CONSUMER HEALTH DATA PRIVACY POLICY

Effective as of March 31, 2024.

Luxottica of America Inc., including all direct and indirect subsidiaries (collectively, “Luxottica,” “we,” “our,” or “us”), respects the privacy of your “consumer health data” as defined by applicable law. This Consumer Health Data Privacy Policy (“Policy”) is designed to assist you in understanding how we collect, use, share, and safeguard your consumer health data. Depending on the state in which you reside, this Policy applies to individuals who access this website and any other websites that link to this Policy (collectively “Sites”), our Face Scanning App, or our in-store Face Scanning Kiosk, and certain other services as described below (collectively, the “Platforms”). This Policy applies in addition to our Privacy Policy and our HIPAA Notice of Privacy Practices, the Privacy Policy and HIPAA Notice of Privacy Practices are each available on our website.

  1. 1. Categories of Consumer Health Data We Collect
    Depending on how you interact with our Sites and Platforms, we will collect the following categories of consumer health data for the following purposes and uses:
    • • Biometric Data: When you use our face scanning app, in-store face scanning kiosks, or our website’s Frame Advisory Technology to help fit you with a product, you provide may provide biometric data. For additional information regarding our collection of such information, see our Notice of Biometric Use available on our website.
    • • Demographic Information: When you participate in our surveys, you may provide gender, age, income, ethnicity, family size, and material status data which may be used to draw a health inference.
    • • Eye Exam or Provider Information: When you register products with us, you may provide us with the dates and outcomes of your previous eye exams.
    • • Prescription Information: If you are looking to purchase prescription products, you will provide us with your eye prescription information.
    • • Inferred Data: When you use our Sites and Platforms, we may make inferences to create a consumer profile to make product recommendations and provide services.
    In addition, several of the categories of personal data we collect may be considered consumer health data depending on the context and extent of information you provide to us. To view the full list of categories of personal data we may collect, please see the “Personal Data We Collect” section of our Privacy Policy. For the personal data we collect to be considered consumer health data it must alone or with other data, identify you and allow an inference about your health. We may make inferences regarding your health but only in the context of providing you with services in our capacity as a covered entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Please see our HIPAA Notice of Privacy Practices for more information.

    In addition to the purposes stated above, we may process consumer health data for purposes allowed under applicable law, such as to prevent, detect, protect against, or respond to security incidents, identity theft, fraud, harassment, malicious or deceptive activities, or any activity that is illegal under applicable law; preserve the integrity or security of our systems; or investigate, report, or prosecute those responsible for any such action that is illegal under applicable law.
  2. 2. Categories of Sources from Which We Collect Consumer Health Data
    We receive consumer health data directly from you or, in some limited circumstances, your eyecare professional.
  3. 3. Sharing of Consumer Health Data
    We share all of the categories of consumer health data listed above with service providers.
  4. 4. Your Privacy Rights
    Under applicable law, you may have certain privacy rights regarding your consumer health data, including the right to:
    • • Confirm whether we are collecting, sharing, or selling your consumer health data;
    • • Access your consumer health data, including a list of all third parties and affiliates with whom we shared or sold your consumer health data and an active email address or other online mechanism that you may use to contact any third parties;
    • • Withdraw your consent from our collection and sharing of your consumer health data;
    • • Delete your consumer health data.
    To exercise your rights, please submit a request through our interactive webform or by emailing us at privacyoffice@luxotticaretail.com. If legally required, we will comply with your request upon verification of your identity. To do so, we will ask you to verify data points based on information we have in our records. If we refuse to take action regarding your request, you may appeal our decision through our interactive webform or by emailing us at privacyoffice@luxotticaretail.com.
HELP?