Privacy & Cookies Policy
PURPOSE OF THIS NOTICE
It is important that you read this notice and any other notices we may provide on specific occasions so that you are fully aware of how and why we are using your data and what data protection rights you have.
About MTHK Limited
MTHK Limited is an online supplier of eye care products for individuals. MTHK limited collects data from you when you buy products through its website and/or social media pages and when you complete any of our online tests, including the online OSDI (Ocular Surface Disease Index) ophthalmology test.
WHAT DOES THIS NOTICE COVER
- Who we are and how to contact us
- Our Cookies Policy
- Data Protection Legislation
- Personal data we collect
- How we collect personal data
- How and why we use personal data
- Who we share personal data with
- International data transfers outside the United Kingdom
- International data transfers if you are based in the European Economic Area
- How long we keep personal data
- Your rights
- Information security
- Changes to this privacy notice
WHO WE ARE AND HOW TO CONTACT US
When we say we, us or our in this privacy and cookie notice, we mean MTHK Limited, a company incorporated and registered in England and Wales with company number 12177958 and whose registered office is at 89 Dance Square, London, England, EC1V 3AJ.
For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.
If you have any questions regarding any part of this notice, please contact us by firstname.lastname@example.org.
What are Cookies?
Cookies set by us are called "first-party cookies". Cookies set by parties other than the website owner are called "third-party cookies". Third-party cookies enable third-party features or functionality to be provided on or through the Website (e.g. advertising, interactive content and analytics). The parties that set these third-party cookies can recognise your computer when it visits the website in question and certain other websites.
What kinds of cookies does https://mthk.com/ use?
We use persistent, and session cookies and other tracking technologies to: (a) analyse the usage of our Services; (b) customise the Services to your preferences; and (c) control the advertising displayed by the Services.
The types of cookies and examples of specific types of first and third-party cookies served through our Site and the purposes they perform are described in the table below (please note that the specific cookies served may vary depending on the specific domain you visit):
- Strictly necessary or Essential cookies are required for our website's operation and allow you access to our Services. They are required to identify irregular site behaviour, prevent fraudulent activity and improve security, or allow you to use our functions such as shopping carts, saved search, or similar functions.
- Analytical or Performance cookies allow us to recognise and count the number of visitors and see how visitors move around our Website when they are using it. This helps us improve how our Website works, for example, by ensuring that users find what they are looking for easily.
- Functionality cookies are used to recognise you when you return to our Website or keep track of your specified preferences, interests, or past items viewed. This enables us to personalise our content for you, greet you by name and remember your preferences.
Social networking cookies enable you to share pages and content that you find interesting on our Website through third-party social networking and other websites. These cookies may also be used for advertising purposes too.
The use of other tracking technologies
Cookies are not the only way to recognise or track visitors to a website. We may use other, similar technologies from time to time, like web beacons (sometimes called "tracking pixels" or "clear gifs"). These tiny graphics files contain a unique identifier that enables us to recognise when someone has visited our Website or opened an email we have sent them. This allows us, for example, to monitor the traffic patterns of users from one page within our Website to another, to deliver or communicate with cookies, to understand whether you have come to our Website from an online advertisement displayed on a third-party website, to improve site performance, and to measure the success of email marketing campaigns. In many instances, these technologies rely on cookies to function properly, so declining cookies will impair their functioning.
Does MTHK serve targeted advertising?
How can you control cookies?
You can decide whether or not to accept most Cookies. Most browsers allow you to delete Cookies and have an option for turning off the Cookie feature, which will prevent your browser from accepting new Cookies, as well as (depending on the sophistication of your browser software) allowing you to decide whether to accept each new Cookie in a variety of ways. To explore what Cookie settings are available, look in the "preferences" or "options" section of your browser's menu. You can always choose to stop us from collecting your Cookie Information by turning off the Cookie feature on your browser or by ceasing to use the Services. Please note, however, that by blocking or deleting cookies used on the Website, you may not be able to take full advantage of the Website as it may impair your use of or prevent access to some areas, including taking advantage of special offers and vouchers. If you leave cookies turned on, please sign off when you are finished using a shared computer.
In addition, most advertising networks offer you a way to opt out of targeted advertising. If you would like to find out more information, please visit http://www.aboutads.info/choices/ or http://www.youronlinechoices.com. You can also learn more about cookies by visiting www.allaboutcookies.org, which includes additional useful information on cookies and how to block cookies using different browsers.
Updates to our Cookies Policy
DATA PROTECTION LEGISLATION
We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the UK General Data Protection Regulation, the UK Data Protection Act 2018 and other UK privacy laws (together UK Data Protection Legislation).
If you are based in the European Union, then our use of your personal data is also subject to the EU General Data Protection Regulation and other EU privacy laws (together EU Data Protection Legislation) (together Data Protection Legislation).
When we say Data Protection Legislation in this notice, we mean both the UK Data Protection Legislation and the EU Data Protection Legislation.
PERSONAL DATA WE COLLECT
Personal data means information which relates to an identified or identifiable individual.
Types of personal data we may collect:
Special categories of data
We collect certain special categories of personal data about you, including information about your health, genetic and biometric data. More specifically, we collect the following:
Special category of personal data we may collect:
The aforementioned data is either collected via:
a) The online eye test that you complete and submit to us; and/or
b) The information that you include on your profile; or
c) The enquiries that you submit to us via our website or by email.
Lawful bases for processing special categories of data
Under the Data Protection Legislation, we can only use special category personal data if we have a proper reason for doing so, for example: explicit consent, vital interests, employment etc.
We rely on explicit consent to process the special categories of data set out above. Consent shall be obtained on signing up to our website. If you decide to withdraw your consent at any stage of the project, you may email us at email@example.com.
Where you provide us with your explicit consent, we may process the following sensitive personal data for the below specific purposes:
Special category of data & specific purposes for processing special category data:
- Health data, biometric data, and genetic data: to make recommendations to you on how you can improve your eye health; and to provide anonymised eye health insights to third parties.
You have the right to withdraw consent at any time by emailing us at firstname.lastname@example.org.
We do not provide goods/services to children or collect their personal data. If you believe that we have received information relating to or from persons under the age of 18 please contact us at email@example.com. If we become aware that a person under the age of 18 has provided us with personal information, we will take steps to delete such information.
We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website to calculate the percentage of users accessing a specific website feature.
HOW WE COLLECT PERSONAL DATA
We collect most of this information from you direct. However, we may also collect information from other sources.
HOW AND WHY WE USE PERSONAL DATA
Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example: consent, contact, legitimate interests, or legal obligation.
Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:
- Place cookies and similar tracking technologies on your device (for further details, please see our Cookies Notice below
- Use your information for the purpose of profiling for marketing purposes; and to
- Send you our blogs, newsletters or other electronic marketing communication if you are not our existing customer or if you request or expressly agree to receive such communication.
Where your permission is required, we will clearly ask you for such consent separately from the body of this privacy notice.
You have the right to withdraw consent by:
- Emailing us at firstname.lastname@example.org;
- Changing your privacy settings within your account on our website;
- in case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or
- In case of cookies, by using the cookie preferences settings on our website.
Even if we are not required to obtain your consent for marketing purposes, you can still opt-out of receiving marketing communications at any time, so you are still in control.
From time to time, we may ask you to confirm or update your marketing preferences.
We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:
- Register you as a new customer and administer your account (e.g. set up your subscription, manage your orders, administer invoicing and payments);
- Provide our products to you;
- Manage our relationship with you (e.g. to respond to your enquiries or to notify you about changes to our products; and
- Provide after sale care services (e.g. technical support).
We may process your personal data when we (or a third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example:
- To administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- To manage your account and our relationship with you;
- To manage payments, fees, charges, and to collect debts which you may owe to us;
- To interact with you professionally (e.g. if you represent our current or prospective customer, supplier or business partner) to manage our relationship with the organisation you represent;
- To deal with your enquiry;
- To provide you with a free service (e.g. a free trial or the use of the functionalities of our website;
- To ask you to leave a review or complete a survey;
- To send you our email updates or other electronic marketing communications if you are our existing client;
- To increase our business or promote our brand through delivering relevant website content, advertisements, and marketing communications to you;
- To measure or understand the effectiveness of the advertising we provide to you;
- To improve our website, products, services, marketing, and customer relationships;
- For the prevention and detection of fraud and spam; and
- For the establishment, exercise or defence of our rights under our contract with you and/or legal claims.
We may process your personal data to comply with our legal obligation. For example, to:
- Notify you about changes to our terms or privacy notice;
- Address your complaint; and
- Comply with a request from a competent authority.
Our marketing emails and SMS text messages
We may send you emails and SMS text messages about our products if you are our existing customer (on the basis of our legitimate interests) or, if you are our prospective customer, when you expressly agree to that (for example, by signing up to our newsletter).
If you are our existing customer, we may use the information we have about you (such as what product you previously bought from us, email click-rates, your loyalty card data, and how you use our website) to make predictions on what other products may be of interest to you and to segment you into different categories based on previous characteristics. We will use that information to make our marketing emails and offers relevant to you. This type of personal data use is called ‘profiling’. We will do that on the basis of consent.
Cookies and similar technologies
In addition, third-party advertising platforms (for example, Facebook and Google) may also use their advertising pixels and other cookies on our website and in our emails with our permission. Their cookies are used to track visitors across websites in order to deliver adverts more relevant to them and their interests.
We will ask for your consent to the use of non-essential cookies, including third-party cookies. You can find further information about the cookies used on our website and the purposes they are used by reading our Cookies Notice below.
Data from other providers
We use social media platforms such as the advertising portals on Facebook and Google to obtain retargeting data. We will use your personal data in this way on the basis of our legitimate interests.
If you click on our advertisement on social media (for example, Facebook) that provider will share with us information about you (the fact that you came to our website from their service.
Right to withdraw consent or to object to processing
You can always ask us to stop using your personal information for marketing purposes by:
emailing us at hello@mthkcom;
- Changing your marketing preferences within your account on our website;
- In case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or
- In case of cookies, by using the cookie preferences settings on our website.
From time to time, we may ask you to confirm or update your marketing preferences.
WHO WE SHARE PERSONAL DATA WITH
We may share your information with third parties for the purposes set out in this notice.
If you use Google Pay (see their privacy notice) or Amazon Pay (see their privacy notice) to pay for our products online, you will provide your personal data to those payment providers.
We may share your name and email address with Meta, Google, Twitter and Amazon when you sign up or log into our website using your Meta, Google, Twitter and Amazon logins. We may also share your name and email address with Meta, Google and TikTok when you use the social media buttons embedded in our website. Please also see the ‘Marketing’ section of this notice for further details of sharing information with social media platforms.
IT and technology
We also share data with providers of IT, digital, and technology products and services, which we use to operate our business:
- Google (based in the US), whose advertising portal we use to promote our products and services.
- Facebook (based in the US), whose advertising portal we use to promote our products and services.
- Shopify (based in Canada), an e-commerce platform through which we sell our products to you.
- Klaviyo (based in the US), an e-commerce marketing automation platform which we use for our email and SMS marketing communications.
- Yotpo (based in the US), who we use to generate reports on whether users write a review or not for an order.
- Recharge (based in the US), to manage online subscription orders.
- Zapier (based in the US), for data transfer.
- Typeform (based in the US), for data entry.
- Huboo (based in the UK/EEA) and other fulfilment partners for warehouse and shipping management.
We may also:
- Share your personal data with members of our staff;
- Disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
- Disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
- Disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
- Share some personal data with other parties, such as potential buyers of some or all of our business, potential investors, or group companies if our business undergoes a corporate re-structure.
Such data recipients will be bound by confidentiality obligations.
INTERNATIONAL DATA TRANSFERS OUTSIDE THE UNITED KINGDOM
Transfers of personal data outside the United Kingdom are subject to special rules under the UK Data Protection Legislation.
If you are based outside the United Kingdom, we may receive and transfer your personal data directly to you to the country where you are based.
We may also transfer your personal data to providers (e.g. Shopify) based in Canada. The UK Government has recognised Canada as providing an appropriate level of protection to the data protection rights of individuals.
We may also transfer your personal data to the USA, due to our use of providers such as Google, Facebook, Klaviyo, Yotpo, Recharge, Zapier, Typeform. (Please see the section ‘Who we share your personal data with’ in this privacy notice for more information about these providers.)
Where we transfer your personal data to the USA, in order to protect your information, we have entered into transfer agreements with the third parties in the USA with whom we share your data. Transfers of your personal data to the USA operate under an International Data Transfer Agreement (IDTA) or under the standard contractual data protection provisions (Standard Contractual Clauses) and/or the UK’s IDTA Addendum (IDTA Addendum). These transfer mechanisms are recognised as appropriate safeguards under the UK GDPR.
Please email email@example.com, if you would like further information in relation to the specific mechanism of transfer used by us when transferring your personal data outside of the UK.
HOW LONG WE KEEP PERSONAL DATA
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting, or other requirements.
- We are required to keep accounting records for seven years for tax audit purposes;
- We will keep your data until they close their account on your website;
- iIf you subscribe to our updates, we will hold your data for that purpose until you unsubscribe or otherwise tell us that you no longer wish to receive such communications;
We may also anonymise your personal data (so that it can no longer be associated with you) for analytics, research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).
If you would like to exercise any of those rights, please contact us at firstname.lastname@example.org. Please let us know what right you want to exercise and the information to which your request relates.
We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach . We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We hope that our Data Protection Officer can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How to contact us section of this privacy notice.
The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority in the country where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the United Kingdom is the Information Commissioner, who may be contacted at https://ico.org.uk/make-a-complaint/, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
This privacy and cookie notice was last updated on 17th February 2023.
We may change this privacy notice from time to time; when we do, we will publish the new version of the privacy notice on our website. If you are our customer, we may also inform you via email or post.