Privacy

Privacy Policy

This policy explains what personal data Opticode collects, why we collect it, how we use and protect it, and the rights you have over it. It is written to meet the UK GDPR, the EU GDPR, the California Consumer Privacy Act (CCPA/CPRA) and comparable data-protection laws.

Effective 19 June 2026 · Last updated 19 June 2026

PrivacyTermsCookies

1. Who we are

Opticode is software that helps optical shops run their business — point of sale, inventory, prescriptions, purchases, reporting and multi-branch management. The service is operated by Opticode, Pakistan ("we", "us", "our").

For any privacy question, or to exercise your rights, contact us at info@opticode.uk. If we have appointed a data protection officer or representative, their details are available on request.

2. Two roles: controller and processor

Data-protection law treats us differently depending on whose data is involved. It is important to understand the distinction:

  • We are the "controller" for the data of the businesses and people who buy, register for, or enquire about Opticode — for example a shop owner's account, billing details and the way they use the service. This policy governs that data.
  • We are a "processor" for the data that an optical shop enters into Opticode about its own customers — for example a patient's name, contact details, prescription and purchase history. The shop is the controller of that data and decides how it is used; we only process it on the shop's documented instructions to provide the service. If you are a shop's customer, please contact that shop about its handling of your data, and see "Data we process on behalf of shops" below.

3. Personal data we collect

Data you give us

  • Account and identity data — name, business/shop name, email address, phone number, role and login credentials.
  • Enquiry data — anything you send us through our contact form, WhatsApp, email or phone, including the message itself.
  • Billing data — the plan you choose and the records needed to invoice you and manage your subscription. Billing is arranged with you directly; we do not collect or process payment-card details through the website.
  • Support data — information you share when you ask for help or report a problem.

Data we collect automatically

  • Usage and device data — IP address, browser and device type, pages and features used, and timestamps.
  • Security and diagnostic logs — sign-in events, two-factor authentication activity, and error logs used to keep the service safe and reliable.
  • Cookies and similar technologies — see our separate Cookie Policy.

Data we process on behalf of shops

When a shop uses the service, it enters data about its own customers, which may include names, contact details, optical prescriptions, order and purchase history and payment records. Prescription information is health-related and is treated as a special category of data. We process this strictly on the instructing shop's behalf and do not use it for our own purposes.

4. How and why we use your data

We use the data described above to:

  • provide, operate and maintain the service and your account;
  • set you up, respond to enquiries and provide customer support;
  • process subscriptions, billing and renewals;
  • keep the service secure — authentication, fraud prevention, abuse detection and audit logging;
  • monitor, debug and improve performance, reliability and features;
  • send service and administrative messages (for example security alerts, billing notices and important changes); and
  • comply with our legal, tax and accounting obligations.

We do not sell your personal data, and we do not "share" it for cross-context behavioural advertising as those terms are used under California law.

5. Legal bases (UK and EU GDPR)

Where the UK or EU GDPR applies, we rely on the following legal bases:

  • Contract — to provide the service you have signed up for and to manage your account and billing.
  • Legitimate interests — to secure, support, maintain and improve the service and to communicate with you about it, balanced against your rights and freedoms.
  • Legal obligation — to meet accounting, tax and other legal requirements.
  • Consent — for any optional cookies or marketing where consent is required; you can withdraw consent at any time.

6. Sharing your data

We share personal data only where necessary and under appropriate safeguards, with:

  • Service providers (sub-processors) who help us run the service — for example cloud hosting, database, email delivery and payment processing — bound by contracts that limit their use of the data to providing services to us;
  • Professional advisers such as lawyers, accountants and auditors where needed;
  • Authorities or other parties where we are required to do so by law, or to establish, exercise or defend legal claims, or to protect the rights, safety and property of users and the public; and
  • A successor entity in connection with a merger, acquisition or sale of assets, subject to this policy.

A current list of sub-processors is available on request at info@opticode.uk.

7. International data transfers

We and our service providers may process data in countries other than your own. Where we transfer personal data across borders, we put in place appropriate safeguards — such as the UK International Data Transfer Agreement / Addendum, the EU Standard Contractual Clauses, or transfers to countries recognised as providing adequate protection — so that your data remains protected to the standard required by applicable law. A copy of the relevant safeguards is available on request.

8. How long we keep data

We keep personal data only for as long as needed for the purposes set out in this policy. In practice:

  • Account data is kept for the life of your account and for a reasonable period afterwards.
  • Billing and tax records are kept for as long as required by law (typically several years).
  • Enquiry and support data is kept for as long as needed to handle your request and our records.
  • Data we process on behalf of a shop is kept according to that shop's instructions; on termination we delete or return it within a reasonable period, except where law requires us to retain it.

9. How we protect your data

We use technical and organisational measures appropriate to the risk, including encryption in transit, access controls, hashed credentials, optional two-factor authentication, audit logging and regular backups. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident, including notifying you and the relevant authorities where the law requires.

10. Your rights

Depending on where you live, you may have some or all of the following rights over your personal data:

  • Access — to know what data we hold about you and to get a copy.
  • Rectification — to correct inaccurate or incomplete data.
  • Erasure — to ask us to delete your data in certain circumstances.
  • Restriction and objection — to limit or object to certain processing, including processing based on legitimate interests.
  • Portability — to receive your data in a portable format.
  • Withdraw consent — where we rely on consent, at any time.
  • Non-discrimination — we will not deny you service or charge you differently for exercising your privacy rights (CCPA/CPRA).

To exercise any of these rights, email info@opticode.uk. We will respond within the time required by law and may need to verify your identity. You can use an authorised agent where the law allows. If you are a shop's customer, please direct requests to that shop, which controls your data; we will assist the shop as its processor.

You also have the right to complain to a data-protection authority — in the UK, the Information Commissioner's Office (ico.org.uk); in the EU, your local supervisory authority — though we hope you will contact us first so we can help.

11. Children's privacy

Opticode is a business tool and is not intended for children. We do not knowingly collect personal data directly from children. Shops are responsible for any data they enter about their own customers, including minors, and for having a lawful basis to do so.

12. Changes to this policy

We may update this policy from time to time. When we make material changes we will update the "last updated" date and, where appropriate, notify you. Your continued use of the service after changes take effect means you accept the updated policy.

13. Contact us

Questions, requests or complaints about privacy: Opticode, Pakistan. Email: info@opticode.uk.

This document is provided for general information and does not constitute legal advice.