Personal data policy

EssilorLuxottica and your personal data.

Understand why and how EssilorLuxottica processes your personal data.

Last updated: 10/26/2023

At EssilorLuxottica, we are committed to protecting the personal data of our customers.

Honoring this commitment is critical to our success and reputation, and ultimately to our ability to fulfill our mission of helping people see more, be more and live life to the fullest.

1. Introduction

1.1 Who are we?

Luxottica Group S.p.A., a limited company under Italian law, with registered office in Piazzale Cadorna n. 3 - 20123 Milan, Italy, as part of the EssilorLuxottica Group;


4Care GmbH, a corporation under German law with its registered office at Fraunhoferstr. 17, 24118 Kiel, Germany, as part of the EssilorLuxottica Group.

Hereinafter collectively "we", "us" or "EssilorLuxottica.

We are "Joint Controllers" for the purposes described below. This means that we are jointly responsible for deciding how we and the global organization worldwide with its subsidiaries and brands store and use personal data about you.

We are bound by data protection legislation and this Privacy Notice.

1.2 What is the purpose of this Privacy Notice?

We, our affiliated companies and our brands attach particular importance to the processing, confidentiality and security of your personal data.

The purpose of this Privacy Notice is to inform you in a clear, simple and complete manner about the processing of the personal data that you provide to us or that each of our subsidiaries/brands may collect in the various contacts you have with us (e.g. in store, customer care, websites, services, events, social networks, etc.), about their possible disclosure to third parties, as well as about your rights and the options you have to control your data and protect your privacy, in accordance with applicable legislation.

We may update this Privacy Notice at any time, but if we do, we will provide you with an updated version of this Notice as soon as practicable.

We may provide you with different or additional privacy notices in connection with certain activities, programs and offers.

We may also provide additional "just-in-time" notices that supplement or clarify our privacy practices or provide you with additional choices regarding your personal information.

Our websites contain links to websites and/or applications operated and maintained by third parties. Please be aware that we have no control over the privacy practices of websites or applications that are not owned by us. EssilorLuxottica recommends that you read the privacy notice of these third parties (see point 5.3.c.d).

1.3 What is this privacy notice about? Important definitions

For the application and interpretation of this Privacy Notice, the following terms and expressions, the first letter of which appears in capital letters, shall have the meaning assigned to them below:

Personal Data//Personal Information

Any information about an individual (the data subject) by which that person can be directly or indirectly identified (name, contact details, identification number, etc.). The categories of personal data that we may process are listed in this privacy notice.

Applicable legislation

Refers to all laws, regulations, directives, decrees at local, national or supranational level on data protection or others that directly or indirectly affect the processing of personal data.

Processing of personal data

Any operation or set of operations which is performed on your personal data, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, restriction, erasure or destruction.

Recipient of the data

A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.


Refers to the purpose of the processing. In other words, the grounds on which the personal data is collected.

Data controller

Refers to the natural or legal person, department or organization that alone or jointly with others determines the purposes and means of the processing of personal data.

Joint controller

Refers to two or more controllers who jointly determine the purposes and means of the processing.


Refers to a natural or legal person, public authority, agency or other body which processes personal data on behalf of and under the instructions of the controller.


Means subsidiaries of the Essilor-Luxottica Group, its ultimate holding company and its subsidiaries or companies that it controls, are controlled by it or are under common control, as well as its service providers and strategic business partners.

2 Where does the personal data come from?

The personal data we collect will depend on the contact point you use to contact us and the purposes of that interaction as described in this Privacy Notice and will be limited to that which is relevant and appropriate to that interaction.

We use various methods and sources to collect information from and about you. We collect and receive information:

a) Provided directly by you

During the registration process, account creation on the Sites and/or Services, or when you complete an order or participate in our engagement programs, contests and events, and when you contact us regarding an inquiry, feedback or complaint. In certain circumstances, we may also keep records of customer service calls and keep a transcript of chats for quality assurance and quality management purposes.

b)Use of automated tracking systems

We may use some technologies (e.g. cookies and automatic tracking systems) that automatically collect certain information about the way you use the Websites and the Services. For more information about the use of personal data collected through automatic tracking systems, please read carefully our Cookie Policy, which you can find here.

c)Through store visits and other offline technologies

When you visit our stores, information may be collected during the purchase process, the creation of an unrealized offer, the customization of the products purchased and the visual checks that may be carried out in the stores. We also use video surveillance in our stores for security, fraud, loss, prevention and operational purposes.

d)From the social network profile

If you decide to log in to the Websites and/or the Services via social network applications or link your account to your public profiles on social networks and share your actions on the Website and/or the Services via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.) on these channels. The use of said plug-ins will result in the corresponding actions and information being shared on the relevant social networks (see point 5.3.c.d).

e) From you when you apply for a job

The application data received for the application process, which may be transmitted in various ways. If an employment contract is concluded with an applicant, the data transmitted will be processed for the purpose of handling the employment relationship. If no employment contract is concluded with the applicant, the application documents will be deleted in accordance with point 5.5 of this data protection notice.

Unless it has been individually agreed with the applicant to keep the data for longer in order to be able to contact him/her in the event of future job offers.

f)From other sources

We may receive information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, providers who provide services on our behalf or from publicly available sources. We also compile information based on our analysis of the information we have collected from you.

3. what personal data can we process about you?

The personal data we collect will depend on the contact point through which you contact us and the purposes of that interaction, as described below in this Privacy Notice, and will be limited to that which is relevant and adequate for that interaction.

3.1 Categories of personal data


Identifying information Including first and last name, email address, gender, date of birth, country of residence, postal address and telephone numbers

Payment information This includes data related to your credit card for the purchase of products through the Sites and the Services (payments are processed through a secure platform supplemented by control measures, including encryption of contact details) and details of products you have purchased from us.

Profile and Commercial Data This includes account name, password, personal data you have posted on your social networks, billing and delivery addresses, details of products and services you have purchased from us (in store or online, including your order, tracking and invoices, amount and type of purchase) and your interests, preferences, feedback and survey responses.

Marketing and Communications Data
This includes your preferences in receiving marketing from us, your communication preferences and information contained in preferences and information contained in correspondence you send to us or in inquiries we receive from you, or that we ask you to provide when reporting problems with the websites, services or products purchased.

Health and medical data
This includes ophthalmologist prescriptions, eye examinations, measurements (optical correction, pupillary distance, etc.), adjustments, information that affects your visual health and eye tests that may be carried out in our stores, and information about hearing and ear condition.

Device information
This includes, for example, the IP address or other unique code of your device (computer, cell phone or other device), identification as a registered user or not (login details), technical information such as the URL you came from, time zone setting and location, browser information and language.

Navigation information
This includes information about your interactions with our websites, our services, emails, products or advertising, as well as statistical data relating to these interactions.

Application data
This includes data for handling the application process such as CV/professional background, photo, date of birth, contact details.

Personal data of our business partners
This includes the contact details of the contact persons at our business partners.

3.2 Processing of sensitive data

Certain categories of personal data that we process for the purposes listed below are classified as "sensitive" personal data. This applies in particular to the health and medical data and the data relating to your care, as described above, that we may process.

However, we only process sensitive data

where required or permitted by applicable local law;

using appropriate safeguards to ensure the protection of such "sensitive" personal data; and;

if you have given us your prior explicit consent in accordance with Article 9 of the General Data Protection Regulation.

However, if you do not give your explicit consent to the processing of your health and medical data and your data in connection with your care, you will not be able to use the services described above in the stores and via the websites and services.

4. Why do we process your personal data?

We are obliged to use your data for purposes arising from the nature of our relationship. Depending on the context in which your data is collected, it may be used for one or more of the following purposes:


Tracking and fulfillment of your in-store and online orders and customer service management


  • Preparation of an offer;
  • Manage product sales, online and in-store orders (purchase, delivery and provision of products and services)
  • Manage invoicing and warranty;
  • Managing the follow-up and provision of customer service and customer relations (including e.g. returns, warranty and customer care);
  • Manage contactology and jars on the delivery of the order to customer service

Legal basis

Conclusion of contract


Management of transactions and potential unpaid invoices


Make secure online and in-store payments (taking into account invoicing obligations);

Manage incidents related to payments and debts;

Process potentially unpaid invoices:

Identify known unpaid invoices

To inform you of this unpaid amount, of the options available to you to settle it, of the possibility to make comments and, if necessary, to request a review of your situation.

Legal basis

Conclusion of contract


Creation and management of accounts and enrollments


  • Allow you to register on our websites and create your own account;
  • Providing the services available through the Websites and the Services (e.g. managing the registration process and access to the account, account management, reminder of products in the shopping cart, etc.);
  • Manage your customer profile;
  • Enable participation in our engagement programs;
  • Enable participation in our competitions, contests and initiatives;

Legal basis



Communication between us


  • To send you commercial and promotional communications and periodic updates (e.g. by email, telephone, SMS/MMS, post, social network and newsletter) about our products, services, initiatives and events;
  • Manage our personalized commercial offers based on the analysis of your personal data in terms of spending level, product category, date of birth and purchasing methods);
  • fulfilling your requests (e.g. managing requests for information, booking eye tests, providing the "share with a friend" function, notifying you with the "back in stock" function, etc.);

Legal basis



Eyesight checks performance


  • You can use the eye examination service of your optician (management of appointments, prescriptions, etc.);

Legal basis



Purposes of the analysis


  • Management of personalized content and communications;
  • Performing statistical analysis on customer audiences;
  • Analyzing the performance of our websites and services, our media investments and marketing campaigns, and our web orders;

Legal basis



Compliance with legal obligations


  • The requirements of laws, regulations, protocols and national and EU legislation (including targets for medical devices) must be complied with;
  • Implement the decisions of public authorities;
  • Management of care related to health insurance and ancillary organizations (medical diagnoses, healthcare, management of care or treatment and management of healthcare services provided by a healthcare professional;
  • Management of requests to exercise your rights.
  • Product traceability (Regulation (EU) 2017/745 of the European Parliament and of the Council of April 5, 2017 on medical devices);
  • Data retention for accounting and tax obligations.
  • Fraud prevention (certain automated or manual procedures are used to verify your online payments and combat payment fraud and identity theft)

Legal basis

Legal obligation


Pursuit of legitimate interests


  • To send you commercial communications by email about similar products, events and services that have already been offered to you, unless you object to such processing at the time of collection and at the time of each communication.
  • To assert or defend legal claims in judicial, administrative or extrajudicial proceedings in relation to our rights, those of our group companies and/or our representatives, shareholders, officers and directors;
  • To enable the technical administration of the Sites and the Services and their operational functions, including resolving technical issues, performing tests, updates and upgrades that cannot be performed with non-personal information;
  • Preventing or detecting fraudulent activity or misuse of the Sites and the Services or against the EssilorLuxottica Group and/or users of the Sites and the Services;
  • Completing a potential merger, sale of assets, transfer of all or substantially all of the business or financing transaction by disclosing and transferring the personal data to the third party or parties involved in the transaction as part of the transaction;
  • Conducting surveys and market research in relation to our products and services by post or email;
  • Anonymizing personal data to perform statistical analysis.

Legal basis

Legitimate interest

5. How do we process your personal data?

5.1 How do we process your personal data?

Your personal data is processed both electronically and manually only to the extent necessary to pursue the above-mentioned purposes.

We are committed to protecting your personal data.

We would like to point out that the password is one of the account's protection mechanisms. Therefore, you are requested to use a password that is sufficiently secure and kept in a safe place, limiting access to it to your own computers and browsers and disconnecting after visiting the Sites and/or Services.

All personal data provided by you will be stored on secure servers, with appropriate security measures taken to protect the personal data from unauthorized access, to ensure the accuracy of the personal data and to guarantee the proper use of the information.

In addition, a secure system is used to authorize credit card payments and detect fraudulent activity. We use the SSL (Secure Sockets Layer) standard to protect the confidentiality of your personal data.


5.2 We share your personal data with other affiliated companies of the group

EssilorLuxottica is a global company with offices and operations around the world. Most of your personal data is stored and processed in a number of global applications used by EssilorLuxottica's subsidiaries around the world. Most of the processing of your personal data is carried out by the concentrated services of two companies: Essilor International and Luxottica Group S.p.A.

We may share your personal data with certain affiliates or brands of the EssilorLuxottica Group, based on your preferences and interests in relation to those affiliates or brands for the purposes set out in this Privacy Notice, in each case within or outside your country to the extent permitted and required by applicable law and/or in other circumstances with your consent.

We may also share your data for our internal business, technical or marketing purposes (e.g. to offer you similar products or services).

5.3 Will your personal data be shared with third parties?

a) Service providers

We may share your personal data with our third party service providers who are engaged in processing activities that provide us with services or support and advice, including but not limited to technology, accounting, administration, legal, insurance, IT, marketing and data analytics.

Each service provider acts as a data processor on our behalf and in accordance with the instructions received from us on the basis of a specific agreement pursuant to Article 28 of the GDPR, which sets out its obligations and guarantees the implementation of appropriate technical and organizational measures to comply with applicable legislation and protect your rights.

We require that such a third party provider is subject to strict control and provides appropriate guarantees for the security and confidentiality of your personal data.

b) Business partners (e.g. manufacturers and brands of contact lenses)

If your order is delivered directly by the manufacturer, we will transfer your data to our distribution partners.

In these cases, however, the scope of the data transmitted is limited to the necessary minimum.

Our partners have been carefully selected by us and are obliged to treat your data confidentially in accordance with the statutory provisions and to comply with our own data protection standards. In particular, our partners are not permitted to pass on our customers' data to third parties for advertising purposes.

c) Sale or merger

We may also pass on your personal data

in the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets; or

if we sell, buy, merge with, acquire, partner with or sell some or all of our assets to other companies or businesses. In such transactions, your personal data may be one of the transferred assets.

We may share any information we collect in connection with a major corporate transaction, such as the sale of a website, merger, consolidation, sale of assets, or in the unlikely event of bankruptcy.

d) Third party social network providers

If you choose to log in to the Websites and/or the Services through social networking applications or link your account to your public social networking profiles and share your actions on the Website and/or the Services through the relevant plug-ins (e.g. Facebook Connect, I like, fb share, etc.) on these channels, these third-party services may be able to collect information about you, including information about your activities on the Websites and/or the Services, and they may inform your connections to the third-party services about their use of the Websites and/or the Services. The use of your personal information by these services is not governed by this Privacy Notice, but by their own privacy policies.






e) Legal procedure

We are entitled to disclose your personal data to authorities, courts, administrative bodies or other authorized third parties (including, without limitation, lawyers) if the disclosure of personal data is required by law, regulation or court order or if such disclosure is necessary for the protection and defence of our rights.

f) Other instance

We may ask you if you wish to share your information with other third parties not described elsewhere in this Privacy Notice. In addition, we do not sell, rent or lease your personal data to third parties.

The above recipients process your personal data as data controllers, data processors or agents, depending on the circumstances.

A full list of data processors is available on request from us using the contact details provided in this Privacy Notice.


5.4 Will your personal data be transferred across borders?

Given EssilorLuxottica's presence in many countries around the world and in order to provide you with a personalized service worldwide, some of your data may be collected, accessed or stored outside your country of residence.

As a result, your personal data may be accessed and/or transferred to countries that do not have equivalent data protection laws to those that apply in the European Economic Area (EEA).

In such cases, EssilorLuxottica will ensure that appropriate safeguards are in place at all times to ensure that your personal data is processed in accordance with applicable law. If your personal data is processed by another EssilorLuxottica entity, the safeguards will be based on the commitments entered into on the basis of (i) a specific transfer agreement binding on the EssilorLuxottica entity involved in the processing and (ii) a set of common rules applicable through the EssilorLuxottica Group Privacy Policy.

If your data is processed by EssilorLuxottica entities or third parties outside the European Economic Area, EssilorLuxottica will ensure that a specific contractual protection is implemented to ensure that this requirement is met in accordance with the applicable legislation pursuant to Article 44 et seq. of the GDPR.

For more information on the appropriate or suitable safeguards and the means by which you can obtain a copy, you can contact us using the contact details provided in this Privacy Notice.

5.5 How long do we keep your personal data?

We will retain all or part of your personal data for as long as is strictly necessary for the following reasons:

(a) To comply with applicable legal data retention requirements;

(b) To fulfill and comply with our legal and/or contractual obligations;

(c) For as long as necessary to fulfill the purposes outlined in this Privacy Notice, including for the purposes of satisfying any legal, accounting, and reporting requirements.

In determining the appropriate retention period for personal data, we consider together the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Data used to prove the fulfillment of the contract: 10 years

Data from customers for marketing activities: 10 years - from the last interaction with us

Data of interested parties for marketing activities: 3 years - from the last interaction with us

Evidence regarding the implementation of your rights in accordance with point 7: 3 years

Application data: 6 months - exception point 2 - e

In certain circumstances, we may anonymize your personal data so that it can no longer be associated with you, in which case we may use this information without further notice to you.

5.6 We keep your data secure, up to date and accurate

We are responsible for the security and accuracy of the personal data we process about you and must keep the data up to date. We have taken steps to avoid duplicate copies of data and to facilitate the updating of data that may change over time.

6 How do we protect your personal data?

We consider the protection of personal data to be a key priority.

In this regard, we have taken appropriate measures and safeguards to protect the personal data we process.

This is reflected in EssilorLuxottica's procedures described in the EssilorLuxottica Group Privacy Program, Guidelines and Principles, as well as in the specific measures implemented within the Group.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed without authorization, altered or disclosed. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are bound by a duty of confidentiality. These measures range from technical security measures to protect IT systems to physical security measures at EssilorLuxottica sites. EssilorLuxottica also requires its employees to participate in information security and data protection training. Details of these measures can be obtained from the Group's Information Security Department.

We have procedures in place to deal with suspected data security breaches and will notify you and the relevant regulatory authorities of a breach where we are legally required to do so.

7. Your rights

You may exercise any of the following rights, subject to verification of your identity where applicable:

(a)Right to information and access

You may request that the existence of your personal data be confirmed and that you be informed of its content, the purposes of processing, the categories of recipients, the duration of storage and the source, and that you receive a copy of the personal data currently stored in our databases.

b)Right to rectification

You may request that the personal data stored in our databases be corrected. We may not comply with a request to amend personal data if we believe that the amendment violates a law or statutory provision or results in the information being incorrect.

c)Right to restriction of processing

If necessary, you can restrict the processing of your personal data. If such a restriction is not possible, we will inform you accordingly. You may then exercise all other rights under this Privacy Notice, including withdrawing your consent to the processing of your personal data.

d)Right to object to processing

Where applicable, you have the right to object to the processing of your personal data on grounds relating to your particular situation if the processing is based on our legitimate interest. In addition, you have the right to object at any time to processing where personal data is processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.

If such objections are not possible, we will inform you accordingly. You then have the option to exercise another right in accordance with this data protection notice, e.g. to withdraw your consent to the processing of your personal data.

e)Right to erasure

Under certain conditions, you have the right to have your personal data erased. Upon receipt of such a request for erasure, we will acknowledge receipt, review your request, make a decision and notify you of this decision.

f)Right to data portability

Upon request, we may provide you with copies of your personal data in a structured, commonly used and machine-readable format, where this is possible and provided for by local law. If such a request cannot be complied with, we will inform you accordingly. You will then have the opportunity to exercise any other rights under this notice, including withdrawing your consent. Where appropriate, we will ensure that such changes are passed on to trusted third parties.

g) Right to withdraw consent

Where processing is based on consent, you may withdraw your consent to the processing of your personal data at any time. Upon receipt of such withdrawal of consent, we will confirm receipt and cease processing your personal data.

h)Right to lodge a complaint with the competent data protection supervisory authority

If you are not satisfied with the way we process your personal data and/or with our response to a request to exercise your rights, you may lodge a complaint with the competent data protection supervisory authority.

To exercise your right, please contact:

Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein,

Holstenstraße 98, 24103 Kiel,

Phone: +49 431 988-1200, Fax: +49 431 988-1223



We also offer you tools for updating and changing your personal data. Indeed, each registered user can access and update their own information (e.g. via the user account).

You can also change and update your preferences regarding how you wish to receive emails or other communications from us. You can also request that your account information be deleted.

For information on how to withdraw your consent to cookies, please see the Cookie Notice.

8 How can you contact us?

8.1 Contact details of the controller

The controller responsible for the processing of your personal data is 4Care GmbH, with registered office at Fraunhoferstr. 17, 24118 Kiel, Germany.

If you have any questions or comments about this data protection notice or data processing by 4Care GmbH, you can contact our data protection officer (external data protection officer):

ePrivacy GmbH

represented by Prof. Dr. Christoph Bauer

Grosse Bleichen 21

20354 Hamburg

8.2 Contact details of the data protection officer

4Care GmbH has appointed a data protection officer who can be contacted at the following e-mail address or at the address given in the section "HOW CAN YOU CONTACT US?" of this privacy notice.

9. how can you follow the changes to this privacy notice?

For legal and/or organizational reasons, this Privacy Notice may be subject to change. We therefore recommend that you check this privacy notice regularly and refer to the latest version. The date of the last update can be found at the beginning of this data protection notice.

In any case, an updated version of the Privacy Notice will always be available on the Websites and the Services, and we will additionally inform you if we make any changes that materially affect your privacy rights.

Sign up for the newsletter and get a €8 voucher!