This privacy notice explains how Dixey CB Limited (a company registered in England number 05100711) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
Dixey CB Limited is the data controller, this is because we make decisions about what data is collected and how it is used and with whom it is shared with. We can be contacted at firstname.lastname@example.org or telephone 01403 265 369
On what basis do we collect and process your data?
We process personal data for the purpose of providing goods and services also for keeping in touch with you. Data Protection law defines the basis by which we can lawfully collect and process personal data for that purpose.
To allow us to engage with you to provide our services, we will collect and process personal data where it is necessary for:
- Entering a contract with you, for example when you purchase or access goods or services from us.
- Complying with legal obligations and regulatory requirements as we are regulated by the Opticians Act and conditions of the General Optical Council and the NHS.
- Protecting your vital interests or the vital interests of another in the event of a life or death emergency and you are unable to give that information yourself.
- Pursuing our legitimate interest as a business to expand our services and client base in situations which does not outweigh your own rights.
We will also process your personal data with your consent, where it is required and appropriate. For instance, in relation to our direct marketing activities. We will also seek parental consent for a child who is incapable of providing their own informed consent. Please note that you can withdraw consent at any time by emailing us at email@example.com
This is the data we collect and the basis for doing so.
|Purpose||Data Type||Data Collected||Legal Basis|
|Provide required service||Identity Details||Full Name||Contract (Article 6(1)(b))|
|Provide required service||Contact Details||Telephone number||Contract (Article 6(1)(b))|
|Provide required service||Contact Details||Email address||Contract (Article 6(1)(b))|
|Provide required service||Identity Details||Signature||Contract (Article 6(1)(b))|
|Provide required service||Health data||Legal obligation (Article 6(1)(c)), Provision of health care (Article 9(2)(h))|
|Marketing||Full name||Consent (Article 6(1)(a)|
|Marketing||Email address||Consent (Article 6(1)(a)|
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication.
Some of the data we collect is deemed necessary to contractually deliver our service to you. If you do not provide this data, we will not be able to provide the services offered.
Data recipients and data transfers
We do not sell any of your personal data to any third party. Where required we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud where such disclosure is necessary for compliance with a legal obligation to which we are subject.
We share your data with agencies such as the General Optical Council, the NHS and other health care related professionals. Additionally, we will disclose your personal data in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
We transfer your data for the purposes of processing, to trusted third parties such as our web developers who host our online platform, product suppliers and couriers and postal services. We use Dropbox to securely backup our electronic files to and for our ‘Sightseeing’ operation, we also pass your data onto transport providers and hospitality vendors at your request.
Personal data in electronic form is held in UK accredited data centres. Data is also backed up to servers in the USA through Dropbox. If data must be transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision or through mechanisms such as standard contractual clauses as approved by the EU and UK’s Information Commissioner or derogations provided by the GDPR.
Dixey CB Limited processes sensitive (special category) data as defined by Article 9 of the GDPR. This is in relation to your eye and general health.
The data we collect directly from you is the minimum we require to facilitate the lawful processing activity described above. Personally Identifiable Information processed by us will be deleted in accordance with legal obligations and guidance from the General Optical Council and or our retention policy to ensure personal data is held only for as long as is required for the purpose we collected it or for our legitimate purposes.
Data Storage and Security
We follow strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems. We use secure firewalls and other measures such as strong passwords to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
Only persons who need the information to fulfil their roles and responsibilities are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. Dixey CB Limited is committed to upholding those rights and those applicable to the personal information we collect, and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
- Right of Access – you have the right to know what personal information is held, by whom and why.
- The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
- Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
- Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
- Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
- Right to Object – You have the right to object to profiling and direct marketing
- You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
We do not use automated decision making to process personal data.
Third party websites
How to contact us
You can write to us at this address:
Dixey CB Limited
25 West Street
West Sussex RH12 1PB
You can telephone us on this number: 01403 265 369
You can email us by using this link: