- Air Optix
- Daily Lenses
- Two Weekly
- Monthly Lenses
- Torics for Astigmatism
- All Contact Lenses
- Dry Eye Treatments
- Eye Drops
- Eye Vitamins
- Hygiene & Lid Care
- Eye Wash & Sprays
- All Eye Care
- Cleaners & Salines
- Gas Permeable
- Travel Packs
- Hydrogen Peroxide
- All Solutions
- About Us
- Buyers' Guides
- Contact Us
- Eye Care Centre
- Returns & Refunds
- All Help and news
- View All
- View All
- View All
Understanding why and how we processes your Personal Data
Last update: 27/11/2023
At EssilorLuxottica, we are committed to protecting our customers’ Personal Data
Upholding this commitment is essential to our success and reputation, and ultimately our ability to fulfil our mission of helping people see more, be more and live life to its fullest.
Vision Direct Europe Ltd, with registered office at The Kensington Building, 1 Wrights Ln, London W8 5SF as part of EssilorLuxottica Group.
Where Vision Direct is the party that determines the purposes and the means of the processing, EssilorLuxottica Group is the Data Controller over your Personal Data.
Anyhow, in certain specified instances, Vision Direct is a joint controller with other entities over the processing of your personal data: this means that we are jointly responsible with (them for deciding on the purposes and the means of the processing. In such instances, we conclude Joint Controller Agreements and notify you about it in this Privacy Notice. More specifically, we are in a joint controlling relationship over your Personal Data with:
Luxottica Group S.p.A., with a registered office at Piazzale Cadorna no. 3 – 20123 Milan, Italy, as a part of EssilorLuxottica Group (“Luxottica”; hereinafter Vision Direct and Luxottica jointly “EssilorLuxottica”);
For further details on the essence of the Joint Controlling Agreements in place with the above entities, you can contact us at the address set out in Section 8 of this Privacy Notice.
EssilorLuxottica, its Affiliates and its Braexends attach particular importance to the processing, confidentiality and security of your Personal Data.
The purpose of this Privacy Notice is to inform you in a clear, simple and complete manner of the processing carried out on the Personal Data that you provide to us, or that each of our Affiliate can collect from the various contact you may have with us (e.g. store, customer care, sites, services, events, social networks, etc.), their possible transfer to third parties as well as your rights and the options you have to control your Personal Data and to protect your privacy, in accordance with the applicable legislation.
We may update this Privacy Notice at any time. If we do so, we will provide you with an updated copy of this Privacy Notice with reasonable notice.
We may provide different or additional privacy notices in connection with certain activities, programs, and offerings.
We may also provide additional “just-in-time” notices that may supplement or clarify our privacy practices or provide you with additional choices regarding your Personal Data.
Our Sites may include links to websites and or applications operated and maintained by third parties. Please note that we have no control over the privacy practices of websites or applications that we do not own. EssilorLuxottica encourages you to review the privacy notices of those third parties before connecting.
Personal Data Any information about an individual (the Data Subject) from which that person can be identified (name, contact details, identification number, etc.). The categories of Personal Data that we may process are enumerated in this Privacy Notice. Processing (of Personal Data) Any action conducted concerning your Personal Data such as, the collection, recording, organisation, storage, modification, transfer, deletion, access, consultation, etc. of such data. Recipients(of the Personal Data) A natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. Purpose Refers to the Purpose of the Processing. In other words, the reasons for which the Personal Data is collected. Data Controller Means the natural or legal person, department or organisation, alone or jointly with others, determines the Purposes and means of the Processing of Personal Data. Joint Controller Refers to two or more Data Controllers that jointly determine the Purposes and means of Processing. Data Processor Means a natural or legal person, department or other body which processes personal data on behalf of and on the instructions of the Data Controller. Affiliates Means subsidiaries of EssilorLuxottica Group, its ultimate holding company and its subsidiaries, or companies that it controls are controlled by or under common control, and its service providers and strategic business partners. Brands The brands owned by the companies belonging to EssilorLuxottica Group. EssilorLuxottica Group Jointly EssilorLuxottica SA (as ultimate holding company) and all its Affiliates. GDPR Regulation (EU) 2016/679 (General Data Protection Regulation).
The Personal Data we collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction.
We use different methods and various sources to collect data from and about you. We collect and obtain information:
- Provided directly by you
During the registration process, the creation of an account on the Sites and/or the services, or when completing a purchase order or joining our engagement programs, prize competitions and events and when you contact us for request, feedback or complaint. We also record customer service calls and maintain a transcript of chats for quality assurance.
- Using automatic tracking systems
- Through stores visits and other offline technologies
When you visit our stores, information may be collected during the purchase process, the adjustment of purchased products and eyesight checks that can be carried out in stores. We also use CCTV in our stores for safety, security, fraud, loss, prevention, and operational purposes.
- From social network profile
If you decide to log into the Sites and or the services through social network applications or to link your account to your public profiles available on social networks and share your actions through the Site and/or the Services on those channels via the corresponding plug-ins (e.g. Facebook’s ‘Connect’, ‘Like’ or ‘Share’ functions etc.). The use of the plug-in entails sharing the corresponding actions and information on the related social networks.
- From other sources
We may obtain information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors that provide services on behalf of us, or publicity available sources. We create also information based on our analysis of the information we have collected from you.
- Provided directly by you
The Personal Data we collect depends on the point of contact through which you interact with us, as well as the purposes of this interaction as described hereafter in this Privacy Notice and are also limited to those which are relevant and appropriate for this interaction.
CATEGORY OF DATA TYPES OF DATA Identifiable information Including data such as name and surname, e-mail address, gender, date of birth, country of residence, postal address and phone numbers. Payment information Including data related to your credit card for the purchase of products through the Sites and the Services (payments are made via a secure platform, supplemented by control measures, including encryption of contact details) and details of products which you have purchased from us. Profile and Commercial data Including account name, password, Personal Data published on your social network, billing and delivery addresses, details of products and services which you have purchased from us (in store or online, including your order, tracking and invoices, amount and type of purchase) and your interests, preferences, feedback and survey responses. Marketing and Communications Data Including your preferences in receiving marketing from us, your communication preferences and information contained in any correspondence or requests sent by you to us or asked to you by us if problems with the Sites, the Services or purchased products are reported Health and Medical Data Including ophthalmic prescription, eye examinations, measurements (optical correction, pupillary distance, etc.), adaptations and information having an impact on your visual health and eyesight checks that can be carried out in our stores. Data related to your care Including social security number only for querying your rights as an insured person, the quotation and the social care, the edition of the care sheets and the tele-transmission to the compulsory and complementary health insurance funds; the name of the complementary organisation and the management platform, information related to the health coverage, the rate of care. Device information Including such as the IP address or other unique code of your device (computer, mobile or other devices), identification as a registered user or not (login data), technical information that may include the URL from where you originate, time zone setting and location, browser information and language. Navigation information Including information regarding your interactions with our Sites, our Services, emails, products or advertisements and statistical data relating to these interactions.
Certain categories of Personal Data we process for the purposes set out below are qualified as “sensitive” Personal Data. This is particularly the case of the Health and Medical Data and the Data related to your care, as described above, that we may process.
However, we only process such sensitive data:
- where it is required or allowed under local Applicable Legislation
- while implementing adequate safeguards to ensure the protection of such “sensitive” Personal Data, and;
- where you give us your prior explicit consent
However, if you don’t grant your explicit consent to the processing of your Health and Medical Data and your Data related to your care, you will not be able to benefit from the services described above in stores and through the Sites and the Services.
We are required to use your data for purposes defined according to the nature of our relationships. Thus, depending on the context in which your data is collected, it may be used for one or more of the following purposes:
PURPOSES DETAILS LEGAL BASIS Follow-up and execution of your orders in shop and online and the after-sales services management
- Formalise a quotation.
- Manage product sales and online and in-store orders. (purchase, delivery and supply of products and services)
- Manage your invoicing and your warranty.
- Manage follow-up and provide after-sales service and customer relations (including, for example, returns, warranty and customer support.)
EXECUTION OF A CONTRACT Transaction and potential unpaid invoices management
- Carry out secure online and in-store payments (with reference to invoicing obligations).
- Manage incidents related to payment and debts.
- Process potential unpaid invoices:
- Identify your known unpaid invoices.
- Inform you of this unpaid amount, of the means available to you to regularise it, of the possibility of making observations, and of requesting a review of your situation if necessary.
EXECUTION OF A CONTRACT Account creation and management
- Allow you to register to our Sites and create your own account.
- Provide the services available through the Sites and the Services (e.g. management of the registration process and access to the account, account management, the reminder for products in the shopping cart, etc.)
- Manage your client profile.
EXECUTION OF A CONTRACT Inscriptions management
- Permit you to join our engagement programmes.
- allow you to participate in our contests, prize competitions and initiatives promoted.
CONSENT Communication between us
- Send you commercial communications via e-mail on similar products, events and services already provided to you, unless you object to such a processing at the time of the collection and on the occasion of each communication
- Send you commercial and promotional communications and periodical updates (e.g. via e-mail, phone, SMS/MMS, postal service, social network and newsletter) related to our products, services, initiatives and events.
- Manage our personalised commercial offers based on the analysis of your Personal Data related to spending volume, product category, date of birth and methods of purchase).
- Fulfil your requests (e.g. management of requests for information, booking of eyesight checks, providing the “share with a friend” feature, to notify with the “back in stock” feature, etc.)
LEGITIMATE INTEREST Eyesight checks performance
- Allow you to benefit from the eye examination service provided by your optician (manage the scheduling of appointments, prescriptions, etc.)
- Offer you virtual try on services whereby you can virtually try on its sunglasses or eyeglasses through your computer, mobile or other devices by digitally adding frames to your image on real-time or to photos or videos of your face. We invite you to read the dedicated Privacy Notice for Virtual Mirror And Frame Advisor Technologies when using these virtual try on services.
CONSENT Analyses purposes
- Manage of personalised content and communications.
- Carry out statistical analyses on the customer audience.
- Analyse the performance of our Sites and Services, our media investments and marketing campaigns, and our web orders.
CONSENT Legal obligations complying
- Comply with the requirements of the laws, regulations, protocols and national, and EU legislation (including target medical device legislation).
- Implement the decisions of public Authorities.
- Manage the requests to exercise your rights.
- Product traceability.
- Data retention regarding accounting and tax obligations.
- Combating fraud (certain automatic or manual processes are designed to verify your online payments and to combat fraud involving payment methods and identity theft.)
LEGAL OBLIGATIONS Legitimate interest pursuit
- Exercise or defend legal claims in court proceedings or in administrative or out-of-court procedures relating to our rights, of our group companies and/or of our representatives, shareholders, officers, and directors.
- Enable the technical management of the Sites and the Services and its operational functions, including solving any technical problems, by performing tests, updates and upgrades that cannot be performed through non-personal data
- Prevent or identify fraudulent activities or misuses of the Sites and the Services or against the EssilorLuxottica Group and/or the Users of the Sites and the Services.
- Complete a potential merger, sale of assets, transfer of all or a material part of its business, or financing transaction by disclosing and transferring the Personal Data to the third party or parties involved in the transaction as part of the transaction.
- Conduct surveys and market research relating to our products and services by post, telephone or e-mail.
- Anonymise Personal Data to perform statistical analysis.
The processing of your Personal Data is carried out, electronically and manually, only within the limits necessary to pursue the purposes outlined above.
The password is one of the protection mechanisms of the account. Therefore, you are invited to use a password sufficiently secure and stored in a safe place, limiting access to it on your own devices and browsers, and disconnecting it after having visited the Sites and/or the Services.
All Personal Data provided by you is kept on secure servers, adopting adequate security measures to protect Personal Data from non-authorized access, to maintain the accuracy of Personal Data and to guarantee the proper use of information.
Furthermore, a secure system for authorising credit card payments and identifying fraudulent activities is used. We use the standard SSL (Secure Sockets Layer) to protect the confidentiality of your Personal Data.
EssilorLuxottica is a global organisation with offices and operations throughout the world and most of your Personal Data relating to is stored and processed within a range of global applications that are used globally by the Affiliates of EssilorLuxottica. The majority of the processing of your personal data is carried out through the concentrated services of two entities: Essilor International and Luxottica Group S.p.A.
We may share your Personal Data with certain Affiliates or Brand of the EssilorLuxottica Group portfolio, based on your preferences and interests about these Affiliates or Brand, for the purposes set out in this Privacy Notice, in each case in or outside your country, as permitted and required by applicable law and/or in other circumstances with your consent.
We may also share your information for our internal business purposes.
- Service provider
We may disclose your Personal Data with our third-party service providers entrusted with processing activities that provide services or assistance and advice to us, with special – but not exclusive – reference to technology, accounting, administrative, legal, insurance, IT, marketing, customer service, data analysis matters.
Each service provider will act as a data processor, on behalf of and in accordance with the instructions received from us, by virtue of a specific agreement in, which sets out its obligations and guarantees the implementation of appropriate technical and organisational measures to respect the Applicable Legislation and the protection of your rights.
We require that any such third-party provider is subject to strict control and implements appropriate guarantees of security and confidentiality of your Personal Data.
- Sale or merger
We may also disclose Users Personal Data:
- in the event that we sell any business or assets, in which case we may disclose Users Personal Data to the prospective purchaser of such business or assets; or
- if we sell, buy, merge with, are acquired by, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, Users Personal Data may be among the transferred assets.
We may share all of the information we collect in connection with a substantial corporate transaction, such as the sale of a website, a merger, consolidation, asset sale, or in the unlikely event of bankruptcy.
- Third Party Social Network Service Providers
If you decide to log into the Sites and/or the services through social network applications or to link your account to your public profiles available on social networks, and share your actions through the Site and/or the services on those channels via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.), these third-party services may be able to collect information about you, including information about your activity on the Sites or/and the services, and they may notify you connections on the third-party services about their use of the Sites and/or the services. Their use of your Personal Data is not governed by this Privacy Notice but in accordance with their own data protection policies.
- Legal process
We may disclose your Personal Data to any authority, court, administrative body, or other authorised third party (including, without limitation, counsel), where the disclosure of Personal Data is required by law, regulation or court order or where such disclosure is necessary for the protection and defence of our rights.
- Other instances
We may ask if you would like to disclose your information with other third parties who are not described elsewhere in this Privacy Notice. Furthermore, we do not sell, rent, or lease your Personal Data to third parties but we may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest for you. In those cases, without your consent, your Personal Data would not be transferred to the third party.
The abovementioned recipients will process your Personal Data as data controllers, data processors or persons in charge of processing, depending on the circumstances.
A complete list of data processors is available, upon request to us, through the modalities as per this Privacy Notice.
- Service provider
Given the presence of EssilorLuxottica in many countries around the world and in order to provide you with personalized service worldwide, some of your data may be collected, accessible or stored outside your country of residence.
As a result of the above, your Personal Data may be accessed and/or transferred to countries which do not have equivalent data protection laws to those required within the European Economic Area (EEA).
In such cases, EssilorLuxottica ensures that, at all times, appropriate safeguards are implemented to ensure that your Personal Data is processed in accordance with applicable legislation. In this respect, where your Personal Data is processed by another EssilorLuxottica entity, the safeguards are based on the commitments taken on the basis of (ii) a dedicated transfer agreement binding upon the EssilorLuxottica entity involved in the processing and (ii) a set of common rules applicable through the EssilorLuxottica Group Data Protection Policy.
Where your data is processed by EssilorLuxottica entities or third parties located outside the European Economic Area, EssilorLuxottica ensures that specific contractual protection is implemented to ensure that this requirement is addressed in accordance with the Applicable Legislation.
For further information with regard to the appropriate or suitable safeguards and the means by which to obtain a copy of them, you can contact us with the modalities as per this Privacy Notice.
We retain all or part of your Personal Data for the time strictly necessary for the reason:
- to meet applicable statutory requirements for data retention,
- to meet and comply with our legal and/or contractual obligations,
- for as long as necessary to carry out each of the purposes mentioned in this Data Protection Privacy Notice, including for the purposes of satisfying any legal, accounting, reporting requirements.
To determine the appropriate retention period for Personal Data, we consider jointly the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In any case, please note that, as general rule, within EssilorLuxottica, retention and archiving of Personal Data will not exceed ten (10) years overall calculated as of the first record, which is a maximum in EssilorLuxottica exception made for legal hold obligations.
In some circumstances we may anonymize your Personal Data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
EssilorLuxottica is responsible for the security and accuracy of the Personal Data that it processes about you and for keeping data up to date. EssilorLuxottica has taken steps to eliminate duplicate copies of data and to facilitate updating of data that may change over time.
EssilorLuxottica regards the protection of Personal Data as an essential priority.
In this respect, EssilorLuxottica has implemented appropriate measures and safeguards to protect the Personal Data it processes.
This is reflected in EssilorLuxottica’s procedures described in the EssilorLuxottica Group Data Protection Program, guidelines and policies and in the actual measures implemented throughout the Group.
We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality. These measures range from technical security measures that protect IT systems to the physical security measures employed at EssilorLuxottica sites. EssilorLuxottica also requires its staff to participate in information security trainings. Details of these measures may be obtained from the Group Information Security Department.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You can exercise any of the following rights, subject to verification of your identity where necessary:E
- Right of Information and Access
You may request the confirmation of the existence of your Personal Data and to be informed of its content and source and obtain a copy of those Personal Data which our databases currently contain.
- Right to Rectification
You may request to rectify the Personal Data our databases currently contain regarding yourself. We may not accommodate a request to change Personal Data if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
- Right to Restriction of the Processing
When applicable, you may restrict the processing of your Personal Data. When such restrictions are not possible, we will advise them accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent to the processing of your Personal Data.
- Right to Object to the Processing
When applicable, you have the right to object to the processing of your Personal Data on grounds relating to your particular situation, if the processing is based on our legitimate interest. In addition, you have the right to object at any time to processing where Personal Data are processed for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing.
When such objections are not possible, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent to the processing of your Personal Data.
- Right to Erasure
If you should wish to have your Personal Data deleted, then you may submit a request. Upon receipt of such a request for erasure, we will confirm receipt and confirm once your Personal Data has been deleted.
- Right to data Portability
Upon request and when possible and where applicable by local laws, we can provide you with copies of your Personal Data. When such a request cannot be honoured, we will advise you accordingly. You can then choose to exercise any other rights under this Privacy Notice, including withdrawing your consent. Where applicable, we will ensure such changes are shared with any trusted third parties.
- Right to Withdraw your Consent
Where processing is based on consent, you may withdraw his/her consent at any time to the processing of your Personal Data. Upon receipt of such a withdrawal of consent, we will confirm receipt and proceed to stop processing your Personal Data.
- Right to lodge a complaint with the relevant data protection supervisory authority
If you are not satisfied with the way we process your Personal Data and/or responds to a request to exercise the rights you have exercised, you can lodge a complaint with the relevant data protection competent supervisory authority.
In case of the User’s death, the above-mentioned rights may be exercised by another person entitled (the "Successor") who has its own interest or acts as User’s mandatory or family reasons that need to be protected exist. Users may expressly avoid the exercise of some of the above-mentioned rights by the Successor submitting a request to the e-mail address indicated below. Users may, in any time, withdraw or modify such declaration with the same modalities.
Furthermore, we offer tools to you to update and amend your Personal Data. Indeed, every registered User may access his/her own information and update it (e.g. through User account).
Besides, it is also possible for you to modify and update your preferences on how you wish to receive e-mails or other communications from us. You may also request that your information on your account is deleted.
- Right of Information and Access
The Data Controller of the processing of your Personal Data is Vision Direct
Should you have questions or comments on this Privacy Notice or on any data may be contacted to the postal address above and through the link available in the previous paragraph.
Vision Direct has appointed a Data Protection Officer, which can be contacted at the following email address: firstname.lastname@example.org or at the address provided for in section “HOW CAN YOU CONTACT US?”of this Privacy Notice.
You can also send an email to email@example.com in case of any questions related to this document.
For legal and/or organisational reasons, this Privacy Notice may undergo changes. We suggest, therefore, checking this Privacy Notice regularly and referring to the latest version of it, we will post the date it was last updated at the top of this Privacy Notice.
In any case, an updated version of the Privacy Notice will be always available on the Sites and the services, and we will provide additional notice to you if we make any changes that materially affect your privacy rights.