Privacy policy

Data Protection

The Supplier agrees that when supplying the proposed services to the buyer, The Supplier may gain access to and/or acquire the ability to transfer, store or process personal data of employees of the Buyer.

The purpose of Collection and Processing of the Personal Data by the Supplier is for the delivery of the purchased services.

The Supplier shall not disclose Personal Data to any third parties without the Buyer or the Specsavers Group’s prior written consent, except as required by law or permitted by this Processing Agreement.

The parties agree that where such processing of personal data takes place, the Buyer and the Specsavers Group shall be the 'data controller' and The Supplier shall be the 'data processor' as defined in the General Data Protection Regulation;

For the avoidance of doubt, 'Personal Data', 'Processing', 'Data Controller', 'Data Processor' and 'Data Subject' shall have the same meaning as in the General Data Protection

The subject matter for the purpose of General Data Protection Regulation has been defined under the provision of services to the Data Controller;

The Supplier will process the Client’s Personal Data for the purpose of providing the proposed services to the Data Controller in accordance with the terms of this Agreement.

The Supplier will be processing a range of data for the Buyer, including: video footage of employees, first name, surname, telephone number;

The Supplier shall only Process Personal Data to the extent reasonably required to enable it to supply the purchased services or as requested by and agreed with the Buyer or the Specsavers Group upon the their written instruction as the Data Controller;

The Supplier shall not retain any Personal Data longer than a period of 12 months, and general reporting data for no longer than 60 months unless an alternate time frame is agreed with the Buyer or the Specsavers Group;

The Supplier will ensure that all appointed employees and sub processors authorised by the Supplier to Process the Personal Data are subject to a duty of confidence and The Supplier will ensure that sub processing contractual agreements are in place and sufficient background checks are undertaken;

 

Data Retention

The ‘General Data Protection Regulation’(GDPR) is intended to strengthen and unify data protection for all individuals within the European Union. The Supplier has data retention periods set for all our videos, calls, images, reports etc

To minimise data that we keep on behalf of the buyer, we have in the place the following default retention periods. Please note that when material is removed from the website it is also permanently deleted from our systems

Default Retention Online (Website)

Video Mystery Shopping (VMS and CVS) - 6 Months

Telephone Mystery Shopping - 6 Months

Email Mystery Shopping - 6 Months

Report based Mystery Shopping - 6 Months

Audio Mystery Shopping - 6 Months

Audits - 6 Months

Pilots - 36 Months

Compilations - 36 Months

Reporting on all of the above - 60 Months