Privacy Policy

1. ABOUT US

We are GrandVision Hellas Optical Wear Trading and Distribution Co. S.A., trading as Grandoptical, with registered office at 1A Zoodochos Pigis St., Athens, GR-10678,, tel. +30 2106086636, email address info@grandvision.gr, and we process your personal data when you use the company's website and the social media pages connected to our website, as well as when you enter into transactions at our physical stores.

 

2. PURPOSES WE USE YOUR DATA FOR

We will use your data to, among other things, manage your registration as a user, to manage your product or service purchases, to answer your questions/requests, and, if you opt for it, to send you customised communications.

3. WHY WE USE YOUR DATA

We are entitled to process your data for various reasons. The main reason is that we need to process the data to perform the contract you enter into with us when registering as a user and when making a purchase or when you receive any of our services or use any of the functions our platform offers, but there are also other reasons that allow us to use the data, such as our interest in answering your questions or the consent you give us to send you our newsletter.

 4. WHO YOUR DATA IS SHARED WITH 

We share your data with service providers that help or support us, which may be companies in the GRANDVISION Group or third-party associates with whom we have a personal data protection agreement, and who are located both inside and outside the European Union.

5. YOUR RIGHTS 

You have the right to access, correct or delete your personal data. In some cases, you also have other rights, such as the right to oppose the use of your data by us or the right to data portability, as we explain in detail below.

We invite you to read the full Privacy and Cookies Policy below to fully understand how we use your personal data and the rights you have in relation to it.

 

*******

 

1. WHO IS THE DATA CONTROLLER FOR YOUR DATA?

GrandVision Hellas Optical Wear Trading and Distribution Co. S.A., trading as Grandoptical, whose registered office is at 1A Zoodochos Pigis St., Athens, GR-10678, tel. +30 2106086636, email address info@grandvision.gr, as duly represented (hereinafter "the Company" or "we" or "us/our"), is the Controller for the collection, storage and processing of your personal data when you use the company's website (grandoptical.gr) and the social media pages connected to our website, as well as when you enter into transactions at our physical stores.

   
2. WHAT PURPOSES DO WE PROCESS YOUR PERSONAL DATA FOR?

Depending on the purpose for which your data is processed from time to time, as explained above, we need to process one or more pieces of your data, which will generally be the following (whichever is appropriate):

  • details of your identity (for example, your name, surname, language and the country you are contacting us from, contact details, etc.),
  • health data (e.g. ophthalmologist's prescription) or other sensitive data (eye test measurements) that may be necessary for providing the right product to you,
  • financial information and transaction information (for example, payment details or card details, information about your purchases, orders, returns, etc.),
  • data about your internet connection, geographical location and browsing history (if you are contacting us from your mobile phone, for example),
  • commercial information (e.g. whether you have registered for our newsletter or not),
  • information about your preferences.

 

Please remember that when you are asked to fill out your personal data in order to access any platform function or service, we will indicate certain fields as mandatory, given that they are data that we need in order to be able to provide the service or give you access to the specific function. Please note that if you decide not to provide this information, you may not be able to complete your registration as a user or you may not be able to enjoy these services or make use of these functions.

In specific cases, we may have been provided with information about you by a third party using a function or service on the Platform; for example, we may send you a gift card or send an order to your address. In these cases, we process your data only in cases that are related to this function or service, as mentioned in this Privacy and Cookies Policy.

Depending on how you interact with our Platform, e.g. depending on the services, products you want to receive or functions you want to enjoy, we will process your personal data for the following purposes:



PURPOSE

+ information

1. To manage your registration as a platform user

If you decide to register as a user on our Platform, we need to process your data to identify you as a user of the Platform and to give you access to the various functions, products and services that are available to you in your capacity as a registered user. In that case we will ask for your email address, your chosen password, name, surname, and phone number. You can cancel your registered user account by contacting our Customer Service team.

2. For development purposes,

performance and execution of the sales or services agreement you have entered into with us on the Platform

  • To provide you with the products / services you want. In this case, we will process your name-surname, contact details, payment/card details, purchase/order details. It should be noted that in the context of providing certain products (e.g. glasses/contact lenses), in addition to ordinary identification and contact data, we may also process sensitive personal data, based on the ophthalmologist’s prescription or based on measurements of certain biometric data collected by our opticians, in order to provide you with the services and products you want.
  • To contact you about any updates or notices relating to the functions, products or services for which a contract has been entered into, including any queries about quality, so that we can determine the degree of customer satisfaction with regard to the service provided.
  • To manage payment of the products you buy, regardless of the payment procedure used. For example:
  • If, when purchasing any of our products via the website or application, you choose to enable “save card details” for future purchases (where this feature is available), we must process the recommended data to enable and develop this function. Consent to activate this function allows your payment details to be automatically filled out during subsequent purchases so that you do not need to enter it each time you want to buy something, and that data will be considered valid and effective for subsequent purchases. You can change or cancel your cards at any time using the payment details section or using the user account you registered on the website.
  • To activate mechanisms needed to prevent and identify unauthorised uses of the Platform (for example, during the shopping and returns process) and possible fraud committed against you and/or against us. If we consider that the transaction may be fraudulent or if we identify abnormal behaviour that indicates an attempt to fraudulently use our functions, products or services, such processing may lead to consequences such as the transaction being denied or your user account being deleted.
  • To manage possible exchanges or returns
    after purchasing and managing requests for product availability information, product bookings through the Platform, depending on the availability of such options from time to time.
  • For billing purposes, so that we can provide you with receipts and invoices for the purchases you have made through the Platform.
  • To ensure that you can use other available functions or services, such as purchasing, receiving, managing and using Gift Cards or Gift Vouchers, and to provide you with access to and use of the Wi-Fi we offer to our customers at our physical stores.

3. To respond to requests and queries made through Customer Service channels

We process only personal data that is absolutely necessary to handle or resolve your request or query.

If you contact us by phone, the call may be recorded as evidence of transactions, for quality control purposes and so that we can respond to your request.

4. For marketing purposes

 

This purpose includes processing your data, mainly:

  • To personalise the services we offer and enable us to provide you with recommendations based on your interactions with our Platform and an analysis of your user profile (for example, based on your purchase and browsing history).
  • If and when you register for our newsletter, we will process your personal data to manage your registration, including by sending personalised information about our products or services through various media (such as email or SMS). We may also provide this information via push notifications if you have activated this option on your mobile device.

o   Likewise, you should bear in mind that data processing of this sort includes analysing your profile as a user or customer to determine what your preferences are and, therefore, which products and services are most suited to your style when sending the information to you. For example, based on your purchases and your browsing history (i.e. depending on the products you clicked on), we'll make suggestions about products that we believe may be of interest to you and, if you're a registered user, we'll provide you with a “restore basket” function.

  • Remember that you can unsubscribe from the newsletter at any time, at no cost, through the “Newsletter” section of the Platform, as well as by following the instructions provided in each newsletter you receive. If you don't want to receive push notifications, you can disable this option on your mobile device.
  • To show online advertisements that you may see when you visit websites and apps, for example, on social media. The ads you see may be random, but in other cases they may be ads related to your preferences or your purchase and browsing history.

 

o   If you use social media, we may provide certain information to the companies we collaborate with so that they can show our ads to you and, in general, offer you and users like you ads that take your profile on these social networking sites into account. If you want information about how your data is used and how advertisements work on social media, we recommend that you look at the privacy policies of the social networking websites on which you have a profile.

o   We also use your data to perform segment measurements and analyses on the ads we display to users on certain of our partners’ platforms. To do this, we collaborate with these third parties that offer us the necessary technology (cookies, pixels, SDK, for example) for using these services. Please bear in mind that although we don't provide these associates with personal data that could identify you, we do provide them with some form of ID each time (for example, the ad ID associated with the device, the ID associated with a cookie, etc.). If you want more information about this, please refer to section 10 of this policy. Similarly, you can reset ad ID or deactivate customised ads on your device. (If you have installed our app on an iOS device, you can adjust your preferences by going to Settings/Confidentiality/Advertisements. If you have an Android device, access this by going to Settings/Google/Advertisements.)

  • Data enrichment: When we collect your personal data from various sources, we may collect that data under certain circumstances in order to improve our understanding of your needs and preferences with respect to our products and services (including for analysis purposes, user profile creation, marketing studies, quality surveys and improvement of our interactions with our customers). This refers, for example, to how we may combine your information if you have a registered account and you use the same email that is linked to your account to purchase items as a visitor, or it may refer to information that is automatically collected (such as IP and MAC addresses or metadata) that may be linked to the information you have provided us with directly through your activity on the Platform or at any of our stores (for example, information related to your purchases, either in physical stores or online, your preferences, etc.).
  • To carry out promotional activities (for example, to organise competitions or to send a list of saved products to the email address you indicate). By taking part in any promotional activities, you authorise us to process the personal data you have shared with us depending on the promotional measure, and we can share it through various media, such as social media or the Platform itself. For each promotional measure you participate in, you will be provided with the terms and conditions under which we will provide you with more detailed information about how your data is processed.
  • To publish photos or images you have publicly shared on the Platform or through our social media channels, provided that you have given us your explicit consent for this.

5. Useability and quality analysis to improve our services

If you access our platform, we will let you know that we will manage your browser data for analytical and statistical purposes – that is, to understand how users interact with our Platform and with the campaigns we run on other websites and apps, so that we can improve our services.

In addition, we sometimes carry out quality surveys and actions to learn about customer and user satisfaction levels and identify those areas where we can improve.




3.        WHAT LEGAL BASIS DO WE HAVE FOR PROCESSING YOUR DATA?

The legal bases which allow us to process your personal data, always depending on the purpose for which the processing is carried out, are as follows:


Purpose

Legal basis

1. To manage your registration as a platform user

We process your data because it is essential in implementing the terms governing the use of the Platform. In other words, in order for you to register as a user on the Platform, we need to process your personal data, because otherwise we would not be able to manage your registration. In effect, registration as a user of the platform constitutes signing of a contract and therefore processing of your personal data is vital for implementing the contract between us.

2. Monitoring, performance and execution of purchase or service agreements

 

We process your data because it is essential in implementing the purchase or service agreement with you.

Certain data processing related to the purchase process is activated only because you request or authorise it, as is the case with saving payment (card) data for future purchases or processing of data necessary to scan till receipts or to provide Coming Soon / Back Soon functions (where those functions are available). In these cases, our data processing is based on your consent.

Certain transaction details must be kept for a certain period of time by law (for example, payment details are tax records which must be kept for 10 years). The legal basis for processing the data for the time period specified by law is compliance with a legal obligation.

Moreover, we have a legitimate interest in performing the necessary verifications to identify and prevent possible fraudulent or deceptive activities on the Platform, for example when you purchase or return items. We understand that the processing of this data is beneficial for all parties involved: for you, as it allows us to implement measures to protect you against attempted fraud committed by third parties; for us, as it allows us to avoid unauthorised uses of the Platform; for all our customers and society, as it also protects their interests, ensuring that fraudulent activities are discouraged and identified when they occur.

3. Customer Service

We have a legitimate interest in answering any requests made or questions posed through the different communication channels that exist. We understand that processing this data is also beneficial to you to the extent that it allows us to adequately assist you and to answer the questions posed.

When you contact us, especially to manage incidents related to your order or the product / service acquired through the Platform, your data must be processed to execute the purchase agreement.

When your request relates to the exercise of your rights, which we notify to you below, or to claims relating to our products or services, we are authorised by law to process your data for the purposes of complying with our legal obligations.

4. Marketing

We process your data for marketing purposes when you provide us with the relevant consent – for example, when you agree to receive customised information through multiple methods, when you agree to receive push notifications to your mobile device, or when

you adjust your mobile device settings to allow customised ads, or when you accept the legal terms and conditions for participating in a promotional action or publication of your photographs on the Platform or on our social media channels.

We will send you our newsletter when you have given us your consent for this or when there is an established business relationship between us in accordance with the provisions of Article 11(3) of Law 3471/2006.

The legal basis for processing: Your consent (when you fill out the relevant form on our website) or our legitimate interests (when you are already customers) to inform customers about new products that may be of interest to them. In any case, you will have the right to state at any time that you no longer wish to receive our newsletter by sending a message to dataprotection.gr@grandvision.gr, and your decision will be fully respected.

We create a profile with the information we have about you (such as your preferences or your browsing / shopping history) and the personal data you have provided us with, such as age bracket or language, in order to send you customised offers or show you customised information, either on our platform or on third-party platforms. The legal basis for such processing is our legitimate interest in effectively promoting our products.

5. Useability and quality analysis

We have a legitimate interest in analysing the useability of the Platform and the extent to which users are satisfied, to ensure the seamless operation of our platform and improve the services offered through it.

6. Response to orders from courts or public authorities

We may process your personal data in order to meet these requests. In that case, the legal basis for your data processing will be compliance with our legal obligations.



4.       HOW LONG WILL WE RETAIN YOUR DATA?

The personal data of users will be held solely and exclusively for the period of time required to achieve the purposes for which that data was collected, in full compliance with the applicable legislation. The specific retention periods for each of the relevant processing purposes are set out below:



Purpose

Retention period

1. To manage your registration as a platform user

We will process your data for such time as you remain a registered user (i.e. until you decide to unsubscribe).

2. Monitoring, performance and execution of purchase or service agreements

We will process your data for the period required to manage the purchase of the products or services you have acquired, including any returns, complaints or claims that are related to the purchase of the specific product or service.

 

Sometimes, we will process the data only until the time you decide, as in the case of payment (card) data you requested be saved for future purchases (where this option is available).

 

According to the tax laws, the payment details must be kept for 10 years from the implementation of the agreement between us.


3. Customer Service

We will process your data for as long as necessary to satisfy your request or query.

4. Marketing

We will process your data until you delete it or cancel your subscription to the newsletter.

Similarly, we will show you customized ads until you change the settings of your mobile phone or browser so that the permission for us showing those ads is revoked.

5. Usability and quality analysis

We will process your data during the period that we perform a specific quality survey or until we anonymise your browsing data.

Irrespective of how we process your data during the time period which is absolutely necessary to achieve that objective, we will then keep it duly stored and protected for the time period during which liability for processing could arise, in accordance with the legislation in force from time to time (the legal basis for processing in that case is the Company’s legitimate interest in protecting its legal rights). Once the statute-barring period for each claim elapses, we will delete the personal data.



5. DO WE SHARE YOUR DATA WITH THIRD PARTIES?

To achieve the objectives set out in this Privacy Policy, it is necessary to grant access to your personal data to members of the GRANDVISION Group and third parties who provide us with support for the services we offer, and in particular:

  • Financial Organisations,
  • fraud detection and prevention organisations,
  • technology and IT service providers,
  • service providers and associates related to logistics, transportation and delivery of the products you want,
  • service providers and associates related to marketing and publicity, such as social networking websites, advertising agencies or advertising partners. In all events, all necessary measures are taken to ensure the security of your data and the necessary agreements are signed to safeguard confidentiality and protect personal data.

Some of the above providers are located in countries outside the European Economic Area which do not provide a level of data protection similar to that in the European Union, namely the United States. In these cases, we notify you that we will transfer your data in compliance with applicable legal requirements, with adequate guarantees either because the providers are certified under the Privacy Shield or because we have signed standard contractual clauses that have been approved by the European Commission.





6. WHAT ARE YOUR RIGHTS WHEN YOU PROVIDE YOUR DATA?

We undertake to keep your personal data confidential and ensure that you can exercise your rights at no cost, by sending a request to the Data Protection Officer (dataprotection.gr@grandvision.gr). If we consider it necessary to confirm your identity, we may request a copy of a document proving your identity.

You have the following specific rights:

  • You can request access to the data we have concerning you. We remind you that if you are a registered user of the Platform, you can also check this information in the section that corresponds to your personal data.
  • You can ask us to rectify the data we have. Remember that if you are a registered user of the Platform, you can also access the section that corresponds to your personal data to modify or update your personal data. In any case, please bear in mind that your active provision of personal data given to us in any way guarantees that these are true and accurate and you agree to notify us of any changes or amendments to them. The user is exclusively responsible for any losses or damage caused to the Platform or the person responsible for the Platform or any third party due to the filling out of erroneous, inaccurate or incomplete information in the registration forms. Please remember that, as a general rule, you should provide only your personal data, not third-party data, unless this is allowed under the statutory framework (e.g. a parent providing data about a child) and this Privacy Policy.
  • Ask us to erase your data to the extent that it is no longer necessary for the purpose for which we must continue to process it, as already explained above, or when we no longer entitled to process it.
  • Ask us to cancel or limit the processing of your personal data, which means that in some cases you may request that the processing of your data be temporarily suspended or that the data be kept longer than necessary when you need it.

If you have given us your consent to your data being processed for any purpose, you are also entitled to withdraw that consent at any time. Some of the circumstances under which you may withdraw your consent are detailed in section 2, where we explain for which purposes we process your data. For example, if you don't want us to send information to third parties to display ads, you can change your preferences on your mobile device by re-entering your ad ID or deactivating personalised ads on your device.

When we are authorised to process your data based on your consent or on implementation of the contract, as explained in section 3, you will also be entitled to request the portability of your personal data. This means that you will have the right to receive the personal data you supplied to us in a structured format, which is widely used and machine-readable, in order to transfer the data directly to another legal entity without any objections on our part.

In addition, when the processing of your data is based on our legitimate interest, you will also have the right to object to the processing your data.                      

You may also submit complaints to the Hellenic Data Protection Authority regarding the exercise of your rights (www.dpa.gr, tel. 210-6475600).


 
7. WHAT HAPPENS WHEN YOU PROVIDE US WITH THIRD-PARTY DATA OR IF ANY THIRD PARTY HAS PROVIDED US WITH YOUR DATA?

We offer functions or services that require us to process the personal data of third parties that you must provide as a user or customer, such as in case of activation and dispatch of the Gift Card or in case of handling a request for a Gift Voucher (where these functions are available) or when you authorise a third party to receive an order from our stores or from the premises of third parties. If you supply us with third-party personal data or if it is necessary for us to request such personal data in order to receive a third-party order in your name, you must confirm that you have informed the third party in question of the purposes and manner in which we need to process that party’s personal data.

 

If a third party has provided us with your data or if you have provided it as a result of a function or service requested by one of our users, we will use that data to manage that function or service, and in any case within the limits and for the purposes stated in this Privacy and Cookies Policy, a link to which we always include in our communications.




8. CHANGES TO THE PRIVACY AND COOKIES POLICY

We may amend the information contained in this Privacy and Cookies Policy when we consider it necessary or when this is required by changes in the statutory framework. If we do so, we will notify you in various ways through the Platform (for example, through a banner, a pop-up window or a push notification), or we may even send you a notification to your email address when this change is important for your privacy, so that you can check the changes, evaluate them and, as appropriate, object or unsubscribe from a service or function. In any case, we recommend that you review this Privacy and Cookies Policy from time to time if we make small changes or introduce some interactive improvement, by taking advantage of the fact that you will always find it in a permanent location on our Website and in our Application.

This Privacy Policy has been prepared in implementation of the provisions of the General Data Protection Regulation (Reg. (EU) 2016/679). In all events, the Company reserves the right to change its personal data protection policy in accordance with the relevant legal framework in force from time to time. Consequently, these personal data protection terms may be revised and updated at any time without prior notice. Our website users and our customers are requested to check these terms at regular intervals for any changes, given that continued use of the website means that they accept any possible changes to these terms.

 

9. APPLICABLE LAW

The laws of Greece shall be applicable to any dispute which may arise from use of this website, and the courts of Athens alone shall have jurisdiction.


10. INFORMATION ABOUT COOKIES

We use cookies and similar devices to make it easier for you to navigate the Platform, to understand how you interact with us and, in some cases, to be able to show you ads based on your browsing habits. Please read the Cookies Policy to understand the cookies and similar devices we use in more detail, their purpose and other information of interest to you.