As a responsible organisation, we comply with the Data Protection Act 1998 ('Act'). We are registered under the Act with registration number Z7071210.
For information and advice on staying safe while shopping online, please visit our Sight Loss Advice Service.
Collecting personal information
We do not collect any personal information about you on our Website unless you choose to provide it to us voluntarily. If you register and confirm an order with us, we hold certain information to be able to process your order. Personal information is unique to you and will include your name, delivery address, credit/debit card number and expiration date, billing address, e-mail address, telephone number, etc. We also hold details of your transactions with us to ensure that we can answer any query you have with us.
Sometimes we will supply your name, address and contact details to a partner company to deliver the product you have ordered. Your information will not be used for any other purpose than confirming and delivering your order.
Any information we collect is stored and processed in the UK. Your personal information is not sold to or shared with third parties or used in any other way (other than described in this policy or as required by law) unless you agree.
Where indicated - usually by a tick box asking for your permission - we use your personal information to create a profile of your interests and preferences. This information is not sold to or shared with other organisations.
You have the right to ask us not to contact you for marketing purposes. If do not wish to receive marketing information from us you have the option of ‘opting out’. There are clear instructions on how to opt out of our e-newsletter which includes an option ‘To unsubscribe click here’. Alternatively, please let us know in writing.
We want our website to be as user friendly as possible. To help us understand how well the website is working, and how we can improve it, we use third-party analytics tools such as Google Analytics and E-tracker.
Analytics tools help us collect information about how people in general use our websites. For instance, it helps us monitor how many people visit each page, how long people stay on each page, which search engines people use to find our website and which links are clicked on.
These cookies do not collect or store personal information about you. Analytics data cannot be used to identify you, or to tell us what you did on our website. It is completely anonymous.
Cookies are small data files that are sent from a website to your computer or mobile phone. They are stored on the hard drive of your device. Some are stored just for the duration of your visit to the website, others are stored for much longer periods.
Some RNIB websites allow you to login to an account. Some of these sites use a cookie in order to remember account information, like your password. This can be helpful, meaning you don't have to remember your password each time. These cookies don't give us access to your account or your personal details.
Usability and accessibility settings
Most RNIB websites allow you to resize text. If you use the resizing options, these settings are stored in a cookie so that your chosen text size follows you around the website. These cookies don't give us access to your personal information.
Third party cookies
Third-party cookies are ones that are not set directly by RNIB, but they may be dropped onto your computer by a third party when you use one of our websites, or do certain things on one of our websites. For instance:
- some RNIB websites have 'share' buttons that let you share pages with your friends through websites like Twitter and Facebook. These sites may set a cookie when you login to share things.
As third party cookies aren't set by us, we can't control how they work, but we can control which websites we choose to work with. We take your privacy seriously and we would never work with a website we don't trust.
Cookies: your choice
Our websites work better with cookies enabled. Our cookies don't give us or anyone else access to your personal data. We strongly advise you to keep cookies enabled when you use RNIB's websites. However, you can use edit your cookie settings at any time or your browser to delete and reject cookies. There are instructions on how to delete cookies and how to control cookies on the About Cookies website. The cookies we use on RNIB Shop are listed below.
- SyrenisRunFirstCookieIDs, SyrenisCookiePrivacyLink, SyrenisCookieIDs, SyrenisCookieFormConsent, SyrenisCookieConsentID
This Cassie cookie enables us to capture cookie preferences in a compliant way under regulatory frameworks.
- CloudfySession, CloudfyAuth, __RequestVerificationToken
These cookies are needed for the Shop to work.
- _ga, _gat, _gid
These Google Analytics cookies help us to see how our website is performing and how we can improve it.
- _hjid, _hjAbsoluteSessionInProgress, _hjFirstSeen, _hjIncludedInPageviewSample, _hjTLDTest
These Hotjar cookies help us to see how our website is performing and how we can improve it.
- GPS, VISITOR_INFO1_LIVE, YSC, YTC
These YouTube cookies are needed to play videos on RNIB Shop.
- fr, _fbp
These Facebook cookies help us to see how our website is performing.
RNIB uses Sage Pay as our payment gateway for card processing and they are a fully approved Level 1 payment services provider, which is the highest level of PCI compliance
All transaction information passed between RNIB and Sage Pay’s systems is encrypted using 128-bit SSL certificates. No cardholder information is ever passed unencrypted and any messages sent to our servers from Sage Pay are signed using MD5 hashing to prevent tampering. Nothing we pass to Sage Pay’s servers can be examined, used or modified by any third parties attempting to gain access to sensitive information.
Encryption and data storage
Once on their systems, all sensitive data is secured using the same internationally recognised 256-bit encryption standards used by, among others, the US Government. The encryption keys are held on state-of-the-art, tamper proof systems in the same family as those used to secure VeriSign's Global Root certificate, making them all but impossible to extract. The data they hold is extremely secure and they are regularly audited by the banks and banking authorities to ensure it remains so.
Sage Pay’s systems are scanned quarterly by Trustwave which are an independent Qualified Security Assessor (QSA) and an Approved Scanning Vendor (ASV) for the payment card brands.
Sage pay is also audited annually under the Payment Card Industry Data Security Standards (PCI DSS) and is a fully approved Level 1 payment services provider, which is the highest level of compliance. They are also active members of the PCI Security Standards Council (SSC) that defines card industry global regulation.