Privacy Policy

Summary: LensZee ("we", "us") collects data necessary to process your orders, provide customer support, and improve our service. We do not sell your personal data. This policy explains what we collect, why, and your rights under UK GDPR.

1. Who We Are

LensZee Ltd is the data controller for personal data collected through lenszee.co.uk.

Registered address: [Add your registered business address]
Company number: [Add your Companies House registration number]
ICO Registration: [Add your ICO registration number — register at ico.org.uk]
Contact: hello@lenszee.co.uk

We are registered with the Information Commissioner's Office (ICO) as required under UK GDPR. If you have any questions about how we handle your data, please email us at hello@lenszee.co.uk.

2. What Data We Collect

We collect the following categories of personal data:

Special category data: Your prescription information constitutes health data under UK GDPR. We process this data under Article 9(2)(a) — your explicit consent given when placing an order — and to fulfil our contract with you.

3. How We Use Your Data

We use your personal data for the following purposes:

• Order fulfilment: Processing and delivering your glasses. Legal basis: Contract performance.
• Prescription verification: Reviewing your prescription to craft accurate lenses. Legal basis: Contract performance + explicit consent for health data.
• Customer support: Responding to queries and resolving issues. Legal basis: Contract performance + legitimate interests.
• Order communications: Sending order confirmation, dispatch, and delivery emails. Legal basis: Contract performance.
• Account management: Managing your account, saved prescriptions, and wishlist. Legal basis: Contract performance.
• Legal compliance: Meeting our tax, accounting, and regulatory obligations. Legal basis: Legal obligation.
• Fraud prevention: Protecting against fraudulent transactions. Legal basis: Legitimate interests.
• Service improvement: Analysing usage to improve the website. Legal basis: Legitimate interests.
• Marketing emails: Only with your explicit consent. You can unsubscribe at any time. Legal basis: Consent.

4. Third Parties We Share Data With

We only share your data with trusted third parties necessary to deliver our service. We do not sell your data.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place (Standard Contractual Clauses or equivalent).

5. Data Retention

We retain your data only for as long as necessary:

• Order records: 7 years (UK tax and accounting obligations)
• Prescription data: 10 years from order date (General Optical Council requirements for medical/optical records)
• Account data: Until you request deletion (subject to legal retention requirements)
• Marketing preferences: Until you unsubscribe
• Technical logs: Up to 90 days

6. Cookies

We use cookies and similar technologies on lenszee.co.uk:

• Essential cookies: Required for the website to function (e.g. shopping cart, session). No consent required.
• Analytics cookies: To understand how visitors use our site. Require consent.
• Functional cookies: Remembering your preferences. Require consent.

You can manage your cookie preferences at any time through your browser settings.

7. Your Rights Under UK GDPR

As a UK resident, you have the following rights regarding your personal data:

• Right to access: Request a copy of the data we hold about you.
• Right to rectification: Request correction of inaccurate data.
• Right to erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention requirements.
• Right to restrict processing: Request we limit how we use your data.
• Right to data portability: Receive your data in a structured, machine-readable format.
• Right to object: Object to processing based on legitimate interests or for marketing purposes.
• Right to withdraw consent: Withdraw consent at any time where processing is based on consent (e.g. marketing emails).

To exercise any of these rights, email hello@lenszee.co.uk. We will respond within 30 days. We may ask you to verify your identity before processing your request.

8. Security

We take data security seriously. We use industry-standard measures including:

• HTTPS encryption for all data in transit
• Encrypted databases with Row Level Security (RLS)
• Stripe handles all payment data — we never store card details
• Access controls and authentication for all staff

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

9. Children's Privacy

Our services are not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If you believe we have inadvertently collected such data, please contact us immediately.

10. Complaints

If you are unhappy with how we have handled your data, please contact us first at hello@lenszee.co.uk. If you remain unsatisfied, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email to registered users and/or a notice on our website. The "Last updated" date at the top of this page will always reflect the most recent version.

Questions about this Privacy Policy? Email hello@lenszee.co.uk or visit our Contact page.