personal Data with third parties under the following circumstances:
- Service providers and business partners. We may share your Personal Data with our service providers and business partners that perform marketing services and other business operations for us. For example, we currently, and may in the future, partner with other companies to process secure payments, fulfil orders, optimize our services, send newsletters and marketing emails, support email and messaging services and analyse information. Our service providers and business partners will only act as processors on our behalf and use your information to the extent and for the duration necessary to perform their functions.
- Public information. If you post information or content publicly on or through the Services (including when you submit comments or reviews of our products or Services), or post content publicly elsewhere, including on your social media accounts, that relates to us or the Services, we may receive and share that public information with third parties, based on our legitimate business interest in marketing our products and services.
- Disclosures to Protect Us or Others (e.g., As Required by Law and Similar Disclosures). We may access, preserve, and disclose your Personal Data, other account information, and content if we believe doing so is required or appropriate to: (i) comply with law enforcement or national security requests and legal process, such as a court order or subpoena; (ii) respond to your requests; (iii) protect yours’, ours’ or others’ rights, property, or safety; (iv) to enforce Waldo policies or contracts; (v) to collect amounts owed to us; (vi) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity; or (vii) if we, in good faith, believe that disclosure is otherwise necessary or advisable.
- Interest-Based Advertising and Third Party Marketing. We may use third-party Web analytics Services on the website, such as those of Google Analytics. We may also share certain information about you and the device you use to access the Services in order to deliver tailored advertising. These service providers use the technology described in the ‘Personal Data and automated collection’ section and our Cookies Policy to help us analyse how users use the website and to deliver advertising. The information collected by the technology (including your IP address) will be disclosed to or collected directly by these services providers, who use the information to evaluate your use of the website. Learn about opting out of Google Analytics.
5. Information security and storage
We implement technical and organisational measures designed to safeguard the privacy of your Personal Data from loss, alteration, unauthorised access or improper use. These measures are aimed at ensuring the on-going integrity and confidentiality of Personal Data. To this end, we regularly evaluate our security measures to ensure the security of the processing and only authorised personnel have access to our customers’ Personal Data. Backups are run to prevent loss of information and our internet servers are housed in secure facilities. Whilst we cannot guarantee or warrant that loss, alteration, unauthorised access or improper use of information will never occur, we use all reasonable efforts to prevent it.
Unfortunately, despite these measures, the transmission of information via the internet is never completely secure. Although we will do our best to protect your Personal Data, we cannot guarantee the security of your data transmitted to the website, and any transmission is at your own risk.
You can help us prevent unauthorized access to your Waldo account and your Personal Data by choosing a secure password and protecting it appropriately and limiting access to your device and browser by logging out of your account after you have finished your session. Finally, we recommend that you change your password from time to time for additional security. Please advise us immediately if there is any unauthorised use of your account by any other Internet user or any other breach of security.
6. International data transfer
Your Personal Data may be transferred to, stored, and processed in a country outside of the European Economic Area, one which is not subject to an adequacy decision of the European Commission and which therefore may not be regarded as ensuring an adequate level of protection for Personal Data under European Union law.
When we do, we put in place appropriate safeguards in accordance with applicable legal requirements to ensure that your data is adequately protected, for instance by using contracts with standard provisions approved by the European Commission that give Personal Data the same protection it has in Europe. For more information on the appropriate safeguards in place, please contact us at the details below.
We keep your Personal Data for as long as you have an active account with us, or as otherwise necessary for the purposes described in this Privacy Notice as updated from time to time. When determining any longer retention period, we consider what is necessary to comply with our legal obligations (such as financial reporting obligations) and the expectations of regulators (including data protection regulators), resolve disputes or collect fees owed, conduct audits, as well as the amount of time which personal data is actually useful for the purposes described in this Privacy Notice. Afterwards, we dispose of your Personal Data securely, but may retain some information in a depersonalized or aggregated form but not in a way that would identify you personally. [Without limitation of the foregoing, we keep your personal health data for three (3) years after you are no longer a customer.]
As stated above, you can request us to erase some or all of your Personal Data from our systems, and you can delete your account with us at any time, by contacting us using the contact details set out below.
8. Your rights over your personal data
You have certain rights regarding your Personal Data, including those set forth below, which you can exercise by contacting us using the contact details below. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. Please note that we will likely require additional information from you in order to honour your requests.
- Right of Access: You can request more information about the Personal Data we hold about you, and you can request a copy of your Personal Data. If you have an active account with us, you can also access your Personal Data by visiting your account settings on our website.
- Right of Correction: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such Personal Data. You can also correct some of this Personal Data directly by visiting your account settings on our website. We encourage you to contact us to update or correct your information if it changes or if the Personal Data we hold about you is inaccurate.
- Right of Erasure: Where permissible, you can request that we erase some or all of your Personal Data from our systems. You can also delete your account with us at any time by emailing us using the contact details below.
- Right to Withdraw Consent: if we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent. You have the right to opt-out of marketing communications we send you at any time by clicking on the “unsubscribe here” link in the marketing emails we send you.
- Right to Object to or Restrict Processing: Where permissible, you can let us know that you object to the further use or disclosure of your Personal Data for certain purposes, such as marketing to you, and you can also ask us to restrict further processing of your Personal Data.
- Right to Data Portability: Where permissible, you can ask for a copy of your Personal Data in a machine-readable format, and you can also request that we transmit the data to another controller where technically feasible.
- Right to Lodge a Complaint: You have the right to lodge a complaint about our practices with respect to your Personal Data with the supervisory authority of your country or EU Member State. Please visit http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm for more information.
9. External Links
Our website may contain links to external websites. We assume no responsibility for the privacy practices or the content of those websites. Therefore, please read carefully any privacy policies on those websites before either agreeing to their terms or using those websites.
10. Contact us
If you want to access or make any corrections to your Personal Data held by us or if you need to contact us in connection with our use of your Personal Data, then please contact [firstname.lastname@example.org]. We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to make a complaint to the UK Information Commissioner's' Office using their website https://www.ico.org.uk.
11. Changes to the policy
You may request a copy of this privacy notice from us using the contact details set out above. We may modify or update this privacy notice from time to time. You will be able to see when we last updated the privacy notice because we will include a revision date. Changes and additions to this privacy notice are effective from the date on which they are posted. Please review this privacy notice from time to time to check whether we have made any changes to the way in which we use your Personal Data.