All personal data processed by us, is handled in strict compliance with the European General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).
1.1 The data controller who processes all of the personal data we process is:
Ace and Tate Holding B.V., located in (1097 BA) Amsterdam at George Westinghousestraat 2, the Netherlands and registered at the Chamber of Commerce in the Netherlands with the number 56577710 and its group companies.
If you have any questions, please contact our customer experience department at (firstname.lastname@example.org).
2. Personal Data Collected
2.1 Registration or information requests through our website
We process information from visitors of our stores and Website, including but not limited to when you register an account to buy products, use our Services or receive information from us through either the form on our Website or by email with your request for information. We process personal data based on: consent according to art. 6(1)(a) GDPR, contract according to art. 6(1)(b) GDPR, compliance with a legal obligation according to art. 6(1)(c) GDPR and legitimate interests according to art. 6(1)(f) GDPR.
Via on our Website we may ask you to provide any of the following personal data:
First and last name
Date of birth
Medical data (eg. eye test prescription data and medical history);
Payment card data (e.g. bank account number/credit card details).
You may contact us at any time through email to request information. If you send us such an email, we may process the personal data and information provided in your email.
We may combine the information you have provided with other information we have processed about you, both online and in person (including but not limited to your purchase history, your address, prescription details and/or purchase date), along with information that we receive from public information sources and external parties (e.g. Google, Facebook or Weather.org).
2.2 Automatically generated data
When you use our Website, we may process and register your IP address. Your IP address will be stored in a temporary log file. We may share information regarding your use of our Website with our trusted subsidiaries, affiliates, and partners, as described further in Articles 3.2 and 3.3 below.
3. Purpose of Data Processing
3.1 We process your personal data, as described in Article 2.1, for the following purposes:
a) to fulfil our obligations to provide you with our Services and/or products (such as shipping and invoicing) or other requests you may make (such as online eye tests and contacting opticians) (based on contract according to art. 6(1)(b) GDPR);
b) to contact you regarding follow-up Services (such as communicating the results of an online eye test, virtual try-on, and fitting-room email follow up), to answer your questions, and provide requested information or advice (based on consent according to art. 6(1)(a) GDPR);
c) to secure your account and order information (based on contract and/or consent according to art. 6(1) and (b) GDPR);
d) to secure our business goals (based on legitimate interest according to art. 6(1) and (b) GDPR):
for data analysis to improve the efficiency of our Services;
for audits to check whether our internal processes function as intended and to comply with legal or contractual requirements;
for fraud and security checks, such as to detect and prevent identity theft or cyberattacks;
for the development of new products and services and for example, to consider where to open new stores in the future;
to supplement, improve or change our Website, products, and services;
to identify trends in the use of Services, to get insight on which parts of our Services are most interesting for our users; and
to determine the effectiveness of our promotional campaigns, so that we can adapt our campaigns to the needs and interests of our users;
e) analysis of personal data (e.g. purchase history, prescription details, shipping country and/or city, language) to provide personalised services offers (based on consent and legitimate interest according to art. 6(1)(a) and (f) GDPR):
to remind you that you need a new eye test 360 days after you have had your last eye test;
to understand you better so that we can personalise our interactions with you and provide you with information and / or offers that are tailored to your interests; and
to better understand your preferences so that we can deliver content through the Services that we believe will be relevant and interesting to you.
f) to send you our weekly email newsletter with offers and information about similar products and Services, only if you have specifically opted in for this. Please note that you can always object to such use, via the ‘unsubscribe’ link in our email newsletters or to unsubscribe from your account page after logging in via (based on consent according to art. 6(1)(a) GDPR);
g) to comply with various legal obligations, including tax obligations (based on compliance with a legal obligation according to art. 6(1)(c) GDPR; and
h) if you respond to an action or contest, we use the information to carry out the action, to announce the prize winner(s), and to measure the response to our marketing campaigns (based on contract according to art. 6(1)(b) GDPR).
3.2 We may provide your personal data, as described in Article 2.1, to our subsidiaries, affiliates, and partners, including our retail stores located in your region, in connection with marketing and promotional materials related to our products and Services. As such, you may be contacted by our local retail stores with such materials. If you would prefer to opt out of any such communications, please use the unsubscribe link in the relevant newsletter or send an email to our customer experience department at (email@example.com).
3.3 We will only make personal data available to third parties that are involved in the execution of your order (i.e. for virtual try-on). These third parties process personal data according to our instructions and any such use shall be under our responsibility. Any such data made available is recorded, and if required, any such third parties are also made parties to data processing agreements. We do not pass on your personal data to other third parties unless we are legally obliged to do so.
3.4 We use the automatically generated information, as described in Article 2.2, and your company data and personal data, as described in Article 2.1, to conduct aggregated analyses for internal research and statistical and strategic purposes ("Aggregated Information"). This Aggregated Information does not identify you or your company. We use the Aggregated Information to optimize our Website, Services and products and learn more about the use of our Website and products so we can improve them.
4. Use by Minors
5. Data Retention
5.1 We shall process the personal data for a period of two (2) years after your last order, or for as long as legally required or necessary and allowed for the purpose(s) for which it was obtained. Immediately after this period, we will destroy the personal data and/or anonymise them.
5.2 The criteria used to determine our retention periods include, but may not be limited to: (i) the duration of our ongoing relationship with you and the Services we offer you; (ii) whether or not we are subject to any legal obligation(s); and (iii) any other legal necessity (such as applicable limitation period(s), litigation, or internal or external investigations).
5.3 Notwithstanding Article 5.1, we may process the personal data for a longer period (i) if you ask us to retain data for another two (2) year period, (ii) in order to comply with statutory retention periods (such as those required by tax legislation), or (iii) in order to prove compliance with applicable statutory obligations (such as the GDPR or email marketing legislation).
5.4 If you request deletion of your personal information by contacting us through the process described in Article 8, all of your personal information processed through our Website shall be deleted, as required by applicable law, unless we are obligated to retain such information, whether by law, to complete the transaction for which the information was processed, or for internal use.
6. Data Protection
6.1 Any personal information we process is treated as confidential. As such, we shall take appropriate technical and organizational measures to safeguard and protect the personal data against any accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access or against any other unlawful or unauthorized processing of such personal data. These measures guarantee an appropriate level of security given the risks related to processing and the nature of the data. For example, we use Security Socket Layer encryptions during your order process and when creating an account on our Website.
7. Sharing the Personal Data
7.1 Without prejudice to Articles 3, 7.1, and 7.2, we don’t transfer any personal information or personal data to any third party without your explicit permission, unless we are obliged to do so under applicable legislation or by order of the competent supervisory authority.
7.2 However, please note that we may transfer your personal data and the information to our local retail stores, as set out in Article 3.2.
8. Your Rights
8.1 You have the right to obtain our confirmation as to whether or not we process your personal data, on request. The personal details you provide when registering with us can be viewed and altered at anytime by yourself through your account on the Website. You are also entitled to send our Customer Experience department (firstname.lastname@example.org) a request to receive such information. Furthermore, you are entitled to send our Customer Experience department at (email@example.com) a request to access, receive, transfer, rectify, erase or completely withdraw your consent for processing your personal data. We will process your request in accordance with the GDPR and we will send you a response without undue delay, at least within one (1) month after the receipt of your written request.
8.2 Under California law, customers of Ace & Tate who are residents of California may request certain information about our disclosure of personal information during the prior calendar year to third parties for their direct marketing purposes. To make such a request, please contact our customer experience department at firstname.lastname@example.org.
8.3 You are entitled to object to our processing of your personal data at any time. Upon any such objection, we shall no longer process your personal data, unless we demonstrate i) compelling legitimate grounds for the processing which override your interests, rights and freedoms or ii) to establish, exercise, or defend any legal claim(s). We will send you a response without undue delay, not to exceed one month after the receipt of your written request.
8.4 If you have any complaints regarding our data processing or your previous requests, you can contact our Customer Experience department at email@example.com. You also have the right to file a complaint with the relevant Data Protection Authority.
8.5 If you have any further questions or comments, please contact our customer experience department at firstname.lastname@example.org.
9. Cross-border Transfer
9.1 Because Ace & Tate is a global company, your personal data may be stored and processed in every country where we have facilities or service providers. By using our Services or by giving us permission (where required by law), you hereby agree that your information may be transferred to countries other than the country where you live, where other data protection laws may apply than in your own country. Appropriate contractual and other measures have been taken to protect personal data when sent to our subsidiaries or third parties in other countries.
9.2 Some countries outside the European Economic Area (EEA) are recognized by the European Commission as countries where an appropriate level of data protection applies according to the EEA standards (the full list of these countries is available here). For transfers from the EEA to countries that in the opinion of the European Commission do not offer sufficient protection, we have ensured that adequate measures have been taken, among other things by ensuring that the recipient is bound to EU standard data protection provisions (i.e. Standard Contractual Clauses) or an EU-approved code of conduct or certification to protect your personal data. You may receive a copy of these measures by contacting our customer experience department at email@example.com, as explained in Article 8 above.
10. Third-party Websites
Amsterdam, The Netherlands, August 2023