Data protection notice for Infield Safety GmbH

- EssilorLuxottica and your personal data -

Understanding why and how EssilorLuxottica uses your personal Data processed

Last update: 27/ 01 / 2025

Contents

1. INTRODUCTION

   1. Who are we?

   2. What is the purpose of this privacy notice?

   3. What is this privacy notice about? Important definitions

2. WHERE DOES THE PERSONAL DATA COME FROM?

3. WHAT PERSONAL DATA CAN WE PROCESS ABOUT YOU?

   1. Categories of personal data

   2. Processing of sensitive data

4. WHY DO WE PROCESS YOUR PERSONAL DATA?

5. HOW DO WE PROCESS YOUR PERSONAL DATA?

   1. How do we process your personal data?

   2. We share your personal data with other affiliated companies in the Group

   3. Will your personal data be passed on to third parties?

   4. Is your personal data transferred across borders?

   5. How long do we your personal data?

   6. We keep your data secure, up-to-date and correct

6. HOW DO WE PROTECT YOUR PERSONAL DATA?

7. YOUR RIGHTS

8. HOW CAN YOU CONTACT US?

   1. CONTACT DETAILS OF THE CONTROLLER RESPONSIBLE FOR PROCESSING

   2. CONTACT DETAILS OF THE DATA PROTECTION OFFICER

9. HOW CAN YOU FOLLOW THE CHANGES TO THIS PRIVACY NOTICE?

1. ‌INTRODUCTION

   1. ‌Who are we?

      EssilorLuxottica, a public limited company under French law with its registered office at 1-6 rue Paul Cézanne, 75008 Paris, France, registered in the trade and companies register of Créteil under of number 712 049 618 ;

      
      

      Essilor International, a public limited company under French law, with registered office at 1147 rue de Paris, 94220 Charenton-le-Pont, FRANCE, registered with the Trade and Companies Register of Créteil under number 439 769 654, as part of the EssilorLuxottica Group;

      
      

      Luxottica Group S.p.A., a public limited company under Italian law, with registered office in Piazzale Cadorna No. 3 - 20123 Milan, Italy, as part of the EssilorLuxottica Group;

      
      

      And

      
      

      Infield Safety GmbH, a corporation under German law with its head office at Nordstraße 10a, 42719 Solingen, Germany, as part of the EssilorLuxottica Group.

      
      

      If Infield Safety GmbH is the party that determines the purposes and means of the processing, it is the controller of your personal data.

      In certain cases, Infield Safety GmbH may also be jointly responsible with other companies for the processing of your personal data ("joint controllers"): This means that in such cases Infield Safety GmbH is jointly responsible with these companies for deciding on the purposes and means of processing.

      
      

      Hereinafter collectively referred to as "we", "us" or "EssilorLuxottica. We are bound by data protection legislation and this privacy notice.

   2. ‌What is the purpose of this data protection notice?

      We, our affiliated companies and our brands attach particular importance to the processing, confidentiality and security of your personal data.

      
      

      The purpose of this Privacy Notice to inform you in a clear, simple and complete manner about the processing of the personal data that you provide to us or that each of our subsidiaries/brands may collect in the various contacts you have with us (e.g. in the store, customer care, websites, services, events, social networks, etc.), about their possible disclosure to third parties, as well as about your rights and the options you have to control your data and protect your privacy, in accordance with applicable legislation.

      
      

      We may update this privacy notice at any time, but if we do, we will provide you with an updated version of this notice as soon as we are able to do so.

      
      

      We may provide you with different or additional privacy notices in connection with certain activities, programs and offers.

      We may also provide additional "just-in-time" notices that supplement or clarify our privacy practices or provide you with additional choices regarding your personal information.

      
      

      Our websites contain links to websites and/or applications that are operated and maintained by third parties. Please be aware that we have no control over the privacy practices of websites or applications that are not owned by us. EssilorLuxottica encourages you to read the privacy notice of these third parties (see point 5.3.c.d).

      
      

   3. ‌What is this privacy notice about? Important definitions

      
      

      For the application and interpretation of this Privacy Notice, the following terms and expressions, the first letter of which appears in capital letters, shall have the meaning assigned to them below:

      
      

      Personal data//Personal information	Any information relating to an individual (the data subject) by which that person can be identified, directly or indirectly (name, contact details, identification number, etc.). The categories of personal data that we may process are set out in this Data protection notice.
      Applicable legislation	Refers to all laws, regulations, directives, decrees at local, national or supranational level on data protection or others that directly or indirectly affect the processing of personal data. have an impact.
      Processing of personal data	Any operation or set of operations which is performed on your personal data, such as collection, recording, organization, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, restriction, erasure or destruction is prohibited. Destruction of this data.
      Recipient of the data	A natural or legal person, public authority, agency or other organization The body to which personal data disclosed, regardless of whether it is a third party or not.
      Purpose	Refers to the purpose of the processing. In other words, the Reasons for which the personal data collected.
      Data controller	Refers to the natural or legal person, department or organization that, alone or jointly with others, determines the purposes and means of the company. means of processing personal data.
      Joint responsible persons	Refers to two or more data controllers who jointly determine the purposes and means of processing.
      Processor	Designates a natural or legal person, public authority, institution or other body which processes personal data on behalf of and on the instructions of the controller.
      Subsidiaries	Refers to subsidiaries of the Essilor-Luxottica Group, its ultimate holding company and its subsidiaries or companies that it controls, are controlled by it or are under common control, as well as its service providers and strategic business partners.
      Brands	The brands of the companies belonging to the EssilorLuxottica Group
      EssilorLuxottica Group (or simply, EssilorLuxottica or Group)	EssilorLuxottica as a global organization, i.e. collectively EssilorLuxottica (as the ultimate holding company) and all its subsidiaries
      GDPR	Regulation (EU) 2016/679 (General Data Protection Regulation)

      
      

      This data protection notice applies primarily to the following data :

      Customers	Customers who purchase products offered by Infield Safety GmbH or Buy services.
      Web users	Users accessing the Infield Safety website (the "Website").
      Registered users	Users who have registered on the website and created a personal account have set up.
      Users for the purpose of visual and hearing acoustics Investigations	Users who have undergone a vision and/or hearing test.
      Marketing communication Receiver	Users who have opted-in to receive marketing communications from Infield Safety GmbH have registered.
      Social media users	Users who voluntarily follow the activities of Infield Safety GmbH in social media Media follow.

      
      

2. ‌WHERE DOES THE PERSONAL DATA COME FROM?

   The personal data we collect will depend the contact point through which you contact us and the purposes of that interaction as described in this Privacy Notice and will be limited to that which is relevant and appropriate to that interaction.

   
   

   We use various methods and sources to collect data from and about you. We collect and receive information:

   1. Provided directly by you

      During the registration process, the creation of an account on the Sites and/or Services, or when you complete an order or participate in our engagement programs, contests and events, and when you contact us with an inquiry, feedback or complaint. In certain circumstances, we may also keep records of customer service calls and keep a transcript of quality assurance and quality management chats.

      
      

   2. Use of automatic tracking systems

      We may use some technologies (e.g. cookies and automatic tracking systems) that automatically collect certain information about the way you use the Sites and the Services. For more information about the use of personal data collected automatic tracking systems, please read our Cookie Policy carefully, which you can find under Cookie Notice at the bottom of our website.

   3. Through store visits and other offline technologies

      When you visit our stores, information may collected during the purchase process, creation of an unrealized offer, customization of purchased products, and vision and hearing tests that may be conducted in the stores. We also use video surveillance in our stores for security, fraud, loss, prevention and operational purposes.

   4. From the social network profile

      If you decide to log in to the Websites and/or the Services via social network applications or link your account to your public profiles on social networks and share your actions on the Website and/or the Services via the corresponding plug-ins (e.g. Facebook Connect, I like, fb share, etc.) on these channels. The use of said plug-ins results in the corresponding actions and information being shared on the corresponding social networks (see point 5.3.c.d).

   5. From you, when you apply for a job

      The application data received for processing the application procedure, which can be transmitted in various ways. If an employment contract is concluded with an applicant, the data transmitted will be processed for the purpose of handling the employment relationship. If no employment contract is with the applicant, the application documents will be deleted in accordance with point 5.5 of this data protection notice.

      
      

      Unless it has been individually agreed with the applicant to keep the data for longer in order to be able to contact him/her for future job offers.

   6. From other sources

   We may receive information about you from other sources, such as data analytics providers, marketing or advertising service providers, fraud prevention service providers, vendors who provide services on our behalf, or from publicly available sources. We also compile information based on our analysis of the information we have collected from you.

   
   

3. ‌WHAT PERSONAL DATA CAN WE PROCESS ABOUT YOU?

   The personal data we collect will depend on the contact point you use to us and the purposes of that interaction, as described below in this Privacy Notice, and will be limited to that which is relevant and appropriate to that interaction.

   
   

   1. ‌Categories of personal data

      
      

      DATA CATEGORY	TYPES OF DATA	PERSONS CONCERNED
      Information for identification	Including first and last name, e-mail address, gender, date of birth, country of residence, postal address and telephone numbers	Customers, web users, registered users, users for the purpose of viewing and hearing acoustics examinations, Marketing communication Recipients and Social media users
      Payment information	This includes data relating to your credit card for the purchase of products through the Sites and the Services (payments are processed through a secure platform supplemented by control measures, including encryption of contact details) and details of products that you have purchased from us.	Customers and registered users
      profile and Commercial data	This includes account name, password, personal information you have posted on your social networks, billing and shipping addresses, details about products and services you have purchased from us (in- store or online, including your order, tracking and invoices, amount and type of purchase) and your interests, preferences, feedback and responses on surveys.	Customers and registered users
      Marketing and communication data	This includes your preferences for receiving marketing material from us, your communication preferences and information contained and information contained in correspondence you send to us or in inquiries you make, or that we ask you to provide if there are problems with the Sites, the Services or products you have purchased. be reported.	Customers, Registered Users, Marketing Communication Recipients

      Health and medical data

      This includes ophthalmologist prescriptions, eye examinations, measurements (optical correction, pupillary distance, etc.), adjustments, information that affects your visual health, as well as eye tests, which are carried out in our transactions can be carried out, and

      customers, users for the purpose of visual and hearing acoustics examinations

      
      

      DATA CATEGORY	TYPES OF DATA	PERSONS CONCERNED
      	Information about hearing ability and condition of the ears.
      Information about abo ut the device	This includes, for example, the IP address or other unique code of your device (computer, cell phone or other devices), identification as a registered user or not (login data), technical information such as the URL you came from, time zone setting and location, Browser information and language.	Web users, social media users
      Information on na vigation	This includes information about your interactions with our websites, our services, emails, products or advertising, as well as statistical data relating to these Interactions.	Web users, social media users
      Application data	This includes data for handling the application process such as CV/professional background, photo, date of birth, Contact details.	Web users (applicants)
      Personal data ours Business partner	This include the contact details the contact person at our Business partners.	Web users (customers)

   2. ‌Processing of sensitive data

      Certain categories of personal data that we process for the purposes set out below are classified as "sensitive" personal data. This applies in particular to the health and medical data and the data relating to your care, as described above, that we may process.

      
      

      However, we only process sensitive data:

      • if this is required or permitted under the applicable local legislation;

      • applying appropriate safeguards to ensure the protection of such "sensitive" personal data; and;

      • if you have previously given us your express consent in accordance with Article 9 of the General Data Protection Regulation.

        
        

        However, if you do not give your explicit consent to the processing of your health and medical data and your data in connection with your care, you will not be able to use the services described above in the stores and via the websites and services.

        
        

4. ‌WHY PROCESSING WE YOUR PERSONAL DATA?

We are obliged to use your data for purposes arising from the nature of our relationship. Depending on the context in which your data is collected, it may be used for one or more of the following purposes:

‌y‌

Your personal data is processed both electronically and manually only to the extent necessary to pursue the above-mentioned purposes.

We committed to protecting your personal data.

Please note that the password is one of the account protection mechanisms. You are therefore requested to use a password that is sufficiently secure and kept in a safe place, limiting access to it to your own computers and browsers and disconnecting after visiting the Websites and/or Services.

All personal data provided by you be stored on secure servers, with appropriate security measures taken to protect the personal data from unauthorized access, to ensure the accuracy of the personal data and to guarantee the proper use of the information.

In addition, a secure system is used to authorize credit card payments and to detect fraudulent activity. We use the SSL (Secure Sockets Layer) standard to protect the confidentiality of your personal data.

1. ‌We share your personal data with other affiliated companies in the Group

   EssilorLuxottica is a global company with offices and operations around the world. Most of your personal data is stored and processed in a number of global applications by EssilorLuxottica's subsidiaries around the world. Most of the processing of your personal data is carried out by the concentrated services of two companies: Essilor International and Luxottica Group S.p.A.

   
   

   We may share your personal data with certain affiliates or brands of the EssilorLuxottica Group, based on your preferences and interests in relation to those affiliates or brands for the purposes set out in this Privacy Notice, in each case within or outside your country, to the extent permitted and required by applicable law and/or in other circumstances with your consent.

   
   

   We may also share your data for our internal business, technical or marketing purposes (e.g. to offer you similar products or services).

   
   

2. ‌Will your personal data be passed on to third parties?

   1. Service provider

      We may share your personal data with our third party service providers who are engaged in processing activities that provide us with services or support and advice, including but not limited to technology, accounting, administration, legal, insurance, IT, marketing and data analytics.

      Each service provider acts as a data processor on our behalf and in accordance with the instructions received from us on the basis of a specific agreement pursuant to Article 28 of the GDPR, which sets out its obligations and guarantees the implementation of appropriate technical and organizational measures to comply with applicable legislation and protect your rights.

      We require that any such third party provider is subject to strict controls and provides appropriate safeguards for the security and confidentiality of your personal data.

      
      

   2. Business partners (e.g. manufacturers and brands of contact lenses)

      
      

      If your order is delivered directly by the manufacturer, we will transmit your data to our sales partners.

      In these cases, however, the scope of the data transmitted is limited to the minimum required. Our partners have been carefully selected by us and are obliged to treat your data confidentially in accordance with the statutory provisions and to comply with our own data protection standards. In particular, our partners are not permitted to pass on our customers' data to third parties for advertising purposes.

      
      

   3. Sale or merger

      We may also pass on your personal data:

      • in the event that we sell any business or assets, in which case we may disclose your personal data to the prospective buyer of such business or assets; or

      • if we sell, buy, merge with, be acquired by, enter into partnerships with, or sell some or all of our assets to other companies or businesses. In such transactions, your personal data may be one of the transferred assets.

        We may share any information we collect in connection with a major corporate transaction, such as the sale of a website, merger, consolidation, sale of assets, or in the unlikely event of bankruptcy.

   4. Third-party providers of social networks

      
      

      If you choose to log in to the Sites and/or the Services through social networking applications or link your account to your public profiles on social networks and share your actions on the Site and/or the Services through the relevant plug-ins (e.g. Facebook Connect, I like, fb share, etc.) on these channels, these third- party services may be able to collect information about you, including information about your activities on the Sites and/or the Services, and they may inform your connections to the third-party services about their use of the Sites and/or the Services. The use of your personal information by these services is not governed by this Privacy Notice, but by their own privacy policies.

      
      

      YouTube	https://support.google.com/youtube/answer/2801895?hl=en
      LinkedIn	https://www.linkedin.com/legal/privacy-policy
      Facebook	https://www.facebook.com/policy.php
      Instagram	https://help.instagram.com/519522125107875
      Google	https://policies.google.com/privacy

      
      

   5. Legal procedure

      
      

      We may disclose your personal data to public authorities, courts, administrative bodies or other authorized third parties (including, without limitation, lawyers) if the disclosure of personal data is required by law, regulation or court order or if such disclosure is necessary for the protection and defense of our rights.

   6. Other instance

      We may ask you if you wish to share your information with other third parties not described elsewhere in this Privacy Notice. In addition, we do not sell, rent or lease your personal data to third parties.

      The above-mentioned recipients process your personal data as data controllers, data processors or agents, depending on the circumstances.

      A full list of data processors is available on request from us using the contact details provided in this privacy notice.

3. ‌Is your personal data transferred across borders?

   Given EssilorLuxottica's presence in many countries around the world and in order to provide you with a personalized service worldwide, some of your data may be collected, accessed or stored outside your country of residence.

   
   

   As a result, your personal data may be accessed and/or transferred to countries that do not have equivalent data protection laws to those that apply in the European Economic Area (EEA).

   
   

   In such cases, EssilorLuxottica will ensure that appropriate safeguards are in place at all times to ensure that your personal data is processed in accordance with applicable law. When your personal data processed another EssilorLuxottica entity, the safeguards are based on the commitments entered into on the basis of (i) a specific transfer agreement binding on the EssilorLuxottica entity involved in the processing and (ii) a set of common rules applicable through the EssilorLuxottica Group's data protection policy.

   
   

   If your data is processed by EssilorLuxottica entities or third parties outside the European Economic Area, EssilorLuxottica will ensure that specific contractual protection is implemented to ensure that this requirement is met in accordance with the applicable legislation pursuant to Article 44 et seq. of the GDPR.

   
   

   For more information about the appropriate or suitable safeguards and the means by which you can obtain a copy, you can contact us using the contact details provided in this Privacy Notice.

   
   

4. ‌How long do we your personal data?

   
   

   We will retain all or part of your personal data for as long as is strictly necessary for the following reasons:

   1. To fulfill the applicable legal requirements for data storage;

   2. To fulfill and comply with our legal and/or contractual obligations

   3. For as long as necessary to fulfill the purposes set out in this Privacy Notice, including for the purposes of satisfying legal, accounting and reporting requirements.

   In determining the appropriate retention period for personal data, we consider together the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

   
   

   In particular, we hereby stipulate that your personal data will be retained for our billing and accounting purposes for a period of 10 years, except in cases where applicable laws provide for other retention requirements.

   
   

   In addition, if you have consented to the processing of your personal data for marketing activities (e.g. commercial and promotional communications, commercial newsletters, personalized offers, regular updates regarding our products, service initiatives and events, etc.), this data will be kept for 10 years from the last interaction for customers and 2 years from the last interaction for prospects. The last interaction is defined as the last contact you made that can be traced by our systems or vendors.

   
   

   In any case, please note that the retention and archiving of personal data within the EssilorLuxottica Group does not generally exceed 10 (ten) years from the first recording and/or renewal of consent and/or any other relevant interaction, with the exception of further legal retention obligations.

   
   

   In certain circumstances, we may anonymize your personal data so that it can no longer be associated with you. In this case, we may use this information without further notice to you, e.g. for statistical analysis, to monitor and/or improve our medical devices, for research and development purposes, to train AI models, etc.

   
   

   If you would like more information about the retention of your personal data, you can contact us at the email address provided in section 8 of this Privacy Policy.

   
   

   Overview:

   Data that serve as proof of contract fulfillment	10 years
   Customer data for marketing activities	10 years - from the last interaction with us
   Data from interested parties for marketing activities	2 years - from the last interaction with us
   Evidence regarding the implementation of your rights in accordance with point 7	3 years
   Application data	6 months - exception point 2 - e

   
   

5. ‌We keep your data secure, up-to-date and correct

We are responsible for the security and accuracy of the personal data we process about you and must keep the data up to date. We have taken steps to avoid duplicate copies of data and to facilitate the updating of data that may change over time.

1. ‌HOW DO WE PROTECT YOUR PERSONAL DATA?

   We consider the protection of personal data to be a key priority.

   
   

   In this respect, we have taken appropriate measures and security precautions to protect the personal data we process.

   
   

   This is reflected in EssilorLuxottica's procedures, which are described in the EssilorLuxottica Group's data protection program, guidelines and principles, as well as in the specific measures implemented within the Group.

   
   

   We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we restrict access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and are bound by a duty of confidentiality. These measures range from technical security measures to protect IT systems to physical security measures at EssilorLuxottica sites. EssilorLuxottica also requires its employees to participate in information security and data protection training. Details of these measures can be obtained from the Group's Information Security Department.

   
   

   We have put in place procedures to deal with suspected data security breaches and will notify you and the relevant regulator of a breach where we are legally required to do so.

   
   

2. ‌YOUR RIGHTS

   You may exercise any of the following rights, although your identity may need to be verified:

   
   

   1. Right to information and access

      
      

      You may request that the existence of your personal data be confirmed and that you be informed of its content, the purposes of processing, the categories of recipients, the duration of storage and the source, and that you receive a copy of the personal data currently stored in our databases.

      
      

   2. Right to rectification

      You may request to correct the personal data stored in our databases. We may not comply with a request to amend personal information if we believe that the amendment violates a law or legal requirement or causes the information to be incorrect.

      
      

   3. Right to restriction of processing

      If necessary, you can restrict the processing of your personal data. If such a restriction is not possible, we will inform you accordingly. You may then exercise all other rights under this Privacy Notice, including withdrawing your consent to the processing of your personal data.

      
      

   4. Right to object to the processing

      
      

      Where applicable, you have the right to object to the processing of your personal data on grounds to your particular situation if the processing is on our legitimate interest. In addition, you have the right object at any time to the processing if personal data processed for direct marketing purposes, which profiling to the extent that it is related to such direct marketing.

      If such objections are not possible, we will inform you accordingly. You then have the option to exercise another right in accordance with this data protection notice, e.g. to withdraw your consent to the processing of your personal data.

      
      

   5. Right to erasure

      Under certain conditions, you have the right to have your personal data deleted. Upon receipt of such a request for erasure, we will acknowledge receipt, review your request, make a decision and notify you of this decision.

   6. Right to data portability

      
      

      Upon request, we may provide you with copies of your personal data in a structured, common framework and machine-readable format, where possible and where required by local law. If such a request cannot be complied with, we will inform you accordingly. You will then have the opportunity to exercise any other rights under this notice, including withdrawing your consent. Where appropriate, we will ensure that such changes are passed on to trusted third parties.

   7. Right to withdraw consent

      
      

      If the processing is based on consent, you can withdraw your consent to the processing of your personal data at any time. Upon receipt of such withdrawal of consent, we will confirm receipt and cease processing your personal data.

   8. Right to lodge a complaint with the competent data protection supervisory authority

   If you not satisfied with the way we process your personal data and/or with our response to a request to exercise your rights, you can lodge a complaint with the competent data protection supervisory authority.

   
   

   To exercise your right, please contact:

We also provide you with tools to update and change your personal data. Indeed, each registered user can access and update their own information (e.g. via the user account).

In addition, you may change and update your preferences regarding how you wish to receive emails or other communications from us. You can also request that your account information be deleted.

1. ‌HOW CAN YOU CONTACT US?

   1. ‌CONTACT DETAILS OF THE DATA CONTROLLER

      All data controllers responsible for processing your personal data are listed in section 1.1 of this data protection notice.

      
      

      If you have any questions or comments about this data protection notice or about data processing carried out by us, please contact Infield Safety GmbH, based in Nordstr. 10a 42719 Solingen, Germany

      
      

   2. ‌CONTACT DETAILS OF THE DATA PROTECTION OFFICER

      Infield Safety GmbH has appointed a data protection officer who can be contacted at the following e-mail addressdatenschutz@infield-safety.de .

      
      

2. ‌HOW CAN YOU THE CHANGES TO FOLLOW THIS PRIVACY NOTICE?

For legal and/or organizational reasons, this data protection notice may be subject to change. We therefore recommend that you check this data protection notice regularly and refer the latest version. The date of the last update can be found at the beginning of this data protection notice.

In any case, an updated version of the Privacy Notice will always be available on the Websites and the Services, and we will also notify you if we make any changes that materially affect your privacy rights.