Effective Date: October 23, 2023
Luxottica of America, Inc. (“Luxottica,” “we,” “our,” or “us”) respects the privacy of our
employee’s personal information.
Pursuant to the California Consumer Privacy Act, as amended by the California Privacy Rights
Act of 2020 (“CCPA”), we are required to provide California employees with a privacy policy
that contains a comprehensive description of our online and offline practices regarding our
collection, use, sale, sharing, andretention of their personal information as well as a description
of the rights they have regarding their personal information. This Privacy Policy provides the
information the CCPA requires as well as other useful information regarding our collection and
use of personal information.
Please review this Privacy Policy carefully. From time to time, we may change this Privacy
Policy. If we do, we will post an amended version on this webpage and on our intranet policy
page. You also may receive a copy by contacting us as described in the “How to Contact Us”
section below.
This Privacy Policy covers the following topics:
- Scope of Privacy Policy
- Notice at Collection of Personal Information
- Disclosure of Personal Information
- Retention of Personal Information
- Your Rights
- How to Submit a Request to Know, Delete, and/or Correct
- Our Process for Verifying a Request to Know, Delete, and/or Correct
- Other Relevant Policies, Including Monitoring
- Accessibility
- How to Contact Us
2 - Scope of Privacy Policy
When This Policy Applies
This Privacy Policy is intended solely for, and is applicable only to, current and former
California employees. Where relevant, it also applies to job applicants, interns, agency workers,
contractors, consultants, directors, and other individuals whose information we collect in
connection with providing employment. For ease of reference, this Privacy Policy generally
refers to employee data, but this does not indicate in any way that an individual is our employee.
When This Policy Does Not Apply
This Privacy Policy does not apply to individuals who are not California residents.
This Privacy Policy also does not apply to our collection and use of your personalinformation in
a consumer or business-to-business capacity. For more information on our collection and use of
your personal information in that capacity, includinghow we process opt-out preference signals,
please see our online privacy policy available on our individual brand website s. - Notice at Collection of Personal Information
Personal Information We Collect
The CCPA defines “personal information” to mean information that identifies, relates to,
describes, is reasonably capable of being associatedwith, or could reasonably be linked, directly
or indirectly, with a particular California resident or household. Personal information does not
include publicly available, deidentified, or aggregated information or lawfully obtained, truthful
information that is a matter of public concern. For purposes of this Privacy Policy, we will refer
to this information as “Personal Information.”
We currently collect and, in the 12 months prior to the Effective Date of this Privacy Policy,
have collected the following categories of Personal Information from employees:
- Identifiers (name, alias, dateof birth,account name, personal email address, postal
address, Social Security number, driver’s license number, other types of state
identification card numbers suchas California ID Cards, passport number, Internet
Protocol address, online identifiers, other similar identifiers); - Unique personal identifiers (cookies, beacons, pixel tags, mobile ad identifiers, or other
similar technology; employee number, work email address, unique pseudonym, or user
alias; telephone numbers or other forms of persistent or probabilistic identifiers that can
be used to identify a particular employee or device); - Signature;
- Telephone numbers;
- Physical characteristics or description;
- Bank account number;
- Debit and corporate card number;
3 - Account log-in, financial account, debit card, or credit card number for corporate account
in combination with any required security or access code, password, or credentials
allowing access to an account; - Other financial information including wage garnishment, child support and other
creditors; stock purchase eligibility; retirement selections; unemployment benefits; short
and long-term disability benefit selection; - Internet or other electronic network activity information (browsing history; search
history; and information regarding an individual’s interaction with a website, application
or advertisement); - Medical/health information; dependent information (including domestic partner);
- Insurance policy number or subscriber identification number;
- Any unique identifier used by health insurer to identify employee;
- Any information in an individual’s application and claims history, including appeals
records, if informationis linked or reasonably linkable to an individual or household,
including via device, by business or service provider; - California meal waivers;
- Education information;
- Professional or employment-related information (including employment history)
- Biometric information (imageryof iris; imagery of retina; fingerprint; imagery of face;
imagery of hand; imagery of palm; vein patterns; voice recordings from which an
identifier template, such as a faceprint, a minutiae template, or a voiceprint, can be
extracted; keystrokepatterns or rhythms; gait patterns or rhythms; and sleep, health, or
exercise data that contain identifying information); - Characteristics of protected classifications under California or federal law (race; color;
sex/gender (including pregnancy, childbirth, breastfeeding and/or related medical
conditions); sexual orientation or sex life; gender identity/expression; age (40 and older);
religion (including religious dress and grooming practices); national or ethnic origin;
ancestry; union membership; disability (mental and physical, including HIV/AIDS,
cancer, and genetic characteristics); citizenship or immigration status; genetic
information; marital status; medical condition (genetic characteristics, cancer or a record
or history of cancer); military or veteran status; political affiliations or activities; status as
a victim of domestic violence, assault, or stalking; requests for family care leave, for
leave for an employee’s own serious health condition, or for pregnancy disability leave;
and retaliation for reporting patient abuse in tax-supported institutions); - Video information (CCTV video footage);
- Contents of an employee’s mail, email, and text messages unless we are the intended
recipient of the communication; - Inferencesdrawn from above information to create a profile about an employee reflecting
their preferences, characteristics, psychological trends, predispositions, behavior,
attitudes, intelligence, abilities, and aptitudes;
Sources of Personal Information
We collect Personal Information directly from California residents and from recruiters; staffing
companies; references; former employers; educational institutions; online providers (such as
through LinkedIn and similar providers); government entities; other employees; business
4
partners; payroll providers; benefits providers; medical providers; background checks; company
bankers; claims handlers; authentication and single sign-on providers; advertising networks;
internet service providers; data analytics providers; operating systems, platforms, or software;
social networks; and data brokers. We do not collect all categories of Personal Information from
each source.
Purposes for Collection
We currently collect and have collected the above categories of Personal Information for all
purposes of providing employment, including to: - Process payroll;
- Enable recruiting services;
- Request you complete applications and forms associated with your employment or
prospective employment; - Consider you for potential employment;
- Perform background checks and drug testing;
- Verify your ability to work in this country;
- Identify you as a veteran;
- Process security clearances;
- Investigate and report, as required under applicable law, security incidents and data
breaches; - Perform diversity and inclusion initiatives, including data analysis, development, and
deployment; - Perform company, client and regulator audits;
- Facilitate access to company systems, applications and assets;
- Request you acknowledge your agreement to certain company policies;
- Administer our wellness program;
- Administer and maintain benefits, including group health insurance, retirement accounts,
employee compensation, and employee leave; - Contact individuals for emergency purposes;
- Track time and attendance at work;
- Manage workers’ compensation claims;
- Manage your job-related performance;
- Arrange business travel;
- Investigate and handle disciplinary actions or termination;
- Establish training and/or development requirements;
- Detect lost/stolen equipment, fraud, or other types of wrongdoing;
- Grant and monitor your access to secure company facilities and files;
- Engage in corporate transactions requiringreview of employee records and information,
such as for evaluating potential mergers and acquisitions; - Review web traffic and events, monitor for virus attacks and web content, and determine
bandwidth consumption; - Maintain commercial insurance policies and coverages, including for workers’
compensation and other liability insurance; - Maintain commercial licenses for enterprise applications and platforms;
5 - Prevent the spread of illness and administer programs duringa pandemic (e.g., COVID19);
- Perform call monitoring and surveillance (e.g., CCTV);
- Comply with federal and state law;
- Enforce our legal rights; and
- Engage in other legitimate business purposesreasonably required for our day-to-day
operations such as accounting, financial reporting, and business planning.
We also use your PersonalInformation for the purposes described in our Acceptable Use Policy,
Workplace Monitoring Policy, Employee Handbook, etc.
- Disclosure of Personal Information
The following table identifies the categories of Personal Information that we disclosed for a
business purpose in the 12 months precedingthe Effective Date of this Privacy Policy and, for
each category, categories of recipients to whom we disclosed Personal Information.
Categories of Personal Information Categories of Recipients
Personal identifiers (name; alias; date of
birth; account name; personal email
address; postal address; Social Security
number; driver’s license number; other
types of state identification card numbers;
passport number; Internet Protocol
address; online identifiers; cookies,
beacons, pixel tags, mobile ad identifiers,
or other similar technology; employee
number, work email address, unique
pseudonym, or user alias; telephone
numbers or other forms of persistent or
probabilistic identifiersthat can be used to
identify a particular employee or device;
signature; physical characteristics or
description; bank account number; debit
and corporate card number; account login, financial account, debit card, or credit
card number for corporate account in
combination with any required security or
access code, password, or credentials
allowing access to an account; wage
garnishment (child support, other
creditors); stock purchase eligibility;
retirement selections; unemployment
benefits; short and long-term disability
selections; browsing history; search
history; information regarding an
Human resource information systems; operating
systems and platforms; customer relationship
management systems; background check service
providers; government or law enforcement
entities; applicant and recruiter software;
payroll/tax providers; expense management
service providers; enterprise travel providers; data
analytics providers; company bankers;
authentication and single sign-on providers;
security providers; mobile device management
providers; accountants; lawyers; benefits
providers; social networks; clients; auditors;
vendors, regulators; company insurers;
consultants and other professional advisors
6
individual’s interaction with a website,
application or advertisement)
Medical and insurance information
(medical/health information; insurance
policy number or subscriber identification
number; any unique identifier used by
health insurer to identify employee; any
information in an individual’s application
and claims history, including appeals
records, if information is linked or
reasonably linkable to an individual or
household, including via device, by
business or service provider, dependent
information (including domestic partner,
California meal waivers)
Benefits providers; company insurers; payroll/tax
providers
Education, employment history, and
related information
Applicant and recruiter software; background
check service providers; benefits providers;
lawyers
Characteristics of protected classifications
under California or federal law (race;
color; sex/gender (including pregnancy,
childbirth, breastfeeding and/or related
medical conditions); sexual orientation or
sex life; gender identity/expression; age;
religion (including religious dress and
grooming practices); national or ethnic
origin; ancestry; union membership;
disability (mental and physical, including
HIV/AIDS, cancer, and genetic
characteristics); citizenship or
immigration status; genetic information;
marital status; medical condition (genetic
characteristics, cancer or a record or
history of cancer); military or veteran
status; political affiliations or activities;
status as a victim of domestic violence,
assault, or stalking; requests for family
care leave, for leave for an employee’s
own serious health condition, or for
pregnancy disability leave; retaliation for
reporting patient abuse in tax-supported
institutions)
Applicant and recruiter software; human resource
information systems; benefits providers; company
insurers; background check service providers;
lawyers
7
We disclosed Personal Information to the above categories of recipients for the following
business or commercial purposes:
- Process payroll;
- Enable recruiting services;
- Request you complete applications and forms associated with your employment or
prospective employment; - Consider you for potential employment;
- Perform background checks and drug testing;
- Verify your ability to work in this country;
- Identify you as a veteran;
- Process security clearances;
- Investigate and report security incidents and data breaches;
- Perform diversity and inclusion initiatives, includingdata analysis, development, and
deployment; - Perform company, client and regulator audits;
- Facilitate access to company systems, applications and assets;
- Request you acknowledge your agreement to certain company policies;
- Administer our wellness program;
- Administer and maintain benefits, including group health insurance, retirement accounts,
employee compensation, and employee leave; - Contact individuals for emergency purposes;
- Track time and attendance at work;
- Manage workers’ compensation claims;
- Manage your job-related performance;
- Arrange business travel;
- Investigate and handle disciplinary actions or termination;
- Establish training and/or development requirements;
- Detect lost/stolen equipment, fraud, or other types of wrongdoing;
- Grant and monitor your access to secure company facilities and files;
- Engage in corporate transactions requiringreview of employee records and information,
such as for evaluating potential mergers and acquisitions; - Review web traffic andevents, monitor for virus attacks and web content, and determine
bandwidth consumption; - Maintain commercial insurance policies and coverages, includingf or workers’
compensation and other liability insurance; - Maintain commercial licenses for enterprise applications and platforms;
- Prevent the spread of illness and administer programs duringa pandemic (e.g., COVID19);
- Perform call monitoring and surveillance (e.g., CCTV);
- Comply with federal and state law;
- Enforce our legal rights; and
- Engage in other legitimate business purposesreasonably required for our day-to-day
operations such as accounting, financial reporting, and business planning.
8
We have not sold or shared Personal Information in the twelve (12) months preceding the
Effective Date of this Privacy Policy.
We do not knowingly collect, sell, or share the Personal Information of individuals under 16
years of age. We do not use Sensitive PersonalInformation for purposes other thanthose allowed
by the CCPA and its regulations.
- Retention of Personal Information
We retain your Personal Informationfor as longas necessary to fulfill the purposes for which we
collectit, such asto provide you with services you haverequested, and forthe purposeof satisfying
any legal, accounting, contractual, or reportingrequirements that apply to us. Please contact us as
described in the “How to Contact Us” section below for more informationon our employee data
retention schedule. - Your Rights
If you are a California employee, you have the following rights with respect to your Personal
Information:
(1) The right to know whatPersonalInformation we have collected about you, including the
categories of Personal Information, the categories of sources from which we collected
Personal Information, the business or commercial purpose for collecting, selling, or
sharing Personal Information (if applicable), the categories of third parties to whom we
disclose Personal Information (if applicable), and the specific pieces of Personal
Information we collected about you;
(2) The right to delete Personal Informationthat we collected from you,subject to certain
exceptions;
(3) The right to correct inaccurate Personal Information that we maintain about you;
(4) If we sell or share Personal Information, the right to opt-out of the sale or sharing;
(5) If we use or disclose sensitive PersonalInformation for purposes other than those allowed
by the CCPA and its regulations, the right to limit our use or disclosure; and
(6) The right not to receive discriminatory treatment by us for the exercise of privacy rights
conferred by the CCPA. - How to Submit a Request to Know, Delete, and/or Correct
You may submit a request to know, delete, and/or correct through our interactive webform
available here or by emailing us at privacyoffice@luxotticaretail.com or via U.S. mail:
Privacy Office
Luxottica of America, Inc.
4000 Luxottica Place
9
Mason, Ohio 45040
If you are submitting a request on behalf of a California employee, please submit the request
through one of the designated methods discussed above. After submitting the request, we will
require additional information to verify your authority to act on behalf of the California
employee.
In addition to the CCPA rights discussed above, California law provides current and former
employees with the right to request certain information relatingto their employment, such as the
right to access their personnel file and payroll records. Because these requests are governed by
laws that contain differentrequirements than the CCPA, we handle such requests separately from
CCPA requests. If you would like to make such a request, please
privacyoffice@luxotticaretail.com.
If you would like to update your personalinformation, suchas to notifyus of a change of name
or address, or if you have questions about your employment, please contact Human Resources. - Our Process for Verifying a Request to Know, Delete, and/or Correct
We will comply with your request upon verification of your identity and, to the extent
applicable, the identity of the California employee on whose behalf you are makingsuch request.
In certain circumstances, we may need to verify your identity either to a “reasonable degree of
certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the Personal
Information and the risk of harm to you by unauthorized disclosure, deletion, or correction as
applicable.
For requests to access categories of Personal Information and for requests to delete or correct
Personal Information that is not sensitive and does not pose a risk of harm by unauthorized
deletion or correction, we will verify your identity to a “reasonable degree of certainty” by
verifying at least two data points that you previously provided to us and which we have
determined to be reliable for the purpose of verifying identities.
For requests to access specific pieces of Personal Information or for requests to delete or correct
Personal Information that is sensitive and poses a risk of harm by unauthorized deletion or
correction, we will verify your identity to a “reasonably high degree of certainty” by verifying at
least three pieces of Personal Information previously provided to us and which we have
determined to be reliable for the purpose of verifyingidentities. In addition, you will be required
to submit a signed declaration under penalty of perjury stating that you are the individual whose
Personal Information is being requested. - Other Relevant Policies, Including Monitoring
When we hire you, we provide you with other policies and procedures that govern your use of
our offices, networks, computers, and other devices. We have the right to monitor your use of
our offices and electronic resources in accordance with those policies and procedures.
10
For more information, please read the Employee Handbook, and policy addressing “