(EFFECTIVE AS 27.09.2021)
The Ray-Ban.com website available at the following link ray-ban.com (hereinafter, the "Website") is managed by Luxottica Group S.p.A., acting as data controller (hereinafter, “Luxottica”) in the processing of your personal data as outlined in this data protection policy (hereinafter, the “Data Protection Policy”).
If you want to know more on the processing of your personal data by Luxottica, please read carefully the Data Protection Policy sections below.
1. AN INTRODUCTION ON HOW WE USE YOUR PERSONAL DATA
This Data Protection Policy outlines how Luxottica collects and processes your personal data as user of the Website (hereinafter, “user”, “users”, “data subject” or “you”) in compliance with the EU General Data Protection Regulation 2016/679 (hereinafter, the “GDPR”) and the Italian Legislative Decree 196/2003, as lastly amended and integrated (hereinafter, the “Privacy Code”).
As outlined in more details below, Luxottica processes your personal data in order to provide you with its products and services as well as to allow you to join engagement programs, prize competitions and events organized by Luxottica for its clients. If you want to receive the latest news, offers and promotions on the Luxottica world, Luxottica will process – with your prior consent – your personal data in order to send you marketing communications, also customized upon your preferences and interests. In any case, Luxottica will process your personal data securely, adopting all adequate security measures, and allowing the access to your personal data only to authorized persons and third parties both located in EU and in the United States according to modalities compliant with applicable data protection laws.
All personal data provided by you through this Website is used exclusively for the purposes and with the modalities as described below.
2. WHAT KIND OF PERSONAL DATA DO WE USE AND WHERE ARE THEY COLLECTED FROM?
Luxottica processes your personal data which are collected directly from you as well as from the other sources, as outlined in the categories of personal data listed below (hereinafter, collectively referred to as “Personal Data”) :
a) Personal Data provided directly by you
Luxottica processes the following categories of Personal Data directly provided by you:
- Identifiable information provided during the registration process, the creation of an account on the Website or when completing your purchase order or join Luxottica engagement programs, prize competitions and events, such as name and surname, e-mail address, user ID, password, gender, country of residence, postal address and phone numbers;
- Financial information and data related to your credit card for the purchase of products through the Website;
- Information contained in any correspondence or requests sent by you to Luxottica or asked you by Luxottica if problems with our service on the Website or purchased products are reported;
- Information relating to the your social network profile, if public and if you decide to log into the Website through social network applications or to link your Luxottica account to the your public profiles available on social networks, and share your actions through the Website on those channels via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.). If you decide to share such information, Personal Data published on your social network profile will be collected by the Website and processed for the corresponding functions. Thus, the use of the said plug-in entails sharing the corresponding actions and information on the related social networks.
b) Personal Data obtained from automatic tracking systems when you browse the Website and use its services
Luxottica processes the following categories of Personal Data collected through the automatic tracking systems when you browse the Website and use its services:
- Information relating to your usage of the Website. For security purposes, Luxottica processes the log files related to each session when the user logins into his/her account, as well as information on payment transactions that will be processed through Luxottica e-payment provider;
- Navigation information collected when you surf the Website. Luxottica uses some technologies (e.g. cookies and automatic tracking systems) that automatically collect certain items of information relating to the way in which the user utilizes the Website such as the IP address or other unique code of the device (computer, mobile or other devices) employed by the user to browse the Website, identification as registered user or not, technical information that may include the URL from where a user originates, browser information, language. This information helps us to continuously improve the browsing experience and the mechanisms of purchase of Luxottica products and services, and to monitor the correct operations of the Website. This information only includes statistical data relating to the actions performed by the user, and is not intended to be associated with the user’s identifying data. In any case, navigation data may identify you, only when matched with your identification personal information.
3. FOR WHAT PURPOSES and why DO WE USE YOUR PERSONAL DATA?
Luxottica processes your Personal Data for the following purposes:
3.1 Contractual Purposes – We need to be able to provide you our products and services
Luxottica processes your Personal Data for the purposes necessary for the provision of services and products offered through the Website, and in particular for the following Contractual Purposes:
- To allow you to register to the Website and create your own account;
- To provide the services available through the Website (e.g. management of the registration process and access to the account, account management, the reminder for products in the shopping cart, etc.);
- To manage the sale of products and online orders, and to supply products and services;
- To process payments and e-payments, also with reference to invoicing obligations;
- To provide sales and after-sales services (including, for example, fraud prevention, returns, guarantee warranty and customer support), also sending to users operational communications related to the supply of the service or products, sales and after sales assistance;
- To fulfil the user’s requests (e.g. management of requests for information, [booking of eyesight checks], providing the “share with a friend” feature, to notify you with the “back in stock” feature, etc.);
- To permit you to join Luxottica engagement programs;
- To allow you to participate in contests, prize competitions and initiatives promoted by Luxottica.
The data processing activities for Contractual Purposes are necessary for the provision of products and services required. If you don’t want your Personal Data to be processed for such purposes, it will not be possible for Luxottica to provide the required products and services.
3.2 Law Purposes – We need to ensure compliance with legal obligations
Luxottica can process your Personal Data to ensure compliance with legal obligations, and in particular for the following Law Purposes:
- To comply with the requirements of the laws, regulations, protocols and national and EU legislation;
- To implement the decisions of public Authorities.
The data processing activities for Law Purposes are necessary as they are required by applicable laws. If you don’t want your Personal Data to be processed for such purposes, you cannot use the Website.
3.3 Marketing Purposes – You can decide whether we can use your personal data for our marketing related activities
Except for Prescription Data, Luxottica processes, with your prior consent, your Personal Data, for the following Marketing Purposes:
- To send commercial and promotional communications and periodical updates (e.g. via e-mail, phone, SMS/MMS, postal service, social network and newsletter) related to Luxottica's products, services, initiatives and events. Furthermore, according to Article 130(4) of the Italian Privacy Code, if you already are a Luxottica customer, Luxottica may send you commercial communications via e-mail on similar products, events and services already provided to you, unless you object to such a processing at the time of the collection and on the occasion of each message. Indeed, you may opt out at any time by following the instructions available in each communication;
- To carry out statistical analyses on the customer audience.
The data processing activities for Marketing Purposes are discretionary subject to either your prior consent or your objection in the circumstances of the above-mentioned Article 130(4) of the Italian Privacy Code. You may freely decide not to provide Personal Data for the Marketing Purposes, as well as you may subsequently withdraw your consent to process the Personal Data already provided: in this case Luxottica will not send you marketing communications to update you on offers and promotions on Luxottica products, services and initiatives.
3.4 Segmentation and Profiling Purposes – You can decide whether you want marketing communications better tailored on your needs
If you provided your consent to the processing of your Personal Data for Marketing Purposes, Luxottica may process your Personal Data for Segmentation Purposes to analyze your Personal Data related to spending volume, product category, date of birth and methods of purchase in connection with activities performed for Marketing Purposes. This activity is carried out by Luxottica on the basis of Luxottica’s legitimate interest to provide a service in line with your needs, adequately balanced with your rights given the limited amount of processed Personal Data. The processing of Personal Data for Segmentation Purposes falls among the Legitimate Interests Purposes for which we refer to following paragraph.
3.5 Legitimate Interest Purposes – Luxottica’s and your rights are adequately balanced, unless you object to it
In addition to the processing for Segmentation and Profiling Purposes, Luxottica also processes your Personal Data for additional Legitimate Interest Purposes and, in particular,:
- To exercise or defend legal claims in court proceedings or in an administrative or out-of-court procedures relating to the rights of Luxottica, of its group companies and/or of their representatives, shareholders, officers and directors;
- To enable the technical management of the Website and its operational functions, including solving any technical problems, to perform tests, updates and upgrades that cannot be performed through non-personal data;
- To prevent or identify fraudulent activities or misuses of the Website or against the Luxottica group and/or the users of the Website;
- To complete a potential merger, sale of assets, transfer of all or a material part of its business, or financing transaction by disclosing and transferring the Personal Data to the third party or parties involved in the transaction as part of the transaction;
- To conduct, surveys and market researches relating to Luxottica’s products and services by post, telephone or e-mail;To anonymize Personal Data in order to perform statistical analysis.
The processing of your Personal Data with regard to the above-mentioned Legitimate Interest Purposes and Segmentation Purposes is carried out pursuant to article 6, letter f) of the GDPR, for the pursuit of Luxottica’s legitimate interest, which is adequately balanced with your interest since the data processing is performed within the limits strictly necessary to perform such economic activities. Such data processing activity is not mandatory and you can object to such data processing at any time through the modalities as per this Data Protection Policy. In such case no data processing will be carried out by Luxottica for such purposes, except in case where Luxottica demonstrates the existence of legitimate prevailing arguments or the exercise of a Luxottica's right pursuant to Section 21 of the GDPR.
4. WHAT MODALITIES DO WE USE TO PROCESS YOUR PERSONAL DATA?
The processing of your Personal Data is carried out, electronically and manually, only within the limits necessary to pursue the purposes outlined above.
Luxottica undertakes to protect users’ Personal Data. Luxottica advises that the password is one of the protection mechanisms of the account. Therefore users are invited to use a password sufficiently secure and stored in a safe place, limiting access to it on their own computers and browsers, disconnecting it after having visited the Website. All Personal Data provided for by users is kept on secure servers, adopting adequate security measures to protect Personal Data from non-authorized access, to maintain the accuracy of Personal Data and guarantee the proper use of information. Furthermore, a secure system for authorizing credit card payments and identifying fraudulent activities is used. Luxottica uses the standard SSL (Secure Sockets Layer) to protect the confidentiality of your Personal Data.
5. TO WHOM ARE YOUR PERSONAL DATA COMMUNICATED?
Luxottica may communicate your Personal Data to:
- third parties service providers entrusted with processing activities that provide services or assistance and advice to Luxottica, with special - but not exclusive - reference to technology, accounting, administrative, legal, insurance, IT, marketing, data analysis matters;
- companies of the Luxottica group;
- persons and authorities whose right to access personal data is recognized by law, regulations or provisions issued by legally empowered authorities;
- potential purchaser of Luxottica and the entities resulting from mergers or any other transformation involving Luxottica; and
- competent authorities.
The abovementioned recipients will process your Personal Data as data controllers, data processors or persons in charge of processing, depending on the circumstances.
A complete list of data processors is available, upon request to Luxottica, through the modalities as per this Data Protection Policy.
6. WHERE ARE YOUR DATA TRANSFERRED?
Luxottica may transfer your Personal Data to the recipients listed above, also located outside of the European Union and, in particular, in the United States. For transfers from EU to countries not considered adequate by the European Commission, Company has put in place appropriate and suitable safeguards to protect the Personal Data. Accordingly, Personal Data are transferred in compliance with the requirements and the obligations provided by applicable data protection laws as per Articles 44 et seq. of the GDPR. For further information with regard to the appropriate or suitable safeguards and the means by which to obtain a copy of them, the user can contact Luxottica with the modalities as per this Data Protection Policy.
7. HOW LONG ARE YOUR PERSONAL DATA RETAINED BY LUXOTTICA?
Luxottica retains Personal Data for the time strictly necessary to achieve the purposes for which Personal Data were collected and further processed, including any retention period required under the applicable legislation.
Luxottica will process your Personal Data for Contractual and Legitimate Interest Purposes for the duration of the contract (in case of an account created on the Website, of a purchase, or in relation to services provided by Luxottica) and for 10 years from the completion of the sale or of the provided service.
Personal Data processed for Law Purposes will be stored for the period strictly necessary to comply with applicable laws.
Furthermore, for Marketing and Profiling Purposes, including Segmentation Purposes, Personal Data will be processed for 7 years from the last purchase and/or from the last contact with you (e.g. subscription to a prize competition, participation to an event, opening of a newsletter), notwithstanding the right to withdraw the consent provided or object to the processing at any time.
8. ARE YOU AT LEAST 16 YEARS OLD?
The personal data processing highlighted in this policy is not intended for minors of 16 years.
If any Personal Data about minors is unintentionally recorded, Luxottica will provide to cancel it in a timely manner, upon request of the users.
9. HOW CAN YOU EXERCISE YOUR PERSONAL DATA?
At any given time, you can exercise the following rights:
a) To obtain from Luxottica confirmation of the existence of Personal Data and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;
b) To request the erasure, anonymisation or restriction of the processing of Personal Data processed in breach of the applicable laws;
c) To object in whole or in part, on legitimate grounds, to the processing of the Personal Data;
d) To withdraw the consent to the processing of the data (if and to the extent such a consent is necessary);
e) To request Luxottica to limit the processing of the your Personal Data where:
- You contest the accuracy of the Personal Data until Luxottica has taken sufficient steps to correct or verify its accuracy;
- The processing is unlawful but you do not want us to erase the your Personal Data;
- Luxottica no longer needs the your Personal Data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
- You have objected to processing justified on legitimate interests, pending verification as to whether Luxottica has compelling legitimate grounds to continue processing;
f) To object to the processing of your Personal Data in case of processing based on legitimate interest, unless Luxottica demonstrates the existence of compelling legitimate grounds for the processing or for the establishment, exercise or defence of legal claims;
g) To request the erasure of the your Personal Data without undue delay;
h) To receive an electronic copy of the your Personal Data, if you would like to port your Personal Data to yourself or a different provider, when Luxottica is relying upon your consent or the fact that the processing is necessary for the provision of the services and the Personal Data is processed by automatic means; and
i) To lodge a complaint with the relevant data protection supervisory authority.
According to article 2-terdecies of the Privacy Code, in case of the user’s death, the above mentioned rights may be exercised by another person entitled (the "Successor") who has its own interest or acts as user’s mandatory or family reasons that need to be protected exist. The user may expressly avoid the exercise of some of the above mentioned rights by the Successor submitting a request to the e-mail address indicated below. The user may, in any time, withdraw or modify such declaration with the same modalities.
You can exercise your rights above, at any time, by clicking here. Luxottica will respond within a reasonable time frame (and, in any case, within the limits of applicable law), after verifying users’ identity.
Furthermore, Luxottica offers tools to users to update and amend the Personal Data. Indeed, every registered user may access his/her own information and update it (e.g. through user account). Besides, it is also possible for users to modify and update their preferences on how they wish to receive e-mails or other communications from Luxottica. Users may also request that their information on their account is deleted.
10. HOW CAN YOU CONTACT LUXOTTICA?
The Data Controller of the processing of your Personal Data is Luxottica Group S.p.A., with registered office in Piazzale Luigi Cadorna, 3, 20123 Milan, Italy.
Should you have questions or comments on this Data Protection Policy or on any data processing carried out by Luxottica, Luxottica may be contacted through the link available in the previous paragraph.
11. HOW CAN YOU CONTACT OUR DATA PROTECTION OFFICER?
Luxottica has appointed a Data Protection Officer according to Article 37 of the GDPR, which can be contacted at the following email address firstname.lastname@example.org or to the address of Luxottica provided for in section “HOW CAN YOU CONTACT LUXOTTICA?” of this Data Protection Policy
12. HOW CAN YOU KEEP TRACK OF CHANGES TO THIS DATA PROTECTION POLICY?
For legal and/or organizational reasons, this Data Protection Policy may undergo changes. We suggest, therefore, to check this Data Protection Policy regularly and to refer to the latest version of it. In any case, changes will be notified in advance and an updated version of the Data Protection Policy will be always available on the Website.