Ace & Tate

Privacy policy

We, Ace and Tate Holding B.V. ("Ace & Tate"), are the owner of the www.aceandtate.com website (hereinafter referred to as the "Website"). We are committed to protecting your privacy and security. This Privacy policy describes how we deal with the personal data that we process via our website or application managed by us and the services offered thereon (hereinafter referred to as the "Services").

By visiting our website or providing your personal data, you are accepting and consenting to the provisions of this Privacy policy. All personal data collected and processed by us is handled in strict compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) ("GDPR").

  1. Controller

    The controller of the processing of the personal data is:

    Ace & Tate Holding B.V., located in (1097 BA) Amsterdam at Stephensonstraat 19, the Netherlands and registered at the Chamber of Commerce in the Netherlands with the number 56577710.

    If you have any questions or remarks, please contact our customer experience department (hello@aceandtate.com).

  2. What kind of personal data do we collect on our website?

    1. Registration or information requests through our website

      When you register yourself in order to buy products or when you wish to receive information from our company, you can fill in a form on our website or send us an e-mail with your request for information.

      In the form on our website we ask you to provide the following (personal) data, including special personal data, if necessary, for providing our services:

      1. First and last name
      2. Address
      3. Phone number
      4. E-mail address
      5. Date of birth (if you request us to submit a claim for reimbursement of your prescription glasses with your health insurance provider on your behalf)
      6. Password
      7. Medical data (eg. eye test prescription data)
      8. Bank account/credit card details

      If you send us an email with your request for information, we process the personal data and information provided in your email.

      We may combine the information you have provided with other information we have collected about you, both online and offline, including, for example your purchase history, your address, gender, prescription details and/or purchase date.

      We can also combine them with information that we receive from the following sources: public information sources and information from external parties. For example, Google, Facebook or Weather.org.

      If you provide us with personal data about another person, you declare that you are authorised to do so and that you allow us to use that information in accordance with this Privacy policy.

    2. Automatically generated data

      When using our Website, your IP address can be registered or cookies or other technologies can be used (see also our cookie policy). In addition, we can surf, search and/or click on the Website and on websites of advertisers (including the webshops affiliated with us) or tracking. The IP address is stored in a temporary log file. We also share information about your use of our website with our trusted social media, advertising and analysis partners, such as Facebook in respect of the Facebook pixel and Quantcast in respect of the Quantcast pixel.

      A cookie is a small file that is sent along with pages of a website and stored by your browser on the hard disk of your computer. For example, cookie-related techniques are the use of fingerprints and scripts. With this data, sometimes personal data is stored or consulted. On the basis of this information you can be recognised on a later visit.

      For more information, see our cookie policy for a detailed explanation of cookies and similar technologies that can be placed when visiting our website.

  3. For which purpose and on which basis do we process the personal data?

    1. We process personal data received from you, as laid out in article 2.1 (Registration or information requests through our website), for the following purposes:

      1. to fulfil our obligations with respect to the agreement for the sale of goods (for example for shipping and invoicing the ordered goods) or requested services (online eye test/contact with opticians), including invoicing;
      2. to contact you (by phone or by e-mail), to provide our services (like the results of the online eye test), and to answer your questions or remarks and/or provide you with the requested information or advice;
      3. to secure your account and order information;
      4. to secure our business goals:

        • for data analysis, for example to improve the efficiency of the Services;
        • for audits, to check whether our internal processes function as intended and to comply with legal or contractual requirements;
        • for fraud and security checks, for example for cyber attacks or attempts at detecting and preventing identity theft;
        • for the development of new products and services and to consider where to open new stores in the future;
        • to supplement, improve or change our website or our products and services;
        • to identify trends in the use of the Services, for example insights on which parts of our Services are most interesting for users;
        • to determine the effectiveness of our promotional campaigns, so that we can adapt them to the needs and interests of our users.

        We will carry out the above listed activities to manage our contractual relationship with you, to fulfil a legal obligation, and/or because of our legitimate interests.

      5. to analyse personal data (e.g. purchase history, prescription details, shipping country and/or city, language, gender) in order to provide personalised offers of our Services:

        • to remind you that you need a new eye test 360 days after you have had your last eye test;
        • to understand you better so that we can personalise our interactions with you and provide you with information and/or offers that are tailored to your interests;
        • to better understand your preferences so that we can deliver content through the Services that we believe will be relevant and interesting to you.

        We will provide personalised offers of our Services with your permission or because of our legitimate interests.

      6. to send you our weekly email newsletter with offers and information about similar products and services, but only if you have specifically opted in for this. Please note that you can always object to such use, via the ‘unsubscribe’ link in our email newsletters or to unsubscribe from your account page after logging in via https://aceandtate.com/login
      7. to comply with various legal obligations, including tax obligations.
      8. if you respond to an action or contest, we use the information to carry out the action, to announce the prize winner(s), and to measure the response to our marketing campaigns.
    2. We may provide your personal data, as laid out in article 2.1 (Registration or information requests through our website), to our local shops, located in your region. The local shop may contact you to provide you with localised information or to see if you need any support, assistance or have any additional questions with respect to our product. If you don’t want to be contacted by our local shop please send an e-mail to our customer experience department (hello@aceandtate.com).

    3. We also share information about your use of our website with our trusted social media, advertising and analysis partners (e.g. Facebook in respect of the Facebook pixel).

    4. We will only make personal data available to third parties that are involved in the execution of the user's order (i.e. processing the online eye test). These third parties process personal data according to our instructions and under our responsibility. This is recorded and a processor agreement is concluded with these parties. We do not pass on your personal data to other third parties unless we are legally obliged to do so.

    5. We use the automatically generated information, as laid out in article 2.2 (Automatically generated data), and your company data and personal data, as laid in out in article 2.1 (Registration or information requests through our website), to conduct analyses for internal research and statistical, strategic purpose, all in an aggregated form ("aggregated information"). This aggregated information does not identify you nor the company. We use the aggregated information to optimise our Website, Services and products and learn more about the use of our Website and products so we can improve them.
  4. Use by minors

    The Services are not intended for use by persons under the age of 16. If you are younger than 16 years old, you cannot make use of the Services and you must refrain from providing personal data. If your child has unexpectedly submitted personal information to us and you wish to request that the same personal data be removed, please contact us. In Chapter 8 (Your rights with respect to your personal data) of this Privacy policy you will find out how you can contact us.

  5. How long do we store and process the personal data?

    1. Ace & Tate shall process the personal data for a period of two years after your last order, or for as long as legally required or necessary and allowed for the purpose(s) for which it was obtained. Immediately after these periods we will destroy the personal data and/or anonymise them.

    2. The criteria used to determine our retention periods include: (i) the duration of our ongoing relationship with you and the Services we offer you; (ii) whether or not there is a legal obligation to which we are subject; and (iii) whether or not custody is advisable due to our legal position (such as applicable limitation period(s), a court case or investigations by a supervisor).

    3. Notwithstanding article 5.1, Ace & Tate may process the personal data for a longer period (i) if you ask Ace & Tate to keep data for a new two-year period, (ii) in order to comply with statutory retention periods (for example laid down in tax legislation) or (iii) in order to prove that it complies with applicable statutory obligations (for example with respect to the GDPR or e-mail marketing legislation).
  6. How do we protect the personal data?

    We shall take appropriate technical and organisational measures to safeguard and protect the personal data against any accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access or against any other unlawful or unauthorised processing of such personal data. Taking into account the state of technology and the costs of execution, these measures guarantee an appropriate level of security given the risks that come with processing and the nature of the data to be processed. For example, we make use of a secure SSL connection during the order process and when completing the registration form.

  7. With whom do we share the personal data?

    1. Without prejudice to articles 3, 7.1 and 7.2, we don’t transfer any personal and/or personal data to any third party without your explicit permission, unless it is obliged to do so under applicable legislation or by order of the competent supervisory authority.

    2. However, please note that we may transfer your personal data and the information to our local stores, as laid out in article 3.2.

    3. Furthermore, we may employ other companies, so-called data processors, which process personal data solely on our behalf. Such data processors are only entitled to process the personal data needed to perform their services and activities, in accordance with our written instructions. The processors guarantee that they have implemented appropriate technical and organisational measures in such a manner that their processing meets the requirements of this Privacy policy and the GDPR, and ensures the protection of the rights of all data subjects. The processing of personal data by a processor shall always be governed by a written data processing agreement between us and the processor.
  8. Your rights with respect to your personal data

    1. You have the right to obtain our confirmation as to whether or not we process your personal data, on request. The personal details you provide when registering a client with us can be viewed and altered at anytime by you, on your account on the Website. You are also entitled to send our customer experience department (hello@aceandtate.com) a request to receive such information. Furthermore, you are entitled to send our customer experience department (hello@aceandtate.com) a request to access, receive, rectify or erase your personal data. We will process your request immediately and in accordance with the GDPR and we will send you a response without undue delay, at least within one month after the receipt of your written request.

    2. You are entitled to object, on grounds relating to your particular situation, to our processing of your personal data at any time. We shall no longer process the personal data, unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. We will send you a response without undue delay, at least within one month after the receipt of your written request.

    3. If you have any complaints about our processing of your personal data or your request, you can contact our customer experience department (hello@aceandtate.com). If that doesn’t solve your complaints, you can, of course, always contact the Dutch supervisory authority (www.autoriteitpersoonsgegevens.nl) or the competent court in the Netherlands.

    4. If you have any further questions or remarks, please contact our customer experience department (hello@aceandtate.com).
  9. Cross-border transfer

    1. Your personal data can be stored and processed in every country where we have facilities or service providers. By using our Services or by giving us permission (where required by law), your information may be transferred to countries other than the country in which you live, including the United States, where other data protection laws differing from those in your own country may apply. Appropriate contractual and other measures have been taken to protect personal data when sent to our subsidiaries or third parties in other countries.

    2. Some countries outside the European Economic Area (EEA) are recognized by the European Commission as countries where an appropriate level of data protection applies according to the EEA standards (the full list of these countries is available here). For transfers from the EEA to countries that in the opinion of the European Commission do not offer sufficient protection, we have ensured that adequate measures have been taken, among other things, by ensuring that the recipient is bound to EU standard data protection provisions, EU-US Privacy Shield certification or an EU-approved code of conduct or certification to protect your personal data. You may receive a copy of these measures by contacting our customer experience department (hello@aceandtate.com), as explained in Chapter 8 (Your rights with respect to your personal data) above.
  10. Third-party websites

    Our website may contain (a number of) hyperlinks that lead to websites that are maintained by third parties. We cannot accept any responsibility for the content of these websites and for the way in which these websites deal with your data. Read the Privacy policy, if present, of the website you are visiting.

  11. Revisions of this statement

    Please note that this statement might be revised, for example due to revisions in the applicable legislation. The revised statement will be published on our website. We recommend checking our website and the Privacy policy on a regular basis. The last revision of this policy was made in May 2018.

    Amsterdam, The Netherlands, May 2018

follow ace & tate