At OptArc we take your privacy very seriously. We understand the importance of keeping all personal identifiable information private. We provide this privacy notice to you to give you details of what information we collect, how we use it and how we safeguard it as well as informing you of rights you have in relation to the information we hold. This privacy notice has been prepared on, and is applicable from 16.04.2021. Please note that we may update it from time to time in order to reflect the changing nature of laws governing data protection as well as any changes in our business.
Who we are
OptArc is a sole proprietor laboratory supplies, photo-optical instrumentation design, manufacture and supply company based in Middlesex, England, UK. We are an online trading company. Our website address is: https://www.optarc.co.uk.
The Data Controller for OptArc is P.J. Tadrous and may be contacted by email at:
Where we get your data from (our sources)
The most usual source of information we obtain about you is the information you provide to us by using our website, by contacting us (e.g. via online forms or by email or by participating in our blogs by logging in and posting comments, uploading images, etc.) and by making purchases of our products.
What data we collect about you, why and how we use it
Customer ID and contact information
If you purchase any item from us we will collect your name, delivery address, and contact details and we use these to deliver your order and to send you information concerning your order.
we will also use your contact data to send you any information you have requested us to send you (e.g. support information about a product or to let you know when a product is back in stock).
Once you have placed an order with us we will retain the following information to fulfil your order, handle returns, and provide customer service: Your purchase history, payment details (but NOT your payment card data – see below), contact details, and contact history.
Our payment pages are handled fully by PayPal, a PCI DSS compliant company. We have no access to any of your payment card data.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. the PayPal payment buttons provided to allow purchases to be made, videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
As a service to our customers, we may also provide links to other websites, maintained by various societies, associations and other companies we think you might find of interest.
Profiling and automated decision making
We do not use profiling or automated decision making. Your data is therefore not used for any of these purposes by OptArc.
Service improvement and research
We are continually assessing our own performance as a quality professional supplies service and we want to continually improve our service. For these reasons we may also use some of your data (suitably anonymised) for scientific or historical research, service improvement and statistical purposes.
Our ‘Lawful bases’ for processing your data under the Data Protection Act 2018 (the DPA)
The above sections explained, in plain English, what data may be collected from you and how we use it. This section, in a sense, repeats that but puts it in terms that are more directly related to the legal wording of the DPA which requires us to make clear what are our ‘lawful bases’ for processing your data.
They are as follows:
Under Article 6 of the GDPR:
- Contract – to fulfil contractual obligations (e.g. invoicing, payment and refund processing) or provide pre-contractual information (e.g. to provide quotes)
- Legal Obligation – to fulfil our obligations in relation to the law (e.g. to comply with Court orders) and professional obligations.
- Legitimate interests of ourselves or people and companies we work with to provide a service to you. (This means we may process some of the data we hold for the purposes of detecting and preventing fraud, upholding our terms and conditions of service, dealing with complaints, defending ourselves from claims and for our own restricted internal marketing purposes where we feel we would like to inform you of changes to our service or offers we may have. In all cases we will restrict the amount of data we use for these purposes to the minimum necessary to achieve the purpose and we will comply with the law. You have the right to object to your data being used in any marketing activity as well as any other legitimate interest activity.)
Who we share your data with
We will never share your personal information with (or sell it to) advertising or marketing or other listing agencies to use for their own purposes unless you explicitly give us your consent to do this.
In order to fulfil your orders, we nevertheless need to share some of your data with the following data controllers:
PayPal: our online payment service provider
Royal Mail or other delivery company we use to courier your order to you.
We may be obliged to share your information to third parties by law (e.g. to comply with a court order).
If you request a password reset, your IP address will be included in the reset email.
Visitor comments may be checked through an automated spam detection service.
In all cases where your information is shared, only the bare minimum that is consistent with adequately achieving the specific limited purpose will be shared.
How long we retain your data
As required by HM Revenue and Customs (HMRC), we retain your order information for a minimum of 5 years.
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
The data we collect and use to provide you with a high quality diagnostic service is your data and you have rights under the DPA in regards to this data.
You have the right to contact the Information Commissioner’s Office (ICO) if you have a concern over the way we handle your data (web site address given below).
You have the right to object to us using your data in certain ways (for example you can object to us using your data for direct marketing purposes).
You also have the right to contact us if you would like a copy of the data we hold about you and you have the right to request we correct any factual inaccuracies in that data.
You have other rights in addition to the above. The law in regards to your rights is subject to some exceptions. Instead of us trying to list all your rights in legally accurate detail in this policy, we feel it is better to direct you to the regulatory body in this regard so you can see the latest and more complete version of your rights with information about how to exercise them. The regulatory body is the Information Commissioner’s Office and their contact details are:
For general information about your data and your rights:
For general contact information:
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.