Privacy Policy

We are committed to protecting your personal data under the UK GDPR and the Data Protection Act 2018. This Privacy Policy explains how we collect, use, share, and protect your information when you use our website and services.

1. Data Controller

Principal Optical Glazing Ltd is the data controller. You can contact our Data Protection Officer at support@poglenses.co.uk.

2. Data We Collect

• Identity Data: your name and date of birth
• Contact Data: postal address, email address, and phone number
• Health Data: prescription details (classified as special category data)
• Technical Data: IP address, device/browser information, browsing activity, and cookies

3. Purposes & Legal Basis

We process your data to:

• Perform our contract with you (Article 6(1)(b) GDPR)
• Comply with legal obligations for medical devices (Medical Devices Regulations 2002)
• With your consent, send marketing communications (Article 6(1)(a) GDPR)
• Process health data necessary for providing prescription lenses (Article 9(2)(h) GDPR)

4. Data Sharing & Transfers

We share your data with:

• Manufacturing partners to produce your lenses
• Shipping providers to deliver orders
• Our professional advisors (e.g., legal, IT)

Any international transfers are secured by Standard Contractual Clauses or other approved mechanisms.

5. Your Rights

You have the right to:

• Access and receive a copy of your data
• Rectify inaccurate data
• Erase data (where we have no overriding legal basis to retain it)
• Restrict or object to our processing
• Data portability
• Lodge a complaint with the Information Commissioner’s Office (ICO)

6. Retention

We retain prescription and order records for a minimum of five years as required by the Medicines and Healthcare products Regulatory Agency (MHRA) or longer if required by law.