1. PRIVACY NOTICE
EssilorLuxottica and VisilabGroup SA (also «VisilabGroup») collects and processes Personal Data that concern you but also other individuals. At VisilabGroup, we are committed to protect our clients’ Personal Data. Upholding this commitment is essential to our success and reputation, and ultimately our ability to fulfil our mission of helping people see more, be more and live life to its fullest.
In this Privacy Notice, We describe what We do with your Personal Data when you use www.linsenmax.ch, our other websites or apps (collectively « website »), obtain services or products from us, interact with us in relation to a contract, communicate with us or otherwise deal with us. When appropriate We will provide a just-in-time notice to cover any additional processing activities not mentioned in this Privacy Notice. In addition, We may inform you about the processing of your data separately, for example in consent forms, terms and conditions, additional privacy notices, forms and other notices.
If you disclose data to us or share data with us about other individuals such as suppliers, etc., We assume that you are authorized to do so and that the relevant data is accurate. When you share data about others with us, you confirm its accuracy and having the right to such data disclosure. Please make sure that the third parties concerned have been informed about this Privacy Notice.
1.1 What is the purpose of this Privacy Notice?
We and our Affiliates attach particular importance to the processing, confidentiality and security of your Personal Data.
The purpose of this Privacy Notice is to inform you in a clear, simple and complete manner of the processing carried out on the Personal Data that you provide to us, or that each of our Affiliates can collect from the various contacts you may have with us (e.g. store, customer care, sites, services, events, social networks, etc.), their possible transfer to third parties as well as your rights and the options you have to control your information and protect your privacy, in accordance with the Applicable Legislation.
We may update this Privacy Notice at any time but if We do so, We will make it available to you as soon as reasonably feasible.
We make available to you different or additional privacy notices in connection with certain activities, programs, and offerings. We may also provide additional “just-in-time” notices that may supplement or clarify our privacy practices or provide you with additional choices regarding your Personal Data.
Our sites include links to websites and/or applications operated and maintained by third parties. Please note that We have no control over the privacy practices of websites or applications that we do not own. EssilorLuxottica and VisilabGroup SA encourage you to review the privacy notices of those third parties.
1.2 About us
EssilorLuxottica is a global leader in the design, manufacture and distribution of ophthalmic lenses, frames and sunglasses. Formed in 2018, its mission is to help people around the world to see more, be more by addressing their evolving vision needs and personal style aspirations. EssilorLuxottica and VisilabGroup includes the following entities:
EssilorLuxottica, a public limited company under French law with its head office located at 1-6 rue Paul Cézanne, 75008 Paris, France, registered in the Créteil Trade and Companies Register under number 712 049 618 ;
Essilor International, a public limited company under French law with its head office located at 1147 rue de Paris, 94220 Charenton-le-Pont, France, registered in the Créteil Trade and Companies Register under number 439 769 654, as a part of EssilorLuxottica Group ;
Luxottica Group S.p.A., a public limited company under Italian law, with its head office at Piazzale Cadorna no. 3
– 20123 Milan, Italy, as a part of EssilorLuxottica Group ;
VisilabGroup SA, a company limited by shares under Swiss law with its head office located at 13 rue de Veyrot, 1217 Meyrin, Switzerland, registered in the Commercial register of canton Geneva under number CHE- 106.040.613.
Linsenmax AG, a company limited by shares under Swiss law with its head office located at 13 rue de Veyrot, 1217 Meyrin, Switzerland, registered in the Commercial register of canton Geneva under number CHE-115.302.232;
Mc Optik (Suisse) SA, a company limited by shares under Swiss law with its head office located at Rotterdam-Str. 21, 4053 Basel, Switzerland, registered in the Commercial register of Basel Stadt under number CHE-113.184.565;
Kochoptik AG, a company limited by shares under Swiss law with its head office located at 13 rue de Veyrot, 1217 Meyrin, Switzerland, registered in the Commercial register of canton Base under number CHE- 106.844.066;
Hereafter together “We”.
We are “Data Controller” for the purposes described hereafter unless We tell you otherwise in an individual case, for example in additional privacy notices, on a form or in a contract. This means that We are jointly responsible for deciding how We, and the global organization throughout the world with its Affiliates, hold and use Personal Data about you.
1.3 What is this Privacy Notice about? Key definitions
The following terms and expressions will, for the purposes of the application and interpretation of this policy, when their first letter appears in capital letters, have the meanings assigned to them below or in this Privacy Notice:
Personal Data//Personal Information: Any information about an individual (the Data Subject) from which that person can be identified (name, contact details, identification number, etc.). The categories of Personal Data that We may process are enumerated in this Privacy Notice
Applicable Legislation: Any law, regulation, directive, decree, local, national, or supranational on data protection or otherwise, directly or indirectly affecting the Processing of Personal Data
Processing of Personal Data: Any action conducted concerning your Personal Data, such as the collection, recording, organization, storage, modification, transfer, deletion, access, consultation, etc. of such data.
Recipients of the Personal Data: A natural or legal person, public authority, agency or another body to which the Personal Data are disclosed, whether a third party or not.
Purpose: Refers to the purpose of the Processing of Personal Data. In other words, the reasons for which the Personal Data is collected.
Data Controller: The natural or legal person, department or organisation which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Joint Controller: Two or more Data Controllers that jointly determine the purposes and means of the Processing of Personal Data.
Data Processor: A natural or legal person, department or other body which processes Personal Data on behalf of and on the instructions of the Data Controller.
Affiliates: The subsidiaries of EssilorLuxottica Group, its ultimate holding company and its subsidiaries, or companies that it controls, are controlled by or under common control, and its service providers and strategic business partners.
2. WHERE ARE THE PERSONAL DATA COLLECTED FROM?
The Personal Data We collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction.
We use different methods and various sources to collect Personal Data from and about you. We collect and obtain information:
a) Provided directly by you
During the registration process, the creation of an account on the sites and/or the services, or when completing a purchase order, entering into any agreement with us or join our engagement programs, prize competitions and events and when you contact us for request, feedback or complaint. Under certain conditions, We also keep records of customer services calls and maintain a transcript of chats for quality assurance and quality management.
b) Using automatic tracking systems
We use some technologies (e.g. cookies and automatic tracking systems) that automatically collect certain items of information relating to the way in which you utilize the sites and the services.
c) Through stores visits and other offline technologies
When you visit our stores, information may be collected during the purchase process, the creation of an unrealized quotation, the adjustment of purchased products and eyesight checks that can be carried out in stores. We also use closed-circuit television in our stores for safety, security, fraud, loss, prevention, and operational purpose.
d) From social network profile
If you decide to log into the sites and/or the services through social network applications or to link your account to your public profiles available on social networks, and share your actions through the site and/or the services on those channels via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.). The use of the said plug-in entails sharing the corresponding actions and information on the related social networks.
e) From other sources
We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on behalf of us, or publicity available sources. We also create information based on our analysis of the information we have collected from you.
3. WHAT PERSONAL DATA MAY WE PROCESS ABOUT YOU?
The Personal Data We collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described hereafter in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction.
3.1 Categories of Personal Data
The following category of Personal Data is in particular processed by VisilabGroup:
Identification information: this includes for example data such as name and surname, e-mail address, gender, date of birth, country of residence, postal address and phone numbers.
Payment information: this includes for example data related to your credit card for the purchase of products through the sites and the services (payments are made via a secure platform, supplemented by control measures, including encryption of contact details) and details about products which you have purchased from us.
Profile and Commercial Data: this includes for example data related to account name, password, Personal Data published on your social network, billing and delivery addresses, details about products and services which you have purchased from us (in store or online, including your order, tracking and invoices, amount and type of purchase) and your interests, preferences, feedback and survey responses.
Marketing and Communications Data: this includes for example data related to your preferences in receiving marketing communications from us and information contained in any correspondence or requests sent by you to us or asked to you by us if problems with the sites, the services or purchased products are reported.
Health and Medical Data: this includes for example data related to ophthalmic prescriptions, eye examinations, measurements (optical correction, pupillary distance, etc.), adaptations, information having an impact on your visual health and eyesight checks that can be carried out in our stores and information on hearing level and ear condition.
Device information: this includes for example data related to information such as the IP address or other unique code of your device (computer, mobile or other devices), identification as registered user or not (login data), technical information that may include the URL from where you originate, time zone setting and location, browser information and language.
Navigation information: this includes for example data related to information regarding your interactions with our sites, our services, emails, products or advertisements and statistical data relating to these interactions.
3.2 Processing of Sensitive Personal Data
Certain categories of Personal Data We process for the purposes set out below are qualified as “Sensitive” Personal Data. This is particularly the case of the Health and Medical Data and the Personal Data related to your care, as described above, that We may process.
However, We only process such Sensitive Personal Data:
where it is required or allowed under local Applicable Legislation;
while implementing adequate safeguards to ensure the protection of such “Sensitive” Personal Data, and;
where you give us your prior explicit consent.
However, if you don’t grant your explicit consent to the Processing of your Health and Medical Data and your Personal Data related to your care, you will not be able to benefit from the services described above in stores and through the sites and the services.
4. WHY DO WE PROCESS YOUR PERSONAL DATA?
We are required to use your Personal Data for purposes defined according to the nature of our relationship. Thus depending on the context in which your Personal Data is collected, it may be used for one or more of the following purposes:
Follow-up and execution of your orders in shop and online and the after-sales services management (legal basis “execution of a contract”):
Formalize a quotation;
Manage product sales, online and in-store orders (purchase, delivery and supply of products and services);
Manage your invoicing and your warranty;
Manage follow-up and provide after-sales services and customer relations (including, for example, returns, warranty and customer support);
Manage the subscription of contact lenses and glasses via order delivery customer service.
Transaction and potential unpaid invoices management (legal basis “execution of a contract”):
Carry out secure online and in-store payments (with reference to invoicing obligations);
Manage incidents related to payment and debts;
Process potential unpaid invoices:
Identify your known unpaid invoices
Inform you of this unpaid amount, of the means available to you to regularize it, of the possibility of making observations and of requesting a review of your situation if necessary.
Account and inscriptions creation and management (legal basis “consent”):
Allow you to register to our sites and create your own account;
Provide the services available through the sites and the services (e.g. management of the registration process and access to the account, account management, the reminder for products in the shopping cart, etc.);
Manage your client profile;
Permit you to join our engagement programs;
Allow you to participate in our contests, prize competitions and initiatives promoted.
Communication between us (legal basis “consent”):
Send you commercial and promotional communications and periodical updates (e.g. via e-mail, phone, SMS/MMS, postal service, social network and newsletter) related to our products, services, initiatives and events;
Manage our personalized commercial offers based on the analysis of your Personal Data related to spending volume, product category, date of birth and methods of purchase);
Fulfil your requests (e.g. management of requests for information, booking of eyesight checks, providing the “share with a friend” feature, to notify with the “back in stock” feature, etc.).
Eyesight checks performance (legal basis “consent”):
Allow you to benefit from the eye examination service provided by your optician (manage the scheduling of appointments, prescriptions, etc.).
Online eyewear trial software use (legal basis “consent”):
Offer you virtual try on services whereby you can virtually try on its sunglasses or eyeglasses through your computer, mobile or other devices by digitally adding frames to your image on real-time or to photos or videos of your fac
Analyses purposes (legal basis “consent”):
Manage of personalized content and communications;
Carry out statistical analyses on the customer audience;
Analyze the performance of our sites and services, our media investments and marketing campaigns, and our web orders.
Legal obligations complying (legal basis “legal obligations”):
Comply with the requirements of the laws, regulations, protocols and Swiss and EU legislation (including target medical device legislation);
Implement the decisions of public authorities;
Manage the care in connection with health insurance and supplementary organisations (medical diagnoses, health care, administration of care or treatment and management of health care services implemented by a member of a health profession;
Manage the requests to exercise your rights;
Data retention with regard to accounting and tax obligations;
Combating fraud (certain automatic or manual processes are designed to verify your online payments and to combat fraud involving payment methods and identity theft).
Legitimate interests pursuit (legal basis “legitimate interest”):
Send you commercial communications via e-mail on similar products, events and services already provided to you, unless you object to such a processing at the time of the collection and on the occasion of each communication;
Exercise or defend legal claims in court proceedings or in an administrative or out-of-court procedures relating to our rights, of our group companies and/or of our representatives, shareholders, officers and directors;
Enable the technical management of the sites and the services and its operational functions, including solving any technical problems, performing tests, updates and upgrades that cannot be performed through non-Personal Data;
Prevent or identify fraudulent activities or misuses of the sites and the services or against the EssilorLuxottica Group and/or the users of the sites and the services;
Complete a potential merger, sale of assets, transfer of all or a material part of its business, or financing transaction by disclosing and transferring the Personal Data to the third party or parties involved in the transaction as part of the transaction;
Conduct, surveys and market research relating to our products and services by post or e-mail;
Anonymize Personal Data in order to perform statistical analysis.
Where We ask for your consent for certain processing activities (for example for the processing of Sensitive Personal Data, for marketing mailings, registration to specific portal, and for advertising management and behavior analysis on the website), We will inform you separately about the relevant processing purposes. You may withdraw your consent at any time with effect for the future by providing us written notice in accordance with this Privacy Notice (see in particular you rights under section 7 and how to contact us under section 8). For withdrawing consent for online tracking, you may refer to section 5 of this Privacy Notice. Where you have a user account, you may also withdraw consent or contact us also through the relevant website or other service, as applicable. Once We have received notification of withdrawal of consent, We will no longer process your information for the purpose(s) you consented to, unless We have another legal basis to do so. Withdrawal of consent does not, however, affect the lawfulness of the processing based on the consent prior to withdrawal.
Where We do not ask for consent for processing, the processing of your Personal Data relies on the requirement of the processing for initiating or performing a contract with you (or the entity you represent) or on our or a third-party legitimate interest in the particular processing, in particular in pursuing the purposes and objectives set out in this section 4 and in implementing related measures. This also includes compliance with legal regulations, where compliance is not recognized as a legal basis by applicable data protection law (for example in the case of the GDPR, the laws in the EEA and in the case of the DPA, Swiss law). This also includes the marketing of our products and services, the interest in better understanding our markets and in managing and further developing our company, including its operations, safely and efficiently.
Where We receive “Sensitive” Personal Data (for example health data, data about political opinions, religious or philosophical beliefs, and biometric data for identification purposes), We may process your data on other legal basis, for example, in the event of a dispute, as required in relation to a potential litigation or for the enforcement or defense of legal claims. In some cases, other legal basis may apply, which We will communicate to you separately as necessary.
5. HOW DO WE PROCESS YOUR PERSONAL DATA?
5.1 What modalities do We use to process your Personal Data?
The Processing of your Personal Data is carried out, electronically and manually, only within the limits necessary to pursue the purposes outlined above. We undertake to protect your Personal Data.
We advise that the password is one of the protection mechanisms of the account. Therefore, you are invited to use a password sufficiently secure and stored in a safe place, limiting access to it on your own computers and browsers, and disconnecting it after having visited the sites and/or the services.
All Personal Data provided by you is kept on secure servers, adopting adequate security measures to protect Personal Data from non-authorized access, to maintain the accuracy of Personal Data and guarantee the proper use of information.
Furthermore, a secure system for authorizing credit card payments and identifying fraudulent activities is used. We use the standard SSL (Secure Sockets Layer) to protect the confidentiality of your Personal Data.
5.2 We share your Personal Data with other Affiliates of the Group
EssilorLuxottica is a global organization with offices and operations throughout the world and most of your Personal Data relating to is stored and processed within a range of global applications that is used globally within the VisilabGroup and/or by the Affiliates. The majority of the Processing of your Personal Data is carried out through the concentrated services of two entities: Essilor International and Luxottica Group S.p.A.
We may share your Personal Data with certain Affiliates within the VisilabGroup, based on your preferences and interests about these Affiliates, for the purposes set out in this Privacy Notice, in each case in or outside your country, as permitted and required by Applicable Legislation and/or in other circumstances with your consent.
We may also share your information for our internal business, technical or marketing purposes (e.g., to offer you similar products or services).
5.3 Is your Personal Data transferred to third parties?
a) Service provider
We may disclose your Personal Data with our third parties service providers entrusted with processing activities that provide services or assistance and advice to us, with special – but not exclusive – reference to technology, accounting, administrative, legal, insurance, IT, marketing, data analysis matters.
Each service provider will act as a Data Processor, on behalf of and in accordance with the instructions received from us, by virtue of a specific agreement in place, which sets out its obligations and guarantees the implementation of appropriate technical and organizational measures to respect the Applicable Legislation and the protection of your rights.
We require that any such third-party provider is subject to strict control and implements appropriate guarantees of security and confidentiality of your Personal Data.
b) Sale or merger
We may also disclose your Personal Data:
in the event that We sell any business or assets, in which case We may disclose your Personal Data to the prospective purchaser of such business or assets; or
if We sell, buy, merge with, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your Personal Data may be among the transferred assets.
We may share all the information We collect in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sales, or in the unlikely event of bankruptcy. Prior to such an event, you will be informed by EssilorLuxottica and/or one of its Affiliates separately about the details of sharing your Personal Data and will obtain your consent where legally necessary.
c) Third party social network service providers
If you decide to log into the sites and/or the services through social network applications or to link your account to your public profiles available on social networks, and share your actions through the site and/or the services on those channels via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.), these third-party services may be able to collect information about you, including information about your activity on the sites or/and the services, and they may notify you connections on the third-party services about their use of the sites and/or the services. Their use of your Personal Data is not governed by this Privacy Notice but in accordance with their own data protection policies. For further information on the processing of the platform operators, please refer to the privacy information of the relevant platforms. There you can also find out about the countries where they process your data, your rights of access and erasure of data and other data subjects’ rights and how you can exercise them or obtain further information. We currently primarily use the following platforms:
Facebook: The controller for the operation of the platform for users from Europe is Meta Platforms Ireland Limited, Dublin, Ireland. Their privacy notice is available at www.facebook.com/policy. Some of your data will be transferred to the United States. You can object to advertising here: www.facebook.com/settings?tab=ads. With regard to the data collected and processed when visiting our site for «page insights», we are joint controllers with Facebook Ireland Ltd., Dublin, Ireland. As part of page insights, statistics are created about the actions visitors perform on our site (comment on posts, share content, etc.). This is explained at www.facebook.com/legal/terms/information_about_page_insights_data. It helps us understand how our page is used and how to improve it. We receive only anonymous, aggregated data. We have agreed our data protection responsibilities according to the information on www.facebook.com/legal/terms/page_controller_addendum.
Instagram: The controller for the operation of the platform for users from Europe is Meta Platforms Ireland Limited, Dublin, Ireland. Their privacy notice is available at privacycenter.instagram.com/policy.
LinkedIn: The controller for the operation of the platform for users from Europe is LinkedIn Ireland Unlimited Company, Dublin, Ireland. Its privacy notice is available at www.linkedin.com/legal/privacy-policy. Some of your data will be transferred to the United States. You can object to advertising here: www.linkedin.com/psettings/advertising-data. With regard to the data collected and processed when visiting our site for «page insights», we are joint controllers with LinkedIn Ireland Unlimited Company, Dublin, Ireland. As part of page insights, statistics are created about the actions visitors perform on our site (comment on posts, share content, etc.). We receive only anonymous, aggregated data. We have agreed our data protection responsibilities according to the information on legal.linkedin.com/pages-joint-controller-addendum.
TikTok: The controllers for the operation of the platform for users from Europe are TikTok Technology Limited, Dublin, Ireland and TikTok Information Technologies UK Limited, London, United Kingdom. Its privacy notice is available at is www.tiktok.com/legal/page/eea/privacy-policy/en.
X: The controller for the operation of the platform for users from Europe is Twitter International Unlimited Company, Dublin, Ireland. Its privacy notice is available at twitter.com/privacy. Some of your data will be transferred to the United States. You can object to advertising here: twitter.com/settings/ads_preferences.
YouTube: Google LLC is the provider of the service «Youtube». The controller for users from Europe is Google Ireland Ltd. Its privacy notice is available at policies.google.com/privacy. Some of your data will be transferred to the United States. You can object to advertising here: https://myadcenter.google.com/controls
d) Legal process
We may disclose your Personal Data to any authority, court, administrative body, or other authorised third party (including, without limitation, counsel), where the disclosure of Personal Data is required by law, regulation or court order or where such disclosure is necessary for the protection and defense of our rights.
a) Other instance
We may ask if you would like to disclose your information with other third parties who are not described elsewhere in this Privacy Notice. Furthermore, We do not sell, rent, or lease your Personal Data to third parties.
The abovementioned recipients will process your Personal Data as Data Controllers, Data Processors or persons in charge of processing, depending on the circumstances.
A complete list of Data Processors is available, upon request to us, through the modalities as per this Privacy Notice.
5.4 Online tracking and online advertising techniques
We use various techniques on our website that allow us and third parties engaged by us to recognize you during your use of our website, and possibly to track you across several visits.
In essence, We wish to distinguish access by you (through your system) from access by other users, so that we can ensure the functionality of the website and carry out analysis and personalization. We do not intend to determine your identity, even if that is possible where We or third parties engaged by us can identify you by combination with registration data. However, even without registration data, the technologies We use are designed in such a way that you are recognized as an individual visitor each time you access the website, for example by our server (or third-party servers) that assign a specific identification number to you or your browser (so-called «cookie»).
We use these technologies on our website and may allow certain third parties to do so as well. However, depending on the purpose of these technologies, We may ask for consent before they are used. You can also set your browser to block or deceive certain types of cookies or alternative technologies, or to delete existing cookies. You can also add software to your browser that blocks certain third-party tracking. You can find more information on the help pages of your browser (usually with the keyword «Privacy») or on the websites of the third parties.
Necessary cookies: Some cookies are necessary for the functioning of the website or for certain features. For example, they ensure that you can move between pages without losing information that was entered in a form. They also ensure that you stay logged in. These cookies exist temporarily only («session cookies»). If you block them, the website may not work properly. Other cookies are necessary for the server to store options or information (which you have entered) beyond a session (i.e. a visit to the website) if you use this function (for example language settings, consents, automatic login functionality, etc.). These cookies have an expiration date of up to 24 months.
In addition to marketing cookies, We use other technologies to control online advertising on other websites and thereby reduce advertising wastage. For example, We may transmit the e-mail addresses of our users, customers and other persons to whom We wish to display advertisements to operators of advertising platforms (for example social media). If these persons are registered with them with the same e-mail address (which the advertising platforms determine by a matching process), the providers display our advertisements specifically to these persons. The providers do not receive e-mail addresses of persons who are not already known to them. In case of known e-mail addresses, however, they learn that these persons are in contact with us and the content they have accessed.
We may also integrate additional third-party offers on our website, in particular from social media providers. These offers are deactivated by default. As soon as you activate them (for example by clicking a button), these providers can determine that you are using our website. If you have an account with that social media provider, it can assign this information to you and thereby track your use of online offers. These social media providers process this data as separate controllers.
We currently use offers among others from the following service providers and advertising partners (where they use data from you or cookies set on your computer for advertising purposes):
Google Analytics: Google Ireland Ltd (located in Ireland) is the provider of the service «Google Analytics» and acts as our processor. Google Ireland relies on Google LLC (located in the United States) as its sub-processor (both «Google»). Google collects information about the behavior of visitors to our website (duration, page views, geographic region of access, etc.) through performance cookies (see above) and on this basis creates reports for us about the use of our website. We have configured the service so that the IP addresses of visitors are truncated by Google in Europe before forwarding them to the United States and then cannot be traced back. We have turned off the «Data sharing» option and the «Signals option». Although We can assume that the information We share with Google is not personal data for Google, it may be possible that Google may be able to draw conclusions about the identity of visitors based on the data collected, create personal profiles and link this data with the Google accounts of these individuals for its own purposes. In any event, if you consent to the use of Google Analytics, you expressly consent to any such processing, including the transfer of your personal data (in particular website and app usage, device information and unique IDs) to the United States and other countries and you accept the risks that your data may be potentially subject to government lawful access in the recipient's country, despite the safeguards We put in place. Information about data protection with Google Analytics can be found here: support.google.com/analytics/answer/6004245 and if you have a Google account, you can find more details about Google's processing here: policies.google.com/technologies/partner-sites.
5.5 Is your Personal Data transferred across the border?
Given the presence of EssilorLuxottica in many countries around the world and in order to provide you with personalized service worldwide, some of your Personal Data may be collected, accessible or stored outside your country of residence.
As a result of the above, your Personal Data may be accessed and/or transferred to countries which do not have equivalent data protection laws to those required within the European Economic Area (EEA).
In such cases, EssilorLuxottica, its Affiliates and VisilabGroup SA ensure that, at all times, appropriate safeguards are implemented to ensure that your Personal Data is processed in accordance with Applicable Legislation. In this respect, where your Personal Data is processed by another EssilorLuxottica entity other than VisilabGroup SA, the safeguards are based on the commitments taken on the basis of (i) a dedicated transfer agreement binding upon the EssilorLuxottica entity involved in the Processing of Personal Data and (ii) a set of common rules.
Where your Personal Data is processed by EssilorLuxottica entities or third parties located outside the European Economic Area, EssilorLuxottica and VisilabGroup SA ensure that specific contractual protection is implemented to ensure that this requirement is addressed in accordance with the Applicable Legislation.
For further information with regard to the appropriate or suitable safeguards and the means by which to obtain a copy of them, you can contact us with the modalities as per this Privacy Notice.
5.6 For how long do We retain your Personal Data?
We retain all or part of your Personal Data for the time strictly necessary for the following reasons:
(a) To meet applicable statutory requirements for data retention;
(b) To meet and comply with our legal and/or contractual obligations;
(c) For as long as necessary to carry out each of the purposes mentioned in this Privacy Notice, including for the purposes of satisfying any legal, accounting, reporting requirements.
To determine the appropriate retention period for Personal Data, We consider jointly the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for which We process your Personal Data and whether We can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances, We may anonymize your Personal Data so that it can no longer be associated with you, in which case We may use such information without further notice to you.
5.7 We keep your Personal Data safe, updated and accurate
We have a responsibility for the security and accuracy of the Personal Data that We process about you and also for keeping Personal Data up to date. We have taken steps to eliminate duplicated copies of Personal Data and to facilitate updating of Personal Data that may change over time.
6. HOW DO WE PROTECT YOUR PERSONAL DATA?
We regard the protection of Personal Data as an essential priority.
In this respect, We have implemented appropriate measures and safeguards to protect the Personal Data We process.
This is reflected in EssilorLuxottica’s and VisilabGroup SA’s procedures, guidelines and policies and in the actual measures implemented throughout the group.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, We limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. These measures range from technical security measures that protect IT systems to the physical security measures employed at EssilorLuxottica and VisilabGroup SA’s sites. EssilorLuxottica and VisilabGroup SA also require their staff to participate in information security and data protection trainings. Details of these measures may be obtained from the Group Information Security Department.
We have put in place procedures to deal with any suspected Personal Data security breach and will notify you and any applicable regulator of a breach where We are legally required to do so.
7. YOUR RIGHTS
You can exercise any of the following rights, subject to verification of your identity where necessary:
a) Right of information and access
You may request that the existence of your Personal Data be confirmed and that you be informed of its content, the purposes of processing, categories of recipients, storage period and source, and receive a copy of the Personal Data currently stored in our databases.
b) Right to rectification
You may request the correction of inaccurate Personal Data and, subject to the nature of the collection and use, the completion of incomplete Personal Data. We may not accommodate a request to change Personal Data if We believe the change would violate any law or legal requirement or cause the information to be incorrect.
c) Right to restriction of the Processing of Personal Data
When applicable, you may restrict the Processing of your Personal Data. When such restrictions are not possible, We will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent to the Processing of your Personal Data.
d) Right to object to the Processing of Personal Data
When applicable, you have the right to object to the Processing of your Personal Data on grounds relating to your particular situation, if the processing is based on our legitimate interest. In addition, you have the right to object at any time to processing where Personal Data are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
When such objections are not possible, We will advise you accordingly. You can then choose to exercise another right under this Privacy Notice, like withdrawing your consent to the Processing of your Personal Data.
e) Right to erasure
Under certain conditions, you have the right to have your Personal Data deleted. Upon receipt of such a request for erasure, We will confirm receipt, consider your request, take a decision and communicate it to you.
f) Right to data portability
Upon request and when possible and where applicable by local laws, We can provide to you with copies of your Personal Data in a structured, common framework and machine-readable format. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent. Where applicable, We will ensure such changes are shared with any trusted third parties.
g) Right to withdraw your consent
Where processing is based on consent, you may withdraw your consent at any time to the Processing of your Personal Data. Upon receipt of such a withdrawal of consent, We will confirm receipt and proceed to stop Processing your Personal Data. Such withdrawal will not affect the lawfulness of the collection and use carried out prior to withdrawal.
h) Right to lodge a complaint with the relevant data protection supervisory authority
If you are not satisfied with the way We process your Personal Data and/or our response to a request to exercise your rights, you can lodge a complaint with the competent data protection supervisory authority.
In order to exercise your rights, please contact:
Office of the Federal Data Protection and Information Commissioner FDPIC Feldeggweg 1 CH-3003 Berne
8. HOW CAN YOU CONTACT US?
8.1 CONTACT OF THE DATA CONTROLLER
The Data Controller of the Processing of your Personal Data is VisilabGroup SA, with a registered office in Rue de Veyrot 13, CH-1217 Meyrin.
Should you have questions or comments on this Privacy Notice or on any data processing carried out by VisilabGroup SA and its Affiliates, VisilabGroup SA may be contacted to the postal address above.
8.2 CONTACT OF THE DATA PROTECTION OFFICER?
VisilabGroup SA has appointed a Data Protection Officer who can be contacted at the following email address firstname.lastname@example.org or to the address of VisilabGroup SA in Rue de Veyrot 13, CH-1217 Meyrin.
You can also send an email to email@example.com in case of any question related to this document.
8.3 CONTACT OF OTHER DATA PROTECTION OFFICERS?
We have appointed data protection officers within the different entities of VisilabGroup, you may contact them as follows:
EssilorLuxottica: website contact form or by post at 1-6 rue Paul Cézanne, 75008 Paris, France, registered in the Créteil Trade and Companies Register under number 712 049 618 ;
Essilor International: website contact form or by post at 1147 rue de Paris, 94220 Charenton-le-Pont, France, registered in the Créteil Trade and Companies Register under number 439 769 654, as a part of EssilorLuxottica Group;
Luxottica Group S.p.A.: website contact form or by post at Piazzale Cadorna no. 3 – 20123 Milan, Italy, as a part of EssilorLuxottica Group.
9. HOW CAN YOU KEEP TRACK OF CHANGES TO THIS PRIVACY NOTICE?
For legal and/or organizational reasons, this Privacy Notice may undergo changes. We suggest, therefore, to check this Privacy Notice regularly and to refer to the latest version of it. We will post the date it was last updated at the top of this Privacy Notice.
In any case, an updated version of the Privacy Notice will be always available on the sites and the services, We will make available additional notices to you if we make any changes that materially affect your privacy rights.