Data privacy notice
How we treat your data
We are pleased about your visit and your interest in our products and services. The protection of your personal data is important to us. We would therefore like to inform you below about how personal data is processed at Carl Zeiss AG and other companies in the ZEISS Group (hereinafter referred to as ZEISS).
Personal data is data that enables the direct or indirect identification of a person. It does not matter whether the determination can be made on the basis of a single piece of information or several pieces of information. The more information and data can be combined, the more precisely the person can be determined. Personal data includes, for example, the name, address, age or e-mail address, but also indirect data such as an IP address or social security number.
Controller and Data Protection Officer
The responsible party for the processing and protection of your personal data is ZEISS.
If you have any questions regarding data protection or questions relating to the processing of your personal data or the exercise of your rights, please contact us by either using the contact form at the bottom of this page or at the following address.
Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Your rights as a data subject
Of course, you retain control over all personal data that you provide to us when visiting our website or using our services. You have the following rights, which you can exercise free of charge.
Rectification/Correction
You may have the right to request that we correct any inaccurate personal data relating to you and to have incomplete data completed.
Deletion
You may have the right to request that your personal data be deleted without undue delay, if:
- i. it is no longer necessary for the purposes for which we have collected it,
- ii. you have withdrawn your consent and no other legal ground for the processing exists,
- iii. you objected and no overriding legitimate grounds for the processing exist, or
- iv. the processing is unlawful, or erasure is required to comply with a legal obligation.
Access/Know
You may have the right to obtain from us confirmation if your personal data is being processed by ZEISS in addition to certain related information, as well as the right to obtain a copy of your personal data undergoing the processing.
Transfer
You may have the right to receive your personal data that you have provided to us, in a structured, commonly used and machine-readable format and to transmit it to other data controllers.
This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.
Right to Restrict Processing: Use and Disclosure of Sensitive Personal Information
You have the right to limit our use and disclosure of your “sensitive personal information,” as that term is defined in the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (CCPA), to the extent required by law.
Appeal
Appeal the denial of a privacy rights request under the relevant law
Right to refuse to provide information
You have the right to refuse to provide information when requested, however please note that where the processing of that information is necessary for the purposes of entering into or performing contractual obligations, or to comply with our legal obligations, then your failure to provide certain information when requested could mean that we are unable to comply with those obligations
Right to refuse or withdraw consent
In cases we ask for your consent to processing, you are free to refuse to give consent and you can withdraw your consent at any time. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.
Right to complain
You have the right to complain to a supervisory authority or our data protection officer, insofar as you should have a reason to complain. To claim rights against our company, please contact us via our Contact form.
Exercising your rights
To exercise these rights, please submit a verifiable consumer request via our Contact form or by sending an email to dataprivacy@zeiss.com (please do not send confidential or sensitive information).
For consumers in any U.S. jurisdiction that provides consumer privacy rights, ZEISS must be able to verify and authenticate your request to initiate action.
For California consumers, only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for information twice within a 12-month period. The verifiable consumer request must:
Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Personal Information of Children
ZEISS adheres to Applicable Laws that restrict the processing of personal information of children without first obtaining the consent of their parents or legal guardians. No personal information of children is sold to third parties.
Non-Discrimination
ZEISS will not discriminate against you for exercising any of your privacy rights. You may be protected from discrimination for exercising any of your privacy rights under state privacy law.
Data categories and recipients of the data
1. What categories of data does ZEISS use?
The categories of personal data that ZEISS processes include, among others
- Your contact information, e.g. first and last name, address, telephone number(s), email address, etc.
- Professional information, e.g. the name of your company, the address of your company, your position in your company, etc.
- Location or preference data, e.g. when using our website in order to be able to display content in the language relevant to you, to be able to provide newsletters with content relevant to you, etc.
- Product and service data, e.g. which products or services you or your company have purchased from ZEISS, which products or services are assigned to you, etc.
- Purchase and payment information, e.g. your preferred payment method, credit card number, bank account number, etc.
- Access data, e.g. assigned user IDs for certain ZEISS systems, your ZEISS ID, etc.
- Health data, e.g. refraction or order values contained in your eyeglass prescription for correcting refractive errors and providing the necessary details for crafting your lenses or health data for conducting medical studies. In most cases, this health data is pseudonymized. In any case, strict standards apply to the processing of health datan at ZEISS.
We would like to draw your attention to the fact that, within the framework of the respective contractual relationship, you must provide those personal and company-related data that are required for the establishment, implementation and termination of the contractual relationship or promise of performance and their respective fulfillment, or which we are legally obligated to collect.
2. Recipients of personal data
To the extent necessary, those departments within ZEISS will have access to personal data that require it to fulfill their duties.
In addition, your personal data may be disclosed to business partners (other service providers) to provide services to us or to you on our behalf. These are carefully selected partners who provide services for ZEISS. These service providers handle your personal data as so-called processors on our behalf and according to our instructions. Each business partner or service partner is expected to use reasonable security measures appropriate to the nature of the information involved to protect your Personal Information from unauthorized access, use, or disclosure. Service providers are prohibited from using Personal Information that we provide to them other than as specified by us.
Categories of service provider that we may transfer your data to include:
- suppliers of IT and other specific services
- logistics partners and other service providers engaged to provide shipping and delivery services
- our professional advisers, such as lawyers, accountants and auditors
- regulatory authorities, public authorities, law enforcement agencies and courts
ZEISS does not sell your data or share it with third parties unless otherwise specified in the subsequent sections describing the purposes of the processing of personal data.
3. Transfer to third countries or international organizations
When forwarding data within the ZEISS Group (if permitted), transmitting data abroad and processing data with external partners, ZEISS observes the applicable data protection laws and safeguards these activities. A transfer to countries outside the US ("third countries") only takes place to the extent necessary for the respective purpose. Before any transfer of personal data to processors or third parties in third countries, we ensure that a transfer mechanism exists in accordance with applicable law. ZEISS has implemented appropriate technical and organizational measures to help protect your information.
How is your data secured?
We take the protection of personal data seriously and have implemented suitable technical and organizational measures in accordance with legal requirements to ensure the safeguarding of natural persons' rights and freedoms. We take into account the state of the art, implementation costs, as well as the nature, scope, and purposes of the processing to ensure a protection level that is appropriate to the risk. This includes measures to restrict the access to and disclosure of data.
We also adhere to the principles of privacy by design and default. This means that we consider the protection of personal data as early as the development or selection of hardware, software, and processes.
Furthermore, we have procedures in place to guarantee the exercise of data subjects' rights, such as the right to access, rectify, and delete personal data. We also have processes in place to respond to data breaches or compromises to ensure timely and appropriate actions are taken.
Duration of storage
We will typically delete or anonymize your personal information when the purpose for which it was collected no longer applies, unless there is another purpose for retaining your data.
To determine the appropriate retention period for your personal data, we consider the purposes for which we process the personal data, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, whether we can achieve those purposes through other means and any applicable legal requirements concerning the retention of the data in question.
Automated decision making incl. profiling
Personal data that we collect, for example, on our websites and that help us to understand your interests may be used for personalization purposes in order to provide you with content and information that is relevant to you. Automated decision-making based on this collected data does not take place.
An informal objection to this type of use is possible without giving reasons at any time for the future. Please use the contact form provided at the bottom of this page.
Purposes of the processing of personal data
ZEISS only collects and processes your personal data if you have given your consent or if it is permitted or required by other legal regulations. We generally obtain this data in two ways: either you have provided us with the data or we collect the data when you use our products and services.
The following list shows the various processing purposes for personal data here at ZEISS. Each entry contains a brief description of the respective purpose together with the corresponding legal basis for the processing. By clicking on an entry, you can view a more detailed description for each purpose.
If you have any questions about one or more processing purposes, please feel free to contact us.
-
In connection with your order for ZEISS Optical Inserts, Carl Zeiss Vision Inc. processes data received from our partner Apple and provided by you. The processed data includes the provided eye prescription, order information and other personal information provided by you based on the explicit consent to fulfill your order.
Carl Zeiss Vision Inc. is responsible for data processing when purchasing ZEISS Optical Inserts.
If you have any questions regarding how your personal data is processed by Carl Zeiss Vision Inc. in connection with your ZEISS Optical Inserts, please contact Carl Zeiss Vision Inc., 1050 Worldwide Blvd., Hebron, KY 41048, USA via our Contact form or by sending an email to dataprivacy@zeiss.com (please do not send confidential or sensitive information).
To offer you the ZEISS Optical Inserts, Carl Zeiss Vision Inc. and Apple cooperate. Both entities may act as independent controllers when processing personal information and, in some cases, may act as joint controllers and share certain responsibilities for data protection compliance.
What types of personal data do we process?
- Identity Data including first name and last name, delivery address, contact email address, phone number and approximate age range.
- Health Data as contained in your eyeglass prescription document including address, date of birth and refraction-, or order values.
- Order Data including the contents of your order such as frame personalization values.
- Support and Warranty Data including details of any product support requests you make along with relevant details of the request and resolution, details of your product warranty cover and of any claims made under the product warranty.
ZEISS does not sell your data or share it with third parties when you purchase ZEISS Optical Inserts.
Processing of Health Data
Prescription and refraction values may be considered health data. We can process this data only with your explicit consent. This processing is required to fulfill your order, e.g. for manufacturing purposes as well as for other purposes related to the preparation, delivery and future servicing of ZEISS Optical Inserts, including for quality control, and customer and warranty support. For manufacturing, only the refraction values from the prescription are required. These values will be tied to a unique identifier, but not to any data that directly identifies you, during the manufacturing of the ZEISS Optical Inserts in our production entity in China. This allows us to manufacture your individual optical inserts while safeguarding your privacy.
Consent revocation
You may revoke your consent to further use and disclosure of the Information by ZEISS at any time via our Contact form or by sending an email to dataprivacy@zeiss.com (please do not send confidential or sensitive information). Such revocation may prevent ZEISS from completing your ZEISS Optical Insert order (if not yet complete) or providing related services.
Consequences of consent revocation
The revocation of the consent you have given to process your health data to produce the ZEISS Optical Inserts has the following effects:
- If your revocation reaches us before the initiation of or during the production of your ZEISS Optical Inserts, your revocation may prevent ZEISS from completing your ZEISS Optical Insert order (if not yet complete) or providing related services.
- If the ZEISS Optical Inserts have already been manufactured and prepared for dispatch, the delivery will take place.
What happens if you refuse to provide us with your personal data?
We need certain personal data to be able to fulfill the contract with you. We also have to process certain personal information to comply with our legal obligations.
As a result, if you refuse to provide the requested mandatory information then we are not able to fulfill your order.
Where do we receive your personal data from?
We receive identity information from our partner, Apple, as well as prescription data uploaded by you via Apple’s platform to manufacture and deliver the ZEISS Optical Inserts. We do not collect any other personal data from third parties.
We will subsequently collect personal data directly from you if necessary, including when:
- You submit a product support request.
- You submit a warranty claim.
Why do we process your personal data?
We will process your personal data for different purposes at different stages. However, we will only process your information for one of the following purposes:
- processing and delivery of your order, including the analysis of your provided prescription to check if it can be used in the subsequent manufacturing process,
- generating and providing calibration data and a QR-code for pairing the Apple device with the ZEISS Optical Inserts,
- carrying out processing required by law,
- handling your support and warranty requests.
Automated decision making
We do not make decisions about you based solely on automated processing when purchasing ZEISS Optical Inserts.
- Identity Data including first name and last name, delivery address, contact email address, phone number and approximate age range.
-
ZEISS offers various apps for mobile devices (iOS and/or Android) that can collect personal data. This personal data is required for the function of the respective app.
Apps on mobile devices can gain access to functions of the end device if required and with the consent of the user. Each app that ZEISS offers will ask you for consent to use the required functions. These functions may include, but are not limited to, the following:
- Calendar
- Contacts
- Camera
- Location
- Audio (output & microphone)
- Phone
- SMS/MMS
- Memory
- Possibly other sensors
The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
ZEISS may record telephone conversations or chat sessions to improve the quality of our services. A recording is only started after you have been asked for and agreed to your consent at the beginning of the phone call or chat.
The legal basis of the data processing is your consent according to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
Normal application process
By registering and submitting your application to us in the ZEISS application portal, you provide us with your personal data and consent to the processing of this information as part of the application. You also have the option to separately consent to the inclusion of your data in the applicant pool (see below).
As a matter of principle, your data will only be used for the purpose of filling the specific position within the ZEISS group of companies. The ZEISS company responsible for the job advertisement or, in the case of a speculative application, the ZEISS company to which you send the application is responsible for the collection and processing within the meaning of the General Data Protection Regulation. For more information on the specific ZEISS company, please contact recruiting.oberkochen@zeiss.com. You can check, update and supplement the information you have provided in the ZEISS application portal at any time.
Pre-Employment Screening
Depending on the ZEISS company responsible, additional processes may be implemented that require a check of your person or your details. This serves to protect the business interests of the ZEISS Group. All verification processes strictly adhere to the applicable data privacy principles. In these cases, data processing may additionally be legitimized either by legal requirements (Art. 6 (1)(c) GDPR) or on the basis of the legitimate interests of the ZEISS (Art. 6(1)(f) GDPR).
Unsolicited application
If you send an unsolicited application to our applicant management system, your data will be forwarded to the appropriate ZEISS company that matches your skills.
Applicant pool
If you have agreed to your application data being passed on, your profile will be circulated if it could also be of interest for filling vacancies at other ZEISS companies. Thus, your data will be made available to ZEISS companies involved in the application process and they can contact you if they are interested.
Active sourcing
If what we read about you in your profile is interesting and we have contacted you via career portals or similar, we will first get to know you via the relevant social network. With your consent, we include the data from the social network in our application portal and send you a link with which you can complete your profile via an individual access and agree to your inclusion in our applicant pool. After we have collected your data from the social network, you will move on to the normal application process (see above).
Recommendation
If you have an interesting profile, it may be that you have already been recommended by one of our ZEISS employees. In this case, your contact details are first recorded via the ZEISS employee so that our system can send you an automated e-mail with information and a link to the job profile. If you are interested, you can go through the normal application process. If you are not interested and do not respond to the email, we will delete your contact information from our system after a maximum of two months. This gives you enough time to adapt your profile to the job in question or to use the data already collected for other interesting jobs. If you wish, we will also be happy to delete your data before the two-month period expires.
Type of data
As part of the application process, we process the data that you provide to us with your application. This data includes in particular:
- Identification data (first name, last name, etc.)
- Contact data (e-mail address, telephone number, etc.)
- Data on education and profession (school/university attended, professional career, etc.)
- Other relevant data (certificates, your photo, etc.)
- Data about your personal preferences (likes, interests, etc.)
- Legal basis and rights of the data subjects
Your data is collected for the purposes described above (reasonable grounds for employment with ZEISS). The data processing is carried out to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6(1)(b) GDPR.
Regularly the personal data may be processed as it is necessary for the decision on the establishment of an employment relationship or in special cases on the basis of the applicants' consent.
If the processing of your data is based on consent given by you, you can revoke your consent at your discretion at any time with effect for the future in the ZEISS application portal or by email to recruiting.oberkochen@zeiss.com. The legality of the data processing carried out until the revocation is not affected by the revocation.
Recipients of the data and place of data processing
The ZEISS Group ensures that third parties acting on behalf of ZEISS and authorized to access this data comply with the rights and obligations set out in this Data Privacy Notice. ZEISS and its service providers generally process the data on servers located in the European Union. In exceptional cases, the data may also be processed in countries outside Europe, to the extent permitted by law.
When transferring data within the ZEISS Group, when transferring data abroad and when processing data by external partners, ZEISS complies with the applicable data protection laws and secures these activities as far as possible by the means available under data protection law, including data processing contracts, EU standard contractual clauses and international conventions. If the local requirements abroad do not correspond to the level of protection of the EU Charter of Fundamental Rights, ZEISS will endeavor to keep the risks of processing personal data as low as possible by taking appropriate measures.
Deletion of data
In principle, we are required by law to archive your data relevant to the application process for six months. In the event that we are unable to offer you a position but you have agreed to be included in the applicant pool, we will delete your data no later than two years after your application has been rejected. After six months, you can also have your data deleted at any time in the ZEISS Applicant Portal or by sending an email to recruiting.oberkochen@zeiss.com. If you have not consented to the storage of your data, it will be deleted as soon as we have filled the position or within the six-month period.
If you have consented to the storage of your data, we will include this data in the personnel administration processes that we carry out within the framework of the statutory provisions.
Data security
ZEISS has globally applicable corporate guidelines to ensure the security and confidentiality of data; in addition, the data protection regulations of the countries in which a ZEISS company has its registered office apply. In addition, any service provider who processes your personal data on behalf of ZEISS undertakes to ensure confidentiality and to apply the same strict security measures as ZEISS.
The technical support of our applicant management system is provided by an IT provider in Germany, which we have selected in accordance with the legally prescribed parameters and for which the data protection requirements also apply.
Job Alert
If you set up a Job Alert, we only store the information necessary for this (e-mail address and selection criteria). You can terminate your participation in Job Alert at any time. In this case, we will delete your data immediately.
Contact
Please send any questions about the application process to recruiting.oberkochen@zeiss.com.
- Identification data (first name, last name, etc.)
-
ZEISS offers various forums on specific specialist topics. These specialist forums offer users the opportunity to exchange thoughts, experiences and helpful tips with other users. To participate, each user must have a ZEISS ID. In this process, the user name, e-mail address and usage data are processed.
The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
In order to conduct sweepstakes, ZEISS collects personal data of the participants to determine the winner. This normally includes the salutation, full name, address, e-mail address and telephone number if contact by telephone is required.
This data is used to notify the winners by e-mail, post or telephone. The address data will be used to send the prize, except in the case of personal delivery.
The data will be collected and processed exclusively by the company of the ZEISS Group that is organizing the sweepstake. The data will not be transferred to other external companies unless the sweepstake is organized by an external company.
The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
Personal data that ZEISS receives as part of quotation requests, order processing, configuration, etc. is used to process the respective business transactions. The collected data is processed in our CRM system for this purpose. The legal basis of the data processing is the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR.
-
Google Analytics is a web analytics service provided by Google, Inc. This service allows us as a website operator to track and analyze the interactions of visitors with our website. Google Analytics allows us to obtain information about the origin of visitors, the actions performed on the website and the conversion rate of visitors. This information can be used to improve website performance and optimize the user experience for visitors.
Google Analytics collects the following data:
- Age
- App Store
- App version
- Browser
- City
- Continent
- Country
- Brand of the device
- Category of the device (smartphone, tablet, etc.)
- Model of the device
- Gender
- Interests
- Language
- New or already known user
- Operating system
- Operating system version
- Platform
- Region
- Subcontinent
The legal basis of the data processing is your consent according to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
Carl Zeiss AG processes the personal data provided by the whistleblower for the purpose of receiving and processing compliance notices regarding violations of applicable laws and internal rules, as well as investigating and sanctioning such violations.
The data provided by the whistleblower includes, among other things, data categories such as communication data (e.g. name, telephone, e-mail, address), employee data of ZEISS employees and, if applicable, names and other personal data relating to persons included in the notice.
The processing of data when receiving and investigating compliance notices, as well as the determination of appropriate measures, is based on Art. 6(1)(f) GDPR. This is based in particular on the legitimate interest of ZEISS as a company for the prosecution of criminal offenses, the assertion of claims under civil law, the implementation or termination of an employment relationship or the detection of criminal offenses in the employment relationship, as well as the prevention of violations of regulatory offences along the applicable laws.
Data processing in the central administration and forwarding of cross-Group matters by Corporate Compliance is generally carried out in accordance with the legitimate interest of the company to obtain a Group-wide overview of compliance notices and thereby existing risks within the scope of the governance function, as well as for the assertion and defense of rights pursuant to Art. 6(1)(f) GDPR.
If there is a legal obligation to provide a whistleblowing system or complaints mechanism, the legal basis may result from Art. 6(1)(c) GDPR.
Insofar as the complaint mechanism requires the consent of the data subjects to the data processing, the processing is carried out in accordance with Art. 6(1)(a) GDPR. Consent given for the processing of personal data can be revoked at any time with effect for the future.
In accordance with our legitimate interest pursuant to Art. 6(1)(f) GDPR, we anonymize personal data under certain circumstances so that no information and identifiers relating to specific individuals are included.
Retention obligations and deletion periods
As a matter of principle, we store personal data only for as long as is necessary to clarify the facts to which the compliance notice relates or as required by law. The specific retention obligations and deletion periods for personal data processed in the course of processing and clarifying compliance notices depend on the investigation result of the specific facts, as well as on the type of violation and legal consequences.
Disclosure and transmission of personal data
When processing compliance notices in accordance with the internally defined procedure and, if applicable, legally prescribed procedures, it may be necessary to involve other internal functions in the course of clarifying the facts and determining measures. Only to the extent that it is absolutely necessary for the processing of the compliance notice or required for the fulfillment of legal obligations will personal data be passed on to the following bodies in this context:
- Management and/or local compliance officer of the ZEISS company concerned;
- Internally responsible office in the event of (specialist) specific information (e.g. Group Data Protection, Group Security, Legal Department, Purchasing Department, Human Rights Officer, Internal Audit);
- Responsible HR department and managers of the employees concerned;
- If necessary, external law firms and other partners to assist in clarifying compliance indications;
- Other responsible parties, such as government investigative authorities like public prosecutors.
If you, as a whistleblower, have provided your identity as part of the compliance report, we are generally obligated under the GDPR to inform any accused persons of your identity as the source of personal data no later than one month after receipt of your report (Art. 14(3)(a) GDPR). If there is a substantial risk that such notification would jeopardize the effective investigation of the allegation or otherwise interests worthy of protection (e.g., protection of the whistleblower), the notification may be postponed as long as this risk exists (Art. 14(5)(b) GDPR).
Personal data will only be transferred to a recipient (e.g. a ZEISS company or authority) in a third country (based outside the EU or EEA) if this is necessary for processing the compliance notice. The relevant requirements of Art. 44 et seq. GDPR are taken into account accordingly.
ZEISS Integrity Line" whistleblower system
The "ZEISS Integrity Line" enables whistleblowers to anonymously report compliance notices and communicate via an encrypted connection.
Carl Zeiss AG has commissioned EQS Group AG, Karlstraße 47, 80333 Munich, Germany ("EQS") with the technical provision of the "ZEISS Integrity Line" platform. The service provider was carefully selected. He is responsible for regular monitoring in the careful handling and securing of data. For the technical implementation, we transfer personal data to EQS. For this purpose, we have concluded an order data processing agreement with EQS. Processing by EQS takes place exclusively in ISO 27001 certified high-security data centers in Germany and Switzerland.
When using the platform for reporting compliance notices and when communicating via the platform, the personal data provided by the whistleblower in the notice is processed on a specially secured database by EQS and encrypted according to the current state of the art. The IP address and the current location are not processed at any time.
Only ZEISS Corporate Compliance, i.e. Head of Corporate Compliance, Corporate Compliance Officer and Senior Corporate Compliance Manager, as well as specially authorized administrators of EQS are permitted to view the data on the "ZEISS Integrity Line".
-
The ZEISS learning platforms support you in your continuing education. The purpose of the ZEISS learning platforms is to provide you with learning content, organize learning processes, support learning scenarios and track learning progress during the processing of learning content. Communication between teachers and learners is also enabled for this purpose. The ZEISS learning platforms send e-mails and calendar entries with relevant information for the participants as part of the organization of learning processes. Users can book trainings and provide reviews (ratings) on training, which can be read by other users including the name of the providing user.
The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
ZEISS wants to make it easy for you to contact us. We therefore offer contact forms on our websites for various types of inquiries.
Depending on the purpose of the individual form, you will be asked to provide the data we need to answer your request. This is usually your name and your e-mail address for contacting you; we may collect further contact data such as telephone number or address as well as other data to help us respond to your request.
Purpose of the contact form and associated legal basis:
- Marketing or sales enquiry
Marketing or sales inquiry forms are used to inform interested parties or potential customers about products or services or to advertise them (see also processing purpose "Newsletter"). The legal basis for the processing of personal data is the consent of the data subject pursuant to Art. 6(1)(a) GDPR. Every person has the right to withdraw consent at any time with effect for the future.
- Customer inquiry
Customer inquiry forms can be used by existing customers to ask questions about products or services or support requests, for example about products or services. The legal basis for this processing is the fulfillment of a contract or the implementation of pre-contractual measures in accordance with Art. 6(1)(b) GDPR.
- Data privacy request
The data privacy request form is offered to enable interested parties or customers of ZEISS to exercise the rights of the data subject, e.g. to request information about stored personal data or to request for the deletion of this data. This data processing is a legal obligation that ZEISS must comply with in accordance with Art. 12 GDPR, the legal basis is therefore Art. 6(1)(c) GDPR.
- General request
General inquiry forms can be used to ask ZEISS general questions or concerns that do not fall into one of the other categories. The legal basis for the processing of personal data is our overriding legitimate interest in being able to respond to such inquiries from users in accordance with Art. 6(1)(f) GDPR.
All data collected will be used exclusively for the processing for the respective purpose and will not be used for any other purpose.
- Marketing or sales enquiry
-
ZEISS would like to send you information about our products and services that may be of interest to you. For this we gather and process your data in different ways.
Data you provide to us
We use your personal data collected as part of a newsletter registration, in particular the areas of interest indicated, to provide you with product and service information tailored to you personally. By providing your name, you enable us to address you personally and to easily manage your data. If you provide your address data, e.g. your postal code, we can also provide you with regionally tailored offers.
The legal basis of the data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future. You will find unsubscribe instructions in the footer of each newsletter.
Data we get by purchasing or using our products or services
The data we receive in the course of purchasing one of our products or services as well as in the use of them will be used for direct marketing measures to draw attention to news and updates about purchased or related products or services. The legal basis for data processing is the safeguarding of the legitimate interests of ZEISS in accordance with Art. 6(1)(f) GDPR. Our overriding legitimate interest follows from our interest in being able to send you news and improvements to the products or services you have purchased or related products or services.
You can object to the processing of your personal data for advertising purposes by ZEISS at any time with effect for the future. The objection can be made easily via the request form provided at the bottom of this page or by using the unsubscribe link in the footer of each newsletter.
Stitching
Stitching means combining and linking data from different ZEISS sources to create a more comprehensive profile of our users. By combining information from various interactions, both online and offline, we aim to improve your experience, tailor our products and services to your preferences and provide you with personalized recommendations.
How we use Stitching: We use Stitching to better understand your interests and needs so that we can improve our products and services and provide you with a more personalized experience. By analyzing data from multiple touchpoints, we can provide you with relevant content, promotions, and recommendations that are tailored to your preferences.
Types of Data Affected: Data subject to stitching includes, but is not limited to, your demographic information, purchase history, browsing behavior on our websites, interaction with our apps, and survey feedback. We ensure that all data processed through Stitching is handled in accordance with applicable data protection laws.
Third Party Involvement: We work with trusted partners to enhance our data profiles through Stitching. These partners are carefully selected and bound by strict confidentiality agreements. Rest assured that we maintain control over the combined data and ensure that it is only used for the purposes outlined in this privacy notice.
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR. We respect your rights with respect to your personal information. If you prefer not to participate in the stitching process or related profiling activities, you obviously have the right to opt out. You can exercise this option by contacting us here.
Analysis
Furthermore, we are always striving to improve our offer. For this purpose, evaluations are made of the newsletters sent, e.g. whether a communicated e-mail address can be reached, which newsletters are opened, which links are clicked on within the newsletter, etc. The data is collected and processed exclusively by ZEISS. The data will not be transmitted to other external companies.
-
With the purchase of ZEISS lenses, you can receive a consumer card* from your optician or can register your product on MyZEISS Vision. Using the unique identifier of your order you can verify that the lenses purchased are genuine ZEISS brand. With prior registration to ZEISS ID you can register your product using the unique identifier of your order and obtain an extended warranty. If available in your market, this service is embedded in MyZEISS Vision.
Both, the registration in MyZEISS Vision as well as receiving an extended product warranty is based on applicable law.
The processing of data for the following features of MyZEISS Vision relies on your consent and complies with applicable law:
When you verify or register a product in MyZEISS Vision, we will process order-related data such as the product´s serial number and date of purchase as well as the prescription information which is your protected health information.
MyZEISS Vision also offers you the option to conduct ZEISS Online Vision Screening and save your results in your account.
If you register for the personalized marketing newsletter, we use your personal data collected in MyZEISS Vision to provide you with product and service offers tailored to your needs. These communications will be sent to the email address provided in MyZEISS Vision.
For all the above-mentioned purposes we ask for your consent independently of each other. You can withdraw each of the consents individually at any time in the MyZEISS Vision Preference Center or by sending a notification to dataprivacy@zeiss.com. The change will be effective immediately upon receipt of the consent withdrawal.
To offer you MyZEISS Vision, your national ZEISS Vision entity and Carl ZEISS Vision International GmbH act as Joint Controllers. This means, that both entities share responsibility and determine the purposes and means of processing your protected health information in a collaborative and transparent manner, with defined roles and obligations for data protection compliance.
*Only available in selected markets.
-
"My vision profile" and the "ZEISS Online Vision Check" are online services for determining personal vision habits and identifying individual needs based on visual acuity, contrast and color vision as well as astigmatism and field of view for individual lens solutions from ZEISS. The data collected in this process is used exclusively for the analyses required in each case. The results of "My Vision Profile" can be subsequently accessed via a code provided with the result; on request, this code can also be provided by email.
Various data are collected for the determination of the vision profile or the vision check: Age, limitation of vision, previously used visual aid, vision problems, occupational and daily activities, duration of use of mobile devices, etc.
If you would like to receive the results by email, your email address will also be collected for sending the QR code with the analysis results. The email address will not be stored further.
The legal basis for the data processing is your consent according to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
For some ZEISS products ZEISS provides a warranty of two years from the date of purchase. For some of these products this warranty period can be extended to three years if the product is registered via ZEISS online registration within four weeks of the date of purchase.
The legal basis for this data processing is the fulfillment of a contract or the performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR.
-
In order to analyze and find a solution to the problem you have contacted our support team about, you may be asked to send us analysis files or a ZEISS employee may have to connect to your system's computer.
The legal basis for this data processing is the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR.
-
For some of our services, we offer single sign-on procedures. This procedure allows you to log in to some of our services with the help of a user account of a provider of single sign-on procedures (e.g. Facebook or Apple ID). The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR, the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR or to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR. You have the right to revoke your consent at any time with effect for the future.
Our overriding legitimate interest follows from our obligation to ensure the security of the services offered. For this purpose, certain personal data is processed by ZEISS and transmitted to us in the course of the single sign-on procedure.
-
ZEISS also offers you extensive contact and information options via our presence in social media. These social media services may independently collect personal data, e.g. via your created profile. In the process, data is also processed outside the European Union. The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.
Social media platforms
We offer you extensive contact and information options via our presence on social media on the basis of Art. 6(1)(f) GDPR. These social media services may independently collect personal data, e.g. via your created profile.
On some ZEISS websites you will find buttons to social plugins of other online services. These buttons do not yet establish contact with the provider's server. Only by clicking on these buttons do you give your consent to communication with the provider of the respective platform and a connection is activated.
If you are already logged in to a social network of your choice, this takes place without another window. Since this transmission is direct, we do not obtain knowledge of the transmitted data. What is transmitted is the fact that you have called up the corresponding page. If you are logged into Facebook & Co. at the same time, this information is assigned to your social media account and is thus associated with your person.
For more information about the further use and storage of your personal data by Facebook and Twitter, please contact these social media companies directly.
It is also possible to block social plugins with add-ons through your browser.
Facebook for Business - Automatic advanced matching
This functionality is only active if you have consented in our Cookie Consent banner to use Facebook's tracking pixel. If you give this consent, automatic advanced matching will be used on some ZEISS websites. This function transmits your email address and/or phone number when you enter it in a form on a ZEISS website and submit the form. The data is encrypted before transmission and is used by Facebook to better assign people to specific target groups. Afterwards, the transmitted data is deleted by Facebook.
Facebook Fanpages
According to a ruling by the European Court of Justice in 2018, running a Facebook Fanpage is a shared responsibility between Facebook and the company operating the page. Facebook collects and processes personal data to provide insights about how people interact with the page, but this information is only given to ZEISS in an anonymous form, so we can't see individual users' information. ZEISS uses these insights to understand how people interact with their content and improve it. The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.
-
Customer satisfaction surveys
ZEISS has a legitimate interest in improving its own products and services. We may therefore invite you to participate in customer surveys. The questionnaires used for this purpose are generally designed to be anonymous, so that you do not have to provide any personal data. If you nevertheless provide personal data in a questionnaire or survey, ZEISS may use this personal data to improve its own products and services.
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR or to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.. You have the right to revoke any consent given at any time with effect for the future.
Our overriding legitimate interest is to improve the products and services we offer.
Surveys for user research
We use information from user research surveys to test prototypes or concepts and ideas on our website and to improve our services based on feedback we receive from website visitors or users recruited through agencies. The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.
What information do we collect?
- Name
- E-mail address
- Behavioral data (user interactions with the prototype, likes, dislikes, preferences)
- Location (country)
- Demographic data: Age, age range, gender (not always required)
- Job title
If videos and images are recorded as part of user research, this will only happen if you have given us your consent. You can unsubscribe at any time and without giving any reason by sending an e-mail to research.panel@zeiss.com. We store this information in our databases because it is possible that not all members of the project team will participate in the interview (if applicable).
The service provider maze.co is used to conduct the user research surveys. A data protection agreement has been concluded with the service provider. Your personal data will not be shared with any other service provider.
We store personal data collected as part of user research for a period of 2 years. Anonymized data (i.e. data that cannot identify you) may be stored for longer.
-
If you participate in one of our events, the processing of your personal data may become necessary for your participation for processing and billing reasons.
The legal basis for data processing is the performance of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR or, if there is no contractual relationship between you and ZEISS, the protection of the overriding legitimate interests pursuant to Art. 6(1)(f) GDPR. Our overriding legitimate interest is the effective implementation of our events (offline or online).
We use the following platforms and applications to conduct virtual meetings or webinars:
As a rule, only your e-mail address, first and last name, and IP address are processed for the event. For paid events, data may also be processed for billing purposes.
An encrypted connection is established between you and the service provider of the webinar. We do not record the audio or visual information transmitted during this session. By clicking "Join", you confirm that you will not record or screen capture this session either.
You can end the session at any time by simply closing the browser window or exiting the program or app. If your contact ends the session, your session participation will automatically end as well.During and after the webinar, statistical data is transmitted to us. If you participate in a webinar, ask or answer a question during the webinar, in addition to your registration data, we receive information about the duration of participation, interest in the webinar, the question asked, or answer for further support or expansion of the user experience.
We would also like to point out that the providers collect their own data as part of the provision, which we cannot influence. Detailed information on this can be found on the websites of the providers.
-
ZEISS monitors security-relevant areas inside and outside buildings and premises by means of video recording. Video surveillance of public areas does not take place as a matter of principle. As soon as you are in the detection range of the cameras, you are the subject of this data processing. The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.
ZEISS has an overriding legitimate interest in the use of video surveillance. This helps to ensure largely full building and personal security. Video surveillance pursues the following purposes:
- Exercise of domiciliary rights
- Detection of illegal access attempts
- (Necessary) monitoring of alarmed doors
- Detection of blocked emergency exits
- Clarification and prosecution of unauthorized access
- Prevention, containment and clarification of criminally relevant behavior, e.g. vandalism
Video surveillance enables the prompt initiation of measures to eliminate grievances arising from the above-mentioned points. It thus serves not only to protect the building, but also your personal safety and the safety of ZEISS employees.
Video data is only evaluated on an ad hoc basis. In the event of a violation of the house rules, the commission of a crime, or certain legal requirements, the recordings may be handed over to security authorities.
As a rule, the data is recorded or stored for 7 days. Depending on the location, the data may be recorded for a different period (for a maximum of one month). Normally, a notice is posted at each location where video surveillance is conducted to inform data subjects of their rights.
In the case of a specific reason, these image sequences are required for the duration of the investigation.
-
As a rule, you can use the ZEISS websites without providing us with any personal information. Exceptions are so-called technically necessary cookies, which are required to provide certain functionalities such as secure login or cookie management. For some functionalities offered on the websites, we will request personal information from you in order to be able to process the respective service quickly and in a user-friendly manner or to be able to offer the service at all. See also "Use of cookies and similar technologies".
Some data is already collected automatically and for technical reasons when you visit our website. You can find detailed information on this under "Access data on websites and webshops".
The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR or to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR. You have the right to revoke your consent at any time with effect for the future.
-
In our webshops you can order different products. For the processing of the order process, various personal data are processed.
To process an order, we process your contact data, i.e. title, surname, first name, telephone number and the delivery and billing address. We use your e-mail address to send you an order confirmation and other important information about your order and to verify your identity when creating a customer account. Furthermore, we collect your payment data during the ordering process. If necessary for the fulfillment of an order, we use postal, forwarding and shipping companies. In the event of a delay in payment, we transmit - if the other legal requirements are met - the data necessary for the enforcement of our claim to a collection service provider. The processing of credit card payments and PayPal is also carried out by an external service provider.
The legal basis for this data processing is the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR. Deviating from this, data processing for the above-described credit check and, if necessary, the involvement of a debt collection service provider is carried out on the basis of Art. 6(1)(f) GDPR. Our overriding legitimate interest is to avoid payment defaults.
Some data accrue automatically and for technical reasons already when you visit our webshops. You can find detailed information on this under "Access data to websites and webshops".
-
For the processing of contractual relationships, we offer our customers secure payment options and use other payment service providers in addition to banks for this purpose. The legal basis of the data processing is the fulfillment of a contract or the implementation of pre-contractual measures according to Art. 6(1)(b) GDPR.
Personal data is processed by the payment service providers (such as name, address, bank data, such as account numbers or credit card numbers). This processing is necessary to carry out the transactions. However, the data entered in this process is only processed by the payment service providers and stored by them. ZEISS only receives information with confirmation or negative information of the payment.
Further transmissions may be made by the payment service providers for the purpose of checking identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers. The terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications.
- Mastercard
Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
Privacy policy - Visa
Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, GB;
Privacy policy - PayPal
PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
Privacy policy - Paymetric Inc.
300 Colonial Center Pkwy #130, Roswell, GA 30076, United States
Privacy policy - Computop
Computop Paygate GmbH, Schwarzbergstraße 4, D-96050 Bamberg, Germany
Privacy policy
- Mastercard
-
ZEISS ID is the identity and access management system for all ZEISS applications that can be used by customers, partners, suppliers and employees. In this way, digital services from ZEISS can be used via a single access point. The integrated "single sign-on" function makes it possible to switch between different services without having to log in again - and this is also possible within the ZEISS companies through automatic registration.
For registration, the user must provide his surname, first name, e-mail address and, if required for the service used, his title, customer number, telephone number, delivery and billing address. We use the data provided for the purpose of user administration. Insofar as this user data is required for the implementation of further applications, e.g. for the processing of orders in the web store, the data required for the corresponding application will be transmitted to them.
Within the ZEISS ID account profile, you can view and change your personal data or the status of your marketing consent, optional data can be deleted. A ZEISS ID can also be deleted as such. In this case, your data will be deleted and you will lose access to the ZEISS ID applications. Your ZEISS ID account and your data will be automatically deleted if your account is inactive for 2 years.
The legal basis for the data processing is your consent pursuant to Art. 6(1)(a) GDPR.
-
In the ZEISS Quality Software Store we collect various personal data, including your name and your ZEISS ID. We use this data to be able to offer software trial versions and add-ons, to give you the opportunity to write reviews and to improve the service and product range.
The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.
-
As a website or webshop operator, ZEISS collects data about access to our websites and webshops and stores this data as so-called "server log files". The following information is collected automatically and stored for 7 days:
- The website or page of the webshop visited
- Date and time of access
- The website from which the access was made (so-called referrer URL)
- Browser used
- Operating system used
- The IP address of the requesting end device
The aforementioned data is processed by us for the following purposes:
Monitoring and evaluation of system security and stability.
- Ensuring a smooth connection of the website
- Ensuring a comfortable use of our website
The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR. Our overriding legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about individual persons.
- The website or page of the webshop visited
-
The Virtual Try-on Service of Carl Zeiss Vision GmbH gives you recommendations for eyeglass frames based on a previously created virtual avatar of you. The biometric data collected will only be processed by ZEISS as part of the Virtual Try-on Service.
The legal basis of the data processing is your consent according to Art. 6(1)(a) GDPR.
-
1
Last updated: November 5th, 2024