Eyewear fashion • Contact lenses • Eye examination
Privacy Policy
Last revised: June 2026, Haarlem, Netherlands.
Van der Geest Optiek (“we,”“us,”“our”) places great importance on protecting your personal data. In this Privacy Policy, we explain what personal data we process, why we do so, how long we retain data, and what rights you have. This policy applies to our store at Generaal Cronjéstraat 86 in Haarlem, to our website www.vandergeestoptiek.com (the“Website”), and to all services we offer (the“Services”).
We process your personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, the“GDPR”), the GDPR Implementation Act, and other applicable privacy laws. We handle your data with care and confidentiality and do not process more data than is necessary.
1. Who is responsible for your data?
The data controller is:
Van der Geest Optiek (General Partnership) — Generaal Cronjéstraat 86, 2021 JL Haarlem, Netherlands — Chamber of Commerce number: 34070312 — Phone: 023 525 4131 — Email: info@vandergeestoptiek.com
If you have any questions about this Privacy Policy or the processing of your personal data, please contact us using the contact information provided above.
2. What personal data do we process?
Depending on the Service and your interaction with us, we may process: Contact and identification information (first and last name, address, phone number, email address); Appointment and customer data (appointment requests, purchase history, selected frames/lenses, purchase date, service or repair requests); Data regarding your eyes and vision (measurement and prescription data from eye exams, lens fittings, and checkups — see Article 4); Billing and payment data; and Data via the Website (form or email, plus technical data such as your IP address — see Article 5).
We collect this information directly from you. When you provide us with information about someone else (e.g., an appointment for a family member or child), we assume that you are authorized to do so.
3. Why and on what basis do we process your data?
| Purpose | Legal Basis (GDPR) |
|---|---|
| Scheduling and fulfilling appointments; supplying eyeglasses, lenses, and services; repairs | Agreement — Art. 6(1)(b) |
| Answering questions, providing information and advice | Consent / legitimate interest — Art. 6(1)(b)/(f) |
| Service reminders (new eye exam after approximately 2 years, lens checks) via email or mail | Legitimate interest — Art. 6(1)(f); you can unsubscribe at any time |
| Billing and (financial) administration | Legal obligation — Art. 6(1)(c) |
| Securing/improving the Website and Services, measuring usage | Legitimate interest — Art. 6(1)(f), or consent — Art. 6(1)(a) |
| Compliance with legal obligations (including tax retention requirements) | Legal obligation — Art. 6(1)(c) |
When a legitimate interest is involved, your privacy is always taken into account; you have the right to object (Article 9). If you have given consent, you may withdraw it at any time.
4. Information about your eyes (health information)
To perform an accurate eye exam, fit lenses, and provide glasses or contact lenses, we process data about your eyes and vision. This constitutes special categories of personal data (health data, Art. 9 of the GDPR) that are subject to additional protection.
We process this data exclusively for the purpose of providing eye care and delivering the agreed-upon products and services (Art. 9(2)(h) GDPR, under the responsibility of a licensed optician/optometrist) and/or with your explicit consent (Art. 9(2)(a) GDPR). They are treated confidentially and accessed only by employees for whom this is necessary. To have your lenses manufactured, we may share the necessary prescription and parameter data with our lens supplier (Article 6). We never disclose your health data to third parties for commercial purposes.
5. Cookies and Website Statistics
Our website uses cookies and similar technologies. We always set functional and necessary cookies; for analytical and marketing cookies, we ask for your prior consent—where required by law—via the cookie notification. We use Google Analytics and Google Tag Manager (via Site Kit) for aggregated insights, and the Meta Pixel (Facebook) for measuring and targeting ads. A complete overview can be found in our separate Cookie Policy.
6. Sharing with others (processors and recipients)
We never sell your data or share it with third parties for their own purposes. Processors (acting on our behalf, under a data processing agreement): our optician/practice software; our IT, hosting, and email service providers; our website administrator. Recipients: lens suppliers (such as Nikon, Zeiss, Essilor, Hoya, and BBGR) to whom we digitally transmit the necessary prescription/parameter data to have your lenses manufactured; our accountant; and, where legally required, competent authorities such as the Internal Revenue Service.
Transfers outside the EEA: We prefer to process data within the EEA. For website statistics and advertising (Google, Meta), data may be processed in the U.S. based on the EU-U.S. Data Privacy Framework and/or the Standard Contractual Clauses (SCCs). We also ensure appropriate safeguards are in place for any transfers to suppliers outside the EEA.
7. How long do we retain your data?
Customer and appointment data: for the duration of the customer relationship and, in principle, up to 4 years after your last purchase or contact (longer upon request). Prescription/healthcare data: for as long as necessary to provide proper (follow-up) care and no longer than permitted under applicable (healthcare) retention periods. Invoice and administrative data: 7 years (tax retention requirement). After that, we will delete or anonymize the data; upon a request for erasure, we will do so unless we are legally required or entitled to retain (part of) it.
8. How do we protect your data?
We take appropriate technical and organizational measures to prevent loss, misuse, and unauthorized access: a secure connection (SSL/TLS encryption), restricting access to those who need the data, and agreements with processors regarding an appropriate level of security. We regularly review our measures.
9. Your rights
You have the right to access, rectify, erase, restrict, transfer, object (always to direct marketing), and withdraw your consent. Submit your request via info@vandergeestoptiek.com; we will respond within one month at the latest and may ask you to verify your identity. Have a complaint? Please contact us first. You may also file a complaint with the Dutch Data Protection Authority (autoriteitpersoonsgegevens.nl).
10. Automated decision-making and machine translation
We do not make decisions with legal consequences based solely on automated processing. Our Website offers an automatic (AI) translation feature for your convenience; the Dutch-language Website is always the authoritative version, and the feature does not make any decisions about you.
11. Third-party websites
Our website may contain links to third-party websites. We are not responsible for their content or data processing; please review their privacy policies.
12. Changes and upcoming legislation
We may update this policy; the current version is always available on our website. We monitor developments in EU and Dutch privacy legislation, including: the announced simplification of cookie rules (accepting or rejecting cookies in a single action and respecting that choice for a fixed period), the stricter rules for (telephone) direct marketing, and the transparency obligations under the European AI Regulation (AI Act). As soon as these rules come into effect, we will incorporate them into this policy.
13. Contact
Van der Geest Optiek — 86 Generaal Cronjéstraat, 2021 JL Haarlem — Phone: 023 525 4131 — Email: info@vandergeestoptiek.com