PART I: A COMPREHENSIVE DESCRIPTION OF THE INFORMATION PRACTICES
CATEGORIES of PERSONAL information WE COLLECT
We collect “Personal Information” which is defined under the CCPA as
any information that identifies, relates to, describes, references, is
capable of being associated with, or could reasonably be linked, directly or
indirectly, with a particular consumer, household or device, all as detailed
in the table below.
Personal Information under the CCPA further includes Sensitive Personal
Information (“SPI”) as detailed in the table below.
Personal Information does not include: Publicly available
information that is lawfully made available from government records, that a
consumer has otherwise made available to the public; de-identified or
aggregated consumer information; Information excluded from the CCPA or CPRA
scope, such as: Health or medical information covered by the Health
Insurance Portability and Accountability Act of 1996 (HIPPA) and the
California Confidentiality of Medical Information Act (CMIA) or clinical
trial data; Personal information covered by certain sector-specific privacy
laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley
Act (GLBA) or California Financial Information Privacy Act (FIPA) and the
Driver’s Privacy Protection Act of 1994.
We may have collected the following categories of Personal Information
within the last twelve (12) months:
| CATEGORY | EXAMPLE | COLLECTED |
|---|---|---|
| A. Identifiers | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | Yes: real name, shipping or billing address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, and phone number. |
| B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | Yes: name, age, gender, physical characteristics or description (vision tests), partial credit card number, health insurance policy number and medical information regarding eye care treatment when applicable, including prescription. |
| C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Yes: Gender. |
| D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Yes: purchase habits, shopping history, transactions, partial credit card number. |
| E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | Yes: information we collect in relation to our Virtual Try-On tool may constitute biometric information under the CCPA. For more information on our processing of information that may constitute biometric information in relation to our Virtual Try-On tool, please review our Privacy Policy available here. |
| F. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | Yes: browsing history and search history within and outside our Properties, interaction with our Properties and our advertisement. |
| G. Geolocation data. | Physical location, approximate location derived from IP address or movements. | Yes: approximate geolocation extracted from IP, physical location and GPS when using the App and approving the GPS permission. |
| H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | Yes: pictures uploaded to the site, and recording customer service calls. |
| I. Professional or employment-related information. | Current or past job history or performance evaluations. | Yes: Governed by the Employee Privacy Policy. Please review if you are our employee, for candidates, please review the Candidate Policy. |
| J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | No |
| K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | Yes: gender, certain demographic data, profiling. The profiling is not based on SPI. |
| L. Sensitive personal information. | Government-issued identifying numbers, financial account details, genetic data, precise geolocation, race or ethnicity, religious or philosophical beliefs, union membership, mail, email, text messages, biometric data, health data, and sexual orientation or sex life. | No |
categories of Sources of Personal Information
- Directly and indirectly from your actions within the Properties.
- Directly from you when you contact us, use the VTO tool, purchase, respond to a survey or provide feedback.
- From third-parties, advertising and analytic vendors, advertising networks, social networks share information with us when you log in, data enrichment vendors, etc.
USE OF PERSONAL INFORMATION
We may use the Personal Information collected as identified above, for the
following purposes: to fulfill or meet the reason you provided the Personal
Information (support, respond to a query, review create an account, use the
VTO, purchase and deliver glasses and lenses, etc.); monitor and improve our
Properties or Services; provide the Services; marketing our Services;
analyzing our Services, Properties and your use of the Services and
Properties; respond to law enforcement; or otherwise as detailed in our
Privacy Policy.
We will not collect additional categories of Personal Information or
use the Personal Information we collected for materially different,
unrelated, or incompatible purposes without providing you notice.
DISCLOSURES OF PERSONAL INFORMATION FOR A BUSINESS PURPOSE
We may disclose your Personal Information to a
contractor or service provider for a Business Purpose. When we
disclose Personal Information for a business purpose, we enter a contract
that describes the purpose and requires the recipient to both keep that
personal information confidential and not use it for any purpose except
performing the contract; we further restrict the contractor and service
provider from selling or sharing your Personal Information. In the preceding
twelve (12) months, we might have disclosed the following categories of
Personal Information for a business purpose:
| "BUSINESS PURPOSE (AS DEFINED UNDER CCPA)" | "DATA CATEGORY (CORRESPONDING WITH THE TABLE ABOVE)" | CATEGORY OF RECIPIENT |
|---|---|---|
| Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards. |
Category A Category D Category F Category G |
Auditing related to counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance with this specification and other standards. |
| Helping to ensure security and integrity to the extent the use of your Personal Information is reasonably necessary and proportionate for these purposes. |
Category A Category B Category F |
Subsidiaries, operational partner, security and fraud prevention providers, operating systems. |
| Debugging to identify and repair errors that impair existing intended functionality |
Category A Category B Category F |
Analytic providers, operational partner, security and fraud prevention providers, operating systems. |
| Short-term, transient use, provided the personal information that is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction. |
Category A Category D Category F Category G |
Advertising networks; data analytics providers; social media networks. |
| Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider. |
Category A Category D Category E Category F Category G Category H |
Payment processors, fraud prevention providers, payment orchestration providers, VTO providers for the sole purpose of providing the services, subsidiaries, affiliated companies, operating systems, CRM, ERP, shipping partners, health care providers, health insurance, Trust Pilot or other survey providers, customer support, cloud computing and storage vendors, fulfillment vendors, frames and lens vendors, etc. |
| Undertaking internal research for technological development and demonstration. |
Category A Category D Category F Category G Category H |
Developers, operating systems, cloud and hosting providers, SaaS platforms for task management and development, customer support and optimization tools. |
| Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned or controlled by the business. |
Category A Category D Category F Category G Category H Category K |
Developers, operating systems, cloud and hosting providers, security providers, SaaS platforms for task management and development, customer support and optimization tools. |
| Providing advertising and marketing services, except for cross-context behavioral advertising, to you provided that, for the purpose of advertising and marketing, our service providers and/or contractors shall not combine the Personal Information of opted-out consumers that the service provider or contractor receives from us, or on our behalf with Personal Information that the service provider or contractor receives from, or on behalf of, another person or persons or collects from its own interaction with you. |
Category A Category D Category F Category G Category K |
Advertising networks; data analytics providers; social media networks. Marketing service providers and technical platforms such as E-mail and text messaging providers, CRM and tracking tools (tracking within the Properties). |
| Advancing our commercial or economic interests, such as by inducing another person to buy, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services, or enabling or effecting, directly or indirectly, a commercial transaction. |
Category A Category D Category F Category G Category K |
Advertising networks; data analytics providers; social media networks. Marketing service providers and technical platforms such as E-mail and text messaging providers, CRM and tracking tools (tracking within the Properties). |
SALE OR SHARE OF PERSONAL INFORMATION
We do not “sell” or “share” information as most people would commonly
understand that term, we do not, and will not, disclose your Personal
Information in direct exchange for money or some other form of payment.
For retargeting and analytic purposes, when we promote our Properties and
advertise our products, we use third-party providers and tracking tools,
advertising networks and social media. They provide these services by
placing cookies, pixel or other tracking technology on our Properties and
sharing with these vendors the online identifiers and online behavior
information. The CCPA defines these actions as “sharing” or “selling”.
In the preceding twelve (12) months, we “sell” or “share” the following
categories of Personal Information for a business purpose:
| PURPOSE OF SALE OR SHARE | DATA CATEGORY (CORRESPONDING WITH THE TABLE ABOVE) | CATEGORY RECIPIENT |
|---|---|---|
| Targeted advertising, CCBA, promoting the Properties and Services, analytics and | marketing tools, analytic tools, advertising networks, social media networks, media buying, search platforms. |
Category A Category F Category G |
CHILDREN UNDER AGE 16
We do not knowingly collect information from children under the age of 16.
DATA RETENTION
The retention periods are determined according to the following criteria:
- For as long as it remains necessary in order to achieve the purpose for which the Personal Information was initially processed.
- To comply with regulatory obligations. For example: transactional data will be retained for up to seven years (or even more under certain circumstances) for compliance with our bookkeeping obligations purposes.
- To resolve a claim, we might have or a dispute with you, including any legal proceeding between us, until such dispute will be resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods.
PART II: EXPLANATION OF YOUR RIGHTS UNDER THE CCPA and how to exercise
them
YOUR RIGHTS UNDER THE CCPA AND HOW CAN YOU EXERCISE THE RIGHTS?
If you are a California resident, you may exercise certain privacy rights
related to your Personal Information. You may exercise these rights free of
charge, except as otherwise permitted under applicable law. We may limit our
response to your exercise of these privacy rights as permitted under
applicable law, all as detailed herein:
| CALIFORNIA PRIVACY RIGHT | DETAILS |
|---|---|
| The right to know what Personal Information the business has collected and access rights. | The right to know what Personal Information the business has collected about the consumer, including the categories of personal information, the categories of sources from which the Personal Information is collected, the business or commercial purpose for collecting, selling, or sharing Personal Information, the categories of third parties to whom the business discloses Personal Information, and the specific pieces of Personal Information the business has collected about the consumer. You can exercise your right by reviewing this Notice and the Privacy Policy, in case you would like to receive the specific pieces please fill in this form to receive a copy of your data: https://privacy.saymine.io/GlassesUSA. |
| Deletion Rights. |
The right to delete Personal Information that the business has
collected from the consumer, subject to certain exceptions. You can
exercise your right for deletion in the following ways:
|
| Correct Inaccurate Information | The right to correct inaccurate Personal Information that a business maintains about a consumer. At any time, you may correct any of the account data we collect, or otherwise you may contact us at: privacy@ottica.com. |
| Opt-Out of Sharing for Cross-Contextual Behavioral Advertising (“CCBA”) or from selling, where applicable. |
You have the right to opt-out of the “sharing” of your personal
information for “cross-contextual behavioral advertising,” often
referred to as “interest-based advertising” or “targeted advertising”.
You may opt out through the
“do not sell or share my personal information”
button available within the Properties’ footer or within the App
settings.
You may further opt out through device settings (opt-out from tracking
AAID, ADID, please see the following for information applicable to all
devices:
https://thenai.org/opt-out/mobile-opt-out/). Further, you can opt-out from interest-based advertising, CCBA, by
using Self-Regulatory Program for Online Behavioral Advertising such
as: Digital Advertising Alliance’s (“DAA”):
https://www.aboutads.info/choices
and
https://www.aboutads.info/appchoices, and the Network Advertising Initiative (“NAI”):
https://www.networkadvertising.org/choices.
Last, you are able to install privacy-controls in the browser's
settings to automatically signal your opt-out preference to the
websites you visit (like the “Global Privacy Control”). We honor the
Global Privacy Control
as a valid request to opt-out of the sharing of information linked to
your browser.
In any event, please keep in mind:
|
| Non-Discrimination | The right not to receive discriminatory treatment by the business for the exercise of privacy rights conferred by the CCPA, including an employee’s, applicants, or independent contractor’s right not to be retaliated against for the exercise of their CCPA rights, denying a consumer goods or services, charging different prices or rates for goods or services, providing you a different level or quality of goods or services, etc. |
| Data Portability | You may request to receive a copy of your Personal Information, including specific pieces of Personal Information, including, where applicable, to obtain a copy of the Personal Information you provided to us in a portable format. In case you would like to receive the specific pieces please fill in this form to receive a copy of your data: https://privacy.saymine.io/GlassesUSA. |
NOTICE OF FINANCIAL INCENTIVE
We may, at times, offer you various financial incentives such as loyalty
programs, discounts and special offers when you provide us with contact
information and identifiers such as your name and email address. When you
sign-up for our loyalty program, email list or other discounts and special
offers, you opt-in to a financial incentive. You may withdraw from a
financial incentive at any time by opting out from our email or closing your
loyalty member account. Generally, we do not assign monetary or other value
to Personal Information, however, California law requires that we assign
such value in the context of financial incentives. In such context, the
value of the Personal Information is related to the estimated cost of
providing the associated financial incentive(s) for which the information
was collected. You can end program participation at any time by contacting
us at
privacy@ottica.com to unsubscribe or
cancel your participation in any program. We will not discriminate against
you, in any manner prohibited by applicable law, for exercising these
rights.
AUTHORIZED AGENTS
You can designate an authorized agent to submit requests on your behalf.
However, we will require written proof of the agent’s permission to do so
and verify your identity directly.
RESPONSE TIMING AND FORMAT
We endeavor to respond to a verifiable consumer request within forty-five
(45) days of its receipt. If we require more time (up to an additional
forty-five (45) days), we will inform you of the reason and extension period
in writing. We will deliver our written response by mail or electronically,
at your option. If we determine that the request warrants a fee, we will
tell you why we made that decision and provide you with a cost estimate
before completing your request.
CONTACT US:
privacy@ottica.com
UPDATES:
This notice was last updated on July 11, 2023. As required under the CCPA,
we will update our Privacy Policy every 12 months. The last
revision date will be reflected in the “Last Modified” heading at the top of
this Privacy Policy.
PART III: OTHER CALIFORNIA LAWS AND RIGHTS
CALIFORNIA DIRECT MARKETING REQUESTS:
California Civil Code Section 1798.83 permits you, if you are a California
resident, to request certain information regarding disclosure of Personal
Information to third parties for their direct marketing purposes. To make
such a request, please contact us at:
privacy@ottica.com
DO NOT TRACK SETTINGS:
Cal. Bus. And Prof. Code Section 22575 also requires us to notify you how we
deal with the “Do Not Track” settings in your browser. As of the effective
date listed above, there is no commonly accepted response for Do Not Track
signals initiated by browsers. Therefore, we so not respond to the Do Not
Track settings. Do Not Track is a privacy preference you can set in your web
browser to indicate that you do not want certain information about your web
page visits tracked and collected across websites. For more details,
including how to turn on Do Not Track, visit:
www.donottrack.us.