1. Legal responsibility
All submitted personal data is controlled by DIO Optik GmbH (“YUN”) and handled with the utmost care under the German Bundesdatenschutzgesetz (BDSG) and the General Data Protection Regulation (GDPR) 2016/679.
2. Where do we store your data?
The collected data is stored within the European Economic Area (“EEA”) but, under certain circumstances, may also be transferred and processed outside of the EEA. In case of Rx orders your name and prescription data are encrypted and are transferred to our lens lab in South Korea for lens production purposes.
3. Who do we share your personal data with
We only share your data with partners and third parties for the purpose of providing you with our services, for example shipping agents in connection with the delivery of goods, media agencies for distribution of newsletters, email management services for brand newsletters, IT developers for management and development of the website, lens manufacturing lab for production and credit reference or debt collection agencies for the purpose of credit rating checks, identity checks and debt collection. All data transfers are in compliance with applicable laws. Each service provider is also responsible for their use of your personal data, according to rules they set in their own privacy policies.
DIO Optik does not collect any information of payment. The payment gateway processing the payment accesses the payment media directly.
4. What personal data do we collect?
We may use your personal data for the following purposes:
- To create and manage your personal account at YUN
- To process your orders and returns
- To communicate with you about your order
- To investigate any possible problems with your order
- To keep track of your eye health
- To answer your queries or inform the winners in competitions
- To send marketing offers, such as newsletters (if desired)
- To make analyses in order to provide you with relevant marketing offers and information
- To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
5. How long do we store your data?
We will store your data for as long as:
- Two years (by virtue of legal warranty)
- Five years (on the basis of the Medizinproduktegesetz MPG)
- Ten Years (analog to § 10 Abs. 3 Musterberufsordnung der Ärztinnen und Ärzte)
- Ten Years (on the basis of tax law requirements)
6. What are the legal grounds for processing?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
7. What are your rights?
It is your right to request information about your personal data at any time, without any charge.
Should you find that your data is incomplete, incorrect or irrelevant, you may ask to have the respective information corrected or removed. You have the right to be informed about which additional controllers your data has been transferred to. You have the right to withdraw your consent to the utilization of your personal data for marketing purposes at any time.
Should you invoke your right to remove your personal data, this may result in a limited ophthalmic service. Please note, that we cannot comply with a request should there be legal requirements that forbid us to do so, for example book-keeping rules, or other legitimate grounds exist, such as outstanding payments, open orders and misuse of our services. We are obligated to respond to any data request within a 30-day period.
You can edit your personal information with your YUN account.
To exercise your rights or file a complaint, please send us an enquiry via email at firstname.lastname@example.org
8. How we protect your personal data?
We have undertaken a variety of organizational and technical measures to ensure that your data is safe with us. For any of our websites that process payment, or have password-protected areas, we use HTTPS - your web browser should indicate that such pages are secure. Access to your personal data is password-protected, and sensitive data (such as payment card information) is secured by SSL encryption.
We maintain administrative, technical and physical safeguards to protect against unauthorized access, use, modification and disclosure of any personal data in our custody and control. Internal access to personal data is restricted to specific employees.
Staff handling your sensible personal data have been thoroughly trained about the requirements of GDPR.In compliance with GDPR we will inform you in the unlikely event of a data breach within 72 hours.
9. Controller of personal data