ZEISS Group

Data Protection

Information on how ZEISS online services (websites, apps, social networks) collect and process your personal information

The following "Data Protection Overview" fact sheet provides a concise overview of the collection and processing of your personal data by ZEISS online services (websites, apps, social networks). Full details of this process are available in the complete version of our Data Protection Notice.

Data Protection Overview

What information do we collect?

I. When you open and/or use our online services, the information collected includes:

  • The type of browser you are using
  • The pages you have visited on our website
  • Operating system
  • Your IP address or shortened IP address
  • User behavior (e.g. mouse movements, click behavior, session duration, etc.)

This data is mainly collected and used in an anonymized or pseudonymized form.

II. If you have registered on our website, you have voluntarily provided information about yourself, which includes:

  • First name, last name and title
  • Payment information
  • Contact information (e.g. email, phone)
  • Address and order information
  • Company, group assignment
  • Products and equipment you use
  • Personal interests and preferences

How is information collected by ZEISS online services?

The ZEISS online services use various types of cookies or tracking technologies with different functions. These perform purely technical functions, while also contributing to the optimization of the web pages, to interactions with social media, as well as to the usage-related advertisement both on our side and the partners' side. As a result, we also provide information to our partners for analysis, marketing and social media purposes. You can object to the use of these technologies at any time and in different stages. Click on "Settings" to select your personal cookie settings:

Data is collected by ZEISS online services via automated processes or user entry, e.g. by means of:

  • Cookie tracking pixels
  • Direct user entry
  • Cross-device tracking, mouse tracking and similar methods

Cookies make websites more user-friendly, effective and secure. A cookie is a text file containing information about user activity which is temporarily saved in the user's browser. It can be used to define and save visitor preferences and website settings.

Note: Additional information about cookies and other internet technologies is available in our Data Protection Notice.

Why do ZEISS online services process and use my personal information? When does ZEISS use and process my personal information?

It should be noted that ZEISS only collects personal information on a case-by-case basis and for specific purposes. The following list of reasons is therefore not exhaustive.

 
  1. For the provision of our products & services
  2. To comply with legal obligations
  3. For credit checks when processing payments that use insecure payment methods
  4. To prevent fraud on purchases
  5. For marketing purposes
  6. For web analytics and to improve our website
  7. For contests
  8. For newsletters and other subscriptions
  9. For online applications
  10. For contact purposes and in contact forms
  11. During the use of protected areas, such as ZEISS ID, and for authentication
  12. In the online shop
  13. For requirements
  14. During the use of ZEISS digital services, e.g. platforms, subscribing to/unsubscribing from newsletters, and during the use of apps

We know that it is important to you that your personal information be handled with care. Since data protection is a high priority issue at ZEISS, we make sure that your information is collected, processed and used strictly in accordance with the law. The instances listed above are those in which we require personal information from you.

This information helps us continually improve our websites and provide you with an individualized user experience. The individual items of personal information are used to process your orders, to deliver purchased goods and products to you, to verify your creditworthiness, to process payments, to prevent fraud and to keep you informed about your orders and our products, services and special offers.

To ensure that we can get in touch with you quickly, we request that you provide us with your email address. Your address will only be used for advertising purposes if you have given your explicit permission for this.

Legal basis for processing personal data

We process your data only in compliance with the applicable laws. In particular, we will process your data in accordance with Article 6 and Article 9 of the General Data Protection Regulation (GDPR), as well as in accordance with the conditions for consent in Article 7 GDPR. We will process your data, among other things, upon the following legal bases. Please note that this is not a complete or exhaustive list of the legal bases. These are merely examples intended to render the legal foundations more transparent.

  • Consent (Article 6, paragraph 1, sentence 1, letter a GDPR and Article 7 GDPR or Article 9, paragraph 2, letter a and Article 7 GDPR): we will only process certain data on the basis of your explicit and voluntary consent given in advance. You have the right to revoke your consent at any time with effect in the future.
  • Performance of a contract / pre-contractual measures (Article 6, paragraph 1, sentence 1, letter b GDPR): we need access to certain data to initiate or perform your contract with ZEISS and ZEISS partners.
  • Compliance with a legal obligation (Article 6, paragraph 1, sentence 1, letter c GDPR): ZEISS is subject to a series of legal requirements. In order to meet these requirements, we must process specific data.
  • Protection of legitimate interests (Article 6, paragraph 1, sentence 1, letter f): ZEISS will process specific data to protect its interests or those of third parties. However, this only applies if your interests in the individual case do not override other legitimate interests.

Where is my personal information processed?

Generally, your information is processed on servers located in Germany. If permitted, your information may also be processed in countries other than Germany. User information is processed in part by external companies hired by ZEISS.

When forwarding data within the ZEISS Group (if permitted), transmitting data abroad and processing data with external partners, ZEISS observes the applicable data protection laws and  safeguards these activities as well as possible by the data protection means available, including data processing contracts, EU standard contractual clauses and international conventions. If the local requirements abroad do not meet the level of protection afforded by the EU Charter of Fundamental Rights, then ZEISS will endeavor to keep the risks of personal data processing to a minimum through suitable measures.

What rights do I have?

  • The right to information
  • The right to object, including the right to withdraw your objection
  • The right to have information deleted or released/transferred
  • The right to limit or block the processing of information
  • The right to have information corrected
  • The right of appeal, also through a responsible supervisory authority
  • The right to withdraw your consent
  • The right to not be subject to a decision based solely on automated processing, including profiling

If you have a data protection concern, please contact:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen

Contact via email (no confidential content, please): datap rivacy @zeiss .com
Contact by phone: +49 7364 20-0 (keyword "data protection")
Contact via web form: Go to form

When does my personal information get deleted?

We delete your personal information when the purpose for which it was collected no longer exists; this could include information collected during the execution of a contract which has been terminated. In order to adhere to commercial and tax law and other legal requirements, it may be necessary to store your personal information for longer than the purpose for which it was collected or to initially block the information so that it can be used for later processing. . This may also be necessary for the assertion, exercise and defence of legal claims.

How does ZEISS safeguard my personal information?

When you sign in to specially protected areas, e.g. via ZEISS ID, or into online shops, when you register to participate in contests or when you place an order, your personal information is transferred to us. To ensure that your information does not end up in the wrong hands, it is encrypted using standard, state-of-the-art methods such as SSL encryption (secure sockets layer). This is a proven and secure method of transferring information on the Internet.

ZEISS also employs a wide range of additional technical and operational security measures to protect the personal data of its partners and customers. In conjunction with these security measures, we may occasionally request that you provide proof of your identity before granting you access to your personal information.

Does ZEISS use cookies?

ZEISS uses cookies to ensure that your user experience is as comfortable and convenient as possible. Want to know more about how we use cookies?

Learn more about cookies and other internet technologies

Your ZEISS ID account

Your ZEISS ID account can be used to sign in to a wide range ZEISS products and services. When you sign in, the information you provided voluntarily is used to create a personalized data record. The information helps us provide products and services which are better tailored to you personally.

Withdrawing permission to use your personal information

To withdraw permission for the use of your personal information, click the link below:

Viewwithdrawal form

Falsified emails (spoofing), spam and phishing

Beware of phishing and spoofing activities

Unfortunately, the ZEISS brand is among those which are misused for deceptive purposes. In more specific terms, this means that users sometimes receive falsified emails supposedly sent from ZEISS. These emails are often visually designed to look like ZEISS communications and can in some cases be difficult to tell apart from authentic emails from ZEISS.

In these cases, the persons sending the falsified emails are attempting to exploit the trust between ZEISS and its customers in order to steal sensitive information (e.g. login details, customer information, payment information) or to install malicious software on your computer or smartphone.

These emails are not created or sent by ZEISS, even if our name is used to make it appear so. Unfortunately, this also means that ZEISS has no control over the creation and sending of illegitimate emails.

The following characteristics can help you identify whether the email you received is actually from ZEISS:

  • Confirmation emails and invoices from ZEISS should only be for itemsyou actually ordered.
  • Emails from ZEISS should be free of typographical and grammatical errors, since they are proofread before being sent.

In some areas of our websites, we also provide information about, and links to, third-party websites. We do this only if we are firmly convinced of the seriousness of the respective supplier. However, ZEISS is not responsible for the data protection stipulations or contents of these websites and assumes no liability in this regard. These external links are marked with the following icon:

The right way to deal with spam, phishing and spoofing emails:

  • We recommend that you delete suspicious emails immediately.
  • Never open links or attachments in suspicious emails and never give outyour personal information.
  • We also recommend running a virus scan on your computer.

If an email contains unusual or suspicious information regarding your order or your customer information, sign in to the online shop with which you placed the order. There, you will find a list of all the orders you have actually placed, along with the status and invoice number for each order. To do this, manually enter the address of the particular ZEISS online service in your browser. Manually entering the address allows you to avoid the risk of being sent to fraudulent websites via links contained in the email.

Tip: If you're unsure about an email you've received, use our contact service to get in touch with us or write us a message at contact form.

Country-specific regulations

The following applies to users located in the Russian Federation:

The services mentioned here are not intended for citizens of the Russian Federation whose permanent address is in Russia. If you are a citizen of the Russian Federation and your permanent address is located in Russia, you acknowledge that any and all personal information you provide when using our services is done so at your own risk and that you are solely responsible for this information; you also acknowledge that by using ZEISS services you grant your explicit permission to have your personal information collected and transferred to the United States and other countries for processing, and that ZEISS cannot be held responsible for failure to adhere to any laws of the Russian Federation.


The following applies to users located in the People's Republic of China:

By using ZEISS services you grant your explicit permission for your personal data to be collected, processed and transferred to recipients outside China.


The following applies to users located in the United States:

The content of this website can be restricted for use by persons in specific geographical regions (including the USA). ZEISS makes no claims that the website or its content is accessible, or appropriate, outside of these regions. Access to the website may not be legal for certain persons in certain countries. If you access the website in violation of these provisions of law you do so at your own initiative and are responsible for observance of the applicable laws.

The "Shine the Light" law of the state of California enables residents of California to request certain information about the data collected by ZEISS and sent to third parties for direct marketing purposes.

If you wish to request additional information covered by the "Shine the Light" law, contact us using the information provided above or submit a request to the address provided with the phrase "California Shine the Light Request" so that we can appropriately categorize your request. For this process we require your postal address, permanent address and an email address so that we can send you an answer.

CCPA Privacy Notice Addendum

This Privacy Notice for California Residents supplements the information contained in ZEISS’s Data Protection Notice and applies solely to all visitors, users and others who reside in the State of California. We are introducing this Data Protection Statement to comply with the California Consumer Privacy Act of 2019 ("CCPA") and other California data protection requirements. Any terms defined in the CCPA have the same meaning when used in this notice.

What data is collected?

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or Social Security number.

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, Social Security number, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.

Yes

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disabilities, gender (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

No

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

E. Biometric information.

Genetic, physiological, behavioral, or biological characteristics, such as fingerprints used for pattern recognition or other identifiers or identifying data.

No

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Yes

G. Geolocation data.

Physical location or movements.

Yes

H. Sensory data.

Audio as part of voicemail or call recordings.

Yes

I. Professional or employment-related information.

Current or past job history or performance evaluations.

Yes

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or offices acting on the student's behalf, such as grades, certificates, class lists, student schedules, student identification codes, student financial information, and student disciplinary records.

No

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, predispositions.

Yes

Personal information described above and in this Privacy Notice does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

How is data collected?

Personal information is collected from the following sources:

  • Directly from consumers, for example if you have registered on our website or you have voluntarily provided information about yourself.
  • Indirectly from consumers, for example information collected when you access and/or use one of our online services.
  • From our third-party service providers that help us provide our products and services.
  • From third parties who interact with us in connection with the services we perform, for example from eye-care professionals as part of product orders.

Why is data collected?

ZEISS collects personal information for the following purposes:

  1. For the provision of our products and services
  2. To comply with legal obligations or exercise our legal rights
  3. For credit checks and payment processing
  4. To prevent fraud  
  5. For advertising and marketing purposes
  6. For web analytics and to improve our website
  7. For contests
  8. For newsletters and other subscriptions
  9. For online applications
  10. For contact purposes and in contact forms
  11. To safeguard the security of protected areas, such as via ZEISS ID, and for authentication
  12. For orders and purchases
  13. For vendor and supplier management  
  14. To manage warranties and service claims
  15. For customer care and support
  16. To operate and allow the use of ZEISS digital services, platforms, and apps
  17. For research and development activities such as clinical studies
  18. For any purpose disclosed when collecting information

Disclosure of Personal Information

In the past 12 months, we have disclosed to third parties for our business purposes, the following categories of personal data relating to California residents covered by this disclosure:

A. Identifiers.
B. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
D. Financial data
F. Internet or other similar network activity.
G. Geolocation data.
H. Sensory data.
I. Professional or employment-related data.
K. Inferences drawn from other personal data.

Please see “What Information Is Collected?” for more detail on these categories.

The categories of third parties to whom we disclosed personal information for our business purposes are:

  • Affiliates and subsidiaries of ZEISS
  • Vendors, suppliers, and service providers
  • Dealers and distributors who serve as ZEISS’ outside sales force
  • Banking institutions
  • Third parties who deliver our communications and products
  • Other third parties (including government agencies) as required by law

ZEISS does not intentionally collect data on young people under 16 years of age. Please contact us if you believe a young person under the age of 16 has submitted personal information to us so that we can delete it.
 

Consumer Rights

The CCPA provides consumers (California residents) with specific rights regarding their personal information. You have the right to request access to or deletion of your personal information. This applies to data collected, used, disclosed, or sold over the past 12 months, subject to certain exceptions.

To exercise these rights, please submit a verifiable consumer request to us by contacting us at:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Contact by email (please do not send confidential or sensitive information): datap rivacy @zeiss .com

Phone: 1 (800) 328-2984
online form
 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for information twice within a 12 month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
 

Non-Discrimination

We will not discriminate against a California resident that exercises his or her rights under the California Consumer Privacy Act.

Contact Information

If you have any questions or comments about this notice or about ZEISS' privacy policies and practices, please contact us at:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Contact by email (please do not send confidential or sensitive information): datap rivacy @zeiss .com

Phone: 1 (800) 328-2984
online form
 


The following applies to users located in Australia and New Zealand:

This is a country-specific part of the global ZEISS Data Privacy Notice and needs to be read together. It is published by Carl Zeiss AG (Oberkochen, Germany) (referred to as ZEISS/ ZEISS Group). Carl Zeiss Pty Ltd, Carl Zeiss (NZ) Ltd and Carl Zeiss Vision Holdings Australia Ltd, (collectively ZEISS ANZ) are part of Carl Zeiss AG (referred to as ZEISS).

The scope of this part of the Data Privacy Notice is to define:

  • Your rights under the applicable laws and codes regulating Privacy in Australia and New Zealand;
  • Our (ZEISS’) rights and obligations under the applicable laws and codes regulating privacy in Australia and New Zealand;
     

ZEISS:

  • collects data and purposes for collecting data; 
  • uses and discloses your data, including why, when and to whom; 
  • protects your personal data; 
  • let’s you know of the collection of personal data and the type of personal data collected (including the sources of data); 
  • can use your personal data for direct marketing and your rights; 
  • maintains your personal data and how we ensure the currency and accuracy of your personal information.
     

You:

  • can access and when you can access your personal data; 
  • can request ZEISS to correct your personal data we collect and hold; and 
  • can lodge a complaint where you believe ZEISS has breached the Privacy laws/ regulations/ codes/ policies in your country (the process and expected outcomes of that complaint).

Note:

This policy, the Privacy Acts and the Privacy Principles (for Australia and New Zealand) do not depend on age other than for a person’s consent. Where a child is up to 15 years of age, ZEISS will require consent from the parent or guardian.

ZEISS must notify persons affected and the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner New Zealand when a data breach is likely to result in serious harm to an individual whose is involved.

If you want to notify us about a data breach involving your own personal information, all complaints are lodged with ZEISS in the first instance.

Should you not be satisfied with how ZEISS handles your complaint, you can make a privacy complaint to the OAIC or Privacy Commissioner as detailed in this policy.
 

Collection of Personal Information

ZEISS will ensure that data collected and held is reasonable and required to run its business functions.

ZEISS must not solicit and collect sensitive information about you unless it is authorized under Australian and New Zealand legislation. If ZEISS solicits and collects your personal information, it must ONLY be:

  • By lawful and fair means; and provided by yourself unless: you consent to the collection of the information from someone other than yourself; or ZEISS is authorized under Australian or New Zealand legislation to collect the information from someone other than yourself; or it is unreasonable or impracticable to do so.

If ZEISS should receive unsolicited personal information about you, ZEISS shall investigate if the information was collected legally (within 30 days of receiving the information) and may use or disclose the information for the purposes of making the determination. If the information could not have been collected legally, ZEISS shall destroy the information or ensure that the information is de-identified within 30 days (if allowed under the legislation).
 

What do 'solicit' and 'collect' mean in the context of privacy?

To gather or obtain personal information from any source and by any means. In practice, all personal information that is held by ZEISS will generally be treated as information that was collected by us. Note: in New Zealand, the term "collect" does not include receipt of unsolicited information. For further information please refer to the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner New Zealand.

Section 13 D of the Privacy Act

1988 (Australia) refers to an Overseas Act required by foreign law:

"An act or practice of an organisation done or engaged in outside Australia and an External Territory is not to interfere with the privacy of an individual if the act or practice is required by an applicable law of a foreign country".

As a multi-national firm headquartered in Germany, this section is relevant to ZEISS and our ZEISS ANZ employees.

ZEISS shall not use or disclose personal information about an individual for direct marketing where it does not follow:

  • the Do Not Call Register Act 2006 (Australia);
  • the Do Not Call Register (New Zealand);
  • the Spam Act 2003 (Australia);
  • Unsolicited Electronic Messages Act 2007 (New Zealand);
  • any other Australia or New Zealand legislation, or a Norfolk Island enactment, prescribed by the regulations.

Important information about the safeguarding of your information

Safeguarding your personal information

In today's connected world, unauthorized attempts to access information are a reality which confront private individuals and companies on a daily basis. Safeguarding information against such attempts is a considerable challenge.

Data protection is a high priority issue at ZEISS, and we invest time, energy and money into ensuring that our systems are secure and monitored around the clock. When you use ZEISS websites and platforms, you entrust us with your personal information. Safeguarding this information is important to us. There are also things that you can do to protect your personal information against unauthorized access. Below you will find information about how you can help ensure that your information stays safe.

How can I protect my personal information?

The important principle in this connection is to protect the information on your computer, laptop or mobile devices with passwords and PIN codes that only you know. Also, make sure you sign out of ZEISS websites, platforms and shops after you are finished using them.

Make sure that you only use your passwords for one account. Never use the same password for different service providers or online portals. Check to make sure that the passwords you use on ZEISS websites and platforms are not being used for other websites as well. If they are, we recommend changing all of your ZEISS passwords immediately.

Do not write your passwords down where other people can see them. Once again, make sure that you are the only person who has access to these passwords.

How do I create a secure password?

Passwords should be selected so that they are not easy to guess. This means not using common, everyday words, your own name or the names of family members in your passwords. For added security, it is a good idea to use a combination of upper and lowercase letters, numbers, and special characters.

Is there anything else I should be careful about?

If you use a public computer to access ZEISS websites or platforms, be sure to sign out of your account when you are finished.

If you receive unsolicited emails asking you to provide your password or payment information, ignore these and contact ZEISS immediately (Go tocontact form). We will look into the matter.


Data protection notices

Detailed version

Data processing at ZEISS (e.g. collection, processing, transfer) is performed in accordance with the law. The personal information needed from you for business transactions is stored by us and transferred to service providers contracted by ZEISS to the extent necessary to process the transactions.

Scope of Application

This data protection notice applies to websites, domains, social media platforms and applications belonging to companies in the ZEISS Corporate Group (hereinafter referred to as ZEISS). They do not apply to the websites of ZEISS companies that, for example, have amended data protection and legal notices due to national legislation. Therefore, please note the respective data protection and legal notices of all ZEISS websites you visit or programs you use.

In some cases, ZEISS websites also contain links to websites of third-party, ZEISS-external companies to which this data protection and legal notice does not apply.

General Data Protection Standard

ZEISS is a corporation operating on a global scale which has cross-border legally independent companies, business processes, management structures, and technical systems.

When you visit our websites, data may be collected which may, in some cases, be of a personal nature. In this notice, we point out what personal information ZEISS companies collect during your visit to our websites, and how we handle this data.

We consider the protection of your personal information a very serious matter. Our processing of your personal information collected during your visit to our websites is carried out fully in accordance with the relevant legal stipulations. In addition, our approach to dealing with personal information is based on the EU data protection principles which provide for the greatest possible degree of transparency, observance of the right to choose, access rights and the transmission and lawful processing of personal information.

Every ZEISS company complies with the data protection laws which are applicable in its own particular case. In addition, the handling of personal information is specified in a company directive for all ZEISS companies within the Group. This ZEISS company directive serves to ensure that your data is processed properly and in compliance with the applicable laws at the ZEISS companies which will handle personal information. At the same time, we have instructed our employees to refer to and comply with our data protection rules wherever personal information is requested on any website.

To the extent legally permissible and with due regard for your legitimate interests in excluding the transmission or use of information, we may forward your address and creditworthiness data to, or request this data from, credit agencies in order to run credit checks for orders.

For orders paid for by invoice, and installment purchases, we use address data in addition to other creditworthiness data to estimate the risk of payment defaults in individual cases.

ZEISS and other companies in the ZEISS Group generally provide their customers with the option of using insecure payment methods (e.g. paying by invoice, credit purchases). The following is a non-exhaustive list of companies in the ZEISS Group:

  • Carl Zeiss Industrielle Messtechnik GmbH
  • Carl Zeiss Spectroscopy GmbH
  • Carl Zeiss Meditec Vertriebsgesellschaft mbH
  • Carl Zeiss Vision GmbH
  • Carl Zeiss Microscopy GmbH

Companies which offer their customers the option of using insecure payment methods have a justified interest in protecting themselves against payment defaults. This is usually done by checking the customer's creditworthiness before offering the option of using an insecure payment method. For credit checks, ZEISS is entitled to use negative creditworthiness information about the customer that it has collected itself or which has been transferred to it by another company in the ZEISS Group.

ZEISS is also entitled to transfer negative creditworthiness information about the customer to other companies in the ZEISS Group before these companies grant the customer the option of using an insecure payment method.

Creditworthiness information is information about outstanding payments and information which provides direct indications that the customer is at risk of defaulting on his or her payment (e.g. bankruptcy, debt counseling, deferrals due to inability to pay). Before ZEISS stores the collected negative information about outstanding payments for the purpose of transferring this information to other companies in the ZEISS Group, the customer will receive notice that this information may possibly be transferred. ZEISS is also entitled to transfer information about exceedingly atypical orders (e.g. simultaneous orders for multiple items with the same delivery address placed using different customer accounts) to other companies in the ZEISS Group and to use information about exceedingly atypical orders that it has received from other companies in the ZEISS Group. This is intended to prevent the occurrence of payment defaults and to protect our customers against having their identities used for fraudulent purposes.

Furthermore, ZEISS is permitted to collect and process address and order information for its own marketing purposes. This means, for example, that ZEISS may compare email addresses collected during order processes with Facebook Ireland Limited's email address lists in order to display personalized advertisements to the owner of the address. Facebook Ireland Limited is not permitted, however, to use the email address for any purpose other than comparing it with its address list. Information is sent to third parties for advertising purposes only in cases where it is legally permissible to do so.

Notice

You may object to the use, processing and transfer of your personal information at any time by means of an informal written letter addressed to ZEISS or via email (Go towithdrawal form). Upon receipt of your objection, we will cease to use, process and transfer the information in question for any purpose other than carrying out the orders and tasks you have requested; we will also cease to send you advertising and promotional materials.


Disclosure or objection:
Want to know which of your personal information is processed by ZEISS? Want to object to having your information used? Under Article 15 of the General Data Protection Regulation and § 34 of the German Federal Data Protection Act 2017 you have a legal right to this and we are happy to comply with your request.

Request information

Gathering, Processing and Transfer of Personal Information

ZEISS wants to give you as much control as possible over your personal information. Normally, you can access ZEISS websites without providing any personal information.

However, in certain areas of the ZEISS websites you are requested to enter personal data in order to help us enhance the site for you and keep in contact with you. Any personal information you submit is treated as confidential and is saved and processed exclusively within the scope of the relationship between you and ZEISS. Your personal information will not be forwarded, published or otherwise made available to third parties for marketing purposes without your prior approval.

However, as part of the provision of our services, your information may under certain circumstances be transferred to third parties who we have included in order processing, e.g. business partners or IT service providers. When transferring personal information to these third parties, we restrict ourselves to the information which is necessary for the provision of the service in question and we ensure that this transfer is carried out in compliance with the required data security. ZEISS companies will only transfer your personal information to third parties which have committed themselves to data protection and to the processing of your information in compliance with the applicable laws.

In addition, ZEISS may be forced by court or official orders to disclose your data and associated information. Likewise, we reserve the right to use your information for the assertion of or defense against legal claims.

In the event of a takeover or merger with another company, it may be necessary to disclose or transfer your information to actual or potential buyers. In this case, ZEISS will aspire to the highest possible level of data protection and will comply with the legal stipulations.

Rights of those affected

You are entitled to request information regarding the personal data we process at any time; you may also object to the processing of this information as well as request that the extent to which your personal information is processed be limited, that information be corrected or that information be deleted. Please note that ZEISS may only delete your personal information in the event that no legal stipulations exist which require this information to be stored, or in the event that ZEISS' right to store this information does not take precedence over your right to have it deleted. Please also note that once you have requested to have your information deleted, or to have the processing of your information limited, or you have objected to the processing of your information, you may then no longer use ZEISS services, in part or in full, which require the use of your personal information.

If your personal information is being used by ZEISS because you have agreed to have it used, or because it is required for the fulfilment of a contract you have concluded with ZEISS, you may request a copy of the information that you have made available to ZEISS. Please send your request to the email address provided below. Be sure to include which data or processing activities you are requesting information about, in what format you would like to receive this information, and whether the information should be sent to you or another recipient. ZEISS will carefully review your request and inform you of the best way to fulfil it.

Furthermore, in the following cases you can ask ZEISS to not share your personal information with others:

  1. If you claim that the personal information held by ZEISS is incorrect (however, the processing of information in this case will only be limited during the period of time needed by ZEISS to verify the accuracy of the personal information in question), 
  2. If there is no legal basis for the processing of your personal information by ZEISS and you request that ZEISS cease processing your information, 
  3. If ZEISS no longer needs your personal information, but you claim that ZEISS must store this information so that legal claims can be raised or exercised, or so that the claims of third parties can be defended, or
  4. If you object to the processing of your personal information by ZEISS (on the basis of ZEISS' legitimate interest), for the length of time required to verify if ZEISS' interest in processing your personal information takes precedence or if a legal requirement to store the information exists.

Go to form

 

Personal data of children:
ZEISS does not intentionally collect or process the information of children under the age of 16, or as required by local laws, except on websites intended specifically for children. ZEISS adheres to the applicable data protection laws on these websites.

Compliance with regulations

ZEISS and its products, services and technologies are subject to the export regulations of various countries, including those of the European Union and its member states and those of the United States. You acknowledge that ZEISS is required, per applicable export regulations, trade sanctions, and embargos, to take measures to prevent companies, organizations, and parties named in sanction party lists from acquiring certain products, technologies, and services through ZEISS websites or delivery channels controlled by ZEISS. These measures may include the following:

  1. The automated comparison of user registration information described in this notice and other information related to the user's identity with applicable sanction lists;
  2. Regular and repeated comparisons of this information as sanction lists are updated or as the user updates his or her information;
  3. The blocking of access to the services and systems of ZEISS if a user is potentially found in an applicable sanction list;
  4. Establishing contact with the user in the event his or her information is found in a sanction list, in order to verify his or her identity.

You also acknowledge that information required to carry out activities in accordance with your decision to have your personal information processed and used, or to receive marketing and promotional materials from ZEISS (regardless of the country in which the ZEISS company in question is located, and regardless of whether you have provided your explicit permission or objection to receive marketing and promotional materials) may be stored by companies in the ZEISS Group and exchanged between them to the extent this is required by law.

Legitimate interest of ZEISS

Each of the items listed below presents a case in which ZEISS has a legitimate interest in processing and using your personal information. If you do not agree to having your information processed and used by ZEISS in these ways, you may object to these processing activities.

Go to form

Questionnaires and surveys
ZEISS may invite you to participate in customer surveys. The questionnaires used for these surveys are designed in such a way that the questions can be answered without providing personal information. However, any personal information provided in a questionnaire or survey may be used by ZEISS to improve its products and services.

Generation of anonymized data sets
ZEISS may anonymize the personal information covered by this Data Protection Statement to create anonymized data sets which can be used to improve ZEISS products and services as well as those of its affiliated companies.

Recording of telephone and chat conversations for the purpose of quality improvement
ZEISS may record telephone or chat conversations (after you have been informed of it during the phone conversation and before the recording commences) for the purpose of improving the quality of its service.

To keep you informed about updates and collect feedback
Within the framework of ZEISS' relationship with you as a customer, ZEISS may keep you informed, to the extent permitted by law, about its products and services (e.g. webinars, seminars and events) which are similar to the products and services which you have already purchased from ZEISS or which you use, or products or services which are directly related. Moreover, ZEISS may contact you to collect feedback regarding products, services, seminars, webinars or events which you have purchased or attended for the purpose of improving the product, service, webinar, seminar, or event in question.

Information on data security

ZEISS knows how important it is that the information you provide to us is handled discreetly and is protected. Data security on our websites is a top priority. We have therefore made great efforts to ensure that our online security measures are effective. Essential data traffic on the ZEISS websites is therefore encrypted. ZEISS endeavors to update its encryption technology on a continuous basis in line with technical progress, in order to guarantee the confidential handling of the information you send us over the Internet.

To the extent technically possible, for example to measure the use and effectiveness of a web-page, as well as for authentication and simplification of navigation, we use various technologies including "cookies". A cookie is a data item which a website sends to your browser. It is stored on your system and is used to identify it (see Cookies, Web Tracking and Web Analytics).

During a visit to our websites visitors' IP addresses are captured for the analysis of malfunctions, for website administration, and for the establishment of demographic characteristics. Furthermore, we use the IP addresses and other information, made available to us by you on this website or by other means as required, to find out which of our websites are being visited and what topics interest our visitors.

Country-Specific Regulations

Russian Federation

The following applies to users located in the Russian Federation:

The services mentioned here are not intended for citizens of the Russian Federation whose permanent address is in Russia. If you are a citizen of the Russian Federation and your permanent address is located in Russia, you acknowledge that any and all personal information you provide when using our services is done so at your own risk and that you are solely responsible for this information; you also acknowledge that by using ZEISS services you grant your explicit permission to have your personal information collected and transferred to the United States and other countries for processing, and that ZEISS cannot be held responsible for failure to adhere to any laws of the Russian Federation.

People’s Republic of China

The following applies to users located in the People's Republic of China:

By using ZEISS services you grant your explicit permission for your personal data to be collected, processed and transferred to recipients outside China.

USA

The following applies to users located in the United States:

The content of this website can be restricted for use by persons in specific geographical regions (including the USA). ZEISS makes no claims that the website or its content is accessible, or appropriate, outside of these regions. Access to the website may not be legal for certain persons in certain countries. If you access the website in violation of these provisions of law you do so at your own initiative and are responsible for observance of the applicable laws.

The "Shine the Light" law of the state of California enables residents of California to request certain information about the data collected by ZEISS and sent to third parties for direct marketing purposes.

If you wish to request additional information covered by the "Shine the Light" law, contact us using the information provided above or submit a request to the address provided with the phrase "California Shine the Light Request" so that we can appropriately categorize your request. For this process we require your postal address, permanent address and an email address so that we can send you an answer.

CCPA Privacy Notice Addendum

This Privacy Notice for California Residents supplements the information contained in ZEISS’s Data Protection Notice and applies solely to all visitors, users and others who reside in the State of California. We are introducing this Data Protection Statement to comply with the California Consumer Privacy Act of 2019 ("CCPA") and other California data protection requirements. Any terms defined in the CCPA have the same meaning when used in this notice.

What data is collected?

Category

Examples

Collected

A. Identifiers.

A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or Social Security number.

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

A name, signature, Social Security number, address, telephone number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information.

Yes

C. Protected classification characteristics under California or federal law.

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disabilities, gender (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).

No

D. Commercial information.

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.

Yes

E. Biometric information.

Genetic, physiological, behavioral, or biological characteristics, such as fingerprints used for pattern recognition or other identifiers or identifying data.

No

F. Internet or other similar network activity.

Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.

Yes

G. Geolocation data.

Physical location or movements.

Yes

H. Sensory data.

Audio as part of voicemail or call recordings.

Yes

I. Professional or employment-related information.

Current or past job history or performance evaluations.

Yes

J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).

Education records directly related to a student maintained by an educational institution or offices acting on the student's behalf, such as grades, certificates, class lists, student schedules, student identification codes, student financial information, and student disciplinary records.

No

K. Inferences drawn from other personal information.

Profile reflecting a person's preferences, characteristics, predispositions.

Yes

Personal information described above and in this Privacy Notice does not include:

  • Publicly available information from government records.
  • Deidentified or aggregated consumer information.
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

How is data collected?

Personal information is collected from the following sources:

  • Directly from consumers, for example if you have registered on our website or you have voluntarily provided information about yourself.
  • Indirectly from consumers, for example information collected when you access and/or use one of our online services.
  • From our third-party service providers that help us provide our products and services.
  • From third parties who interact with us in connection with the services we perform, for example from eye-care professionals as part of product orders.

Why is data collected?

ZEISS collects personal information for the following purposes:

  1. For the provision of our products and services
  2. To comply with legal obligations or exercise our legal rights
  3. For credit checks and payment processing
  4. To prevent fraud  
  5. For advertising and marketing purposes
  6. For web analytics and to improve our website
  7. For contests
  8. For newsletters and other subscriptions
  9. For online applications
  10. For contact purposes and in contact forms
  11. To safeguard the security of protected areas, such as via ZEISS ID, and for authentication
  12. For orders and purchases
  13. For vendor and supplier management  
  14. To manage warranties and service claims
  15. For customer care and support
  16. To operate and allow the use of ZEISS digital services, platforms, and apps
  17. For research and development activities such as clinical studies
  18. For any purpose disclosed when collecting information

Disclosure of Personal Information

In the past 12 months, we have disclosed to third parties for our business purposes, the following categories of personal data relating to California residents covered by this disclosure:

A. Identifiers.
B. Personal data categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))
D. Financial data
F. Internet or other similar network activity.
G. Geolocation data.
H. Sensory data.
I. Professional or employment-related data.
K. Inferences drawn from other personal data.

Please see “What Information Is Collected?” for more detail on these categories.

The categories of third parties to whom we disclosed personal information for our business purposes are:

  • Affiliates and subsidiaries of ZEISS
  • Vendors, suppliers, and service providers
  • Dealers and distributors who serve as ZEISS’ outside sales force
  • Banking institutions
  • Third parties who deliver our communications and products
  • Other third parties (including government agencies) as required by law

ZEISS does not intentionally collect data on young people under 16 years of age. Please contact us if you believe a young person under the age of 16 has submitted personal information to us so that we can delete it.
 

Consumer Rights

The CCPA provides consumers (California residents) with specific rights regarding their personal information. You have the right to request access to or deletion of your personal information. This applies to data collected, used, disclosed, or sold over the past 12 months, subject to certain exceptions.

To exercise these rights, please submit a verifiable consumer request to us by contacting us at:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Contact by email (please do not send confidential or sensitive information): datap rivacy @zeiss .com

Phone: 1 (800) 328-2984
online form
 

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for information twice within a 12 month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
 

Non-Discrimination

We will not discriminate against a California resident that exercises his or her rights under the California Consumer Privacy Act.

Contact Information

If you have any questions or comments about this notice or about ZEISS' privacy policies and practices, please contact us at:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Contact by email (please do not send confidential or sensitive information): datap rivacy @zeiss .com

Phone: 1 (800) 328-2984
online form
 

Australia and New Zealand

The following applies to users located in Australia and New Zealand:

This is a country-specific part of the global ZEISS Data Privacy Notice and needs to be read together. It is published by Carl Zeiss AG (Oberkochen, Germany) (referred to as ZEISS/ ZEISS Group). Carl Zeiss Pty Ltd, Carl Zeiss (NZ) Ltd and Carl Zeiss Vision Holdings Australia Ltd, (collectively ZEISS ANZ) are part of Carl Zeiss AG (referred to as ZEISS).

The scope of this part of the Data Privacy Notice is to define:

  • Your rights under the applicable laws and codes regulating Privacy in Australia and New Zealand;
  • Our (ZEISS’) rights and obligations under the applicable laws and codes regulating privacy in Australia and New Zealand;
     

ZEISS:

  • collects data and purposes for collecting data; 
  • uses and discloses your data, including why, when and to whom; 
  • protects your personal data; 
  • let’s you know of the collection of personal data and the type of personal data collected (including the sources of data); 
  • can use your personal data for direct marketing and your rights; 
  • maintains your personal data and how we ensure the currency and accuracy of your personal information.
     

You:

  • can access and when you can access your personal data; 
  • can request ZEISS to correct your personal data we collect and hold; and 
  • can lodge a complaint where you believe ZEISS has breached the Privacy laws/ regulations/ codes/ policies in your country (the process and expected outcomes of that complaint).

Note:

This policy, the Privacy Acts and the Privacy Principles (for Australia and New Zealand) do not depend on age other than for a person’s consent. Where a child is up to 15 years of age, ZEISS will require consent from the parent or guardian.

ZEISS must notify persons affected and the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner New Zealand when a data breach is likely to result in serious harm to an individual whose is involved.

If you want to notify us about a data breach involving your own personal information, all complaints are lodged with ZEISS in the first instance.

Should you not be satisfied with how ZEISS handles your complaint, you can make a privacy complaint to the OAIC or Privacy Commissioner as detailed in this policy.
 

Collection of Personal Information

ZEISS will ensure that data collected and held is reasonable and required to run its business functions.

ZEISS must not solicit and collect sensitive information about you unless it is authorized under Australian and New Zealand legislation. If ZEISS solicits and collects your personal information, it must ONLY be:

  • By lawful and fair means; and provided by yourself unless: you consent to the collection of the information from someone other than yourself; or ZEISS is authorized under Australian or New Zealand legislation to collect the information from someone other than yourself; or it is unreasonable or impracticable to do so.

If ZEISS should receive unsolicited personal information about you, ZEISS shall investigate if the information was collected legally (within 30 days of receiving the information) and may use or disclose the information for the purposes of making the determination. If the information could not have been collected legally, ZEISS shall destroy the information or ensure that the information is de-identified within 30 days (if allowed under the legislation).
 

What do 'solicit' and 'collect' mean in the context of privacy?

To gather or obtain personal information from any source and by any means. In practice, all personal information that is held by ZEISS will generally be treated as information that was collected by us. Note: in New Zealand, the term "collect" does not include receipt of unsolicited information. For further information please refer to the Office of the Australian Information Commissioner (OAIC) or the Office of the Privacy Commissioner New Zealand.

Section 13 D of the Privacy Act

1988 (Australia) refers to an Overseas Act required by foreign law:

"An act or practice of an organisation done or engaged in outside Australia and an External Territory is not to interfere with the privacy of an individual if the act or practice is required by an applicable law of a foreign country".

As a multi-national firm headquartered in Germany, this section is relevant to ZEISS and our ZEISS ANZ employees.

ZEISS shall not use or disclose personal information about an individual for direct marketing where it does not follow:

  • the Do Not Call Register Act 2006 (Australia);
  • the Do Not Call Register (New Zealand);
  • the Spam Act 2003 (Australia);
  • Unsolicited Electronic Messages Act 2007 (New Zealand);
  • any other Australia or New Zealand legislation, or a Norfolk Island enactment, prescribed by the regulations.

Brazil

The following applies to users located in Brazil:

For Brazil, the terms indicated in this Policy will apply in accordance with Law number 13.709/2018, the General Personal Data Protection Act ("LGPD").

1. Officer in Brazil

We have appointed the Data Protection Officer (DPO) in our Brazilian entities, in particular CARL ZEISS VISION BRASIL INDUSTRIA OPTICA LTDA, registered under CNPJ no. 28.826.394/0001-50, as well as CARL ZEISS DO BRASIL LTDA, registered under CNPJ no. 33.131.079/0001-49.

The Officer is responsible for being the bridge between the Owner, ZEISS and Autoridade Nacional de Proteção de Dados [Brazil´s data protection authority] (ANPD).

2.     Data Subject's Rights

In the case of Brazil, all rights provided for in the General Data Protection Act may be exercised, and in any requests, we will analyze each case to verify the possibility of serving you as permitted by applicable law.

3. Personal Data Collected, Purpose of the Processing and Legal Bases

In Brazil, Your Personal Data may be processed, in addition to those already mentioned, for the purposes of (i) accessing ZEISS´s digital services and available applications (APPs) and (ii) conducting satisfaction surveys, ensuring, whenever possible, your anonymization.

In addition to the legal bases listed in this Personal Data Processing Policy, we may process Your Personal Data in Brazil for the regular exercise of rights in judicial, administrative or arbitration proceedings, pursuant to the LGPD.

4. Sharing Personal Data

We may share Personal Data with third parties, contracted to provide a service, to help improve or facilitate the operations of Our services. In the case of Brazil, third parties can be marketing agencies, opticians, cloud service providers, among others.

We may also share Your Personal Data with entities and bodies of the Government to fulfill a legal or regulatory obligation.

In addition, we may share Personal Data necessary to carry out audits carried out by third-party companies, but always respecting the Subject's privacy and confidentiality.

ZEISS only shares Personal Data that is pertinent, proportionate and not excessive in relation to the purpose of sharing.

We may share your Personal Data with companies that control or are controlled by ZEISS, as long as it is necessary to perform Our services or to perform any necessary or legitimate functions of ZEISS.

Contacts

for data protection concerns

If you have a data protection concern, please contact:

The Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen

Contact via e-mail (Please do not send any confidential contents): datap rivacy @zeiss .com

Contact via telephone:
+49 7364 20-0 (keyword "data privacy")

Amendments to this Data Protection Notice

This notice is amended occasionally to ensure that it complies with current legal requirements and covers all of our online services.

Your legal rights to information, rectification, blocking, erasure, and objection are not affected by these changes.

© Carl Zeiss AG – Last modified: December 2020