OLO® Privacy Policy

  1. Controller

Name: IXI Optics Oy (hereinafter referred to as the “Company”)
Business ID: 3538196-6
Address: Keilaranta 16 A 2, 02150 Espoo, Finland
Email: info@ixioptics.fi
Phone: +358 2 6510 5977
Contact person for data protection matters:
Henna Mäkinen
Email: henna.makinen@ixieyewear.com

  1. Name of the Register

OLOlinssit Customer Register or OLOlens Customer Register

  1. Purpose and Legal Basis for Processing Personal Data

The personal data contained in this register are used for the following purposes:

  • Marketing of the Company’s products and services
  • Conducting research, promotional campaigns, and competitions
  • Managing customer orders, including product identification, delivery, and invoicing
  • Maintaining and developing customer relationships
  • Informing customers about the Company’s services and providing reminders
  • Direct marketing, provided that the customer has given explicit consent

Personal data of approved suppliers are processed as part of the Company’s business operations, for example to ensure supply chain management and cooperation.

The processing of personal data is based on:

  • The customer’s consent
  • A contractual relationship or legitimate interest between the customer and the Company
  • A legal obligation
  1. Categories of Personal Data

The register may include the following information, depending on the data subject:

  • First and last name
  • Age
  • Postal address
  • Email address
  • Telephone number(s)
  • Company or organization name
  • Contact history (phone, email, social media, etc.)
  • Purchase history
  • Marketing history (e.g., campaigns sent to the customer)
  • Additional information provided by the customer (e.g., hobbies, use of eyeglasses or contact lenses)
  • Eyeglass prescription data (processed as patient data)
  • Any prohibitions concerning the use of data for direct marketing

For suppliers and business partners, the register may also include:

  • Contact person’s name, phone number, and email address
  1. Sources of Data

Personal data are primarily collected from:

  • The customer or their legal representative
  • Information provided to customer service when placing an order
  • Marketing campaigns, competitions, and promotional activities

For electronic direct marketing (email and/or SMS), separate consent is obtained in accordance with applicable data protection legislation.
Personal data may also be collected from corporate clients in connection with product orders, including details related to professional background or education when relevant.

Supplier data are maintained in accordance with the Company’s quality management system. Contact information is updated whenever a supplier’s representative changes.

  1. Disclosure and Transfer of Data

Personal data may be processed by the Company and by service providers acting on behalf of the Company, including software vendors, strictly for the purposes described in this notice.
Data are disclosed to third parties only:

  • With the customer’s or their representative’s explicit consent, or
  • When required by law or official request.

All personal data are stored on servers and systems managed either by the Company or by carefully selected service providers located within the European Union (EU) or the European Economic Area (EEA).
Data are not transferred outside the EU or EEA.

  1. Data Protection and Security

Access to the customer and supplier register is strictly limited to those employees or partners whose duties require such access. All personnel handling the data are bound by confidentiality obligations.

The register is maintained in a secure IT environment protected by personal login credentials and firewalls.
Regular data backups are performed to prevent data loss.

Eyeglass prescription data are handled in accordance with regulations governing patient records.

Customer and supplier information may be disclosed externally only in cases required by law (e.g., customer’s written request or an official authority’s lawful demand).
Supplier data may also be shared with the Company’s accounting office for payment processing.

  1. Data Subject Rights

Data subjects have the following rights under applicable data protection laws:

  • Right of access: You may request confirmation of whether your personal data are being processed and obtain a copy of the data concerning you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”): You may request deletion of your data where legally permissible.
  • Right to object and restrict processing: You may object to the use of your data for direct marketing or restrict processing in specific circumstances.

Requests to exercise these rights must be submitted in writing, personally signed, and sent to:

IXI Optics Oy
Pääskykalliontie 5 B
21420 Lieto, Finland

The Company will provide information about the register’s data sources, use, and disclosures in response to such requests.
Customers may withdraw from the customer register at any time without penalty.

  1. Right to Object to Direct Marketing

Customers may grant or withdraw consent for direct marketing at any time by notifying the Company in writing at the contact address above or by email.

  1. Updates to This Privacy Notice

The Company reserves the right to update this Privacy Notice as needed, for example to comply with changes in legislation or business operations. The latest version will always be available on the Company’s website.

Updated: 4.11.2025