Privacy Policy
- GENERAL PROVISIONS
This privacy policy (hereinafter referred to as the “Privacy Policy“) explains how UAB “Pasaulio optika”, a Lithuanian company, duly registered and operating in the Republic of Lithuania, legal entity code 302786149, registered office address Ukmergės g. 364-42, Vilnius, Lithuania (hereinafter referred to as the “Company“), collects and uses the information you provide when you use any of our web sites https://www.optikospasaulis.lt/, https://op.lt/, hereinafter referred to as the “Websites“) or any other services offered by the Company (hereinafter referred to as the “Services“). In such cases, the Company acts as the controller of such personal data.
This Privacy Policy applies to all persons, including persons who are not direct customers of the Company, who visit the Company’s website or contact the Company by telephone or e-mail.
Individuals are deemed to be aware of this Privacy Policy when they fill in any document, form and form provided by the Company’s representatives, partners or employees of the optical shops, indicating that they are aware of the Privacy Policy.
When using our Website or the services provided by the Company, please familiarize yourself with the Privacy Policy and the personal data processing practices and procedures described therein in order to learn how we collect, use, transfer and store your personal data.
In this Privacy Policy, reference to “your personal data” means any information relating to you that you have provided or that may have been obtained through your use of our Website, where we can identify you from that data, or personal data that we process in connection with your use of other services provided by the Company.
Our aim is to process only those of your personal data that you have voluntarily provided to us after having received detailed information about the purposes of the processing and those data that are necessary for the provision of the Services to you (performance of our contracts with you), for the implementation of legal requirements and for the performance of our business.
We process personal data in accordance with this Privacy Policy and the applicable data protection legislation, including the General Data Protection Regulation (2016/679) (“GDPR“).
- LEGAL BASIS
We rely on one of the following legal bases for processing your personal data:
Basis for performance of the contract. Applicable where the processing of your personal data is necessary for the performance of our obligations to you under a contract, e.g. to perform/receive payment for services.
Basis for the legal requirement. Applicable where the Company is obliged by law or regulation to process your personal data, e.g. for tax accounting purposes, for the purpose of providing personal data to public authorities or the police.
Legal basis for consent. Applies when you give your explicit consent to specific named processing activities. If the personal data you have provided is processed on the basis of your consent, you may withdraw your consent at any time by contacting us at the following email address. privatumas@optikospasaulis.lt.
Legitimate interest grounds. Applicable where the processing of your personal data does not infringe your legitimate interests and may be useful for the development of the Company’s services or for ensuring the efficiency or security of the Company’s services, such as. We provide a convenient platform for website visitors to ask questions about the Company’s services, or to prevent fraud and crime, or to protect the Company’s assets and information technology systems.
- WHAT INFORMATION WE COLLECT AND FOR WHAT PURPOSES WE USE IT
We collect your personal data only to the extent that it is necessary for the provision of services to you or we have another lawful basis for processing your personal data.
We will process the personal data you provide in accordance with the Privacy Policy and the relevant requirements of personal data protection legislation. Your personal data will not be used for purposes other than those provided at the time of receipt, unless we have another reasonable lawful basis for processing your personal data.
Below we provide information on what personal data we process depending on the purpose for which we receive it and distinguish which legal basis under the GDPR we rely on:
| Legal basis and purpose of processing | Contract performance (for glasses or contact lenses) Applies to: orders.opticalpliuservice.lt, op.lt, lesiai.lt, partner.kavita.com |
| Data categories | – Name, surname – Telephone number, – Address – Health data: o The refraction of spectacle lenses requires the following data (not all of which are necessary): sphere, cylinder, axis, distance between pupils. |
| Time limit for data processing | 2 years |
| We get our data from | – Website data entry forms; – Optical World Shop filling in a customer’s vision or hearing screening data |
| We provide or transfer data | – For companies cutting spectacle lenses – For companies selling glasses and other optical goods |
| Legal basis and purpose of processing | Establishing a contract with you (registration for vision or hearing screening) Applicable: familiaclinica.lt, optikospaulis.lt, System POLIS |
| Data categories | – Name, surname – Personal code – Date of birth – Telephone number, – Address – Medical data: if the patient provides it in the comments area. |
| Time limit for data processing | 1 year |
| We get our data from | – Enquiry forms on websites – Registering for a sight or visit from online forms – In case of an email or telephone registration with the Customer Service Department – From the online registration system mano-daktaras.lt. |
| We provide or transfer data | – For an optician – Clinic administration |
| Legal basis and purpose of processing | Contract performance (vision screening) |
| Data categories | – Name, surname – Date of birth – Personal identification number (POLIS only) – Telephone number, – Address – Health data is collected at the time of the eye screening (not all of it is collected for every screening): – Sphere – Cylinder – Axis – Distance between pupils – Base curve – Diagnosis – League – Eye pressure parameters |
| Time limit for data processing | The records are kept for 15 years from the last patient visit in accordance with the Order of the Minister of Health of the Republic of Lithuania No. 515 “On the Procedure for Record-keeping and Reporting of the Activities of Health Care Institutions”. |
| We get our data from | – When registering for a sight visit from the Website forms – In case of an email or telephone registration with the Customer Service Department – From the online registration system mano-daktaras.lt. |
| We provide or transfer data | – For companies cutting spectacle lenses – For companies selling glasses and other optical goods |
| Legal basis and purpose of processing | Performing your contract (hearing screening) |
| Data categories | – Name, surname – Date of birth – Telephone number, – Address – Health data is collected at the time of the hearing screening (not all of it is collected for every screening): – Description of the ear examination – Information provided by the patient about their hearing condition – Hearing test description, audiogram data |
| Time limit for data processing | The records are kept for 15 years from the last patient visit in accordance with Order No 515 of the Minister of Health of the Republic of Lithuania “On the Procedure for Record-keeping and Reporting of the Activities of Health Care Institutions”. |
| We get our data from | – When registering for a hearing visit from the online forms – In case of an email or telephone registration with the Customer Service Department – From the online registration system mano-daktaras.lt. |
| We provide or transfer data | – For companies cutting spectacle lenses – For companies selling glasses and other optical goods |
| Legal basis and purpose of processing | Performance of the contract with you (when you use insurance to buy glasses or contact lenses) |
| Data categories | Insurance companies provide the following data in the online system: – Insurance card number – Personal identification number or the last 4 digits of the personal identification number The “Report on insurance services provided to the customer” form shall contain the following information: – Service Authorisation Number (depersonalised system number) – Insurance company – Health insurance ID card number (optional) – Address of the shop / opticians / clinic where the service was provided or the product was sold – Name of the product/service – Disease code – Price of the product/service – Amount reimbursed by insurance – Amount of client premium Note: The customer signs at the bottom of the form agreeing that he/she has received the services and goods of a satisfactory quality, and agrees to the rules on the use of personal data. |
| Time limit for data processing | – “Report on insurance services provided to the client” for up to 1 year; – Customer data in the insurance portal – determined individually by insurance companies |
| We get our data from | The data is provided to the opticians’ consultants by the customers. |
| We provide or transfer data | We provide the following insurance companies with data about their customers: – Gjensidige – Compensa – BTA – IF – Lietuvos Draudimas – Ergo – Seesam |
| Legal basis and purpose of processing | Our legal obligation (obligation to transmit health data to public registers). |
| Data categories | Data is provided according to the guidelines developed by the Lithuanian Opticians Association: – Complaints, medical history – Condition assessment information – Objective assessment of condition (blood pressure, height, pulse and body weight); – Diagnosis – Type of visit – Description – Description of the research/consultation plan – Description of treatment |
| Time limit for data processing | Stored for 2 years after cancellation of the patient’s account (in accordance with the Order “On the approval of the description of the protection of personal data processed in the self-service of the State Enterprise Centre of Registers”) |
| We get our data from | Patients provide data to Optometrists and Doctors. |
| We provide or transfer data | ESPBI IS |
| Legal basis and purpose of processing | Contract fulfilment (when purchasing a gift voucher)
|
| Data categories | In the case of an e-shopper: – Name, surname – Telephone number, – Address In the e-shop, to the person to whom the e-gift card is given: – First name, Last name |
| Time limit for data processing | 2 years |
| We get our data from | Online shop op.lt |
| We provide or transfer data | Data is not transferred outside the Company |
| Legal basis and purpose of processing | Our legitimate interest (online enquiry form – for the purpose of responding to customer enquiries and ensuring quality of service) |
| Data categories | – Name – Telephone |
| Time limit for data processing | Up to one year, depending on the nature of the enquiry, after which the data will be destroyed or depersonalised. |
| We get our data from | https://www.optikospasaulis.lt/kontaktai contact form |
| We provide or transfer data | Data is not transferred outside the Company |
| Legal basis and purpose of processing | Our legitimate interest (video surveillance for asset protection purposes) Applicable: – Optical salons with CCTV cameras – Company offices in Vilnius and Mažeikiai – At the company’s warehouse in Mažeikiai |
| Data categories | – Capturing images of shop and office visitors using video recording technology and accompanying software. – Video recording of warehouse workers. |
| Time limit for data processing | Up to 3 days for optical salons Offices up to 30 days |
| We get our data from | Data subjects captured in video footage |
| We provide or transfer data | – Police in case of incidents – Insurance companies; – For courier services. |
| Legal basis and purpose of processing | Your consent (virtual hearing and vision tests, offer of relevant products) |
| Data categories | After the virtual test, the test data is not stored anywhere, but is only displayed on the screen for the visitor. A button for registering for a vision or hearing screening is also displayed. If the visitor chooses to fill in a form to register for a visit: – Name, surname – Personal code – Date of birth – Telephone number, – Address – Medical data: if the patient provides it in the comments area. |
| Time limit for data processing | Registration data for the visit 1 year Email in newsletter system 2 years |
| We get our data from | Virtual test taker |
| We provide or transfer data | The data may be transferred to UAB Optical Plius Service if the patient decides to have glasses made after the registration visit and the production order is recorded in the order.opticalpliusservice.lt system. Email data is forwarded to the Company’s newsletter system. |
| Legal basis and purpose of processing | Execution of a contract with you (for the purpose of administering the Company’s loyalty programme) |
| Data categories | – Name, surname – Telephone number, – Address – Date of birth |
| Time limit for data processing | For the duration of the loyalty programme, up to a maximum of 5 years from the last use of the card (5 years after the last issue of the loyalty card, the person is informed of the need to renew the loyalty card). |
| We get our data from | The person who filled in the loyalty card application form |
| We provide or transfer data | The data may be transferred to UAB Optical Plius Service if the patient decides to make glasses after registering in the loyalty programme and the production order is recorded in the order.opticalpliusservice.lt system. Email data is forwarded to the Company’s newsletter system. |
| Legal basis and purpose of processing | Our legitimate interest (offering relevant products to existing customers) The Company may send to persons who have provided their contact details at the time of the sale of the goods information by electronic means (e-mail, SMS) relating to goods and services similar to those for which the contact details were obtained at the time of the sale. In the event that a person does not wish to receive such offers, he or she may inform the Company of his or her refusal of such offers by e-mail privatumas@optikospasaulis.lt or by clicking on the unsubscribe link in any newsletter notification of offers received. |
| Data categories | – Name, surname – Telephone number, – Address – Date of birth |
| Time limit for data processing | 5 years |
| We get our data from | Customer using the Company’s services or purchasing goods from the Company |
| We provide or transfer data | Data is not transferred outside the Company |
| Legal basis and purpose of processing | Our legitimate interest (for the purpose of assessing and selecting prospective employees or persons otherwise employed on an employment relationship basis) |
| Data categories | – Name, surname – Email address – Telephone number – Address – CV access data: o professional qualifications o education data o the data you provided during the selection process |
| Time limit for data processing | Until the end of the selection process |
| We get our data from | – By email – From the employment service – Recruitment portals (e.g. cv.lt) |
| We provide or transfer data | In cases where candidates may meet the human resources needs of other companies in the Kavita UAB group, their data is passed on to the managers of those companies. |
| Legal basis and purpose of processing | Our legitimate interest (recording telephone conversations – to ensure the quality of our services) |
| Data categories | The following data is recorded by the chat system – Telephone number – An audio recording of the client presenting data on different topics: o In case of registration for a visit – First name, Last name – Telephone number – Purpose of the visit o A call from an optical consultant: – The reason for the call (problem, ordering goods, etc.) |
| Time limit for data processing | 5 years |
| We get our data from | Callers |
| We provide or transfer data | Data is not transferred outside the Company |
| Legal basis and purpose of processing | Executing a request for a cooperation programme (for the purpose of administering the company’s cooperation programme) |
| Data categories | – Company name; – Company code; – Company address; – Name of company representative; – E-mail address of the company representative; – Telephone number of the company representative; – Contact person’s email address; – Phone number of the contact person; – Name of the signatory. |
| Time limit for data processing | Data for the receipt of a query offer for up to one year, after which the data will be destroyed or depersonalised. |
| We get our data from | – Enquiries forms to receive a proposal for a cooperation programme; |
| We provide or transfer data | Data is not transferred outside the company. |
| Confirmation by an authorised person of the company | By signing the cooperation agreement, the employee confirms that he or she is authorised to represent the company and has the right to sign documents on its behalf. The company accepts responsibility for ensuring that the employee is acting within the scope of his/her authority when signing the agreement. |
- OPERATION OF COOKIES
A cookie is a small text document with a unique identification number that is transmitted from the Website to the hard drive of the Website visitor’s computer or other mobile device used by the Website visitor to enable the Website administrator to distinguish the visitor’s computer/device and to view the visitor’s activity on the Website.
By using cookies, the Website remembers information about a visitor’s visit and the visitor’s choices, such as language preference or other settings made by the visitor independently on the Website, and allows us to count the number of visits to the Website and the sources of the traffic to the Website. The use of cookies can make the next visit easier and therefore more convenient for the visitor. The use of cookies may help us to tailor the Site to your needs, increase the visibility and effectiveness of our information dissemination, and help us to provide and improve our services in a professional manner.
4.1 Cookies used on the Website
Detailed information about the cookies used on the Sites, their purpose and expiry date can be found in the section “Cookies used on this website” by clicking on the “detailed information” tag when you first visit the Sites or by selecting the “Cookie settings” link at the bottom of the Site.
We sometimes use third-party tools and widgets to extend the functionality of our Website. These tools and widgets will usually place a cookie on your computer or device to ensure that the additional features work.
Cookies do not tell us your email address or otherwise identify you personally. We use different identifiers, including IP addresses, to measure website activity, but only to determine the number of unique visitors to the Website and the geographical distribution of users, not to distinguish specific users.
4.2 Cookie management
When you visit the Site, you will be provided with a notice about cookies used on the Site and an active link to this Privacy Policy, which we ask you to read before further browsing on the Site.
You can change the settings of the internet browser you use and control the use of cookies. You can delete the cookies you have chosen at any time, but please note that limiting or deleting cookies may interfere with your use of the Sites. More information on how to manage the cookie options in the most popular browsers can be found here: Internet Explorer, Chrome, Firefox, Safari, Opera. These links are on third-party websites, for whose correctness and effectiveness we accept no responsibility.
4.3 Social media tools and applications
Our Sites may have a feature that allows you to share information using social networks operated by third parties, such as. Facebook’s “like” and “share” features. These social networks may store data about your use of our Website. The data you provide through such social networks may also be provided to other users of the social network. Such data transfer is governed by the privacy policy of the operator of the social platform, for the correctness and functioning of which we accept no responsibility.
- TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES
We do not share your personal data with third parties unless it is necessary for the provision of services to you, to fulfil your requests, to comply with legal requirements or to pursue the legitimate interests of the Company. Such third parties may include any entity within the Company’s group, including but not limited to the Company’s subsidiaries, ultimate holding company and its subsidiaries, as well as the Company’s service providers such as The Company’s third parties, including but not limited to, IT maintenance service providers, website hosting providers, accounting service providers, consultants, lawyers and other providers of goods and services, as well as auditors conducting financial, data privacy or security audits, are subject to strict requirements for the processing and security of personal data, and only to the extent necessary to provide the services to these third parties. We may transfer personal data to pre-trial investigative authorities, courts or other public authorities upon a reasoned and justified request, if this is necessary for the performance of our legal duties or if there is another legal basis for the provision of data.
The Company may also, with your prior consent, transfer your personal data to its partners, a list of which is provided below here (“Partners”), in order for the Company and/or its Partners to provide you with information about goods and services that may be of interest to you, i.e. for direct marketing purposes and to provide delivery services for logistics purposes.
If we or part of our business were to be sold, reorganised or transferred to another entity, we would transfer personal data relating to the sale or reorganisation insofar as it is directly related to the performance of the sold or transferred business.
Provision of personal data to NitroPack in accordance with the company’s GDPRData Processing Agreement (DPA). “NitroPack acts as a data processor for the provision of website optimisation services. Website optimisation services include the management, modification and hosting of the publicly accessible content of a company’s website, as well as the storage of personal data relating to end-users. “NitroPack only stores IP addresses. More information can be found on NitroPack DPA.
- YOUR CHOICES
We will not normally ask you to provide personal data when you use our services, unless it is necessary for the provision of the service, such as to enter into a contract or to keep in touch with you. We may ask you to provide additional personal data when we receive your request for information about the services we provide to you. In certain cases, we may ask for your additional consent to process your personal data and you have the right to refuse to consent to processing for these purposes. If you consent to receive certain services or information communications, we will give you the opportunity to withdraw this consent at any time. In the event of withdrawal of consent, we will endeavour to eliminate the use of your personal data for the purposes specified in the consent as soon as possible.
As stated above in the section “Managing cookies”, if you prefer that the Website does not use cookies, you can remove cookies from your web browser or disable their use in the web browser you are using. In this case, we cannot accept liability for any malfunctioning of the functions of our Sites.
- YOUR RIGHTS
If we process your personal data, you have the right to exercise the following rights:
Right of access, explanation and copy of data. You have the right to have access to your personal data processed by the Company and, in certain cases, to request a copy of the information stored electronically by the Company. To exercise this right, please provide us with a reasoned request. The Company will assess your request and provide you with the requested information in accordance with the requirements and procedures established by law. In order to ensure the protection of the rights of others and to properly respond to your request, we may ask you to provide proof of identity information/documents and other information proving your relationship with our Company before providing a response.
Right to rectification. If you are aware that the Company is processing your personal data inaccurately, you have the right to request that your data be corrected to accurate data.
Right to object to processing. You have the right to object to our processing of your personal data. If we process personal data on the basis of your consent, you may withdraw your consent at any time. If we are processing your data on the basis of the performance of a contract, your right to object will mean the termination of the contractual relationship with us.
Right to erasure. You have the right to request that the Company erase your data within a specific period of time, or to request that the data be erased in its entirety, to the extent possible, in accordance with the requirements of the law binding on the Company. If you would like us to delete the personal data we have collected about you, please contact us by email at privatumas@optikospasaulis.lt.
Other rights. In certain cases (Article 20 of the GDPR), you have the right to data portability or to request the restriction of data processing on the grounds and in accordance with the procedures set out in the GDPR.
To exercise your rights, you can contact us at. privatumas@optikospasaulis.lt. Upon receipt of your request, we will make all reasonable efforts to enforce your rights in accordance with applicable law and professional practice.
- DATA SECURITY AND INTEGRITY
When processing your personal data, we use organisational and technical data protection measures and procedures to protect your personal data against unauthorised loss, misuse, alteration or destruction. Despite our best efforts, it is not possible to take into account all possible threats and to guarantee the absolute security of personal data. In order to ensure maximum protection of personal data, when processing your personal data, access to the data is restricted to our employees in accordance with the “need to know” principle. The data processors are obliged to comply with strict requirements for the processing of personal data.
Please note that due to its technological characteristics, email is not a secure way of transmitting personal data without additional data encryption measures. If you need to transmit personal data to the Company by e-mail in your communication with the Company, e.g. when sending data for the purpose of concluding a contract, please encrypt the data and transmit the password to us by another communication channel, e.g. by sending an SMS to a contact person of the Company known to you or by dictating it to the recipient of the letter by telephone. By sending personal data in an unencrypted manner, you assume the risk of possible disclosure.
We make every effort to process your personal data only for as long as the information is necessary for the provision of the Services or information to you, or for as long as we are required to retain the information in accordance with the law, for our legitimate interests or for the periods set out in our Privacy Policy. The specific period of retention of personal data depends on the circumstances in which the information was collected and the purposes for which the information is used, but subject to the circumstances described above.
8.1 Links to other websites
Please note that the Sites contain links to other websites, including websites operated by third parties, which are not covered by this Privacy Policy and may have substantially different privacy practices. We encourage you to review the privacy policy of each such website before providing any information that identifies you.
8.2 Place of data storage
The data we collect from you will be located in the territory of the European Economic Area (EEA) and in countries for which the European Commission has adopted an adequacy decision (safe countries), but may also be transferred to, or stored in, countries outside of the EEA and these safe countries. Exceptionally, they may also be processed by our staff or our suppliers’ staff outside the EEA or the Safe Countries. Where we transfer your data outside the EEA or safe countries, we will take all necessary steps to ensure that your data is processed securely and in accordance with this Privacy Policy.
- CHANGES TO AND ENFORCEMENT OF PRIVACY POLICIES
We may revise and update this Privacy Policy in light of the Company’s applicable personal data protection measures. The updated version of the Privacy Policy will be posted on the Sites, indicating the date of the last update.
The Company is committed to ensuring the protection of your personal data. If you have any questions or comments regarding the processing of your personal data, please contact us by email at privatumas@optikospasaulis.lt. You may also submit any comments to this Privacy Policy at this address.
If you believe that your rights under the GDPR have been infringed, you can lodge a complaint with our supervisory authority, the State Data Protection Inspectorate, for more information and contact details visit the Inspectorate’s website (https://vdai.lrv.lt/). Although, above all, we aim to resolve any disputes promptly and amicably with you.
Date of last update of the Privacy Policy 2 February 2023.
