I. When you open and/or use our online services, the information collected includes:

• The type of browser you are using
• The pages you have visited on our website
• Operating system
• Your IP address or shortened IP address
• User behavior (e.g. mouse movements, click behavior, session duration, etc.)

This data is mainly collected and used in an anonymized or pseudonymized form.

II. If you have registered on our website, you have voluntarily provided information about yourself, which includes:

• First name, last name and title
• Payment information
• Contact information (e.g. email, phone)
• Address and order information
• Company, group assignment
• Products and equipment you use
• Personal interests and preferences

Data is collected by ZEISS online services via automated processes or user entry, e.g. by means of:

• Cookie tracking pixels
• Direct user entry
• Cross-device tracking, mouse tracking and similar methods

Cookies make websites more user-friendly, effective and secure. A cookie is a text file containing information about user activity which is temporarily saved in the user's browser. It can be used to define and save visitor preferences and website settings.

Note: Additional information about cookies and other internet technologies is available in our Data Protection Notice.

It should be noted that ZEISS only collects personal information on a case-by-case basis and for specific purposes. The following list of reasons is therefore not exhaustive.

1. For the provision of our products & services
2. To comply with legal obligations
3. For credit checks when processing payments that use insecure payment methods
4. To prevent fraud on purchases
5. For marketing purposes
6. For web analytics and to improve our website
7. For contests
8. For newsletters and other subscriptions
9. For online applications
10. For contact purposes and in contact forms
11. During the use of protected areas, such as ZEISS ID, and for authentication
12. In the online shop
13. For requirements
14. During the use of ZEISS digital services, e.g. platforms, subscribing to/unsubscribing from newsletters, and during the use of apps

We know that it is important to you that your personal information be handled with care. Since data protection is a high priority issue at ZEISS, we make sure that your information is collected, processed and used strictly in accordance with the law. The instances listed above are those in which we require personal information from you.

This information helps us continually improve our websites and provide you with an individualized user experience. The individual items of personal information are used to process your orders, to deliver purchased goods and products to you, to verify your creditworthiness, to process payments, to prevent fraud and to keep you informed about your orders and our products, services and special offers.

To ensure that we can get in touch with you quickly, we request that you provide us with your email address. Your address will only be used for advertising purposes if you have given your explicit permission for this.

We process your data only in compliance with the applicable laws. In particular, we will process your data in accordance with Article 6 and Article 9 of the General Data Protection Regulation (GDPR), as well as in accordance with the conditions for consent in Article 7 GDPR. We will process your data, among other things, upon the following legal bases. Please note that this is not a complete or exhaustive list of the legal bases. These are merely examples intended to render the legal foundations more transparent.

• Consent (Article 6, paragraph 1, sentence 1, letter a GDPR and Article 7 GDPR or Article 9, paragraph 2, letter a and Article 7 GDPR): we will only process certain data on the basis of your explicit and voluntary consent given in advance. You have the right to revoke your consent at any time with effect in the future.

• Performance of a contract / pre-contractual measures (Article 6, paragraph 1, sentence 1, letter b GDPR): we need access to certain data to initiate or perform your contract with ZEISS and ZEISS partners.

• Compliance with a legal obligation (Article 6, paragraph 1, sentence 1, letter c GDPR): ZEISS is subject to a series of legal requirements. In order to meet these requirements, we must process specific data.

• Protection of legitimate interests (Article 6, paragraph 1, sentence 1, letter f): ZEISS will process specific data to protect its interests or those of third parties. However, this only applies if your interests in the individual case do not override other legitimate interests.

Generally, your information is processed on servers located in Germany. If permitted, your information may also be processed in countries other than Germany. User information is processed in part by external companies hired by ZEISS.

When forwarding data within the ZEISS Group (if permitted), transmitting data abroad and processing data with external partners, ZEISS observes the applicable data protection laws and  safeguards these activities as well as possible by the data protection means available, including data processing contracts, EU standard contractual clauses and international conventions. If the local requirements abroad do not meet the level of protection afforded by the EU Charter of Fundamental Rights, then ZEISS will endeavor to keep the risks of personal data processing to a minimum through suitable measures.

Before any transfer of personal data to processors or third parties in third countries, we ensure that a transfer mechanism exists in accordance with the EU GDPR:

• If it is a safe third country the data is covered by an adequacy decision.
• If data is transferred to a so-called unsafe third country, this transfer is covered by standard contractual clauses.
  

• The right to information
• The right to object, including the right to withdraw your objection
• The right to have information deleted or released/transferred
• The right to limit or block the processing of information
• The right to have information corrected
• The right of appeal, also through a responsible supervisory authority
• The right to withdraw your consent
• The right to not be subject to a decision based solely on automated processing, including profiling

If you have a data protection concern, please contact:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen

Contact via email (no confidential content, please): datap rivacy @zeiss .com
Contact by phone: +49 7364 20-0 (keyword "data protection")
Contact via web form: Go to form

We delete your personal information when the purpose for which it was collected no longer exists; this could include information collected during the execution of a contract which has been terminated. In order to adhere to commercial and tax law and other legal requirements, it may be necessary to store your personal information for longer than the purpose for which it was collected or to initially block the information so that it can be used for later processing. . This may also be necessary for the assertion, exercise and defence of legal claims.

When you sign in to specially protected areas, e.g. via ZEISS ID, or into online shops, when you register to participate in contests or when you place an order, your personal information is transferred to us. To ensure that your information does not end up in the wrong hands, it is encrypted using standard, state-of-the-art methods such as SSL encryption (secure sockets layer). This is a proven and secure method of transferring information on the Internet.

ZEISS also employs a wide range of additional technical and operational security measures to protect the personal data of its partners and customers. In conjunction with these security measures, we may occasionally request that you provide proof of your identity before granting you access to your personal information.

ZEISS uses cookies to ensure that your user experience is as comfortable and convenient as possible. Want to know more about how we use cookies?

Learn more about cookies and other internet technologies

Your ZEISS ID account can be used to sign in to a wide range ZEISS products and services. When you sign in, the information you provided voluntarily is used to create a personalized data record. The information helps us provide products and services which are better tailored to you personally.

To withdraw permission for the use of your personal information, click the link below:

Viewwithdrawal form

Beware of phishing and spoofing activities

Unfortunately, the ZEISS brand is among those which are misused for deceptive purposes. In more specific terms, this means that users sometimes receive falsified emails supposedly sent from ZEISS. These emails are often visually designed to look like ZEISS communications and can in some cases be difficult to tell apart from authentic emails from ZEISS.

In these cases, the persons sending the falsified emails are attempting to exploit the trust between ZEISS and its customers in order to steal sensitive information (e.g. login details, customer information, payment information) or to install malicious software on your computer or smartphone.

These emails are not created or sent by ZEISS, even if our name is used to make it appear so. Unfortunately, this also means that ZEISS has no control over the creation and sending of illegitimate emails.

The following characteristics can help you identify whether the email you received is actually from ZEISS:

• Confirmation emails and invoices from ZEISS should only be for itemsyou actually ordered.
• Emails from ZEISS should be free of typographical and grammatical errors, since they are proofread before being sent.

In some areas of our websites, we also provide information about, and links to, third-party websites. We do this only if we are firmly convinced of the seriousness of the respective supplier. However, ZEISS is not responsible for the data protection stipulations or contents of these websites and assumes no liability in this regard. These external links are marked with the following icon:

The right way to deal with spam, phishing and spoofing emails:

• We recommend that you delete suspicious emails immediately.
• Never open links or attachments in suspicious emails and never give outyour personal information.
• We also recommend running a virus scan on your computer.

If an email contains unusual or suspicious information regarding your order or your customer information, sign in to the online shop with which you placed the order. There, you will find a list of all the orders you have actually placed, along with the status and invoice number for each order. To do this, manually enter the address of the particular ZEISS online service in your browser. Manually entering the address allows you to avoid the risk of being sent to fraudulent websites via links contained in the email.

Tip: If you're unsure about an email you've received, use our contact service to get in touch with us or write us a message at contact form.

The services mentioned here are not intended for citizens of the Russian Federation whose permanent address is in Russia. If you are a citizen of the Russian Federation and your permanent address is located in Russia, you acknowledge that any and all personal information you provide when using our services is done so at your own risk and that you are solely responsible for this information; you also acknowledge that by using ZEISS services you grant your explicit permission to have your personal information collected and transferred to the United States and other countries for processing, and that ZEISS cannot be held responsible for failure to adhere to any laws of the Russian Federation.

By using ZEISS services you grant your explicit permission for your personal data to be collected, processed and transferred to recipients outside China.

The content of this website can be restricted for use by persons in specific geographical regions (including the USA). ZEISS makes no claims that the website or its content is accessible, or appropriate, outside of these regions. Access to the website may not be legal for certain persons in certain countries. If you access the website in violation of these provisions of law you do so at your own initiative and are responsible for observance of the applicable laws.

The "Shine the Light" law of the state of California enables residents of California to request certain information about the data collected by ZEISS and sent to third parties for direct marketing purposes.

If you wish to request additional information covered by the "Shine the Light" law, contact us using the information provided above or submit a request to the address provided with the phrase "California Shine the Light Request" so that we can appropriately categorize your request. For this process we require your postal address, permanent address and an email address so that we can send you an answer.

This Privacy Notice for California Residents supplements the information contained in ZEISS’s Data Protection Notice and applies solely to all visitors, users and others who reside in the State of California. We are introducing this Data Protection Statement to comply with the California Consumer Privacy Act of 2019 ("CCPA") and other California data protection requirements. Any terms defined in the CCPA have the same meaning when used in this notice.

Personal information described above and in this Privacy Notice does not include:

• Publicly available information from government records.
• Deidentified or aggregated consumer information.
• Information excluded from the CCPA’s scope, like:
  • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
  • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Personal information is collected from the following sources:

• Directly from consumers, for example if you have registered on our website or you have voluntarily provided information about yourself.
• Indirectly from consumers, for example information collected when you access and/or use one of our online services.
• From our third-party service providers that help us provide our products and services.
• From third parties who interact with us in connection with the services we perform, for example from eye-care professionals as part of product orders.

ZEISS collects personal information for the following purposes:

1. For the provision of our products and services
2. To comply with legal obligations or exercise our legal rights
3. For credit checks and payment processing
4. To prevent fraud  
5. For advertising and marketing purposes
6. For web analytics and to improve our website
7. For contests
8. For newsletters and other subscriptions
9. For online applications
10. For contact purposes and in contact forms
11. To safeguard the security of protected areas, such as via ZEISS ID, and for authentication
12. For orders and purchases
13. For vendor and supplier management  
14. To manage warranties and service claims
15. For customer care and support
16. To operate and allow the use of ZEISS digital services, platforms, and apps
17. For research and development activities such as clinical studies
18. For any purpose disclosed when collecting information

In the past 12 months, we have disclosed to third parties for our business purposes, the following categories of personal data relating to California residents covered by this disclosure:

A. Identifiers.
B. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
D. Financial data
F. Internet or other similar network activity.
G. Geolocation data.
H. Sensory data.
I. Professional or employment-related data.
K. Inferences drawn from other personal data.

The categories of third parties to whom we disclosed personal information for our business purposes are:

• Affiliates and subsidiaries of ZEISS
• Vendors, suppliers, and service providers
• Dealers and distributors who serve as ZEISS’ outside sales force
• Banking institutions
• Third parties who deliver our communications and products
• Other third parties (including government agencies) as required by law

ZEISS does not intentionally collect data on young people under 16 years of age. Please contact us if you believe a young person under the age of 16 has submitted personal information to us so that we can delete it.
 

The CCPA provides consumers (California residents) with specific rights regarding their personal information. You have the right to request access to or deletion of your personal information. This applies to data collected, used, disclosed, or sold over the past 12 months, subject to certain exceptions.

To exercise these rights, please submit a verifiable consumer request to us by contacting us at:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Contact by email (please do not send confidential or sensitive information): datap rivacy @zeiss .com

Phone: 1 (800) 328-2984
online form
 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for information twice within a 12 month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
 

We will not discriminate against a California resident that exercises his or her rights under the California Consumer Privacy Act.

If you have any questions or comments about this notice or about ZEISS' privacy policies and practices, please contact us at:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Contact by email (please do not send confidential or sensitive information): datap rivacy @zeiss .com

Phone: 1 (800) 328-2984
online form

This is a country-specific part of the global ZEISS Data Privacy Notice and needs to be read together. It is published by Carl Zeiss AG (Oberkochen, Germany) (referred to as ZEISS/ ZEISS Group). Carl Zeiss Pty Ltd, Carl Zeiss (NZ) Ltd and Carl Zeiss Vision Holdings Australia Ltd, (collectively ZEISS ANZ) are part of Carl Zeiss AG (referred to as ZEISS).

• Your rights under the applicable laws and codes regulating Privacy in Australia and New Zealand;
• Our (ZEISS’) rights and obligations under the applicable laws and codes regulating privacy in Australia and New Zealand;
   

• collects data and purposes for collecting data; 
• uses and discloses your data, including why, when and to whom; 
• protects your personal data; 
• let’s you know of the collection of personal data and the type of personal data collected (including the sources of data); 
• can use your personal data for direct marketing and your rights; 
• maintains your personal data and how we ensure the currency and accuracy of your personal information.
   

• can access and when you can access your personal data; 
• can request ZEISS to correct your personal data we collect and hold; and 
• can lodge a complaint where you believe ZEISS has breached the Privacy laws/ regulations/ codes/ policies in your country (the process and expected outcomes of that complaint).
  
  

This policy, the Privacy Acts and the Privacy Principles (for Australia and New Zealand) do not depend on age other than for a person’s consent. Where a child is up to 15 years of age, ZEISS will require consent from the parent or guardian.

ZEISS must notify persons affected and the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner New Zealand when a data breach is likely to result in serious harm to an individual whose is involved.

If you want to notify us about a data breach involving your own personal information, all complaints are lodged with ZEISS in the first instance.

Should you not be satisfied with how ZEISS handles your complaint, you can make a privacy complaint to the OAIC or Privacy Commissioner as detailed in this policy.
 

ZEISS will ensure that data collected and held is reasonable and required to run its business functions.

ZEISS must not solicit and collect sensitive information about you unless it is authorized under Australian and New Zealand legislation. If ZEISS solicits and collects your personal information, it must ONLY be:

• By lawful and fair means; and provided by yourself unless: you consent to the collection of the information from someone other than yourself; or ZEISS is authorized under Australian or New Zealand legislation to collect the information from someone other than yourself; or it is unreasonable or impracticable to do so.

If ZEISS should receive unsolicited personal information about you, ZEISS shall investigate if the information was collected legally (within 30 days of receiving the information) and may use or disclose the information for the purposes of making the determination. If the information could not have been collected legally, ZEISS shall destroy the information or ensure that the information is de-identified within 30 days (if allowed under the legislation).
 

To gather or obtain personal information from any source and by any means. In practice, all personal information that is held by ZEISS will generally be treated as information that was collected by us. Note: in New Zealand, the term "collect" does not include receipt of unsolicited information. For further information please refer to the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner New Zealand.

"An act or practice of an organisation done or engaged in outside Australia and an External Territory is not to interfere with the privacy of an individual if the act or practice is required by an applicable law of a foreign country".

As a multi-national firm headquartered in Germany, this section is relevant to ZEISS and our ZEISS ANZ employees.

ZEISS shall not use or disclose personal information about an individual for direct marketing where it does not follow:

• the Do Not Call Register Act 2006 (Australia);
• the Do Not Call Register (New Zealand);
• the Spam Act 2003 (Australia);
• Unsolicited Electronic Messages Act 2007 (New Zealand);
• any other Australia or New Zealand legislation, or a Norfolk Island enactment, prescribed by the regulations.