DATA PROTECTION POLICY

This Data Protection Policy outlines how Luxottica collects and processes your personal data as user of the Website (hereinafter, “user”, “users”, “data subject” or “you”) in compliance with the EU General Data Protection Regulation 2016/679 (hereinafter, the “GDPR”) and the Italian Legislative Decree 196/2003, as lastly amended and integrated (hereinafter, the “Privacy Code”).

As outlined in more details below, Luxottica processes your personal data in order to provide you with its products and services as well as to allow you to join engagement programs, prize competitions and events organized by Luxottica for its clients. If you want to receive the latest news, offers and promotions on the Luxottica world, Luxottica will process – with your prior consent – your personal data in order to send you marketing communications, also customized upon your preferences and interests. In any case, Luxottica will process your personal data securely, adopting all adequate security measures, and allowing the access to your personal data only to authorized persons and third parties both located in EU and in the United States according to modalities compliant with applicable data protection laws.

All personal data provided by you through this Website is used exclusively for the purposes and with the modalities as described below.

For the purpose of this policy, personal information is any information about an identifiable individual. We collect the following types of personal information:

Information You Provide

We may collect the following personal information that you voluntary provide us in using our Platforms:

If you are providing delivery information or other information which is not your own, then you must have that person’s permission to give us their information and for us to use and share it for the purposes specified.

• Create an Account. If you create an account with us, you will provide us with your name, email address, birth date, and you will create a password for future logins. You can also choose to login with your Facebook account instead.
• Subscribe to Our Newsletter. If you subscribe to our newsletter, you will provide us with your email address.
• Customer Service. If you contact our customer service department, you may need to provide us with additional information so that we can respond to your questions or concerns as completely and thoroughly as possible.
• Purchases. When you make a purchase, you will provide us with your name, email address, phone number, physical address, and credit card or gift card information. We also will collect your payment card, gift card, or other payment information.
• Prescriptions. If you purchase prescription products, you will provide us with your eye prescription information and insurance information.
• Register Products. If you decide to register your product(s), you may choose to voluntarily provide the date, of your last eye exam, the type(s) of products to register the purchase date, of the products, and the reason(s) why you decided to buy
• Find Your Match. If you use our Frame Advisor Technology, you will either upload a photograph of your face or you will allow the technology to take a scan of your face.
• Book an Appointment. If you book a store appointment, you will provide us with your name, email address, birth date, physical address, and phone number.
• Loyalty Program. If you sign up for our loyalty program, you will provide us with your name, email address, and you may choose to provide us with your birth date and gender.
• Track and Return Orders. If you check your order status or start a return, you will provide us with your order number and email address.
• Refer a Friend. To refer a friend, you will provide us with your name and email address, and the email address of the friend you are referring.
• Promotions. If you enter a sweepstakes, contest, giveaway, or other promotion (each a “Promotion”), you will provide us with your age or birth date along with, in certain instances, confirmation of residency.
• Apply for a Job. If you apply for a job through one of our Platforms, we will collect any information you provide in your application, including, but not limited to, work authorization information, visa status, desired salary, language proficiency, educational background, employment history, and references. You may also choose to voluntarily provide optional information such as race, gender, or whether you are disabled.
• Survey. If you are participating in a survey, you may provide your gender and age, income, ethnicity, family size and marital status.
• Business Information. We may collect personal information from business clients or vendors, including company name, physical address, phone number, email address, and credit card information.
• HIPAA. Some of the affiliates and brands covered by this Policy are subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). These affiliates and brands may collect additional information that is considered “protected health information” (“PHI”) as defined by HIPAA. When the information that we collect is considered PHI, we will handle that information in accordance with our Notice of Privacy Practices. Please visit that notice for information on our privacy practices, our legal duties, and your rights concerning your PHI.
• Biometric Information. We may collect biometric information to provide you with certain services. See the “BIOMETRIC INFORMATION” section of this Policy to learn more about how this information is collected, used, disclosed and stored.

Information as You Navigate Our Platforms

We automatically collect certain personal information through your use of the Platforms, such as the following:

• Usage Information. For example, the pages on the Platforms you access, the frequency of access, and what you click on while on the Platforms.
• Device Information. For example, hardware model, operating system, application version number, and browser.
• Mobile Device Information. Aggregated information about whether the Platforms are accessed via a mobile device or tablet, the device type, and the carrier.
• Location Information. Location information from Platform visitors on a city-regional basis.

 Third Party Information

In some cases, we may receive certain personal information from you about a third party. For example, when you refer a friend, you will provide the email address of a third party. If you submit any personal information about another individual to us, you are responsible for making sure you have the authority to do so and to allow us to use their personal information in accordance with this Policy.

Luxottica processes your Personal Data for the following purposes:

Contractual Purposes – We need to be able to provide you our products and services

Luxottica processes your Personal Data for the purposes necessary for the provision of services and products offered through the Website, and in particular for the following Contractual Purposes:

-To allow you to register to the Website and create your own account;

-To provide the services available through the Website (e.g. management of the registration process and access to the account, account management, the reminder for products in the shopping cart, etc.);

-To manage the sale of products and online orders, and to supply products and services;

-To process payments and e-payments, also with reference to invoicing obligations;

-To provide sales and after-sales services (including, for example, fraud prevention, returns, guarantee warranty and customer support), also sending to users operational communications related to the supply of the service or products, sales and after sales assistance;

-To fulfil the user’s requests (e.g. management of requests for information, [booking of eyesight checks], providing the “share with a friend” feature, to notify you with the “back in stock” feature, etc.);

-To permit you to join Luxottica engagement programs;

-To allow you to participate in contests, prize competitions and initiatives promoted by Luxottica.

The data processing activities for Contractual Purposes are necessary for the provision of products and services required. If you don’t want your Personal Data to be processed for such purposes, it will not be possible for Luxottica to provide the required products and services.

Law Purposes – We need to ensure compliance with legal obligations

Luxottica can process your Personal Data to ensure compliance with legal obligations, and in particular for the following Law Purposes:

-To comply with the requirements of the laws, regulations, protocols and national and EU legislation;

-To implement the decisions of public Authorities.

The data processing activities for Law Purposes are necessary as they are required by applicable laws. If you don’t want your Personal Data to be processed for such purposes, you cannot use the Website.

Marketing Purposes – You can decide whether we can use your personal data for our marketing related activities

Luxottica processes, with your prior consent, your Personal Data, for the following Marketing Purposes:

-To send commercial and promotional communications and periodical updates (e.g. via e-mail, phone, SMS/MMS, postal service, social network and newsletter) related to Luxottica's products, services, initiatives and events. Furthermore, according to Article 130(4) of the Italian Privacy Code, if you already are a Luxottica customer, Luxottica may send you commercial communications via e-mail on similar products, events and services already provided to you, unless you object to such a processing at the time of the collection and on the occasion of each message. Indeed, you may opt out at any time by following the instructions available in each communication;

-To carry out statistical analyses on the customer audience.

The data processing activities for Marketing Purposes are discretionary subject to either your prior consent or your objection in the circumstances of the above-mentioned Article 130(4) of the Italian Privacy Code. You may freely decide not to provide Personal Data for the Marketing Purposes, as well as you may subsequently withdraw your consent to process the Personal Data already provided: in this case Luxottica will not send you marketing communications to update you on offers and promotions on Luxottica products, services and initiatives.

Segmentation and Profiling Purposes – You can decide whether you want marketing communications better tailored on your needs

If you provided your consent to the processing of your Personal Data for Marketing Purposes, Luxottica may process your Personal Data for Segmentation Purposes to analyze your Personal Data related to spending volume, product category, date of birth and methods of purchase in connection with activities performed for Marketing Purposes. This activity is carried out by Luxottica on the basis of Luxottica’s legitimate interest to provide a service in line with your needs, adequately balanced with your rights given the limited amount of processed Personal Data. The processing of Personal Data for Segmentation Purposes falls among the Legitimate Interests Purposes for which we refer to following paragraph.

In case you consented to install cookies and other technologies with the banner prompted to you on our website, additionally to what is stated above, Luxottica processes your Personal Data for Profiling Purposes to analyze your interests and preferences, including browsing data with specific reference to pages consulted and products viewed on the Website, in order to offer personalized services and send targeted marketing communications on this basis.

This activity is carried out by Luxottica on the basis of Luxottica’s legitimate interest to provide a service in line with your needs, adequately balanced with your rights given the consent provided through the cookie banner and in line with our Cookie Policy. This activity will help Luxottica to provide you with offers more in line with your profile. The legitimate interest can be found in the need of Luxottica to optimize the marketing communications and it is balanced by the need to provide You with information that we consider relevant for you.

Legitimate Interest Purposes – Luxottica’s and your rights are adequately balanced, unless you object to it

In addition to the processing for Segmentation and Profiling Purposes, Luxottica also processes your Personal Data for additional Legitimate Interest Purposes and, in particular,:

-To exercise or defend legal claims in court proceedings or in an administrative or out-of-court procedures relating to the rights of Luxottica, of its group companies and/or of their representatives, shareholders, officers and directors;

-To enable the technical management of the Website and its operational functions, including solving any technical problems, to perform tests, updates and upgrades that cannot be performed through non-personal data;

-To prevent or identify fraudulent activities or misuses of the Website or against the Luxottica group and/or the users of the Website;

-To complete a potential merger, sale of assets, transfer of all or a material part of its business, or financing transaction by disclosing and transferring the Personal Data to the third party or parties involved in the transaction as part of the transaction;

-To conduct, surveys and market researches relating to Luxottica’s products and services by post, telephone or e-mail;To anonymize Personal Data in order to perform statistical analysis.

Purposes is carried out pursuant to article 6, letter f) of the GDPR, for the pursuit of Luxottica’s legitimate interest, which is adequately balanced with your interest since the data processing is performed within the limits strictly necessary to perform such economic activities. Such data processing activity is not mandatory and you can object to such data processing at any time through the modalities as per this Data Protection Policy. In such case no data processing will be carried out by Luxottica for such purposes, except in case where Luxottica demonstrates the existence of legitimate prevailing arguments or the exercise of a Luxottica's right pursuant to Section 21 of the GDPR.

The processing of your Personal Data is carried out, electronically and manually, only within the limits necessary to pursue the purposes outlined above.

Luxottica undertakes to protect users’ Personal Data. Luxottica advises that the password is one of the protection mechanisms of the account. Therefore users are invited to use a password sufficiently secure and stored in a safe place, limiting access to it on their own computers and browsers, disconnecting it after having visited the Website. All Personal Data provided for by users is kept on secure servers, adopting adequate security measures to protect Personal Data from non-authorized access, to maintain the accuracy of Personal Data and guarantee the proper use of information. Furthermore, a secure system for authorizing credit card payments and identifying fraudulent activities is used. Luxottica uses the standard SSL (Secure Sockets Layer) to protect the confidentiality of your Personal Data.

Luxottica may communicate your Personal Data to:

-third parties service providers entrusted with processing activities that provide services or assistance and advice to Luxottica, with special - but not exclusive - reference to technology, accounting, administrative, legal, insurance, IT, marketing, data analysis matters;

-companies of the Luxottica group;

-persons and authorities whose right to access personal data is recognized by law, regulations or provisions issued by legally empowered authorities;

-potential purchaser of Luxottica and the entities resulting from mergers or any other transformation involving Luxottica and competent authorities.

The abovementioned recipients will process your Personal Data as data controllers, data processors or persons in charge of processing, depending on the circumstances. A complete list of data processors is available, upon request to Luxottica, through the modalities as per this Data Protection Policy.

Luxottica may transfer your Personal Data to the recipients listed above, also located outside of the European Union and, in particular, in the United States. For transfers from EU to countries not considered adequate by the European Commission, Company has put in place appropriate and suitable safeguards to protect the Personal Data. Accordingly, Personal Data are transferred in compliance with the requirements and the obligations provided by applicable data protection laws as per Articles 44 et seq. of the GDPR. For further information with regard to the appropriate or suitable safeguards and the means by which to obtain a copy of them, the user can contact Luxottica with the modalities as per this Data Protection Policy.

Luxottica retains Personal Data for the time strictly necessary to achieve the purposes for which Personal Data were collected and further processed, including any retention period required under the applicable legislation.

Luxottica will process your Personal Data for Contractual and Legitimate Interest Purposes for the duration of the contract (in case of an account created on the Website, of a purchase, or in relation to services provided by Luxottica) and for 10 years from the completion of the sale or of the provided service.

Personal Data processed for Law Purposes will be stored for the period strictly necessary to comply with applicable laws.

Furthermore, for Marketing and Profiling Purposes, including Segmentation Purposes, Personal Data will be processed for 7 years from the last purchase and/or from the last contact with you (e.g. subscription to a prize competition, participation to an event, opening of a newsletter), notwithstanding the right to withdraw the consent provided or object to the processing at any time.

The personal data processing highlighted in this policy is not intended for minors of 16 years.

If any Personal Data about minors is unintentionally recorded, Luxottica will provide to cancel it in a timely manner, upon request of the users.

Luxottica is the manufacturer and distributor of RAY-BAN STORIES and any information you provide to Luxottica in connection with your purchase of RAY-BAN STORIES is subject to Luxottica’s terms and policies. Luxottica share and receive information with Facebook to manage your customer service requests related to RAY-BAN STORIES; for example, Luxottica may share with Facebook your name, email address and information about the issue you are experiencing, and Facebook share with Luxottica information to help resolve the issue, such as steps to resolve a problem with your Facebook account. Luxottica does not collect information directly from your use of RAY-BAN STORIES and the App.

At any given time, you can exercise the following rights:

a) To obtain from Luxottica confirmation of the existence of Personal Data and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;

b) To request the erasure, anonymisation or restriction of the processing of Personal Data processed in breach of the applicable laws;

c) To object in whole or in part, on legitimate grounds, to the processing of the Personal Data;

d) To withdraw the consent to the processing of the data (if and to the extent such a consent is necessary);

e) To request Luxottica to limit the processing of the your Personal Data where:

• You contest the accuracy of the Personal Data until Luxottica has taken sufficient steps to correct or verify its accuracy;
• The processing is unlawful but you do not want us to erase the your Personal Data;
• Luxottica no longer needs the your Personal Data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
• You have objected to processing justified on legitimate interests, pending verification as to whether Luxottica has compelling legitimate grounds to continue processing;

f) To object to the processing of your Personal Data in case of processing based on legitimate interest, unless Luxottica demonstrates the existence of compelling legitimate grounds for the processing or for the establishment, exercise or defence of legal claims;

g) To request the erasure of the your Personal Data without undue delay;

h) To receive an electronic copy of the your Personal Data, if you would like to port your Personal Data to yourself or a different provider, when Luxottica is relying upon your consent or the fact that the processing is necessary for the provision of the services and the Personal Data is processed by automatic means; and

i) To lodge a complaint with the relevant data protection supervisory authority.

According to article 2-terdecies of the Privacy Code, in case of the user’s death, the above mentioned rights may be exercised by another person entitled (the "Successor") who has its own interest or acts as user’s mandatory or family reasons that need to be protected exist. The user may expressly avoid the exercise of some of the above mentioned rights by the Successor submitting a request to the e-mail address indicated below. The user may, in any time, withdraw or modify such declaration with the same modalities.

You can exercise your rights above, at any time, by clicking here . Luxottica will respond within a reasonable time frame (and, in any case, within the limits of applicable law), after verifying users’ identity.

Furthermore, Luxottica offers tools to users to update and amend the Personal Data. Indeed, every registered user may access his/her own information and update it (e.g. through user account). Besides, it is also possible for users to modify and update their preferences on how they wish to receive e-mails or other communications from Luxottica. Users may also request that their information on their account is deleted.

The Data Controller of the processing of your Personal Data is Luxottica Group S.p.A., with registered office in Piazzale Luigi Cadorna, 3, 20123 Milan, Italy. Should you have questions or comments on this Data Protection Policy or on any data processing carried out by Luxottica, Luxottica may be contacted through the link available in the previous paragraph.

For legal and/or organizational reasons, this Data Protection Policy may undergo changes. We suggest, therefore, to check this Data Protection Policy regularly and to refer to the latest version of it. In any case, changes will be notified in advance and an updated version of the Data Protection Policy will be always available on the Website.

If you have questions or wish to contact us about this Policy, please direct inquiries to:

Privacy Officer

Luxottica Retail North America, Inc.

4000 Luxottica Place

Mason, Ohio 45040

Phone: 513-765-4321

Email: privacyoffice@luxotticaretail.com