The Sunglasshut.com website is managed by Luxottica Group S.p.A., in its quality of Data Controller in the processing of the personal data outlined herein. This policy illustrates how Luxottica, directly or through its subsidiaries, processes personal data information of the users of the Website according to art. 13 of the Italian Legislative Decree no. 196/2003 and art. 13 of the EU General Data Protection Regulation 2016/679 and how this information is used, shared and how may be accessed, changed or deleted. As proof of its commitment towards privacy, Luxottica has defined this policy within the wider scope of a global management model on privacy, to ensure total compliance with privacy as the foundation of Luxottica’s company culture. All personal information supplied by you through this Website is used exclusively for the objectives described below.
2. SOURCE AND TYPE OF PERSONAL INFORMATION
Luxottica processes different types of information on the user collected from different sources, such as:
- information provided directly by the user;
- information obtained from automatic tracking systems when using the Website and its services.
More specifically, Luxottica may process the following identification personal data of the user:
- Information provided by the user during the registration process or when completing the order (e.g. name and surname; e-mail address; password; gender; country (nation); postal address and phone numbers for deliveries, credit card and financial information. Luxottica may also ask the user to provide some information if problems with our service on the Website are reported;
- Information relating to the user’s social network profile, if public and if the user decides to log in to the Website through social network applications or to link his/her Luxottica account to the user’s public profiles available on social networks, and share his/her actions through the Website on those channels via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.), some data published by the user on his/her social network will be collected by the Website and processed for the corresponding functions. The use of the said plug-in entails sharing the corresponding actions and information on the related social networks;
- Information relating to the use of the Website by the user. For security purposes we process the log files related to each session when the user logins into his/her account, as well as information on payment transactions that will be processed through our provider;
- Navigation information. When the user surfs the Website, Luxottica uses some technologies (cookies, see below for more information) that automatically collect certain items of information relating to the way in which the user uses our products and services, such as the IP address or other unique code of the device (computer, mobile or other devices) employed by the user to browse the Website, identification as registered user or not, technical information that may include the URL from where a user originates, browser information, language. This information helps us to continuously improve the browsing experience and the mechanisms of purchase of our products and services, and to monitor the correct operations of the Website. This information only includes statistical data relating to the actions performed by the user, and is not intended to be associated with the user’s identifying data. However, Navigation data may identify you, only when matched with your identification personal information;
- Image provided by the user (both registered and unregistered users), if he/she takes part in the Virtual Try-On experience and he/she authorizes the storage of his/her image in Luxottica’s servers
All the identification data abovementioned are hereinafter jointly defined “information”.
3. PURPOSES OF THE PROCESSING
3.1 Contractual purposes
Save for the Prescription Information, the information collected by Luxottica are used for the following contractual purposes without prior users’ consent according to art. 24 Italian Privacy Code and art. 6 GDPR:
- to allow users’ to register to the Website;
- to provide the services available through the Website (e.g. management of the registration process and access to the account, account management);
- to take part to the Virtual Try-On experience and to register, upon users’ request, his/her image in Luxottica’s servers;
- to manage online orders, to supply products and services, to process payments and e-payments, to transmit orders, products, services;
- for the technical management of the Website and its operational functions (including logistics), including solving any technical problems, statistical analysis, tests and research;
- to prevent or uncover fraudulent activities or misuse that is damaging to our website or threatening the security of the transactions;
- to comply with the requirements of the laws, regulations, protocols and national and EU legislation;
- for the implementation of decisions of public Authorities;
- to protect the safety of an individual;
- for Luxottica’s defence in court, for example, in case of violations by the web-users, or in order to protect the rights and the property of Luxottica;
- to fulfil the user’s requests (e.g. management of requests for information);
- to send to users operational communications related to the supply of the service or products, sales and after sales assistance.
3.2 Marketing purposes
The information collected by Luxottica are used, for the following marketing purposes with users’ prior consent according to Article 23 Italian Privacy Code and art. 7 GDPR:
- to participate in and manage promotions and contests as available from time to time on the Website, if any;
- to send commercial and promotional communications and periodical updates (e.g. via e-mail, phone, SMS/MMS, postal service, social network and newsletter) related to Luxottica's products, services, initiatives and events;
- for the purpose of conducting, by post, telephone or e-mail, statistical analyses, surveys and market research relating to Luxottica’s products and services.
Furthermore, according to art. 130, c. 4 of the Italian Privacy Code, if the user is already our customer, Luxottica may send him/her commercial emails on similar products, events, fairs and services already provided by Luxottica. The users may opt out at any time by following the instructions available in every communication.
4. Processing modalities
The processing of users’ information is made only within the limits necessary to pursue the purposes outlined above and is carried out by means of operations indicated in Article 4 Italian Privacy Code and 4 GDPR and namely: collection, registration, organisation, storage, consulting, processing, modification, selection, extraction, comparison, use, interconnection, access and communication, blocking, erasure and destruction of the data. Users’ data is processed electronically and manually through the Website and the servers in which it is stored.
5. Categories of persons who can access information
Any personal information given or collected by connecting to the Website will be processed by Luxottica as Data Controller. Personal information will be processed by the Luxottica staff deputed to the processing of the personal information being collected:
- employees and consultants authorised to manage the Website and supply the related services (e.g. customer services, management of Luxottica Computer Systems, management of IT sytems, storage of images in case the users take part in the Virtual Try-On experience, etc.), in their quality of persons in charge of the processing and/or systems administrators and/or internal data processors;
- employees and consultants in the marketing, finance, administration, accounting and other relevant department of Luxottica, in their quality of persons in charge of the processing and/or internal data processors.
- suppliers of services to manage the Computer Systems and the Website (e.g. hosting providers, market and analyst service providers, database management and maintenance services);
- suppliers of online payment services, who may access; credit card information and other user’s financial information;
- suppliers of order entry related services, shipping of products and/or other services available through this Website;
6. Third parties to which information can be communicated
In addition, user’s information may be communicated to third parties for the following reasons:
- to permit to third companies a merger, acquisition or sale of all or part of Luxottica’s assets;
- to fulfill the obligation provided by the law, regulations, protocols and national and EU legislation;
- to implement laws required by public Authorities;
- to allow Luxottica’s defence in court, for example, in case of violations by the web-users.
The said parties shall process the information in their quality of autonomous data controllers.
7. Data transfer outside the EU
8. Nature of providing personal information and the consequences of the refusal
Luxottica undertakes to protect users’ information. Luxottica advises that the password is one of the protection mechanisms of the account, therefore users are invited to use a password sufficiently secure and stored in a safe place, limiting access to it on their own computers and browsers, disconnecting it after having visited the site. Luxottica undertakes to protect the information received from users. All personal information supplied is kept on secure servers and within its internal systems. Luxottica uses adequate safety measures to protect information from non-authorised access or non-authorised changes, and from the circulation or distribution of data. To prevent non-authorised access, to maintain the accuracy of the data and guarantee the proper use of information, Luxottica uses adequate physical, electronic and managerial procedures to safeguard and protect the information and data stored in our system. Information on purchase transactions (e.g. credit card number) is handled securely through selected suppliers that guarantee that they have adopted the most adequate security measures. Furthermore, a secure system for authorising credit card payments and identifying fraudulent activities is used. Luxottica uses the standard SSL (Secure Sockets Layer) to protect the confidentiality of your personal information. Although no computer system is completely secure, Luxottica believes that the measures it has implemented reduce the possibility of security problems to an appropriate level for the type of data involved.
- the purposes for which they were collected;
- the consent received from the user;
- applicable privacy regulations
Personal information is kept and deleted in accordance with Luxottica security policy for the time necessary to achieve the purposes for which data were collected and further processed, including any retention period required under the applicable legislation (e.g. retention of accounting documentation). Luxottica will process users’ information for contractual purposes (section 3.1 a-d) for 10 years after the termination of the contract, but Prescription Information will be held for 10 years from the date of the purchase of the prescription glasses the Website when the Prescription Information was provided; for Virtual Try-On experience (section 3.1. e) for 14 days from the storage of the image, in case of unregistered user, or for a maximum of 24 months from the storage of the image in case of registered users; for 24 months for marketing purposes from the collection of the said information. Users’ information is processed at the premises of Luxottica and in the places where the servers are located. In case of EU citizens, the servers are based in EU, while of the other users servers are based in their relevant country of residence. For further information, contact Luxottica to the details below.
(1) About Cookies
A cookie is a small file, typically of letters and numbers, downloaded on to a device when the user accesses certain websites. Cookies allow a website to recognise a user’s device and track users as they navigate different pages on a website and to identify users returning to a website. Cookies do not contain any information that personally identifies you, but personal information that we store about you may be linked, by us, to the information stored in and obtained from cookies.
For more information see: https://www.allaboutcookies.org/
1.a) Sessions and persistent cookies
Cookies can expire at the end of a browser session (from when a user opens the browser window to when they exit the browser) or they can be stored for longer.
- Session cookies – allow websites to link the actions of a user during a browser session. These session cookies expire after a browser session so would not be stored longer term. For this reason session cookies may be considered less privacy intrusive than persistent cookies.
- Persistent cookies – – are stored on a users’ device in between browser sessions which allows the preferences or actions of the user across a site (or in some cases across different websites) to be remembered.
1.b) First and third party cookies
Whether a cookie is ‘first’ or ‘third’ party refers to the website or domain placing the cookie.
- First party cookies in basic terms are cookies set by a website visited by the user / the website displayed in the URL window.
- Third party cookies are cookies that are set by a domain other than the one being visited by the user. If a user visits a website and a separate company sets a cookie through that website this would be a third party cookie.
On this website we use:
1.) Session cookies:
|Pagevisited||Used for maintaining catalog browsing state on the site, primarily for drawing appropriate brand/style banners.|
|Facets||Used for maintaining facet application history during catalog browsing on the site primarily for drawing appropriate brand/style banners.|
|WC_USERACTIVITY_139268||This is a user session cookie that flows between the browser and server over both SSL or non-SSL connection. It is used for user identification over non-SSL connections. It contains user session values such as login timeout, session identifier, etc.|
|WC_AUTHENTICATION_ID||This is a user session cookie used to manage authentication data. An authentication cookie flows only over SSL. For increased security it has a timestamp with a signature. This cookie is used to authenticate the user over SSL-connections.|
|WC_PERSISTENT||This is a user session cookie to maintain persistence of either a guest or registered user across a session.|
|WC_ACTIVEPOINTER||This cookie contains the value of the store ID of the session. This value is used to select the store to execute the command, if one is not specified on the URL.|
|WC_SESSION_ESTABLISHED||This cookie is created on the first request processed, for example a non-cache request.|
|JSESSIONID||Generated when the user's HTTP session is created, and maintained throughout the session.|
|WC_TIMEOFFSET||Utilised to accurately display order placed/updated dates to the user.|
|PRICEMODE||Utilised to display appropriate pricing information to the user.|
|S_SESS||Utilised to track the user session data for web analytics.|
2) Persistent cookies:
|_utma||This cookie keeps track of the number of times a visitor has been to the site pertaining to the cookie, when their first visit was, and when their last visit occurred.|
|__utmxx||Cookie set by Google Analytics for A/B testing activities.|
|__utmx||Cookie set by Google Analytics for A/B testing activities.|
|LuxPFTracker||This cookie keeps track order information (Product Number, Brand, UPC, Country) to be used by third party agency.|
|UTAG_MAIN||Used to track general and page specific analytic data.|
We may use the information we obtain from your use of our cookies for the following purposes:
(1) to recognise your computer when you visit our website;
(2) to track you as you navigate our website;
(3) to improve the website’s usability;
(4) to analyse the use of our website;
(5) in the administration of this website;
(6) to prevent fraud and improve the security of the website;
(7) to personalise our website for you
(3) Blocking/Managing cookies
You may configure your browser to accept all cookies, reject all cookies, or notify you when a cookie is set. Each browser is different, so check the "Help" menu of your browser to learn how to change your cookie preferences.
(1) in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector;
(2) in Firefox you can block all cookies by clicking “Tools”, “Options”, and un-checking “Accept cookies from sites” in the “Privacy” box.
Blocking all cookies will, however, have a negative impact upon the usability of many websites. If you block cookies, you will not be able to use login/account and facet application features on this website.
(4) Deleting cookies
You can also delete cookies already stored on your computer: check the "Help" menu of your browser.
(1) in Internet Explorer, you must manually delete cookie files (you can find instructions for doing so at https://support.microsoft.com/kb/278835);
(2) in Firefox, you can delete cookies by, first ensuring that cookies are to be deleted when you “clear private data” (this setting can be changed by clicking “Tools”, “Options” and “Settings” in the “Private Data” box) and then clicking “Clear private data” in the “Tools” menu.
(5) Contact us
This website is owned and operated by Luxottica Retail UK Ltd.
If you have any questions about our cookies or this cookies policy, please contact us by email firstname.lastname@example.org or by post Sunglass Hut c/o GSI Commerce, Unit 26 Broad gate, Broadway Business Park, Chadderton, Oldham, Greater Manchester, OL9 9XA
12. Underage users’ data
This Website is not intended for minors of 18 years and Luxottica does not intentionally collect personal information from them.
If any information about minors is unintentionally recorded, Luxottica will provide to cancel it in a timely manner upon request of the users
13. Data subject’s rights in relation to personal information
According to art. 7 Italian Privacy Code, the users have the right to obtain from Luxottica the confirmation about the existence of personal data referring to them and their communication in an intelligible form; users can also ask to know the source of data; the purposes and modalities of the processing; users can also obtain an update, correction or integration of data. Moreover, users may, at any time, revoke their consent, requesting the interruption of the processing, the deletion, anonymization or the block of the information being processed. Users may refuse, fully or partially, the processing: a) for legitimate reasons on the processing data concerning them; b) for the purpose of sending advertising material or for carrying out market researches or commercial communications.
In addition to the above, as from 25 May 2018, Users have also the rights referred to in articles 16-21 GDPR (right of confirmation, right to be forgotten, right of processing limitation, right of data portability, right to object) and the right to complain to the Supervisor Authority.
Furthermore, Luxottica offers tools to users to update and amend the personal information given. Indeed, every registered user may access his/her own information and update it (e.g. through user account). Besides, it is also possible for users to modify and update their preferences on how they wish to receive e-mails or other communications from Luxottica. Users may also request that their information on their account is deleted. In order to exercise the rights above and to request information , users may click here or contact us at email@example.com . Luxottica will respond within a reasonable time frame (within the limits of applicable law), after verifying users’ identity.
14. Contact information
15. Data Protection Officer
17. Links to third party websites