With this privacy notice, we, EyeMed Vision Care Europe S.r.l., as data controller (“Controller” or “Company”), inform you about which personal data we collect when you visit our website (“Site”) or use the related services, why we collect them, and how we use them.
Personal data means any information relating to you, in particular your name and your contact details such as your home address, telephone number, or email address.
Please take the time to read this privacy notice carefully. It is very important that you fully understand how we handle your personal data and how we protect your privacy.
Our contact details are: EyeMed Vision Care Europe S.r.l., Piazzale Luigi Cadorna n. 3, 20123, Milan, Italy. The Controller can be contacted via mail hello@eyemedinternational.com or via company’s certified email (PEC) eyemedvisioncareeurope@unipec.com.
If you have any questions regarding the processing of your personal data, you can contact us any time via e-mail at: privacy@eyemedinternational.com.
HOW AND WHICH PERSONAL DATA WE COLLECT
The personal data we collect depends on how you interact with us, as well as on the purpose of the processing of your personal data, as described in this Privacy Notice, and is limited to data that is relevant and appropriate for the specific processing.
Source of your personal data
Your personal data is collected directly from you.
Personal data processed
For the purposes indicated in this Privacy Notice, the Controller will process the following personal data:
Data voluntarily provided by you: we collect the data you voluntarily provide when you contact us for requests, feedback, or complaints through our contact form available in the "Contact Us" section of the Website or via any of our contact channels (e.g., certified email [PEC], email address, etc.). In particular, the Controller will process personal and contact data (e.g., first name, last name, country of residence, email address), including any additional data you voluntarily provide when contacting us (e.g., phone number).
Browsing data: the computer systems and software procedures used to operate the Website may acquire, during their normal operation, certain personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of the devices used by users who connect to the Website, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the user's operating system and IT environment.
These data are used solely for the purpose of obtaining anonymous statistical information about the use of the Site, ensuring its proper functioning, enabling the correct provision of the various features you request, and to ascertain potential liability in the case of hypothetical cybercrimes affecting the Site or third parties.
For more information on the use of personal data collected through cookies, we invite you to carefully read our Cookie Policy available here.
If you only wish to visit our Site, only browsing data will be processed in accordance with this Privacy Notice and the Cookie Policy.
HOW WE USE THE PERSONAL DATA WE COLLECT
We use your personal data only within the limits authorized by applicable laws and regulations. In any case, you will not be subject to any decision based solely on automated processing that may produce legal effects concerning you or similarly significantly affect you.
We use your personal data for the following purposes and based on the following legal bases:
i. To allow you to browse the Website and to provide the web services and functionalities you request. This processing is necessary for the performance of a contract or of pre-contractual measures taken at your request.
Providing personal data for this purpose is necessary to enable you to browse the Website and access its related services and functionalities; failure to provide such data may result in the inability to properly browse the Website and use its services and functionalities.
ii. To verify the correct functioning of the Website, its web services and functionalities, and to ensure adequate security of the Website. This processing is based on the legitimate interest of the Controller in monitoring the correct functioning of the Website, including its web services and functionalities, and in ensuring adequate protection against potential cybercrimes.
iii. To manage your requests, feedback, and/or complaints received through the form in the "Contact Us" section of the Website and/or via the contact details provided on the Website. This processing is necessary for the performance of a contract or pre-contractual measures taken at your request.
Providing personal data for this purpose is necessary to manage and respond to your requests, feedback, and/or complaints; failure to provide your personal data will prevent the Controller from managing and responding to your requests, feedback, and/or complaints.
iv. To exercise or defend our rights in judicial or extrajudicial proceedings, as well as the rights of our group companies and/or our representatives, shareholders, officers, and directors in relation to your use of the Website. This processing is necessary for the legitimate interest of the Controller in exercising or defending its rights.
HOW LONG WE RETAIN THE PERSONAL DATA WE COLLECT
We retain your personal data only for as long as necessary to achieve the purposes for which it was collected, or for any other legitimate related purpose. Therefore, if your personal data is processed for two different purposes, we will retain such data until the purpose with the longer retention period ends. In any case, we will no longer process personal data for the purpose whose retention period has expired.
Personal data that is no longer needed, or for which there is no longer a legal basis for retention, will be irreversibly anonymized (and thus may be retained) or deleted.
The retention period of your personal data, depending on the purpose, is indicated in the following table:
Purpose of Processing | Retention Period |
To allow you to browse the Website and to provide the web services and functionalities you request | Browsing data is deleted after 7 days, unless required for crime detection by judicial authorities. |
To verify the correct functioning of the Website, its web services and functionalities, and to ensure adequate Website security | Browsing data is deleted after 7 days, unless required for crime detection by judicial authorities. |
To manage your requests, feedback, and/or complaints received through the “Contact Us” form or via our contact details listed on the Website | The data processed is retained for the time necessary to manage and handle the request, feedback, or complaint and, in any case, for no longer than 2 years. |
To exercise or defend our rights in judicial or extrajudicial proceedings | Data processed for legal defense purposes is retained for the period in which any claims may be legally pursued (i.e., for the entire duration of the pre-litigation and litigation phases, until all deadlines for filing appeals have expired). |
CATEGORIES OF DATA RECIPIENTS
For the performance of certain processing activities, your data may be shared with external entities acting either as independent data controllers or as data processors acting on behalf of the Data Controller. In cases where personal data is processed by entities acting on behalf of the Data Controller, such processing is regulated through a contract pursuant to Article 28 of the GDPR, which provides the processor with specific instructions on how to handle personal data. We require any third-party provider to undergo strict vetting and to implement appropriate safeguards to ensure the security and confidentiality of your personal data.
Please note that we may share your personal data with the following categories of recipients:
other companies of the EssilorLuxottica Group, for our internal administrative purposes;
analytics service providers;
hosting service providers;
IT service providers and website management and maintenance providers;
third-party companies or businesses in the event of an acquisition, merger, partnership, or sale of the Company or its assets;
law firms, where necessary to protect our rights;
authorities and institutions legally entitled to access the data pursuant to statutory provisions or regulations (e.g., public security authorities and law enforcement, judicial authorities, etc.).
DATA TRANSFER ABROAD
The Data Controller stores data on servers located within the European Union.
The Data Controller may transfer your data to other EssilorLuxottica Group companies located outside the European Union, in countries for which the EU has not issued an Adequacy Decision. In such cases, the transfer is based on the standard contractual clauses referred to in Article 46(2)(c) of the GDPR.
If the Data Controller, due to requirements related to the location of its suppliers or business partners, needs to transfer data outside the European Union to countries for which the European Commission has not issued an Adequacy Decision, it undertakes to ensure adequate levels of protection and safeguards—also of a contractual nature—in accordance with applicable regulations. This includes the execution of standard contractual clauses pursuant to Article 46(2)(c) of the GDPR, potentially supplemented by additional technical, legal, and organizational measures necessary to ensure that the level of personal data protection is equivalent to that of the European Union.
HOW WE PROTECT YOUR PERSONAL DATA
The Data Controller has implemented measures to protect your personal data from unauthorized access, as well as from unauthorized use or disclosure. The Data Controller adopts, among others, the following measures:
We implement and maintain sophisticated technical measures to ensure that your personal data is processed with complete confidentiality and security;
We implement and maintain appropriate restrictions on access to your personal data and monitor access, use, and transfer of your personal data;
All our employees who have access to your personal data are subject to non-disclosure agreements or similar, which require them to comply with our personal data confidentiality requirements;
We require any third-party business partner and service provider with whom we may share your personal data to comply with the applicable data protection regulations, including confidentiality obligations;
We regularly provide privacy training sessions to our employees who have access to personal data.
RIGHTS OF THE DATA SUBJECT
Under the GDPR, you will always have the possibility to exercise the following rights regarding the processing of your personal data:
The right to receive confirmation that personal data is being processed and to access its content (right of access);
The right to update, modify, and/or correct personal data (right to rectification);
The right to request the deletion of data (right to erasure);
The right to request the restriction of data processing (right to restriction);
The right to withdraw, at any time, consent given, without affecting the lawfulness of the processing prior to the withdrawal (right to withdraw consent);
The right to receive a copy of the data in electronic format and request that such data be transmitted to another data controller (right to data portability);
The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Additionally, you may object at any time, for reasons related to your particular situation, to processing based on the legitimate interest of the Data Controller. Furthermore, where applicable, you may object to processing for marketing purposes, including profiling related to such marketing (right to object).
If you exercise any of the aforementioned rights, it is the responsibility of the Data Controller to verify that you are entitled to exercise it, and you will generally receive a response within one month.
We are committed to enabling you to exercise your rights: to do so, you can contact us at the details provided at the beginning of this Privacy Notice.
To exercise your rights, you can contact:
The Data Controller at the following email address: hello@eyemedinternational.com;
The DPO at the following email address: privacy@eyemedinternational.com.
If you believe that the processing of your personal data is in violation of the applicable data protection regulations, you have the right to file a complaint with the competent Supervisory Authority (in Italy, the Italian Data Protection Authority - www.garanteprivacy.it).
CHANGES TO THIS PRIVACY POLICY
Our Privacy Policy is periodically reviewed to ensure its ongoing compliance with applicable regulations, particularly with respect to data protection.
Last update: April 2025