Privacy Notice for 
Alain Mikli 

EssilorLuxottica and your Personal Data 

Understanding why and how EssilorLuxottica Processes your Personal Data 

Last update: 13 / 11 / 2024 

Content

At EssilorLuxottica, we are committed to protect our Clients’ Personal Data.
Upholding this commitment is essential to our success and reputation, and ultimately our ability to fulfil our mission of helping people see more, be more and live life to its fullest.

1. INTRODUCTION

1.1 Who we are?
1.2 What is the purpose of this Privacy Notice?
1.3 What is this Privacy Notice about? Key definitions

2. WHERE ARE THE PERSONAL DATA COLLECTED FROM?

3. WHAT PERSONAL DATA MAY WE PROCESS ABOUT YOU?

3.1 Categories of Personal Data
3.2 Processing of Special Personal Data

4. WHY DO WE PROCESS YOUR PERSONAL DATA?

5. HOW DO WE PROCESS YOUR PERSONAL DATA?

5.1 What modalities do we use to Process your Personal Data?
5.2 We disclose your Personal Data to other Affiliates of the Group
5.3 Is your Personal Data transferred to third parties?
5.4 Is your Personal Data transferred across the border?
5.5 For how long do we retain your Personal Data?
5.6 We keep your data safe, updated and accurate
5.7 Children’s Personal Data and other sensitive Personal Data (for US Web Users)

6. HOW DO WE PROTECT YOUR PERSONAL DATA?

7. YOUR RIGHTS

8. HOW CAN YOU CONTACT US?

8.1 Contact of the Data Controller
8.2 Contact of the Data Protection Officer

9. HOW CAN YOU KEEP TRACK OF CHANGES TO THIS PRIVACY NOTICE?

1. INTRODUCTION


1.1 Who we are?

WHEN YOU ARE A DATA SUBJECT OF OUR PARIS STORE(S)

SUNGLASS HUT FRANCE Société par actions simplifiée, with registered office at 1-6 rue Paul Cézanne 75008 Paris (France), R.C.S. 812 674 836 Paris, a company which is part of the EssilorLuxottica Group (hereinafter “Sunglass Hut France”) 

Where Sunglass Hut France is the party that determines the purposes and the means of the Processing, we are the Data Controller over your Personal Data. 

In certain specified instances, Sunglass Hut France may be Joint Controller with other entity(ies) over the Processing of your Personal Data: this means that, in such cases, we are jointly responsible with these entities for deciding on the Purposes and the means of the Processing. More specifically, please note that we are now in a joint controlling relationship over your Personal Data for some specific Processing activities with: 

Luxottica Group S.p.A., with registered office at Piazzale Cadorna no. 3 – 20123 Milan, Italy, inscribed in the Milan Trade Registry under the number 00891030272, VAT no. 10182640150, a company which is part of the EssilorLuxottica Group (“Luxottica”). 

WHEN YOU ARE A DATA SUBJECT OF OUR WEBSITE

Luxottica Group S.p.A., with registered office at Piazzale Cadorna no. 3 – 20123 Milan, Italy, inscribed in the Milan Trade Registry under the number 00891030272, VAT no. 10182640150, a company which is part of the EssilorLuxottica Group (“Luxottica”). 

Luxottica is the party that determines the Purposes and the means of the Processing, so it’s the Data Controller over your Personal Data 

Further in this Privacy Notice, when we speak about “Alain Mikli” or “we” or “our” or “us” we refer jointly to Sunglass Hut France and Luxottica if you are a customer or prospect of our Paris store(s), or only to Luxottica if you are a user of our Website 

1.2 What is the purpose of this Privacy Notice?

EssilorLuxottica, its Affiliates and its Brands, attach particular importance to the Processing, confidentiality and security of your Personal Data. 

The purpose of this Privacy Notice is to inform you in a clear, simple and complete manner of the Processing carried out on the Personal Data that you provide to us, or that each of our Affiliates can collect from the various contact you may have with us (e.g. store, customer care, sites, services, events, social networks, etc.), their possible transfer to third parties as well as your rights and the options you have to control your Personal Data and to protect your privacy, in accordance with the applicable legislation.  

We may update this Privacy Notice at any time but if we do so, we will make an updated copy of this Privacy Notice available to you. 

We may provide different or additional privacy notices in connection with certain activities, programs, and offerings.  

We may also provide additional “just-in-time” notices that may supplement or clarify our privacy practices or provide you with additional choices regarding your Personal Data.  

Our Website may include links to websites and/or applications operated and maintained by third parties. Please note that we have no control over the privacy practices of websites or applications that we do not own. Alain Mikli encourages you to review the privacy notices of those third parties before connecting. 

1.3 What is this Privacy Notice about? Key definitions

Affiliates Means subsidiaries of EssilorLuxottica Group, its ultimate holding company and its subsidiaries, or companies that it controls, are controlled by or under common control, and its service providers/vendors and strategic business partners 
Brands The brands owned by the companies belonging to EssilorLuxottica Group 
Data Controller Means the natural or legal person, department or organisation, alone or jointly with others, determines the Purposes and means of the Processing of Personal Data 
Data Processor Means a natural or legal person, department or other body which Processes Personal Data on behalf of and on the instructions of the Data Controller 
Data Subject(s) The physical person(s) whose Personal Data is Processed 
EssilorLuxottica Group (or, simply, EssilorLuxottica or GroupEssilorLuxottica as global organization, i.e. jointly EssilorLuxottica (as ultimate holding company) and all its Affiliates 
GDPR Regulation (EU) 2016/679 (General Data Protection Regulation) 
Joint Controller Refers to two or more Data Controllers that jointly determine the Purposes and means of Processing 
Personal Data (or simply DataAny information about an individual (the Data Subject) from which that person can be identified (name, contact details, identification number, etc.). The categories of Personal Data that we may Process are enumerated in this Privacy Notice.  
Processing (of Personal Data) Any action conducted concerning your Personal Data such as, the collection, recording, organization, storage, modification, transfer, deletion, access, consultation, etc. of such data. 
Purpose Refers to the Purpose of the Processing. In other words, the reasons for which the Personal Data is collected. 
Recipients (of the Personal Data) A natural or legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not.  
Services Any of our online or offline services 

Likewise, this Privacy Notice will apply to the following Data Subjects:  

Clients Clients who purchase products or Services offered by Alain Mikli 
Web Users Users who access the Alain Mikli website (the “Website”). 
Eyesight Checks Users Users who have undergone an eyesight check. 
Marketing Communication Users Users who have subscribed to receive marketing communications from Alain Mikli. 

2. WHERE ARE THE PERSONAL DATA COLLECTED FROM? 


The Personal Data we collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction. 

We use different methods and various sources to collect data from and about you. We collect and obtain information:  

a) Provided directly by you 

During the registration process, the creation of an account on the Website and/or the Services, or when completing a purchase order or joining our engagement programs, prize competitions and events and when you contact us for request, feedback or complaint. We also record customer service calls and maintain a transcript of chats for quality assurance.  

b) Using Cookies  

We use just technical cookies to allow the proper navigation on our Website. 

c) Through stores visits and other offline technologies  

When you visit our stores, information may be collected during the purchase process, the adjustment of purchased products and eyesight checks that can be carried out in stores. We also use CCTV in our stores for safety, security, fraud, loss, prevention, and operational purposes. 

d) From other sources  

We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers/vendors, fraud prevention service providers/vendors, vendors that provide services on behalf of us, or publicity available sources. We create also information based on our analysis of the information we have collected from you. 

3. WHAT PERSONAL DATA MAY WE PROCESS ABOUT YOU?


The Personal Data we collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described hereafter in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction. 

3.1 Categories of Personal Data

CATEGORY OF DATA TYPES OF DATA DATA SUBJECT 
Identifiable information  Including such as name and surname, e-mail address, gender, date of birth, country of residence, postal address and phone numbers Clients, Web Users, Eyesight Checks Users and Marketing Communication Users  
Payment information  Including such as data related to your payment method(s) and details of products you have purchased from us Clients and Eyesight Checks Users 
Profile and Commercial data   Including such as billing and delivery addresses, details of products and services which you have purchased from us (including your order, tracking and invoices, amount and type of purchase) and your interests, preferences, feedback and survey responses Clients and Eyesight Checks Users 
Marketing and Communications Data Including such as your preferences in receiving marketing from us, your communication preferences and information contained in any correspondence or requests sent by you to us or asked to you by us if problems are reported Clients and Marketing Communication Users 
Health and Medical Data   Including such as ophthalmic prescription, eye examinations, measurements (optical correction, pupillary distance, etc.), adaptations and information having an impact on your visual health and eyesight checks that can be carried out  Clients and Eyesight Check Users 
Data related to your care Including such as the name of the complementary organization and the management platform, information related to the health coverage, the rate of care Clients and Eyesight Check Users 
Device information Including such as the IP address or other unique code of your device (computer, mobile or other devices), technical information that may include the URL from where you originate, time zone setting and location, browser information and language Web Users  
Navigation information  Including such as information regarding your interactions with our Website, our Services, emails, products or advertisements and statistical data relating to these interactions Web Users  

If you are a US Web User, please refer to the following table which identifies: 

– the categories of Personal Data we collect, the categories of Personal Data we disclosed and for each category
– the categories of Recipients to whom we disclosed Personal Data;
– if you are a California resident, the categories of Personal Data that we sell or share to third parties and for each category, the categories of third parties to whom we sold or shared Personal Data. 

CATEGORY OF DATA TYPES OF DATA DATA SUBJECT CATEGORIES OF RECIPIENTS CATEGORIES OF THIRD PARTIES 
Identifiable information  Including such as name and surname, e-mail address, gender, date of birth, country of residence, postal address and phone numbers Web Users and Marketing Communication Users  Affiliates; data storage providers; operating systems and platforms  
Marketing and Communications Data Including such as your preferences in receiving marketing from us, your communication preferences and information contained in any correspondence or requests sent by you to us or asked to you by us if problems are reported Marketing Communication Users Affiliates; data storage providers; operating systems and platforms  
Unique Personal Identifiers and Device information Including such as the IP address or other unique code of your device (computer, mobile or other devices), technical information that may include the URL from where you originate, time zone setting and location, browser information and language; cookies, beacons, pixel tags, or other similar technology; customer number, unique pseudonym or user alias Web Users   Advertising networks; data analytics providers;  
Navigation information  Including information regarding your interactions with our Website, our Services, emails, products or advertisements and statistical data relating to these interactions Web Users  Affiliates; data storage providers; operating systems and platforms  

3.2 Processing of Special Personal Data

When you are a Client, we may Process for the Purposes set out below certain categories of Personal Data which are qualified as “sensitive” Personal Data, as they fall within the definition of special categories of Personal Data provided for by art. 9 of the GDPR (“Special Personal Data”). This is particularly the case of the Health and Medical Data, and the Data related to your care, as described above, that we may Process.

However, we only Process such sensitive data because:

– where it is required or allowed under local applicable legislation
– while implementing adequate safeguards to ensure the protection of such Special Personal Data, and
– where you give us your prior explicit consent pursuant to Article 9 of the GDPR.

However, please note that, if you don’t grant your explicit consent to the Processing of your Health and Medical Data and your Data related to your care, you will not be able to benefit from the Services described above in stores and through the Websites and the Services.

4. WHY DO WE PROCESS YOUR PERSONAL DATA?


We are required to use your data for Purposes defined according to the nature of our relationships. Thus, depending on the context in which your data is collected, it may be used for one or more of the following Purposes:  

PURPOSES DETAILS LEGAL BASIS 
Follow-up and execution of your orders, the after-sales services and supplementary services management – Formalise a quotation
– Manage product sales, orders (purchase, delivery and supply of products and Services)
– Manage your invoicing and your warranty
– Manage follow-up and provide after-sales service and customer relations (including, for example, returns, warranty and customer support)
– Manage of the care in connection with health insurance and supplementary organisations (medical diagnoses, health care, administration of care or treatment and management of health care services implemented by a member of a health profession) 
EXECUTION OF A CONTRACT 
Transaction and potential unpaid invoices management – Carry out secure payments (with reference to invoicing obligations)
– Manage incidents related to payment and debts
– Process potential unpaid invoices:  
. Identify your known unpaid invoices 
. Inform you of this unpaid amount, of the means available to you to regularize it, of the possibility of making observations and of requesting a review of your situation if necessary 
EXECUTION OF A CONTRACT 
Inscriptions management – Permit you to join our engagement programs, including the loyalty programs; receiving commercial and promotional communications in the context of the loyalty program
– Allow you to participate in our contests, prize competitions and initiatives promoted 
CONSENT 
Communication and interactions between us – Send you commercial and promotional communications and periodical updates (e.g., via e-mail, phone, SMS/MMS, WhatsApp and/or any other messaging tool from mobile, postal service, social network, web platforms and newsletter) related to our products, Services, initiatives and events
– Manage our personalized commercial offers based on the analysis of your Personal Data related to spending volume, product category, date of birth and methods of purchase)
– Fulfil your requests (e.g., management of requests for information, etc.) 
CONSENT 
Eyesight checks performance – Allow you to benefit from the eye examination service provided by your optician (manage the scheduling of appointments, prescriptions, etc.) and carry out all the eyes and/or face measurements needed for the manufacturing and supply of the products CONSENT 
Legal obligations compliance – Comply with the requirements of the laws, regulations, protocols and national and EU legislation (including target medical device legislation)
– Implement the decisions of public Authorities
– Manage of the requests to exercise your rights
– Product traceability
– Data retention with regard to accounting and tax obligations
– Combating fraud (certain automatic or manual processes are designed to verify payments and to combat fraud involving payment methods and identity theft) 
LEGAL OBLIGATIONS 
Legitimate interests’ pursuit – Send you commercial communications via e-mail on similar products, events and services already provided to you, unless you object to such a Processing at the time of the collection and on the occasion of each communication
– Exercise or defend legal claims in court proceedings or in administrative or out-of-court procedures relating to our rights, of our group companies and/or of our representatives, shareholders, officers and directors
– Enable the technical management of the Website and the Services and its operational functions, including solving any technical problems, to perform tests, updates and upgrades that cannot be performed through non-personal data
– Prevent or identify fraudulent activities or misuses of the Website and the Services or against the EssilorLuxottica Group and/or the Web Users of the Website and the Services
– Complete a potential merger, sale of assets, transfer of all or a material part of its business, or financing transaction by disclosing and transferring the Personal Data to the third party or parties involved in the transaction as part of the transaction
– Conduct, surveys and market research relating to our products and Services by post, telephone or e-mail
– Anonymize Personal Data such as in order to perform statistical analysis, to monitor and/or enhance our medical devices, for R&D purposes, to train AI models, etc. 
LEGITIMATE INTEREST 

5. HOW DO WE PROCESS YOUR PERSONAL DATA?


5.1 What modalities do we use to Process your Personal Data?

The Processing of your Personal Data is carried out, electronically and manually, only within the limits necessary to pursue the Purposes outlined above. 

We undertake to protect your Personal Data.  

We advise that the password is one of the protection mechanisms of the account. Therefore, you are invited to use a password sufficiently secure and stored in a safe place, limiting access to it on their own computers and browsers, disconnecting it after having visited the Website and/or the Services.  

All Personal Data provided by you is kept on secure servers, adopting adequate security measures to protect Personal Data from non-authorized access, to maintain the accuracy of Personal Data and guarantee the proper use of information.  

Furthermore, a secure system for authorizing credit card payments and identifying fraudulent activities is used. 

5.2 We disclose your Personal Data to other Affiliates of the Group

EssilorLuxottica is a global organization with offices and operations throughout the world and most of your Personal Data relating to is stored and Processed within a range of global applications that is used globally by the Affiliates of EssilorLuxottica. The majority of the Processing of your Personal Data is carried out through the concentrated services of two entities: Essilor International and Luxottica Group S.p.A. 

We may disclose your Personal Data to certain Affiliates or Brand of the EssilorLuxottica Group, based on your preferences and interests about these Affiliates or Brand, for the Purposes set out in this Privacy Notice, in each case in or outside your country, as permitted and required by applicable law and/or in other circumstances with your consent. 

We may also disclose your Personal Data for our internal business purposes. 

5.3 Is your Personal Data transferred to third parties?

a) Service providers/Vendors  

We may disclose your Personal Data with our third parties service providers/vendors entrusted with Processing activities that provide services or assistance and advice to us, with special – but not exclusive – reference to technology, accounting, administrative, legal, insurance, IT, marketing, customer service, data subjects requests management, data analysis matters.  

Each service provider/vendor will act on behalf of and in accordance with the instructions received from us, by virtue of a specific agreement put in place pursuant to applicable legislation, including such as, for the European Union,  art. 28 of the GDPR which sets out the obligation service provider which acts as Data Processor and guarantees the implementation by it of appropriate technical and organizational measures to respect the  requirements set by the applicable legislation.  

We require that any such third-party provider/vendor is subject to strict control and implements appropriate guarantees of security and confidentiality of your Personal Data.  

b) Sale or merger of business

We may also disclose your Personal Data: 

– in the event that we sell any business or assets, or in anticipation to these events, in which case we may disclose your Personal Data to the prospective purchaser of such business or assets; or 
– if we sell, buy, merge with, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, your Personal Data may be among the transferred assets.

We may disclose all of the information we collect in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy. 

c) Legal process  

We may disclose your Personal Data to any authority, court, administrative body, or other authorised third party (including, without limitation, counsel), where the disclosure of Personal Data is required by law, regulation or court order or where such disclosure is necessary for the protection and defence of our rights. 

d) Other instance 

We may ask if you would like to disclose your information with other third parties who are not described elsewhere in this Privacy Notice. Furthermore, we may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, without your consent, your Personal Data would not be transferred to the third party. 

5.4 Is your Personal Data transferred across the border?

Given the presence of EssilorLuxottica Group in many countries around the world and in order to provide you with personalized service worldwide, some of your Personal Data may be collected, accessible or stored outside your country of residence. 

As a result of the above, your Personal Data may be accessed and/or transferred to countries which do not have equivalent data protection laws to those required within the European Economic Area (EEA). 

In such cases, Alain Mikli ensures that, at all times, appropriate safeguards are implemented to ensure that your Personal Data is Processed in accordance with applicable legislation. In this respect, where your Personal Data is Processed by another EssilorLuxottica entity, the safeguards are based on the commitments taken on the basis of (ii) a dedicated transfer agreement binding upon the EssilorLuxottica entity involved in the Processing and (ii) a set of common rules applicable through the EssilorLuxottica Group Data Protection Policy.  

Where your data is Processed by EssilorLuxottica entities or third parties located outside the European Economic Area, Alain Mikli ensures that specific contractual protection is implemented to ensure that this requirement is addressed in accordance with applicable legislation, including as per Articles 44 et seq. of the GDPR. 

For further information with regard to the appropriate or suitable safeguards and the means by which to obtain a copy of them, you can contact us with the modalities as per Section 8 of this Privacy Notice. 

5.5 For how long do we retain your Personal Data?

We retain all or part of your Personal Data for the time strictly necessary for the reason:  

(a) to meet applicable statutory requirements for data retention, 

(b) to meet and comply with our legal and/or contractual obligations, 

(c) for as long as necessary to carry out each of the Purposes mentioned in this Privacy Notice, including for the purposes of satisfying any legal, accounting, reporting requirements. 

To determine the appropriate retention period for Personal Data, we consider jointly the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorized use or disclosure of your Personal Data, the Purposes for which we Process your Personal Data and whether we can achieve those Purposes through other means, and the applicable legal requirements. 

In particular, we hereby specify that your Personal Data will be retained for a period of 10 years for our invoicing and accounting purposes, save for the circumstances in which applicable laws may provide for different retention requirements. 

Furthermore, if you have consented to the Processing of your Personal Data for marketing activities (e.g., commercial and promotional communications, commercial newsletters, personalized offers, periodical updates related to our products, services initiatives and events, etc.), such a Data will be retained for 10 years as from the last interaction as for customers and for 2 years from the last interaction as for prospects. Last interaction is defined as the last contact you made and that is traceable by our systems or salespersons. 

In any case, please note that, as general rule, within EssilorLuxottica Group, retention and archiving of Personal Data will not exceed 10 (ten) years overall calculated as of the first record and/or consent renewal and/or any other relevant interaction, exception made for further legal hold obligations. 

Depending on how you interact with our Services, you may receive additional privacy notices with information as to how long we retain specific pieces of Personal Data.  

In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you, such as for statistical analysis, monitoring and/or enhancing our medical devices, R&D purposes, training AI models, etc. 

For any additional information on the retention of your Personal Data, you can contact us at the email address set out in section 8 of this Privacy Notice. 

5.6 We keep your data safe, updated and accurate

Alain Mikli has a responsibility for the security and accuracy of the Personal Data that it Processes about you and also for keeping data up to date. Alain Mikli has taken steps to eliminate duplicate copies of data and to facilitate updating of data that may change over time. 

5.7 Children’s Personal Data and other sensitive Personal Data (for US Web Users)

EssilorLuxottica does not collect, sell, or share Personal Data of consumer under 16 years of age. We do not use sensitive Personal Data for purposes other than those allowed by applicable legislation.  

6. HOW DO WE PROTECT YOUR PERSONAL DATA?


Alain Mikli regards the protection of Personal Data as an essential priority.  

In this respect, the Alain Mikli has implemented appropriate measures and safeguards to protect the Personal Data it Processes.  

This is reflected in EssilorLuxottica Group’s procedures described in the Group Data Protection Program, guidelines and policies and in the actual measures implemented throughout the Group. 

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only Process your Personal Data on our instructions, and they are subject to a duty of confidentiality. These measures range from technical security measures that protect IT systems to the physical security measures employed at EssilorLuxottica Group’s sites. Alain Mikli also requires its staff to participate in information security training. Details of these measures may be obtained from the Group Information Security Department. 

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so. 

7. YOUR RIGHTS


You can exercise any of the following rights, subject to verification of your identity where necessary: 

a) Right of Information and Access

You may request the confirmation of the existence of your Personal Data and to be informed of its content and source and obtain a copy of those Personal Data which our databases currently contain.

b) Right to Rectification

You may request to rectify what Personal Data our databases currently contain. We may not accommodate a request to change Personal Data if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

c) Right to Restriction of the Processing

When applicable, you may restrict the Processing of your Personal Data. When such restrictions are not possible, we will advise them accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent to the Processing of your Personal Data. 

d) Right to Object to the Processing

When applicable, you have the right to object to the Processing of your Personal Data on grounds relating to your particular situation, if the Processing is based on our legitimate interest. In addition, you have the right to object at any time to Processing where Personal Data are Processed for direct marketing Purposes, which includes profiling to the extent that it is related to such direct marketing. 

When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, to include withdrawing your consent to the Processing of your Personal Data.

e) Right to Erasure

If you should wish to have your Personal Data deleted, then you may submit a request. Upon receipt of such a request for erasure, we will confirm receipt and confirm once your Personal Data has been deleted.

f) Right to data Portability

Upon request and when possible and where applicable by local laws, we can provide you with copies of your Personal Data. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.

g) Right to Withdraw your Consent

Where Processing is based on consent, you may withdraw his/her consent at any time to the Processing of your Personal Data. Upon receipt of such a withdrawal of consent, we will confirm receipt and proceed to stop Processing your Personal Data.

h) Right to lodge a complaint with the relevant data protection supervisory authority

If you are not satisfied with the way we Process your Personal Data and/or respond to a request to exercise the rights you have exercised, you can lodge a complaint with the relevant data protection competent supervisory authority.

If you are a US Web User depending on the jurisdiction in which you reside or are located, you may have certain further rights regarding your Personal Data. We will verify your identity either to a “reasonable degree of certainty” or “reasonably high degree of certainty” depending on the sensitivity of the Personal Data, the risk of harm to you by unauthorized disclosure, deletion, or correction, and as required by applicable law. To do so, we will ask you to verify data points based on information we have in our records concerning you. If you are submitting a request on behalf of an individual, please submit the request through one of the designated methods listed below. 

a) Right of Information and Access

Further to what already set out at point a) above, you may also request the access to the categories of Personal Data, the categories of sources from which we collected Personal Data, the business or commercial purpose for collecting, selling, or sharing Personal Data (if applicable), the categories of third parties to whom we disclose Personal Data (if applicable), and the specific pieces of Personal Data we collected about you.

b) Right to Limit Our Use or Disclosure

If we use or disclose sensitive Personal Data for Purposes other than those allowed by applicable law, then you may submit a request to limit our use of disclosure of your sensitive Personal Data.

c) Right Not to Receive Discriminatory Treatment

You have the right not to receive discriminatory treatment by the business for the exercise of your privacy rights.

In order to exercise your rights, you may contact us at privacy@luxottica.com.

It is also possible for you to modify and update your preferences on how you wish to receive e-mails or other communications from us. You may also request that your information on your account is deleted.

8. HOW CAN YOU CONTACT US?


8.1 Contact of the Data Controller

The Data Controllers over the Processing of your Personal Data are set out in Section 1.1 of this Privacy Notice. 
Should you have questions or comments on this Privacy Notice or on any data Processing carried out by us, we may be contacted at the postal address set out in Section 1.1 above and/or at the email address specified in the preceding Section 7. 

8.2 Contact of the Data Protection Officer

Alain Mikli has appointed a Data Protection Officer which can be contacted at the following email address dpo@luxottica.com or through the contact methods provided for in section 8.1 above.

9. HOW CAN YOU KEEP TRACK OF CHANGES TO THIS PRIVACY NOTICE?


For legal and/or organizational reasons, this Privacy Notice may undergo changes. We suggest, therefore, checking this Privacy Notice regularly and to refer to the latest version of it, we will post the date it was last updated at the top of this Privacy Notice. 

In any case, an updated version of the Privacy Notice will be always available on the Website and the Services, and we will provide additional notice to you if we make any changes that materially affect your privacy rights.