[Last Revised: July 25 ,2018]
Under this Privacy Notice, we, Shamir Optical Industry Ltd. and/or its subsidiaries (collectively – “Shamir”), inform you what personal data of yours we collect when you visit our website or use our order service through the Shamir Online platform, why we collect it, and what we do with it. Your personal data means any information relating to you, in particular your name and contact details such as your telephone number or your email address.
Please take the time to read this Privacy Notice carefully, it is very important that you fully understand how we are processing your personal data and how we are protecting your privacy. If you have any question regarding our use of your personal data, you can of course contact us as set out below:
WHAT PERSONAL DATA WE COLLECT
Data we collect when you visit our website
When you access to our website, we automatically collect and store some of your data in our server logs and in cookies, which are small files we sent to your computer when you visit our website.
This data does not allow us to directly identify you; however, it records data related to your browsing on our website, such as the pages that you accessed, the date and time you accessed to these pages, your search queries, information on your device (hardware model, operating system version, unique device identifier, Internet protocol address, hardware settings, browser type, browser language), the date and time of your request and referral URL.
The provision of your personal data is not required if you only want to visit our website. This means that you may refuse to accept cookies by configuring your web browser accordingly (for more information, refer to the ‘help’ section of your web browser). However, refusing cookies is likely to disrupt your navigation on our website, in particular by preventing you to access to certain parts of it.
Data we collect when you sign up or when you order products
Some of the services offered on our website require you to sign up. If you want to use these services, we will ask you to provide us with personal data, and we thank you to provide us with complete and accurate data, and also to inform us if your data needs to be updated. If you do not provide us with complete and accurate data, or if you do not inform us that your data needs to be updated, we may not be able to provide you with the services you requested.
We collect the following categories of your personal data:
• Identification data, including your name, telephone number, e-mail address, postal address, login and password, country, etc.
• IT data, including data related to your browsing on our website and on Shamir Online platform, such as the pages that you accessed, the date and time you accessed to these pages, your search queries, information on your device (hardware model, operating system version, unique device identifiers, Internet protocol address, hardware settings, browser type, browser language), the date and time of your request and referral URL.
HOW WE USE PERSONAL DATA WE COLLECT
We only use your personal data within the limits authorized by the laws and regulations. Sometimes, we shall use your personal data because the laws and regulations require us to do so. In any case, we do not make any automated decisions solely on automatic processing which may produce legal effects concerning you, or similarly significantly affect you.
We use your personal data for the following purposes:
You may provide us, through Shamir Online platform, with personal data of your customers (“End-users”); such as their name, eye-related prescription, etc. End-users are informed by you about how you process their personal data and in particular that they are communicated to us for management of orders.
HOW LONG WE KEEP PERSONAL DATA WE COLLECT
The retention periods for your personal data depend on the purpose for which we collect this data is processed for. Even if we are not able to outline the various retention periods in a reasonably intelligible format under this notice, we want you to know that we will retain your personal data only for as long as (i) necessary for the respective purpose, (ii) necessary to carry out our contractual relationship with you, and (iii) required by statutory retention laws.
PERSONAL DATA WE SHARE
We inform you that we may share your personal data, or personal data of End-users, with companies, public authorities or individuals. Some of the recipients of the data are located in countries outside the European Union/European Economic Area.
For recipients located in Israel, the European Commission has decided that this country ensures an adequate level of protection by reason of its domestic law or of the international commitments it has entered to.
For recipients located in the USA, they have adhered to the Privacy Shield principles which ensure an appropriate level of data protection. For recipients located in the USA that did not adhere to the Privacy Shield principles, we use as an appropriate safeguard to secure your personal data the EU Model Clause as part of our data transfer and processing agreements with such recipients.
HOW WE PROTECT PERSONAL DATA
We have measures in place to protect your personal data against unauthorized access, use, or disclosure, including without limitation:
• We implement and maintain sophisticated technical measures to ensure that your personal data is recorded and processed in complete confidentiality and security.
• We implement and maintain appropriate restrictions on access to your personal data, and monitoring of the access, use, and transfer of personal data.
• All of our employees who have access to your personal data are required to enter into non-disclosure or similar agreements, which imposes obligations on them to comply with our data privacy and confidentiality requirements.
• We require any business partners and third party service providers with whom we may share your personal data to comply with any applicable data privacy and confidentiality requirements.
• We provide data privacy training on a regular basis to our employees and third parties who have access to personal data.
WHAT RIGHTS YOU HAVE
Under applicable data protection laws and regulations, you have right:
• Of access to, rectification of, and/or erasure of your personal data;
• To restrict or object to its processing;
• To tell us that you do not wish to receive marketing information;
• In some circumstances, to require certain of your personal data to be transferred to you or a third party
• To the extent our processing of your personal data is based upon your consent, to withdraw your consent, without affecting the lawfulness of our processing based on your consent before its withdrawal.
If you are a French user, you also have the right to set guidelines for the retention, erasure and communication of your personal data after your death.
We are committed to enable you exercising your rights: to do so, you can contact us at the details set out at the beginning of this Privacy Notice. Please provide us with the following information, so that we can take your request with all due consideration:
• Your name and surname, and a photocopy of your identity card;
• Your specific petition (in other words, what rights you want to exercise); and
• The date of the application and your signature (if you sent your application by postal mail).
If you do not get satisfaction by contacting us, you can also lodge a complaint about our processing of your Personal Data with a data protection authority.
CHANGES TO THIS PRIVACY NOTICE
We regularly review our compliance with our Privacy Notice, in particular to make it compliant with new laws and regulations regarding data protection. But, even if this Privacy Notice may change from time to time, we will not reduce your rights under this Privacy Notice without your explicit consent.