Luxottica Group S.p.A., with registered office at Piazzale Cadorna no. 3 – 20123 Milan, Italy, registered at Milan Trade Registry under the number 10182640150 (hereinafter “EssilorLuxottica”),
as a part of the EssilorLuxottica Group and owner of Barberini brand, is the “Data Controller” for the purposes described hereafter. This means that EssilorLuxottica is responsible for deciding how it, and its global organization throughout the word, hold and use Personal Data about you.
EssilorLuxottica Group attach particular importance to the Processing, confidentiality and security of your Personal Data.
The purpose of this Privacy Notice is to inform you in a clear, simple and complete manner about the Processing carried out on the Personal Data that you provide to us, or that we can collect from the various contact you may have with us (e.g. store, customer care, sites, services, events, social networks, etc.), their possible transfer to third parties as well as your rights and the options you have to control your Personal Data and to protect your privacy, in accordance with the applicable legislation.
We may update this Privacy Notice at any time but, if we do so, we will make available to you an updated copy of this Privacy Notice as soon as reasonably practical.
We may provide different or additional privacy notices in connection with certain activities, programs, and offerings.
We may also provide additional “just-in-time” notices that may supplement or clarify our privacy practices or provide you with additional choices regarding your Personal Data.
Our sites may include links to websites and/or applications operated and maintained by third parties. Please note that we have no control over the privacy practices of websites or applications that we do not own. EssilorLuxottica encourage you to review the privacy notices of those third parties before connecting.
Affiliates | The subsidiaries of EssilorLuxottica Group, its ultimate holding company and its subsidiaries, or companies that it controls, are controlled by or under common control, and its service providers and strategic business partners |
Brands | The brads owned by the companies belonging to EssilorLuxottica Group |
Data Controller | The natural or legal person, department or organisation, alone or jointly with others, determines the Purposes and means of the Processing of Personal Data |
Data Processor | The natural or legal person, department or other body which processes Personal Data on behalf of and on the instructions of the Data Controller |
EssilorLuxottica Group (or simply Group) | Jointly EssilorLuxottica SA (as ultimate holding company) and all its Affiliates |
GDPR | Regulation (EU) 2016/679 (General Data Protection Regulation) |
Personal Data | Any information, about an individual (the Data Subject) from which that person can be identified (name, contact details, identification number, etc.). The categories of Personal Data that we may process are enumerated in this Privacy Notice. |
Processing (of Personal Data) | Any action conducted concerning your Personal Data such as, the collection, recording, organization, storage, modification, transfer, deletion, access, consultation, etc. of such Personal Data. |
Purpose | The purpose of the Processing; in other words, the reasons for which the Personal Data is collected. |
Recipients (of the Personal Data) | A natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. |
The Personal Data we collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction.
We use different methods and various sources to collect Personal Data from and about you. Namely, we collect and obtain Personal Data:
a) Provided directly by you
We collect the Personal Data that you provide us with when you contact us for request, feedback or complaint.
b) Using automatic tracking systems
We use some technologies (e.g., cookies and automatic tracking systems) that automatically collect certain items of information relating to the way in which you utilize the site and its services. For further information on the use of Personal Data collected through automatic tracking systems, please read carefully our Cookie Policy available here.
c) From other possible sources
We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on behalf us, or publicity available sources. We create also information based on our analysis of the Personal Data we have collected from you.
The Personal Data we collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described hereafter in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction.
CATEGORY OF DATA | TYPES OF DATA |
Identifiable Information | Including such as name and surname, title, country of residence, e-mail address and phone number |
Device Information | Including such as the IP address or other unique code of your device (computer, mobile or other devices), identification as returning visitor, technical information that may include the URL from where you originate and location, browser information and language |
Navigation Information | Including information regarding your interactions with our site (e.g. pageviews, session start, first visit, clicks, form submissions) |
We are required to use your Personal Data for Purposes defined according to the nature of our relationships. Thus, depending on the context in which your Personal Data is collected, it may be used for one or more of the following Purposes:
PURPOSES | DETAILS | LEGAL BASIS |
Communication between us | | CONSENT |
Legal obligations complying | Comply with the requirements of the laws, regulations, protocols and national and EU legislation (including target medical device legislation) Implement the decisions of public authorities Manage of the requests to exercise your rights | LEGAL OBLIGATIONS |
Legitimate interests’ pursuit | Exercise or defend legal claims in court proceedings or in an administrative or out-of-court procedures relating to our rights, the rights of EssilorLuxottica Group and/or the rights of our representatives, shareholders, officers and directors Enable the technical management of the site and its operational functions, including solving any technical problems; to perform tests, updates and upgrades that cannot be performed through non-personal data Prevent or identify fraudulent activities or misuses of the site or against the EssilorLuxottica Group and/or the users of the site Complete a potential merger, sale of assets, transfer of all or a material part of its business, or financing transaction by disclosing and transferring the Personal Data to the third party or parties involved in the transaction as part of the transaction Anonymize Personal Data in order to perform statistical analysis | LEGITIME INTEREST |
The Processing of your Personal Data is carried out, electronically and manually, only within the limits necessary to pursue the Purposes outlined above.
All Personal Data provided by you is kept on secure servers, adopting adequate security measures to protect Personal Data from non-authorized access, to maintain the accuracy of Personal Data and guarantee their proper use.
EssilorLuxottica is a global organization with offices and operations throughout the world and most of your Personal Data relating to is stored and processed within a range of global applications that is used globally by the Affiliates and Brands. The majority of the Processing of your Personal Data is carried out through the concentrated services of two entities: Essilor International SAS and Luxottica Group S.p.A.
We may share your Personal Data with certain Affiliates or Brands of the EssilorLuxottica Group for the Purposes set out in this Privacy Notice, in each case in or outside your country, as permitted and required by applicable law, or in other circumstances with your previous consent.
a. Service provider
We may disclose your Personal Data with our third parties service providers entrusted with Processing activities that provide services or assistance and advice to us, with special – but not exclusive – reference to technology, accounting, administrative, legal, insurance, IT, marketing, data analysis matters.
Each service provider will act as a Data Processor, on behalf of us and in accordance with the instructions received from us, by virtue of a specific agreement as per Article 28 of the GDPR, which sets out its obligations and guarantees the implementation of appropriate technical and organizational measures to respect the applicable legislation and the protection of your rights.
We require that any such third-party provider is subject to strict control and implements appropriate guarantees of security and confidentiality of your Personal Data.
b. Sale or merger
We may also disclose your Personal Data:
in the event that we sell any business or assets, in which case we may disclose your Personal Data to the prospective purchaser of such business or assets; or
if we sell, buy, merge with, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your Personal Data may be among the transferred assets.
We may share all of the Personal Data we collect in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sales, or in the unlikely event of bankruptcy.
c. Legal process
We may disclose your Personal Data to any authority, court, administrative body, or other authorized third party (including, without limitation, counsel), where the disclosure of Personal Data is required by law, regulation or court order or where such disclosure is necessary for the protection and defense of our rights.
d. Other instance
We may ask if you would like to disclose your Personal Data with other third parties who are not described elsewhere in this Privacy Notice. Furthermore, we do not sell, rent, or lease your Personal Data to third parties but we may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest you. In those cases, without you consent, your Personal Data would not be transferred to the third party.
The abovementioned Recipients will process your Personal Data as Data Controllers, Data Processors or persons in charge of Processing, depending on the circumstances.
A complete list of Data Processors is available, upon request to us, through the modalities as per this Privacy Notice.
Given the presence of EssilorLuxottica in many countries around the world and in order to provide you with personalized service worldwide, some of your Personal Data may be collected, accessible or stored outside your country of residence.
As a result of the above, your Personal Data may be accessed and/or transferred to countries which do not have equivalent data protection laws to those required within the European Economic Area (“EEA”).
In such cases, EssilorLuxottica ensures that, at all times, appropriate safeguards are implemented to ensure that your Personal Data is processed in accordance with applicable legislation. In this respect, where your Personal Data is processed by another EssilorLuxottica Group entity, the safeguards are based on the commitments taken on the basis of (ii) a dedicated transfer agreement binding upon the EssilorLuxottica Group entity involved in the Processing and (ii) a set of common rules applicable in the EssilorLuxottica Group through the EssilorLuxottica Group Data Protection Policy.
Where your Personal Data is processed by EssilorLuxottica Group entities or third parties located outside the EEA, EssilorLuxottica ensures that specific contractual protection is implemented to ensure that this requirement is addressed in accordance with the applicable legislation as per Articles 44 et seq. of the GDPR.
For further information with regard to the appropriate or suitable safeguards and the means by which to obtain a copy of them, you can contact us with the modalities as per this Privacy Notice.
We retain all or part of your Personal Data for the time strictly necessary for the reason:
(a) to meet applicable statutory requirements for data retention;
(b) to meet and comply with our legal and/or contractual obligations;
(c) for as long as necessary to carry out each of the Purposes mentioned in this Privacy Notice, including for satisfying any legal and/or reporting requirements.
To determine the appropriate retention period for Personal Data, we consider jointly the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the Purposes for which we process your Personal Data and whether we can achieve those Purposes through other means, and the applicable legal requirements. Here below some examples:
Communications between us | Up to the complete fulfillment of the commitments undertaken following your request for assistance |
Compliance to legal provisions / legal obligations | Time imposed by the legislation and applicable from time to time |
Pursuit of a Legitimate Interest | Time strictly necessary to achieve the Legitimate Interest pursued from time to time (e.g. if the Legitimate Interest is based on the exercise and defense of our right in court, the retention of Personal Data could extend up to the last degree of judgement) |
In any case, please note that, within EssilorLuxottica Group, retention and archiving of any Data will not exceed ten (10) years overall calculated as of the first record, which is a maximum in EssilorLuxottica. In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
EssilorLuxottica has a responsibility for the security and accuracy of the Personal Data that it processes about you and also for keeping Personal Data up to date. EssilorLuxottica has taken steps to eliminate duplicate copies of Personal Data and to facilitate their updating that may change over time.
EssilorLuxottica regards the protection of Personal Data as an essential priority.
In this respect, EssilorLuxottica has implemented appropriate measures and safeguards to protect the Personal Data it processes.
This is reflected in EssilorLuxottica’s procedures described in the EssilorLuxottica Group Data Protection Program, guidelines and policies and in the actual measures implemented throughout the EssilorLuxottica Group.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. These measures range from technical security measures that protect IT systems to the physical security measures employed at EssilorLuxottica sites. EssilorLuxottica also requires its staff to participate in information security trainings. Details of these measures may be obtained from the EssilorLuxottica Group Information Security Department, contacting us with the modalities as per this Privacy Notice.
Furthermore, we have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You can exercise any of the following rights, subject to verification of your identity where necessary:
a. Right of Information and Access
You may request the confirmation of the existence of your Personal Data and to be informed of its content and source and obtain a copy of those Personal Data which our databases currently contain.
b. Right to Rectification
You may request to rectify what Personal Data our databases currently contain. We may not accommodate a request to change Personal Data if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
c. Right to Restriction of the Processing
When applicable, you may restrict the processing of your Personal Data. When such restrictions are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent to the Processing of your Personal Data.
d. Right to Object to the Processing
When applicable, you have the right to object to the Processing of your Personal Data on grounds relating to your particular situation, if the Processing is based on our legitimate interest.
When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, to include withdrawing your consent to the Processing of your Personal Data.
e. Right to Erasure
If you should wish to have your Personal Data deleted, then you may submit a request. Upon receipt of such a request for erasure, we will confirm receipt and confirm once your Personal Data have been deleted.
f. Right to Data Portability
Upon request and when possible and where applicable by local laws, we can provide to you with copies of your Personal Data. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.
g. Right to Withdraw your Consent
Where Processing is based on consent, you may withdraw his/her consent at any time to the Processing of your Personal Data. Upon receipt of such a withdrawal of consent, we will confirm receipt and proceed to stop Processing your Personal Data.
h. Right to lodge a complaint with the relevant data protection supervisory authority
If you are not satisfied with the way we process your Personal Data and/or responds to a request to exercise the rights you have exercised, you can lodge a complaint with the relevant data protection competent supervisory authority.