Any other questions?
Our optician team will be pleased to advise youIn this privacy policy, we would like to tell you how we process your personal data when you use our
website.
Personal data is information relating to an identified or identifiable person. This primarily includes
all
information that enables conclusions to be drawn regarding your identity, e.g. your name, your telephone number, your
address or your email address. Statistical data that we collect, for example, when you visit our website, and that
cannot be associated with you, is not considered personal data.
Your contact and what is known as the "controller" responsible for processing your personal data when you visit this website within the meaning of the General Data Protection Regulation (GDPR) is
Mister Spex SE
Greifswalder Straße 156
DE-10409 Berlin
Tel: +49 800 (0)810 8090
Fax: +49 30
(443)123 025
Email: datenschutz@misterspex.co.uk
You may also contact our data protection officer at any time should you have questions about data protection in connection with our products or the use of our website. They can be contacted via the above postal address and at the previously stated email address (to be marked: "FAO data protection officer"). We must emphasise that if using this email address, the contents are not read exclusively by our data protection officer. Should you wish to exchange confidential information, please make direct contact via this email address prior to doing so.
Every time you use our website, we collect access data automatically transmitted by your browser in order to enable your visit to the website. Access data includes the following in particular:
This access data must be processed in order to enable you to visit the website and
ensure the uninterrupted functionality and security of our systems. In addition to the purposes set out above, the
access data is also temporarily stored in internal log files in order to generate statistical data on the use of our
website, to evolve our website based on our visitors' usage patterns (e.g. if the proportion of mobile devices
accessing our website increases), and to perform general administrative maintenance on our website.
The legal
basis is Article 6(1)(1)(b) of the GDPR, insofar as the page view occurs in the course of the initiation or
implementation of a contract, and otherwise Article 6 (1)(1)(f) of the GDPR due to our legitimate interest in
maintaining the permanent functionality and security of our systems.
Log files are stored for 20 days before
being anonymised and deleted.
There are various ways you can contact us (in particular via contact form, telephone, email). In this context, we
process your data exclusively for the purpose of communicating with you.
The legal basis is Article 6(1)(1)(b) of
the GDPR, insofar as your information is required to answer your enquiry or to initiate or implement a contract, and
otherwise Article 6(1)(1)(f) of the GDPR due to our legitimate interest in you making contact with us and us being
able to answer your enquiry. We only make promotional telephone calls if you have given your consent. If you are not
an existing customer, we shall only send you promotional emails on the basis of your consent. The legal basis in such
instances is Article 6(1)(1)(a) of the GDPR.
The data collected by us when using the contact form is
automatically erased once your request has been completely processed, unless we still need your request to fulfil
contractual or statutory obligations (cf. section 8 "Storage duration").
During an order process, we collect mandatory data required to process the contract:
Information such as your telephone number is optional so that we may also contact you by these means in the event of
queries.
Should you buy contact lenses or prescription glasses from us, we will also collect and store your
prescription values. The same will apply if you have a refraction test at one of our stores or at one of our partner
opticians. Should the latter be the case, the data will be received directly from the partner optician you
visited.
We also offer you various payment options. Depending on the payment method you select in the order
process, we will pass on the payment data collected for this purpose to the financial institution handling the payment
and, as applicable, to payment service providers contracted by us or selected by you.
The legal basis for the
processing is Article 6(1)(1)(b) of the GDPR. Insofar as we process health data (prescription values) from you, the
appropriate legal basis is Article 9 (2)(h) of the GDPR.
If you have selected the payment option "purchase on account" or "direct debit" as part of the order process, we will
transmit the personal data you specified when placing your order (name, address, email address, date of birth and
telephone number, if applicable) as well as information on the corresponding products to Arvato Payment Solutions GmbH
(Gütersloher Straße 123, DE-33415 Verl, "Arvato") so that we are able to decide whether we can grant you this payment
method (passive payment method control). For this purpose, we are provided with a projection, in particular on payment
probabilities as a score value, based on mathematical-statistical methods (in particular, logistic regression approach
and comparisons with groups of persons who have shown similar payment behaviour in the past), taking into account
address data and prior payment experience.
Article 6(1)(b) and (f) of the GDPR are the legal basis for this
processing. Our legitimate interest is to also be able to offer you risky payment methods such as purchase on
account.
Further information on data protection can be found in the AfterPay privacy policy.
When you place your order, you can also open a customer account on our website at the same time. You can also create
a digital account in our stores. Creating such an account, and thus the conclusion of a user contract for the creation
of the customer account, is voluntary and takes place on the basis of Article 6(1)(b) of the GDPR. As long as your
customer account exists, the data that you provide in the context of your previous orders will be stored there in
addition to your orders. You may terminate your customer account at any time; notification in text form (e.g. email,
fax, letter) is sufficient for this.
When you select the payment method "credit card", you add a link to your
credit card information in your customer account so it is not necessary for you to enter your credit card information
every time you place a new order. Storage of this link is in our legitimate interest and for the purpose of offering
you this convenience function. It is based on Article 6(1)(f) of the GDPR. In principle, we do not store your credit
card data ourselves. Our PCI-DSS-certified payment service provider PAYONE GmbH, Fraunhoferstraße 2-4, DE-24118 Kiel,
Germany, is responsible for the storage and processing of credit card information. To prevent abuse in the event of
unauthorised access, the full credit card number is never visible in your customer account. Should you wish to delete
a credit card from your customer account, you can do so on the "Payment" page. Please note that if you select this
payment option, we may contact you and request that you provide us with proof of identity for verification purposes.
This serves our legitimate interest as per Article 6(1)(f) of the GDPR to protect you and us from credit card abuse.
Of course, we will only use the proof of identity you send us to verify your identity, deleting it after the legal
retention period has expired.
Of course, it is also possible to place an order with us without opening a customer
account. Should you wish to do so, simply select the option "Order as a guest". If you order from us without creating
a customer account, your data will be processed as described above for the fulfilment of the purchase contract and for
warranty purposes.
Should you purchase an item at one of our Mister Spex stores to take home immediately, the
purchase can be assigned to an existing or new customer account by means of automated matching of your email address.
The assignment is voluntary and not a prerequisite for a purchase to be taken home immediately.
When using the online appointment system, personal data is transmitted to the online appointment and customer
management system of TerminApp GmbH, Balanstraße 73, DE-81541 Munich. You will be asked to provide certain data in
this context, such as your name, email address and, if applicable, your telephone number (depending on the data sheet,
further information is possible on a voluntary basis). When you make your first booking, a customer profile is created
within the booking system in which the data you have provided is stored. The sole purpose of this is to identify you
beyond doubt, process your request and to be able to provide you with information and advice as requested. The legal
basis for this processing is Article 6(1)(b) of the GDPR.
You will receive a confirmation of the booking prior to
the appointment, as well as an appointment reminder via text and/or email. We process your data exclusively for the
purpose of providing the service and to remind you of the upcoming appointment, in order to minimise appointment
cancellations as far as possible. The legal basis for this processing is our aforementioned legitimate interest as per
Article 6(1)(f) of the GDPR.
We offer you the option of having a video consultation with one of our customer advisers. Our website uses the Timify
app from the provider TerminApp GmbH, Balanstr. 73, DE-81541 Munich (hereinafter referred to as "Timify").
To
utilise this offer, you can book an appointment via our website (www.misterspex.de/service/videoberatung). The email
address you provide when booking an appointment will be sent to Timify and processed in order to send you an email
confirming your appointment. In addition, the audio and visual information created during the video consultation will
be transmitted to Timify, although it will not be recorded.
The legal basis for this processing is Article
6(1)(b) of the GDPR. Should you also provide special categories of personal data (Article 9 of the GDPR) such as
health data during the video consultation, the processing is carried out on the legal basis of Article 9(2)(h) and (3)
of the GDPR.
Further information can also be found in the Timify
privacy policy.
We will need your pupillary distance ("PD") in order to manufacture your glasses. This may be specified at the time
of purchase. Should you not have provided this information at the time of purchase, different options are available to
you for providing us with this parameter. Once you have completed the purchase, we will send you an email containing
the relevant information.
On the one hand, we offer you the option of printing out a template and taking the PD
measurement yourself. In this case, no personal data will be processed.
Alternatively, you may use our Mister
Spex app, which is available in the App Store for iOS devices. The aforementioned email will contain a link to this.
Every time you use our app, we collect data automatically transmitted by the app in order to enable the app to
function. This data particularly includes:
This data processing is required in order to enable the app to function and to ensure the security of our systems.
The specified data is also temporarily stored in internal log files for the purposes described above. The data stored
in the log files does not enable us to draw any direct conclusions relating to your person – in particular, we only
save IP addresses in truncated form. The log files are stored for 30 days and then deleted.
The legal basis for
this data processing is our aforementioned legitimate interest as per Article 6(1)(f) of the GDPR.
In order to
automatically determine your PD, our app requires access to your device's cameras, including the TrueDepth sensor, in
order to capture your face in 3D. You will be asked explicitly to consent to these rights so that you can decide
directly here. In this context, we process your image data (full face and side photo) and the corresponding measured
values (in particular: pupil distance, fitting height and other necessary facial parameters such as face width, nose
shape and ear attachment points).
In order to be able to assign this information to your order, your order ID and
email address will also be processed in the app.
The legal basis for this aforementioned processing is Article
6(1)(b) of the GDPR, as this is the only way we can produce the matching glasses and fulfil the purchase contract.
You have the opportunity to subscribe to our newsletter, in which we provide you with regular information about
innovations to our products and campaigns.
Subscribing to our newsletters utilises the double opt-in procedure,
i.e. we will only send you newsletters by email if you confirm, by clicking on a link in our notification email, that
you are the owner of the specified email address. If you confirm your email address, we will store your email address,
the time of sign-up, and the IP address used during the sign-up process until such time as you unsubscribe from the
newsletters. The sole purpose of this storage is to send you the newsletters and be able to prove that you signed up
to receive them. You may unsubscribe from the newsletter at any time. Each newsletter contains an unsubscribe link.
Alternatively, you may of course also simply send a message using the contact details given above or in the newsletter
(e.g. by email or letter). The legal basis for the processing is your consent as per Article 6(1)(1)(a) of the
GDPR.
Our newsletters employ customary technologies used to measure interactions with newsletters (e.g. opening
email, clicked links). We use this data for general statistical analysis as well as to optimise and evolve our content
and customer communications. This is done with the help of small graphical elements embedded in our newsletters
(pixels). The legal basis for this is your consent as per Article 6(1)(1)(a) of the GDPR. We want to use our
newsletter to share content of maximum relevance to our customers and to better understand the actual interests of our
readers. For this reason, the links contained in the newsletters are also provided with parameters so that we can
assign your interaction (clicked links) to the respective campaign. This information will be linked to your customer
profile for analysis. If you do not want the analysis of usage behaviour, you may unsubscribe from the newsletter
service. Data relating to interaction with our newsletters is stored for 13 months and then deleted.
If you make a purchase from us, we will also use your contact details to email you further information about our
products that is relevant to you ("existing customer advertising"). This may include, in particular, news, promotions
and offers as well as feedback requests and other surveys.
The legal basis for this data processing is Article
6(1)(f) of the GDPR in conjunction with Section 7(3) of the German Act against Unfair Competition (UWG), according to
which the data processing is permissible for the exercising of legitimate interests, insofar as this concerns the
storage and further use of the data for advertising purposes.
To enable us to provide you with exclusively
relevant offers within the scope of the newsletter for existing customers, a customer segmentation is also carried out
using the data you provided when placing your order. The legal basis for this is our aforementioned legitimate
interest as per Article 6(1)(f) of the GDPR.
You may object to the use of your data for advertising purposes at
any time by using a corresponding link in the emails or by notifying the above contact details (e.g. by email or
letter), without incurring any costs other than the transmission costs in accordance with the basic tariffs.
You can apply for job vacancies with us using our Workday applicant management system (Workday Limited, The Kings
Building, May Lane, Dublin 7, Ireland). The purpose of the data collection is the selection of applicants for the
possible establishment of an employment relationship. In particular, we collect the following data for the receipt and
processing of your application: first name and surname, email address, application documents (e.g. references, CV),
date of earliest possible start and expected salary. The legal basis for the processing of your application documents
is Article 6(1)(1)(b) and Article 88(1) of the GDPR in conjunction with Section 26(1)(1) of the German Data Protection
Act (BDSG). Insofar as the data is classed as special categories of personal data, such as data on your health, which
you yourself communicate to us (e.g. information about a severely disabled person), the processing takes place based
on Article 6(1)(1)(b), Article 9, Article 88 of the GDPR, section 26(3)(1) of the German Data Protection Act (BDSG).
We store your personal data after receipt of your application. Should we hire you as an employee, we will store
your application data for a maximum period of three years beyond the termination of the relevant employment
relationship.
Should we reject your application, we shall store your application data for a maximum period of
six months beyond the rejection of your application, unless you give consent (Article 6(1)(1)(a), Article 88 of the
GDPR, section 26(1)(1) of the German Data Protection Act) to a longer period of storage or the storage is required for
legal or statutory requirements.
We have concluded a processing contract with Workday. Some data is processed on
a server in the USA. In the event that personal data is transferred to the USA or other third countries, we have
concluded standard contractual clauses with Workday as per Article 46(2)(c) of the GDPR.
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Seal of Approval and any
reviews collected, as well as to offer Trusted Shops products to buyers after they place an order. The Trustbadge and
the services promoted there are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, DE-50823 Cologne,
Germany.
When the Trustbadge is called up, the web server automatically saves a server log file entry and
documents the call. For example, the log file entry contains your IP address, the date and time of the call, the
amount of data transferred and the requesting provider (access data). This access data is not evaluated and will be
automatically overwritten at the latest 90 days after the end of your site visit.
This serves to safeguard our
predominantly legitimate interests in optimised marketing within the framework of balancing interests by enabling
secure purchasing in accordance with Article 6 (1)(1)(f) of the GDPR.
Further personal data (in particular, order
data, hashed email address, amount, currency, payment method) is transferred to the Trusted Shops GmbH if, after
conclusion of an order, you decide to use Trusted Shops products or have already registered to use them. To this end,
automatic processing of personal data from the order data takes place. Whether you as a buyer are already registered
for use of a product is automatically checked on the basis of a neutral parameter that uses the email address hashed
by a cryptological one-way function. Before it is transmitted, the email address is converted to this hash value,
which cannot be decrypted for Trusted Shops. After checking for a match, the system automatically deletes the
parameter. Trusted Shops GmbH is responsible for this aforementioned processing. The contractual agreement between you
and Trusted Shops shall apply. Further information about the privacy policy of Trusted Shops GmbH can be found here.
We use the review service provided by f Trustpilot A/S, Pilestræde 58, 3rd floor, DK-1112 Copenhagen K, Denmark
("Trustpilot"). This enables us to receive feedback from you in order to be able to improve our offering or our shop
or to design it according to customer wishes.
Our website offers the option for you to claim coupon offers from Sovendus GmbH, Moltkestr. 11, DE-76133 Karlsruhe
("Sovendus"). When you click on the corresponding banner, the hash value of your email address and your IP address are
transmitted to Sovendus. The pseudonymised hash value of the email address is used to take into account any objection
to advertising by Sovendus. The legal basis for this processing is Article 6(1)(c) of the GDPR.
We also transmit
the pseudonymised order number, session ID, coupon code and time stamp to Sovendus for billing purposes. The legal
basis for this processing is Article 6(1)(b) of the GDPR.
For further information on the processing of your data
by Sovendus, please refer to the relevant privacy notices.
In addition to processing your data to fulfil the contracts you enter into with us, we also use your data to enable us to exchange information with you about your orders, to communicate with you about specific products or marketing promotions and to recommend products or services that may be of interest to you.
If you have entered into a contract with us, we will treat you as an existing customer. If this is the case, we process your postal contact data in use this method to send you information about new products and services. The legal basis for this is Article 6(1)(f) of the GDPR.
Within the scope of our services, we provide you with information and offers from Mister Spex based on your interests. Even if you have not subscribed to a newsletter, we will send you a limited number of product recommendations, surveys and requests for product reviews. When selecting individual product recommendations, our preference is to use the order data from your previous orders in compliance with the statutory provisions. In accordance with the interaction, the email contains further information on how you can submit a corresponding review. The product review is of course voluntary. The legal basis is Article 6(1)(f) of the GDPR.
We make every effort to make our online shop as attractive as possible for you. In order to prioritise products in
which you have an interest, we use technology to optimise the product presentation according to demographic factors
associated with your customer profile. For this purpose, we use the services of ODOSCOPE GmbH, Aachener Straße
524-528, DE-50933 Cologne ("ODOSCOPE"). If you have set up a customer account with us and are logged in, we transmit
your date of birth to this service provider, which performs an appropriate product ranking for us.
The legal
basis for this processing is our legitimate interest in an optimised product presentation in accordance with Article
6(1)(f) of the GDPR.
This website uses cookies and similar technologies (referred to together as "tools") provided either by ourselves or
by third parties.
A cookie is a small text file stored by the browser on your device. Cookies are not used to
execute programs or load viruses on your computer. Comparable technologies are in particular web storage (local /
session storage), fingerprints, tags or pixels. Most browsers are configured to accept cookies and similar
technologies by default. As a rule, however, you can adjust your browser settings so that cookies or similar
technologies are rejected or are only stored after you have provided your consent. It is possible that some of our
services may fail to function properly if you reject cookies or similar technologies.
The tools we use are listed
below in our cookie directive, sorted by category. In
particular, we wish to inform you about the providers of the tools, the duration
for which cookies are stored and the disclosure of the data to third parties. We also explain the cases in which we
obtain your
voluntary consent to use the tools and how you can withdraw this consent.
We maintain an online presence on social media, allowing us to communicate with existing and potential customers and
provide information about our products.
User data is generally processed by social media for market research and
marketing purposes. This makes it possible to create user profiles based on users' interests. Cookies and other
identifiers are stored on users' computers for this purpose. These user profiles are used as the basis for displaying
advertising, for example, on social media, as well as on third-party websites.
As part of maintaining our online
presence, we may access information such as statistics on the use of our online presence provided by the social media
platforms. These statistics are aggregated and may include, in particular, demographic information and data on the
interaction with our online presence and the posts and content distributed via this. Please refer to the list below
for details and links to the social media data that we, as operators of the online presence, are able to
access.
The legal basis for the data processing is Article 6(1)(1)(f) of the GDPR, based on our legitimate
interest in providing effective information to and communication with users, and, as per Article 6(1)(1)(b) of the
GDPR, in maintaining contact with our customers, providing them with information, and carrying out the steps required
prior to entering into a contract with future and potential customers.
The legal basis of the data processing
carried out by social media platforms can be found in their privacy policies. The links below also contain information
on how data is processed and how you can object to data processing.
We would like to point out that queries
relating to data protection are best resolved by contacting the social media platforms themselves, as only they have
access to the data and are able to take direct action: Below is a list containing information about the social media
platforms on which we maintain a presence:
We will generally only disclose the data we collect if
Some data processing may be carried out by our service providers. In addition to the service providers mentioned in
this privacy policy, this may include data centres that host our website, databases and apps, software providers that
provide and further develop corresponding apps for us, IT service providers that maintain our systems, agencies,
market research companies, Group companies, payment service providers, newsletter distributors, logistics service
providers and consulting firms.
Should we disclose data to our service providers, they may use the data solely
for the fulfilment of their tasks. We have carefully selected and commissioned the service providers. They are
contractually bound by our instructions, have appropriate technical and organisational measures in place to protect
the rights of data subjects, and are regularly monitored by us.
In addition, a transfer of your data may occur in
connection with official enquiries, court orders, and legal proceedings if they are deemed necessary for legal
prosecution or enforcement.
As explained in this privacy policy, we make use of services offered by providers that may be
partly located in "third countries" (outside the EU or the European Economic Area) or process personal data there,
i.e. countries that do not have a level of data protection comparable to that in the European Union. Where this is the
case and where the European Commission has not adopted an adequacy decision (Article 45 of the GDPR), we have taken
precautions to ensure an adequate level of data protection for any transfers of data. These include the European
Union's standard contractual clauses and binding internal data protection regulations.
Where this is not
possible, we use as the legal basis for data transfers the exceptions set out in Article 49 of the GDPR, in particular
your explicit consent or the necessity of the transfer for the performance of a contract or fulfilment of steps
required prior to entering into a contract.
If data is to be transferred to a third country and neither an
adequacy decision nor other suitable guarantees are available, there exists the possibility and risk that authorities
in the third country (e.g. secret services) may obtain access to the transferred data for the purpose of collecting
and analysing it, and that your rights as a data subject may not be enforceable. You will be informed of this when
your consent is obtained via the cookie banner.
We generally only store personal data for as long as is necessary to fulfil the purposes for which we have collected
the data. We then immediately erase the data, unless we need it until the end of the statutory limitation or warranty
period for evidence purposes for civil law claims or due to statutory retention obligations.
For evidence
purposes, we must keep contractual data for another three years from the end of the year in which the business
relationship with you ends. Any claims shall become statute-barred at the earliest after the statutory period of
limitation.
Even after this time, we still need to store some of your data for accounting purposes. We are
obliged to do so on the basis of statutory documentation obligations that may arise from the German Commercial Code,
the German Fiscal Code, the German Banking Act, the German Money Laundering Act, and the German Securities Trading
Act. The periods they stipulate for the retention of documents range from two to ten years.
You are entitled to the rights of a data subject as formulated in Articles 15 to 21, Article 77 of the GDPR at all times:
In order to assert your rights described here, you may contact us at any times using the contact details given above.
This also applies should you wish to obtain copies of guarantees to prove an adequate level of data protection. If the
respective legal requirements are met, we will comply with your data protection request.
Your requests regarding
your assertion of data protection rights and our replies to these requests will be stored for documentation purposes
for a period of up to three years and, in some cases in relation to the assertion, exercise or defence of legal
claims, for a longer period. The legal basis is Article 6 (1)(1)(f) of the GDPR, based on our interest in defending
against possible civil law claims as
per Article 82 of the GDPR, the avoidance of administrative fines as per Article 83 of the GDPR and compliance with
our accountability obligations as per Article 5(2) of the GDPR.
You shall have the right to withdraw consent once given to us at any time. Should you do so, we will not continue to process data based on this consent in the future. Withdrawal of consent will not affect the lawfulness of the processing carried out on the basis of the consent prior to withdrawal.
If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data on grounds relating to your particular situation at any time. Should you object to data processing for direct marketing purposes, you have a general right to object, which we shall comply with even if you do not state any reasons for your objection.
Should you wish to exercise your right to withdraw or object, simply send an informal email to the contact details given above.
Finally, you have the right to file a complaint with a data protection supervisory authority. You may exercise this right before a supervisory authority in the Member State in which you are staying, working or the alleged infringement took place. The responsible supervisory authority in Berlin, the location of our registered office, is: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, DE-10969 Berlin, Germany.
Fundamentally, you have no contractual or statutory obligation to provide us with personal data. However, should you not provide the personal data requested by us for the registration or sales process and marked as mandatory, we may not be able to conclude a contract with you.
We may update this privacy policy from time to time, for example when we update our website or when statutory or
official requirements change.
Version: 1.0 / Last updated: Juni 2021
Stay in the know with updates on the latest trends and deals. Subscribe today and get 5% off your first order!
Pay via encrypted connection using your favourite payment methods.
Delivered by Royal Mail.
* Sum of regular shop price for the frame and the recommended retail price (RRP) for two anti-reflective, scratch-resistant single vision plastic lenses (refraction index 1.5) no greater than sph. +6.0/-6.0 D; cyl. +2.0/-2.0 D.
** All frames include two anti-reflective, scratch-resistant single vision plastic lenses (refraction index 1.5) no greater than sph. +6.0/-6.0 D; cyl. +2.0/-2.0 D.
The crossed out prices without RRP are the standard prices at Mister Spex.
TESTED & AWARDED
