Top

1.2 What does this Privacy Policy apply to?

• EssilorLuxottica and all its Affiliates (as defined below) attach particular importance to the Processing, confidentiality and security of your Personal Data.

  The purpose of this Privacy Policy is to inform you in a clear, simple and complete manner about the Processing carried out on the Personal Data that you provide us with, or that we can collect from the different points of contact that you may have with us (e.g. stores, customer care, websites, events, social networks, etc.), their possible transfer to third parties as well as your privacy rights and the options that you have to control your Personal Data and to protect your privacy, in accordance with the applicable legislation.

  We may update this Privacy Policy at any time, but if we do so we will provide you with an updated copy of this Privacy Policy as soon as reasonably possible as per Section 9 below.

  We may also provide you with different and/or additional privacy policies in connection with certain activities, programs and offerings: in such cases, please refer to the relevant privacy policy governing the activity, program and/or offering you are benefiting to understand more about the Processing of your Personal Data in that specific circumstance.

  Please also note that this Privacy Policy does not apply to the services provided by other companies acting on their own account, such as franchisees and licensees, or when you share information on social networks or other online platforms owned and managed by third companies, even when their links are included on our websites. These other companies have their own privacy policies in place, so remember that the way they use any Personal Data you give them will be subject to their own rules. Oliver Peoples encourages you to review the privacy policies of these third parties before connecting and/or providing them with your Personal Data.
  

Top

1.3 What is this Privacy Policy about? Key definitions

• Affiliate(s)	Any legal entity that, directly or indirectly, controls, is controlled by, or is under the common control of EssilorLuxottica S.A. (as the ultimate holding company of the EssilorLuxottica Group), where “control” means the ownership, direct or indirect, of at least 50% of the share capital or voting rights in such a legal entity
  Data Controller	The natural or legal person, department or organisation which, alone or jointly with others, determines the Purposes and means of the Processing of Personal Data
  Data Processor	The natural or legal person, department or other body which processes Personal Data on behalf of and on the instructions of the Data Controller
  EssilorLuxottica Group (or, simply, EssilorLuxottica or Group )	EssilorLuxottica as global organization, i.e. jointly EssilorLuxottica (as ultimate holding company) and all its Affiliates
  GDPR	The Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data, and repealing Directive 95/46/EC (the “General Data Protection Regulation”)
  Joint Controller(s)	The party which, together with others, decides about Purposes and means for the Processing of Personal Data. So, we speak about Joint-Controllership over Personal Data, when two or more data controllers jointly determine Purposes and means of the Processing.
  Personal Data (or simply Data )	Any information about an individual ( Data Subject(s) ) from which that person can be identified (e.g., name, contact details, identification number, etc.). The categories of Personal Data that we may process are enumerated below in this Privacy Policy
  Personal Data Breach	A breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to, Personal Data transmitted, stored or otherwise processed
  Processing (of Personal Data)	A ny action conducted concerning your Personal Data such as, the collection, recording, organization, storage, modification, transfer, deletion, access, consultation, etc. of such Data
  Product(s)	Frames, lenses, contact lenses and any other goods provided for sales in our stores or on our websites
  Purpose(s)	The purpose(s) of the Processing; in other words, the reasons why Personal Data is collected
  Service(s)	The services we provide our Data Subjects with, both in store and online (e.g., virtual try on, eye exams, etc.)
  Supervisory Authority	An independent public authority, which is established by a Member State of the European Union or a state for which there is an adequacy decision in order to enforce the applicable data protection laws (such as, but not limited, the CNIL in France, the Irish Data Commission in Ireland, the ICO in the UK, the Garante per la protezione dei dati personali in Italy).
  UK GDPR	The GDPR enacted into English law , and which took effect on 31 January 2020

  Likewise, this Privacy Policy will apply to the following Data Subjects:

  Clients	Data Subject s who purchase Products or Services offered by Oliver Peoples, whether in store or on www.oliverpeople.com (the “ Website ”)
  Prospects	Data Subjects who showed an interest in Oliver Peoples Products or Services, but who have not made any purchase yet
  Web Users	D ata Subjects who access the Website
  Registered Users	Data Subjects who have registered and created a personal account on the Website.
  Eyesight Checks Users	D ata Subjects who have undergone an eye exam / eyesight check (where the Service is active).
  Marketing Communication Users	Data Subjects who have subscribed to receive marketing communications from Oliver Peoples. They may include both Customers and Prospects.
  Social Media Users	Data Subjects who voluntarily follow Oliver Peoples activity on social media.

Top

2. WHERE ARE PERSONAL DATA COLLECTED FROM?

• 1. Provided directly by you

  We collect the Personal Data you provide us with during the registration process in our stores, the creation of an account on the Website, when completing a purchase order or joining our engagement programs, prize competitions and events and when you contact us for request, feedback or complaint.

  We also record customer service calls and maintain a transcript of chats for a limited period of time for training Purposes and quality assurance.

  2. By using automatic tracking systems

  We use some technologies (e.g., cookies and automatic tracking systems) that automatically collect certain items of information relating to the way in which you utilize the Website and the Services. For further information on the use of Personal Data collected through automatic tracking systems, please read carefully our Cookie Notice available here .

  3. In occasion of your store visits and through other offline technologies

  Where we have stores and you visit them, information may be collected during the purchasing process and the eyesight checks that we may carry out there (or from the eye prescriptions that you may deliver to us) for the purchase of our Products.

  We also use CCTV in our stores for safety, security, fraud and loss prevention, and for operational Purposes. For more information regarding the Data collection through CCTV systems, please refer to the dedicated privacy policy present in the relevant store.

  4. From other sources

  We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on behalf of us, or publicity available sources. We create also information based on our analysis of the information we have collected from you.

Top

3. WHAT PERSONAL DATA MAY WE PROCESS ABOUT YOU?

3.1 Categories of Personal Data

• CATEGORY OF DATA	TYPES OF DATA	DATA SUBJECT
  Identifiable and contact information	Including such as name and surname, e-mail address, gender, date of birth, country of residence, postal address and phone numbers	Clients, Prospects, Web Users, Registered Users, Eyesight Checks Users, Marketing Communication Users and Social Media Users
  Payment information	Including such as Data related to your purchasing and payment methods through the Websites and the Services (payments are made via a secure platform, supplemented by control measures, including encryption of contact details) and details of Products you have purchased from us	Clients and Registered Users
  Profile and Commercial Data	Including such as account name, password, Personal Data published on your social network, billing and delivery addresses, details Products and Services which you have purchased from us (both in store or online, including your order, tracking and invoices, amount and type of purchase) and your interests, preferences, feedback and survey responses	Clients and Registered Users
  Marketing and Communications Data	Including such as your preferences in receiving marketing from us, your communication preferences and information contained in any correspondence or requests sent by you to us, or asked to you by us	Clients, Prospects, Registered Users and Marketing Communication Users
  Health and Medical Data (where applicable)	Including such as ophthalmic prescription, eye examinations, measurements (optical correction, pupillary distance, etc.), adaptations and information having an impact on your visual health and eyesight checks	Clients, Registered Users, Web Users, Eyesight Check Users
  Data related to your care ( where applicable )	Including such as the name of the complementary organization and the relevant platform, information related to health coverage	Clients, Eyesight Check Users
  Device information	Including such as the IP address or other unique code of your device (computer, mobile or other devices), identification as registered user or not (login Data), technical information that may include the URL from where you originate, time zone setting and location, browser information and language	Clients, Prospects, Registered Users, Web Users, Marketing Communication Users and Social Media Users
  Navigation information	Including such as information regarding your interactions with our Website, our Services, emails, Products or advertisements and statistical Data relating to these interactions	Clients, Prospects, Registered Users, Web Users, Marketing Communication Users and Social Media Users

Top

3.2 Processing of Special Personal Data

• Certain categories of Personal Data we may process for the Purposes set out below, are qualified as “sensitive” Personal Data, as they fall within the definition of special categories of Personal Data provided for by art. 9 of the GDPR/UK GDPR (“ Special Personal Data ”). This is particularly the case of Health and Medical Data and Data related to your care, as described above, that we may process.

  However, please note that we only process such Sensitive Data:

  • where it is required or allowed under local applicable legislation,

  • while implementing adequate safeguards to ensure the protection of such Special Personal Data, and

  • where one of the alternative conditions set out at Article 9 of the GDPR/UK GDPR is fulfilled.

  However, please note that, when your explicit consent is required to process your Health and Medical Data and Data related to your care and you don’t grant it to us, you will not be able to purchase certain Products and/or benefit of certain Services for which Processing of Sensitive Personal Data is mandatorily required.

Top

4. WHY DO WE PROCESS YOUR PERSONAL DATA?

• We are required to use your Data for Purposes defined according to the nature of our relationships. Thus, depending on the context in which your Data is collected, it may be used for one or more of the following Purposes:

  PURPOSES	DETAILS	LEGAL BASIS
  Follow-up and execution of your orders in store and on the Website, the after-sales services and supplementary services management	Formalize a quotation Manage Product sales and orders (purchase, delivery and supply of Products and Services) Manage invoicing and warranty Manage follow-up and provide after-sales services and customer care assistance (including, for example, returns, warranty and customer support) Management of care in connection with health insurances and supplementary organizations where applicable	Performance of a contract
  Management of payments and of potential unpaid invoices	Carry out online and in-store payments and issuance of the relevant invoices Manage incidents related to payment and debts Process potential unpaid invoices: identify your unpaid invoices inform you of this unpaid amount, the means available to you to regularize it, the possibility of making observations and requesting a review of your situation if necessary	Performance of a contract
  Account/Customer creation and management	Allow you to register to our Website and create your own account Allow your registration in the stores through the creation of your user’s profile inside our POS systems Provide the Services available through the Websites and in the stores (e.g., booking of an appointment, reminder for Products in the shopping cart, etc.) Manage your client profile	Performance of a contract
  Subscriptions management	Permit you to join our engagement programs (including, where applicable the loyalty program, and receiving commercial and promotional communications in the context of such a loyalty program) Allow you to participate to our contests, prize competitions and initiatives	Consent
  Communications and interactions between us	Send you commercial and promotional communications and periodical updates related to our Products, Services, initiatives and events (e.g., via e-mail, phone, SMS/MMS, WhatsApp and/or any other messaging tool from mobile, via post). These marketing activities include also creating lookalike, retargeting and exclusion campaigns on web platforms and social networks. In such cases, before it is shared, your e-mail address is masked, in order to make impossible for the third-party provider to identify you Personalize our commercial offers based on the analysis of your Personal Data (e.g., birthday offers) Fulfil your requests (e.g., management of your requests for information, booking an eye exam, providing you with the “share with a friend” feature, notify you with the “back in stock” feature, find the store nearest to you, etc.)	Consent
  Performance of Eye Exams / Eyesight checks (where applicable)	Allow you to benefit from the eye examination service provided by our opticians (manage the scheduling of appointments, prescriptions, etc.) and/or through our tools Carry out all the eyes and/or face measurements needed for the manufacture and supply of the Products Use the results of the eye examinations or the eye prescriptions delivered by you in store for the manufacturing and delivery of the Products to you	Consent
  Virtual Eyewear trial software use (where applicable)	Offer you virtual try on services whereby you can virtually try on sunglasses and eyeglasses through computer, mobile or other devices, even the ones in our stores, by digitally adding frames to your image in real-time or to photos or videos of your face*. *On this regard, we invite you to refer to the dedicated privacy policy of these technologies, which is presented when accessing to/using them	Consent
  Law compliance	Comply with the requirements of laws, regulations, protocols and national and EU legislation in force (including medical device legislation) Implement the decisions issued by Public Authorities Manage your requests to exercise your privacy rights Grant the Product traceability Retain Data in compliance with accounting and tax obligations Combating frauds (e.g., certain automatic or manual processes are designed to verify your online payments and to combat frauds involving payment methods and identity theft)	Compliance with a legal obligation
  Legitimate interest’ pursuit	Send you commercial communications via your electronic contact details on similar products, events and services already provided to you, unless you object to such a Processing at the time of the collection and on the occasion of each communication Exercise our rights and/or defend ourselves in court, administrative and out-of-court proceeding, including those concerning our Group, Affiliates, representatives, shareholders, officers and directors Enable the technical management of the Website and the Services and its operational functions, including solving any technical problems and performing tests, updates and upgrades that cannot be performed through the use of mere non-personal data Prevent or identify fraudulent activities and/or misuses of the Website and the Services, or in general against the EssilorLuxottica Group and/or the users of the Website and the Services Complete a potential merger, sale of assets, transfer of all or a material part of the business or financing transaction by disclosing and transferring the Personal Data to the third party (or parties) involved Conduct surveys and market research concerning our Products and Services Anonymize Personal Data, for example in order to perform statistical analysis, monitor and/or enhance our medical devices, R&D Purposes, train AI models, etc.	Legitimate interest

Top

5.HOW DO WE PROCESS YOUR PERSONAL DATA?

• The Processing of your Personal Data is carried out, electronically and manually, only within the limits necessary to pursue the Purposes outlined above.

  We undertake to protect your Personal Data. To better understand how we protect your Personal Data please refer to Section 6 below.

Top

5.1 Do we share your Personal Data with other Affiliates of the Group?

• EssilorLuxottica is a global organization with offices and operations throughout the world and most of your Personal Data is stored and processed within a range of global applications that is used globally by the Affiliates of our Group. The majority of the Processing of your Personal Data is carried out through the concentrated services of two entities: Essilor International and Luxottica Group S.p.A.

Top

5.2 Is your Personal Data transferred to third parties?

• Your Personal Data will be processed by our employees bound by confidentiality and privacy obligations and based on specific authorizations and instructions from us.

  Your Data may, also, be communicated to the external parties below, which will process your Personal Data as Data Processors or independent Data Controllers depending on the circumstances. More information about such third parties is available on request pursuant to Section 8 of this Privacy Policy.

  1. Service providers

  We may disclose your Personal Data with our third-party service providers that provide us with their services, assistance and advice, with special – but not exclusive – reference to technology, accounting, administrative, legal, insurance, IT, marketing, payment, customer service, Data Subjects requests management, Data analysis matters.

  Each service provider may act, depending on the case and on the specific nature of our relationship, as:

  • Data Processors, on behalf of and in accordance with the instructions received from us, by virtue of a specific agreement in place per Article 28 of the GDPR/UK GDPR, which sets out specific obligations and guarantees of implementation of appropriate technical and organizational measures;

  • independent Data Controllers (such as payment providers).

  Please note that we require that any such third-party providers are subject to strict control and implement appropriate guarantees of security and confidentiality of your Personal Data.

  2. Sale or merger

  We may also disclose your Personal Data in the event that we sell, buy, merge with, are acquired by, or partner with other companies or businesses, or sell some or all of our assets, or in the unlikely case we are part of a bankruptcy.

  In such cases, we may disclose your Personal Data to the prospective purchaser of such business or assets or business counterparts in general, and your Personal Data may be among the transferred assets as well.

  3. Click on social network icons present on the Website

  Where present on our Website, if you click on the icons dedicated to social networks (e.g., X (Twitter), Facebook, TikTok, YouTube, Instagram, etc.), you are redirected to these external websites.

  Oliver Peoples does not either collect or process Data about you or the sharing that you make via social network.

  When you are redirected to the social network, your interactions and information are collected by the social network itself and are subject to that social network’s own privacy policy.

  4. Legal process

  We may disclose your Personal Data to any authority, court, administrative body, and/or other authorized third party (including, without limitation, external legal counsel), where the disclosure of such Personal Data is required by law, regulation or court order, or where such a disclosure is necessary for the protection and defense of our rights.

  5. Other instances

  Please note that we do not sell,rent, or lease your Personal Data to any third parties. Anyhow, in certain instances, we may ask you if you would like us disclosing your Personal Data to other third parties who are not described elsewhere in this Privacy Policy, as well as we might also, from time to time,contact you on behalf of external business partners about a particular offering which may be of interest to you. Please note that, in all these cases, without your explicit consent, your Personal Data will not be transferred in any way and to anyone.

Top

5.3 Is your Personal Data transferred across the border?

• Given the presence of the EssilorLuxottica Group in many countries around the world and in order to provide you with personalized services worldwide, some of your Personal Data may be transferred to, made accessible from and/or stored outside your country of residence, including in countries which do not have data protection laws equivalent to those existing within the European Economic Area (EEA). In such cases, Oliver Peoples ensures that, at all times, appropriate safeguards are implemented to ensure that your Personal Data is processed in accordance with applicable legislation.

  In this respect, where your Personal Data is processed by any of our Affiliates, the mentioned safeguards are based on the commitments taken on the basis of (ii) a dedicated transfer agreement binding upon the EssilorLuxottica entities involved in the Processing and (ii) a set of common rules applicable throughout the EssilorLuxottica Group (the EssilorLuxottica Group Data protection policies).

  Where your Personal Data is processed by Affiliates or third parties located outside the EEA (such as, but not limited to, in the United States), Oliver Peoples ensures that specific contractual protection is implemented to ensure that this requirement is addressed in accordance with the applicable legislation, as per art. 44 and following of the GDPR/UK GDPR.

  For further information on international Personal Data transfers, you can contact us as set out at Section 8 of this Privacy Policy.

Top

5.4 For how long do we retain your Personal Data?

• We retain all or part of your Personal Data for the time strictly necessary:

  1. to meet applicable legal and/or statutory requirements for Data retention,

  2. to meet and comply with our legal and/or contractual obligations,

  3. for as long as necessary to carry out each of the Purposes mentioned in this Privacy Policy, including for the Purposes of satisfying any legal, accounting, reporting requirements.

  To determine the appropriate retention period for Personal Data, we consider jointly the amount, nature, and sensitivity of the processed Personal Data, the potential risk of harm arising from the unauthorized use or disclosure of your Personal Data, the Purposes for which we process your Personal Data and whether we can achieve those Purposes through other means, and the applicable legal requirements.

  In particular, we hereby specify that your Personal Data will be retained for a period of 10 years for our invoicing and accounting Purposes, save for the circumstances in which applicable laws may provide for different retention requirements.

  Furthermore, if you have consented to the Processing of your Personal Data for marketing Purposes (e.g., commercial and promotional communications, newsletters, personalized offers, periodical updates related to our Products, Services, initiatives and events, etc.), such a Data will be retained for 10 years as of your last interaction with us if you are a customer and for 2 years as of your last interaction with us if you are a prospect. Last interaction is defined as the last contact you made and that is traceable by our systems or salespersons.

  In any case, please note that, as general rule, within EssilorLuxottica Group, retention and archiving of Personal Data will not exceed 10 (ten) years overall calculated as of the first record and/or consent renewal and/or any other relevant interaction, exception made for further legal hold obligations.

  In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you, such as to carry out statistical analysis, monitor and/or enhance our medical devices, for R&D Purposes, train AI models, etc.

  For any additional information on the retention of your Personal Data,you can contact us at the contact details set out in Section 8 of this Privacy Policy.

Top

6. HOW DO WE PROTECT YOUR PERSONAL DATA?

• We regard the protection of Personal Data as an essential priority.

  We are aware that we have the responsibility for the security and accuracy of the Personal Data that we process and also for keeping your Data up to date. To this extent, we have taken reasonable steps to eliminate duplicates of your Personal Data and to facilitate your updating of that Data which may change over time.

  We have also implemented appropriate technical, organizational and security measures and safeguards to protect the Personal Data we process. This is reflected in the EssilorLuxottica Group Data Protection Policy, and related guidelines, policies and procedures, as well as in the Information Security policies, procedures and measures implemented throughout the Group.

  Namely, we put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way,altered or disclosed. The security measures in place range from technical security measures that protect IT systems, to the physical security measures employed at EssilorLuxottica Group’s sites and offices.

  We have also implemented a policy to deal with any suspected Personal Data Breach, and we undertake to notify you and any applicable regulator of such a breach where we are legally required to do so.

  Furthermore, we limit the access to your Personal Data to those of our employees, agents,contractors and third parties which have a business need to know it. They will process your Personal Data only based on our instructions and they are subject to a strict confidentiality duty.

  We also require our staff to participate to data protection and information security training.

  For what concerns specifically the Website, please note that the password is one of the protection mechanisms of the account. Therefore, we invite you to use a password which is sufficiently secure, to store it in a safe place, limiting access to it on your own computers and browsers and disconnecting it after having visited the Website and/or the Services. Furthermore, a secure system for authorizing credit card payments and identifying fraudulent activities is used: we use the standard SSL (Secure Sockets Layer) to protect the confidentiality of your Personal Data during the payment process.

  More details on the security measures implemented within the EssilorLuxottica Group may be required by contacting us at the contact details set out in Section 8 of this Privacy Policy.

Top

7. YOUR RIGHTS

• Pursuant to Chapter 3 of the GDPR, you can exercise any of the following rights, subject to verification of your identity where necessary.

  Anyhow, please note that these rights shall not be intended as “absolute rights”, meaning that they are evaluated by us on a case-by-case basis and some exceptions, grounded on applicable laws, may apply. For example, we will delete your Personal Data, unless we can demonstrate compelling legitimate grounds for the Processing which override your interests, rights and freedoms.

  1. Right of Information and Access

  You may ask us for the confirmation of the existence of your Personal Data and to be informed on its content and source and obtain a copy of those Personal Data which our databases currently contain.

  2. Right to Rectification

  It is our responsibility to ensure that the Personal Data we process about you are correct and relevant. We therefore systematically maintain our registers and update address details and similar information, so that we always have the correct information about you. If you notice that the information we have about you is incorrect, or if we are missing important information, you may request us to rectify your Personal Data that our databases currently contain. We may not accommodate a request to change your Personal Data if we believe the change would violate any law or legal requirement or cause the information to be incorrect. Where applicable, we will also ensure such changes are shared with trusted third parties.

  3. Right to Restriction of the Processing

  In some cases, you have the right to demand that our Processing of your Personal Data should be restricted. If the Processing is restricted, we will only have a right to process your Personal Data for the purpose of establish, claim or defend legal claims or to protect someone else’s right. The right to demand restriction applies if you believe that the Personal Data is incorrect and have requested rectification. Restriction of Personal Data also applies if you have demanded that your Personal Data should be deleted since you have objected to a Processing based on legitimate interest, pending the verification whether our legitimate basis override your legitimate basis. Lastly, you may request restriction if we do not need the Personal Data any longer for the purpose of the processing, but you need the Personal Data to be able to establish or claim or defend legal claim. When such restrictions are not possible, we will inform you accordingly. You can then choose to exercise any of the other rights enumerated under this Privacy Policy, including withdrawing your consent to the Processing of your Personal Data when consent represents the legal basis for Processing.

  4. Right to Object to the Processing

  You have the right to object to the Processing of any Personal Data that we process about you based on our legitimate interests. In your request, please specify the Processing that you are objecting to, in writing. In addition, you have the right to object at any time to the Processing where Personal Data is processed for direct marketing Purposes. In the event of an objection, we may only continue Processing your Personal Data if we can demonstrate compelling legitimate basis for processing the Personal Data that outweigh your interests. However, we may still process your Personal Data to establish, exercise or defend legal claims. Where applicable, if the Processing is based on our legitimate interest, you have the right to object to the Processing of your Personal Data based on grounds relating to your particular situation. When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Policy, including the withdrawing of your consent to the Processing of your Personal Data. Where applicable, we will ensure that such changes are shared with trusted third parties.

  5. Right to Erasure

  You have the right to request that we erase your Personal Data in certain situations. For example, if the Personal Data no longer are necessary for the purpose for which they were collected and processed. Such right also exists if we process Personal Data based on your consent and you withdraw it, if the Personal Data have been processed in an unlawful way, or if we process the Data based on a balance of interest (legitimate interest) and there is no overriding legitimate basis that outweigh your interest. If you wish to have your Personal Data deleted from our database, then you may submit a request. Upon receipt of such a request, we will acknowledge its receipt and, thereafter, we will also acknowledge the successful deletion of your Data, unless we can demonstrate compelling legitimate reasons that require us to continue their Processing and that override your legitimate rights and interests. Where applicable, we will also ensure that such changes are shared with our third parties engaged to perform Processing activities on your Personal Data for the Purposes set forth in this Notice.

  6. Right to Data Portability

  Upon request, when possible and where applicable under local laws, we can provide you with copies of your Personal Data in a structured, commonly used and machine-readable format and have it transmitted to you or to another Data Controller. When such a request cannot be honored, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Policy, including withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.

  7. Right to Withdraw your Consent

  Where Processing is based on consent, you may withdraw your consent at any time to the Processing of your Personal Data. Upon receipt of such a withdrawal of consent, we will confirm its receipt and proceed to stop Processing your Personal Data.

  In order to exercise your rights, please use this Privacy Form .

  Alternatively, you may also contact us at privacy@luxottica.com

  Furthermore, we offer tools to you to update and amend your Personal Data, as well as to modify and update your preferences on how you wish to receive e-mails or other communications from us. Indeed, every registered User may access his/her own information and update it (e.g., through User account).

  8. Right to lodge a complaint with the relevant Supervisory Authority

  If you are not satisfied with the way we process your Personal Data and/or respond to a request to exercise your rights, you can lodge a complaint with the relevant Supervisory Authority (for UK, the ICO – Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF – https://ico.org.uk/make-a-complaint/).

Top

8. HOW CAN YOU CONTACT US?

8.1 Contact of the Data Controller

• The Data Controllers over the Processing of your Personal Data are set out in Section 1.1 of this Privacy Policy.

  Should you have questions or comments on this Privacy Policy or on any Processing carried out by us, we may be contacted at the postal address set out in Section 1.1 above and/or at the email address specified in the preceding Section 7 and in the following Section 8.2.

Top

8.2 Contact of the Data Protection Officer

• Luxottica has appointed a Data Protection Officer, who can be contacted at the email address dpo@luxottica.com, or through the contact channels provided for in Sections 7 and 8.1 above.

Top

9. HOW CAN YOU KEEP TRACK OF CHANGES TO THIS PRIVACY POLICY?

• For legal and/or organizational reasons, this Privacy Policy may undergo changes. We suggest, therefore, checking this Privacy Policy on a regular basis and referring to the latest version of it (we will post the date it was last updated at the top of this Privacy Policy).

  In any case, an updated version of the Privacy Policy will be always available on the Website and the Services, and we will provide additional notice to you if we make any changes that materially affect your privacy rights.