I. WHO is Responsible for the Processing of Your Personal Data?
For the purposes of UK and EU data protection laws, the data controller is Marchon UK Ltd., trading as Dragon Alliance (“Dragon”), located at 3 Onslow Street, 6th Floor, Guildford, Surrey GU1 4SY, United Kingdom.
II. WHAT Personal Data We Collect and WHEN
We ask you for certain personal data in order to provide you with the products or services you request. For example, when you make purchases, request to receive communications, create an account, participate in our events, contests or competitions, or interact with our site or use our Apps. This personal data includes your:
We use additional personal data in order to enable particular features within our site and Apps or services. For example, we request access to your social network credentials in order to post content from an App to a social network. This personal data includes your:
• Photos, contacts and calendar information
• Social network information, including credentials and any information from your public posts about Dragon or your communications with us.
When you use our Apps, we inform you about our collection of your data in app stores, mobile operating systems, and in the App experience. We also prompt you for your consent where necessary.
When interacting with our site and Apps, data is automatically collected and shared with Dragon by the technology platforms providing the experience. For example your web browser or mobile device may share certain data with Dragon as those devices interact with Dragon’s site or Apps. More information about these practices is included in the Cookies and Pixel Tags section below. This data includes:
• Device IDs, call state, network access, storage information and battery information
• Cookies, IP addresses, referrer headers, data identifying your web browser and version, and web beacons and tags
III. Tools to Manage What We Collect
In many cases, your web browser or mobile device platform will provide additional tools to allow you to control when your device collects or shares particular categories of information. For example, your mobile device or web browser may offer tools to allow you to manage cookie usage or location sharing. We encourage you to familiarize yourself with and use the tools available on your devices.
IV. WHY and HOW We Use (Process) Your Personal Data
We use the personal data we collect from you in the following ways:
To Process your Orders
We gather this information to allow us to process your registration, process any orders you may make, provide the products requested and deliver them to you. The relevant information is then used by us, our agents and sub-contractors to communicate with you on any matter relating to the conduct of your account and the provision of the goods or services in general. Our legal basis for processing this data is to perform the contract with you.
To Conduct Data Checks
When you send us your order, we (or our agents and sub-contractors) may run some checks on it before it is fulfilled. These checks may include verifying your address, fraud checks and checks run in order to comply with US and EU financial sanctions programs. As to fraud checks: we run partly automated checks on all purchases to filter out unusual or suspect transactions, or transactions which can be identified as susceptible to fraud. Suspected fraud on the site will be investigated and if necessary prosecuted. Processing this data is necessary for the purposes of our legitimate interest in preventing non-payment or fraud. As to sanctions checks: again we run partly automated checks on all orders.
To Provide the Features of the Site, Apps, and Services You Request
When you use our site and Apps, we will use your data to provide the product or service you have selected. For example, if you make a purchase on http://europe.dragonalliance.com/, or participate in an event or promotion, we will use the contact information you give us to communicate with you about the purchase, event or promotion. Your consent provides the legal basis for processing this data.If you use our Apps, we will collect the data you provide and store it so that you can review it in the App. We may use this data to calculate further information, so that the calculated information can be provided to you as part of the functionality of the App. Your consent is the legal basis for processing this data in this way.
In many cases, to use particular features within our site, Apps, and services you may need to provide Dragon with additional data and/or additional consent to use particular data in a certain way. For example, to share content on social media, you may be required to provide your social media account credentials.
You can withdraw your consent to the processing of your information in any of these ways through the App settings at any time.
To Communicate Information about our Products, Services, Events and for Other Promotional Purposes
When you create a Dragon user account, we may use the information you provide, as well as information from other Dragon sources, such as your use of Dragon’s site and Apps and your participation in Dragon events and competitions (possibly through other Dragon affiliates), to send you personalized communications on products and services that may be interesting for you.
You can withdraw your consent to receiving these communications at any time through your account settings.
To Operate, Improve and Maintain our Business, Products and Services
When you make a purchase, we may use that information for accounting, auditing and other internal functions. We may also use data about how you use our products and services to enhance your user experience and to help us diagnose technical and service problems and administer our site and Apps. If you add product reviews to our site, we may use that information to improve our products and the customer experience. Our legal basis for processing this data is that it is necessary for the purposes of our legitimate business interests as described above.
To Protect Our or Others' Rights, Property or Safety
For General Research and Analysis Purposes
We use data about how our visitors use our site, Apps and Services to understand customer behavior or preferences. For example, we may use information about how visitors to http://europe.dragonalliance.com/ search for and find products, to better understand the best ways to organize and present product offerings in our site. We use Google Analytics for this, and the customer data is anonymised.
Use (Processing) of Prescription or other Medical Data
If you order prescription lenses, we will collect and use your prescription in order to fulfill your order. As this information is considered sensitive personal data in the EU and certain other jurisdictions, we need your explicit consent to use it for this purpose, and we take appropriate measures to protect it. The company which operates the site will collect the prescription on our behalf and will send it and your order number to a manufacturer of prescription lenses in Switzerland. We will not disclose your prescription data to any other party.
If we want to use your personal data in other ways, we will provide specific notice at the time of collection and obtain your consent where the law requires us to do so.
V. SHARING of Your Personal Data
We share your personal data with:
• Members of our group (our holding company in Amsterdam, our ultimate holding company in the U.S. and their subsidiaries worldwide);
• Our payment processors, Shopify Inc. and Stripe Payments Europe, Ltd., whose privacy policies are available at https://www.shopify.com/legal/privacy and https://stripe.com/gb/privacy, respectively;
• Our financial service providers, such as banks;
• Third party service providers processing personal data on Dragon’s behalf, for example to operate the site, process credit cards and payments, arrange shipping and deliveries, manage and service our data, distribute emails, carry out research and analysis, manage brand and product promotions as well as administering certain services and features;
• The laboratory which manufactures prescription lenses if you order them; and
We may also transfer personal data we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, spin-off, dissolution or liquidation), to our advisers and any prospective purchasers and their advisers and to the new owners of the business or assets.
VI. PROTECTION and MANAGEMENT of your Personal Data
• Encryption & Security: We use a variety of security measures, including encryption and authentication tools, to maintain the safety of your personal data. Your personal data is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, except that we share your name, telephone number and physical address with our shipping and delivery companies for the purpose of making that delivery, and that data would not be encrypted by them. Also, the security of information transmitted via the Internet cannot be guaranteed.
• International data transfers: The personal data we collect or generate in the context of our site and Apps will be stored and processed in the EEA, the United States, Canada and Switzerland. Your personal data will be processed in the US and Canada by Shopify Inc., the company which processes payments on our behalf. Such company has self-certified under the EU-US Privacy Shield Framework. Switzerland and Canada are deemed by the European Commission to provide an adequate level of protection to personal data.
• Retention of your data: We retain your personal data for as long as necessary to fulfil the purposes for which we collect it, except if you request us to delete it or if required otherwise by law.
o Prescription data will be retained for thirty-six (36) months in order to respond to any queries or complaints about the lenses supplied;
o Payment or credit card data will be retained long enough to enable us to process refunds or chargebacks and to demonstrate compliance with relevant laws (usually a period of two (2) to seven (7) years);
o Login, account information and cookie preferences will be retained for thirty-six (36) months/years after your last visit to our site or App (as applicable);
o Contact details will be retained for thirty-six (36) months/years after your last visit to our site or your last order;
o Any marketing preference data that records your request not to receive marketing from us will be retained as long for as we have your contact details.
• Your rights related to your personal data: You have the right to:
o withdraw your consent to our use of your personal data at any time;
o access your personal data free of charge (subject to certain legal limitations);
o request rectification of data which is inaccurate or incomplete;
o to request us to erase your data, in certain circumstances including where you withdraw your consent and there is no other legal ground for processing your data;
o restrict our processing of your data, in certain circumstances;
o .object to the processing of your data where there is no overriding legitimate interest for continuing to process your data;
o object to our processing of your data for direct marketing purposes; and
o obtain and reuse your personal data for your own purposes across different services.
To modify your (email or sms) subscriptions or to opt-out of receiving Dragon communication, or to exercise any of the above rights, please email us at firstname.lastname@example.org.
VII. COOKIES and Pixel Tags
The company which operates the site on our behalf receives and records information, which may include personal data, from your browser when you use our site. We use a variety of methods, such as cookies and pixel tags to collect this information, which may include your (a) IP-address; (b) unique cookie identifier, cookie information and information on whether your device has software to access certain features; (c) unique device identifier and device type; (d) domain, browser type and language, (e) operating system and system settings; (f) country and time zone; (g) previously visited websites; (h) information about your interaction with our site such as click behavior, searches, purchases and indicated preferences; and (i) access times and referring URLs.
Third parties may also collect information via the site through cookies, third party plug-ins and widgets. These third parties collect data directly from your web browser and the processing of this data is subject to their own privacy policies. More information on the identity of these third parties and their privacy policies is provided below.
There are generally three categories of cookies used on our site:
• Functional: These cookies are required for basic site functionality and are therefore always enabled (unless you turn them off). These include cookies that allow you to be remembered as you explore our site within a single session or, if you request, from session to session. They help make the shopping cart and checkout process possible as well as assist in security issues and conforming to regulations.
• Performance: These cookies allow us to improve our site’s functionality by tracking usage. In some cases these cookies improve the speed with which we can process your request, allow us to remember site preferences you have selected. De-selecting these cookies may result in poorly-tailored recommendations and slow site performance.
• Social media and Advertising: Social media cookies offer the possibility to connect you to your social networks and share content from our site through social media. Advertising cookies (of third parties) collect information to help better tailor advertising to your interests, both within and beyond our site. In some cases, these cookies involve the processing of your personal data. De-selecting these cookies may result in seeing advertising that is not as relevant to you or you not being able to link effectively with Facebook, Twitter, or other social networks and/or not allowing you to share content on social media.
In order to change your cookie settings, please visit our Help Section .
For a comprehensive and up-to-date summary of every third-party accessing your web browser (through Dragon site or otherwise), we recommend installing a web browser plugin built for this purpose. You can also choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings on each browser and device that you use. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to many features that make our site and Apps more efficient and some of our services will not function properly. For further information about cookies visit www.aboutcookies.org or www.allaboutcookies.org.
VIII. USING Dragon Site and Apps with Third-Party Services
Our site and Apps allow you to interact with a wide variety of other digital services. For example, our site and Apps can integrate with third-party social networks and other digital services.
If you choose to connect your Dragon account with a third-party account, your privacy rights on third-party platforms will be governed by their respective policies. For example, if you choose to share your Dragon activity on third-party social media platforms, the policies of those platforms govern the data that resides there.
Our site and Apps may provide links to other (third-party) websites and apps for your convenience or information. Linked sites and apps have their own privacy notices or policies, which we strongly encourage you to review. To the extent any linked websites or apps are not owned or controlled by us, we are not responsible for their content, any use of the websites or apps, or the privacy practices of the websites or apps.
Applicable law and our practices change over time. If we decide to update our Policy, we will post the changes on our site and Apps. We strongly encourage you to read our Policy and regularly check for any changes. This Policy was last modified in May 2017. For updates which change or affect our practices in relation to personal data, you may be asked to confirm your consent.
X. SUPERVISORY AUTHORITY
The UK Information Commissioner’s Office (‘ICO’) is the designated Supervisory Authority of Dragon.
If you feel your data has been processed unlawfully or you wish to make a complaint in relation to the processing of your personal data, please contact the ICO on 0303 123 1113 or visit https://ico.org.uk/concerns/handling/.
XI. QUESTIONS and Feedback
We welcome questions, comments, and concerns about our Policy and privacy practices. If you wish to provide any feedback or if you have questions or concerns, please contact Consumer Services/Privacy at email@example.com.