Data privacy notice

How we treat your data

We are pleased about your visit and your interest in our products and services. The protection of your personal data is important to us. We would therefore like to inform you below about how personal data is processed at Carl Zeiss AG and other companies in the ZEISS Group (hereinafter referred to as ZEISS).

Personal data is data that enables the direct or indirect identification of a person. It does not matter whether the determination can be made on the basis of a single piece of information or several pieces of information. The more information and data can be combined, the more precisely the person can be determined. Personal data includes, for example, the name, address, age or e-mail address, but also indirect data such as an IP address or social security number.

Controller and Data Protection Officer

The responsible party for the processing and protection of your personal data is Carl Zeiss AG.

If you have any questions regarding data protection or questions relating to the processing of your personal data or the exercise of your rights, please contact us by either using the contact form at the bottom of this page or at the following address, telephone number or email address:

Corporate Data Protection Officer
Carl-Zeiss-Strasse 22
73447 Oberkochen
Germany
Phone: +49 7364 20-0 (keyword "data protection")
E-mail: dataprivacy@zeiss.com (Please do not send confidential content by e-mail)

Your rights as a data subject

Of course, you retain control over all personal data that you provide to us when visiting our website or using our services. You have the following rights, which you can exercise free of charge.

1. Right of access

You have the right to obtain information about your personal data stored by us at any time. You have the right to know for what purposes your personal data is processed, how long it is processed (see Storage duration) and to whom it is disclosed, if applicable (see Data categories). Please understand that we must first verify the identity of the requesting person before we can provide information.

2. Right of revocation/objection

If you have given us consent for a certain processing of your data, you have the right to revoke this consent at any time with effect for the future.

If we process your personal data within the framework of a balancing of interests due to our overriding legitimate interest, you have the right to object to this processing at any time with effect for the future.

3. Right to data portability

You have the right to request a transfer of your personal data from us to another entity.

4. Right to rectification, erasure or restriction of processing.

You have the right to have your data rectified and/or supplemented by means of an additional declaration, you also have the right to have your data deleted for the purposes for which they were collected or to limit the processing of your data thereof.

5. Right of complaint

You have the right to complain to a supervisory authority or our data protection officer, insofar as you should have a reason to complain. To claim rights against our company, please contact the contact person listed at the beginning of this data protection notice.

Data categories and recipients of the data

1. What categories of data does ZEISS use?

The categories of personal data that ZEISS processes include, among others

  • Your contact information, e.g. first and last name, address, telephone number(s), email address, etc.
  • Professional information, e.g. the name of your company, the address of your company, your position in your company, etc.
  • Location or preference data, e.g. when using our website in order to be able to display content in the language relevant to you, to be able to provide newsletters with content relevant to you, etc.
  • Product and service data, e.g. which products or services you or your company have purchased from ZEISS, which products or services are assigned to you, etc.

We would like to draw your attention to the fact that, within the framework of the respective contractual relationship, you must provide those personal and company-related data that are required for the establishment, implementation and termination of the contractual relationship or promise of performance and their respective fulfillment, or which we are legally obligated to collect.

2. Recipients of personal data

To the extent necessary, those departments within ZEISS will have access to personal data that require it to fulfill their duties.

In addition, your personal data may be disclosed to other recipients for the purposes described under Purposes of the processing of personal data  and the respective legal basis mentioned. These are carefully selected partners who provide services for ZEISS. These service providers handle your personal data as so-called processors on our behalf and according to our instructions.

3. Transfer to third countries or international organizations

A transfer to countries outside the European Union or the European Economic Area ("third countries") only takes place to the extent necessary for the respective purpose. Before any transfer of personal data to processors or third parties in third countries, we ensure that a transfer mechanism exists in accordance with the EU GDPR:

  • If it's a safe third country, the data transfer is covered by an adequacy decision.
  • If data is transferred to a so-called insecure third country, this data transfer is covered by standard contractual clauses.

Duration of storage

Your personal data will be deleted as soon as it is no longer required for the respective purpose. Insofar as we are legally obligated to do so, we store your data until the end of the legally regulated retention periods. Depending on the legal basis, these are usually 6 to 10 years.

In addition, your data will be stored until the expiry of the statutory limitation periods, usually 3 years, insofar as this is necessary for the assertion, exercise or defense of legal claims. After that, the corresponding data will be routinely deleted if it is no longer required to achieve the necessary purposes.

Automated decision making incl. profiling

Personal data that we collect, for example, on our websites and that help us to understand your interests may be used for personalization purposes in order to provide you with content and information that is relevant to you. Automated decision-making based on this collected data does not take place.

An informal objection to this type of use is possible without giving reasons at any time for the future. Please use the contact form provided at the bottom of this page.

Canada specific regulations

In this section:

  • “personal information” means personal information and personal health information, as defined by Canadian federal, provincial or territorial laws and regulations relating to privacy that are applicable to you;
  • “processed” means collected, used, retained, stored, disclosed, transferred or otherwise handled; and
  • “ZEISS Canada” means Carl Zeiss Canada Limited and Carl Zeiss Vision Canada Inc., or either one of them as the context permits or requires.

This Data Privacy Notice applies to all personal information processed by ZEISS Canada, whether online or by any other means, whether for the purpose of providing you with products or services or on behalf of a healthcare provider, such as your ophthalmologist or optometrist, providing healthcare advice or services to you. If there are any inconsistencies between this country-specific section and this Data Privacy Notice, this country-specific section applies.

Generally, ZEISS Canada identifies to whom, and for what purposes, ZEISS Canada will use and disclose your personal information (and ZEISS Canada obtains your consent to such disclosure) at the time ZEISS Canada collects your personal information.

ZEISS Canada does not disclose your personal information to third parties, except (i) to service providers acting on ZEISS Canada’s behalf or on behalf of healthcare providers providing healthcare advice or services to you and on whose behalf ZEISS Canada is acting, (ii) with your consent, or (iii) as permitted or required by applicable law.

ZEISS Canada will not use or disclose your personal information for marketing or promotional purposes without your express consent.

Individuals residing in Canada are afforded certain rights with respect to their personal information. You may make a written request to review any personal information about you that ZEISS Canada has processed and ZEISS Canada will provide you with any such personal information, to the extent required by applicable laws. You may also challenge the accuracy or completeness of your personal information that ZEISS Canada controls. If you successfully demonstrate that your personal information in ZEISS Canada’s control is inaccurate or incomplete, ZEISS Canada will amend the personal information as required. Where appropriate, ZEISS Canada will transmit the amended information to third parties having access to your personal information. If your request relates to personal information which ZEISS Canada is processing as a service provider on behalf of a third party providing products or services to you, ZEISS Canada will forward your request for access to your information or correction of your information to such third party.

If you withhold or withdraw your consent, or object to ZEISS Canada’s processing of your information, ZEISS Canada, or healthcare providers on whose behalf ZEISS Canada is acting, may not be able to provide you with products or services requested by you.

ZEISS Canada employs physical, technical, and operational security measures with a view to protecting your personal information, whether online or offline.

ZEISS Canada contracts with service providers to process your personal information to the extent necessary for ZEISS Canada or healthcare providers on whose behalf ZEISS Canada is acting to provide you with products or services requested by you. Your personal information may be processed in Germany and in other jurisdictions outside of Canada and it may be accessible to law enforcement and national security authorities of those jurisdictions. In the event that foreign law enforcement or national securities authorities request your personal information, it will only be provided in accordance with applicable law. For more information about ZEISS Canada’s policies and practices regarding personal information that is processed outside of Canada, contact ZEISS using the Contact information provided below.

Wherever reference is made in this Data Privacy Notice to a withdrawal form, contact form, or other form, an English or French version of the form is available on request using the Contact information provided below.

Purposes of the processing of personal data

ZEISS only collects and processes your personal data if you have given your consent or if it is permitted or required by other legal regulations. We generally obtain this data in two ways: either you have provided us with the data or we collect the data when you use our products and services.

The following list shows the various processing purposes for personal data here at ZEISS. Each entry contains a brief description of the respective purpose together with the corresponding legal basis for the processing. By clicking on an entry, you can view a more detailed description for each purpose.

If you have any questions about one or more processing purposes, please feel free to contact us.

  • Personal data that ZEISS receives as part of quotation requests, order processing, configuration, etc. is used to process the respective business transactions. The collected data is processed in our CRM system for this purpose. The legal basis of the data processing is the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR.

  • ZEISS offers various apps for mobile devices (iOS and/or Android) that can collect personal data. This personal data is required for the function of the respective app.

    Apps on mobile devices can gain access to functions of the end device if required and with the consent of the user. Each app that ZEISS offers will ask you for consent to use the required functions. These functions may include, but are not limited to, the following:

    • Calendar
    • Contacts
    • Camera
    • Location
    • Audio (output & microphone)
    • Phone
    • SMS/MMS
    • Memory
    • Possibly other sensors

    The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • ZEISS may record telephone conversations or chat sessions to improve the quality of our services. A recording is only started after you have been asked for and agreed to your consent at the beginning of the phone call or chat.

    The legal basis of the data processing is your consent according to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • Normal application process

    By registering and submitting your application to us in the ZEISS application portal, you provide us with your personal data and consent to the processing of this information as part of the application. You also have the option to separately consent to the inclusion of your data in the applicant pool (see below).

    As a matter of principle, your data will only be used for the purpose of filling the specific position within the ZEISS group of companies. The ZEISS company responsible for the job advertisement or, in the case of a speculative application, the ZEISS company to which you send the application is responsible for the collection and processing within the meaning of the General Data Protection Regulation. For more information on the specific ZEISS company, please contact recruiting.oberkochen@zeiss.com. You can check, update and supplement the information you have provided in the ZEISS application portal at any time.

    Pre-Employment Screening

    Depending on the ZEISS company responsible, additional processes may be implemented that require a check of your person or your details. This serves to protect the business interests of the ZEISS Group. All verification processes strictly adhere to the applicable data privacy principles. In these cases, data processing may additionally be legitimized either by legal requirements (Art. 6 (1)(c) GDPR) or on the basis of the legitimate interests of the ZEISS (Art. 6(1)(f) GDPR).

    Unsolicited application

    If you send an unsolicited application to our applicant management system, your data will be forwarded to the appropriate ZEISS company that matches your skills.

    Applicant pool

    If you have agreed to your application data being passed on, your profile will be circulated if it could also be of interest for filling vacancies at other ZEISS companies. Thus, your data will be made available to ZEISS companies involved in the application process and they can contact you if they are interested.

    Active sourcing

    If what we read about you in your profile is interesting and we have contacted you via career portals or similar, we will first get to know you via the relevant social network. With your consent, we include the data from the social network in our application portal and send you a link with which you can complete your profile via an individual access and agree to your inclusion in our applicant pool. After we have collected your data from the social network, you will move on to the normal application process (see above).

    Recommendation

    If you have an interesting profile, it may be that you have already been recommended by one of our ZEISS employees. In this case, your contact details are first recorded via the ZEISS employee so that our system can send you an automated e-mail with information and a link to the job profile. If you are interested, you can go through the normal application process. If you are not interested and do not respond to the email, we will delete your contact information from our system after a maximum of two months. This gives you enough time to adapt your profile to the job in question or to use the data already collected for other interesting jobs. If you wish, we will also be happy to delete your data before the two-month period expires.

    Type of data

    As part of the application process, we process the data that you provide to us with your application. This data includes in particular:

    • Identification data (first name, last name, etc.)
    • Contact data (e-mail address, telephone number, etc.)
    • Data on education and profession (school/university attended, professional career, etc.)
    • Other relevant data (certificates, your photo, etc.)
    • Data about your personal preferences (likes, interests, etc.)
    • Legal basis and rights of the data subjects

    Your data is collected for the purposes described above (reasonable grounds for employment with ZEISS). The data processing is carried out to fulfill a contract or to carry out pre-contractual measures in accordance with Art. 6(1)(b) GDPR.

    Regularly the personal data may be processed as it is necessary for the decision on the establishment of an employment relationship or in special cases on the basis of the applicants' consent.

    If the processing of your data is based on consent given by you, you can revoke your consent at your discretion at any time with effect for the future in the ZEISS application portal or by email to recruiting.oberkochen@zeiss.com. The legality of the data processing carried out until the revocation is not affected by the revocation.

    Recipients of the data and place of data processing

    The ZEISS Group ensures that third parties acting on behalf of ZEISS and authorized to access this data comply with the rights and obligations set out in this Data Privacy Notice. ZEISS and its service providers generally process the data on servers located in the European Union. In exceptional cases, the data may also be processed in countries outside Europe, to the extent permitted by law. 

    When transferring data within the ZEISS Group, when transferring data abroad and when processing data by external partners, ZEISS complies with the applicable data protection laws and secures these activities as far as possible by the means available under data protection law, including data processing contracts, EU standard contractual clauses and international conventions. If the local requirements abroad do not correspond to the level of protection of the EU Charter of Fundamental Rights, ZEISS will endeavor to keep the risks of processing personal data as low as possible by taking appropriate measures.

    Deletion of data

    In principle, we are required by law to archive your data relevant to the application process for six months. In the event that we are unable to offer you a position but you have agreed to be included in the applicant pool, we will delete your data no later than two years after your application has been rejected. After six months, you can also have your data deleted at any time in the ZEISS Applicant Portal or by sending an email to recruiting.oberkochen@zeiss.com. If you have not consented to the storage of your data, it will be deleted as soon as we have filled the position or within the six-month period.

    If you have consented to the storage of your data, we will include this data in the personnel administration processes that we carry out within the framework of the statutory provisions.

    Data security

    ZEISS has globally applicable corporate guidelines to ensure the security and confidentiality of data; in addition, the data protection regulations of the countries in which a ZEISS company has its registered office apply. In addition, any service provider who processes your personal data on behalf of ZEISS undertakes to ensure confidentiality and to apply the same strict security measures as ZEISS.

    The technical support of our applicant management system is provided by an IT provider in Germany, which we have selected in accordance with the legally prescribed parameters and for which the data protection requirements also apply.

    Job Alert

    If you set up a Job Alert, we only store the information necessary for this (e-mail address and selection criteria). You can terminate your participation in Job Alert at any time. In this case, we will delete your data immediately.

    Contact

    Please send any questions about the application process to recruiting.oberkochen@zeiss.com.

  • ZEISS offers various forums on specific specialist topics. These specialist forums offer users the opportunity to exchange thoughts, experiences and helpful tips with other users. To participate, each user must have a ZEISS ID. In this process, the user name, e-mail address and usage data are processed.

    The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • In order to conduct sweepstakes, ZEISS collects personal data of the participants to determine the winner. This normally includes the salutation, full name, address, e-mail address and telephone number if contact by telephone is required.

    This data is used to notify the winners by e-mail, post or telephone. The address data will be used to send the prize, except in the case of personal delivery.

    The data will be collected and processed exclusively by the company of the ZEISS Group that is organizing the sweepstake. The data will not be transferred to other external companies unless the sweepstake is organized by an external company.

    The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • Google Analytics is a web analytics service provided by Google, Inc. This service allows us as a website operator to track and analyze the interactions of visitors with our website. Google Analytics allows us to obtain information about the origin of visitors, the actions performed on the website and the conversion rate of visitors. This information can be used to improve website performance and optimize the user experience for visitors.

    Google Analytics collects the following data:

    • Age
    • App Store
    • App version
    • Browser
    • City
    • Continent
    • Country
    • Brand of the device
    • Category of the device (smartphone, tablet, etc.)
    • Model of the device
    • Gender
    • Interests
    • Language
    • New or already known user
    • Operating system
    • Operating system version
    • Platform
    • Region
    • Subcontinent

    The legal basis of the data processing is your consent according to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • Carl Zeiss AG processes the personal data provided by the whistleblower for the purpose of receiving and processing compliance notices regarding violations of applicable laws and internal rules, as well as investigating and sanctioning such violations.

    The data provided by the whistleblower includes, among other things, data categories such as communication data (e.g. name, telephone, e-mail, address), employee data of ZEISS employees and, if applicable, names and other personal data relating to persons included in the notice.

    The processing of data when receiving and investigating compliance notices, as well as the determination of appropriate measures, is based on Art. 6(1)(f) GDPR. This is based in particular on the legitimate interest of ZEISS as a company for the prosecution of criminal offenses, the assertion of claims under civil law, the implementation or termination of an employment relationship or the detection of criminal offenses in the employment relationship, as well as the prevention of violations of regulatory offences along the applicable laws.

    Data processing in the central administration and forwarding of cross-Group matters by Corporate Compliance is generally carried out in accordance with the legitimate interest of the company to obtain a Group-wide overview of compliance notices and thereby existing risks within the scope of the governance function, as well as for the assertion and defense of rights pursuant to Art. 6(1)(f) GDPR.

    If there is a legal obligation to provide a whistleblowing system or complaints mechanism, the legal basis may result from Art. 6(1)(c) GDPR.

    Insofar as the complaint mechanism requires the consent of the data subjects to the data processing, the processing is carried out in accordance with Art. 6(1)(a) GDPR. Consent given for the processing of personal data can be revoked at any time with effect for the future.

    In accordance with our legitimate interest pursuant to Art. 6(1)(f) GDPR, we anonymize personal data under certain circumstances so that no information and identifiers relating to specific individuals are included.

    Retention obligations and deletion periods

    As a matter of principle, we store personal data only for as long as is necessary to clarify the facts to which the compliance notice relates or as required by law. The specific retention obligations and deletion periods for personal data processed in the course of processing and clarifying compliance notices depend on the investigation result of the specific facts, as well as on the type of violation and legal consequences.

    Disclosure and transmission of personal data

    When processing compliance notices in accordance with the internally defined procedure and, if applicable, legally prescribed procedures, it may be necessary to involve other internal functions in the course of clarifying the facts and determining measures. Only to the extent that it is absolutely necessary for the processing of the compliance notice or required for the fulfillment of legal obligations will personal data be passed on to the following bodies in this context:

    • Management and/or local compliance officer of the ZEISS company concerned;
    • Internally responsible office in the event of (specialist) specific information (e.g. Group Data Protection, Group Security, Legal Department, Purchasing Department, Human Rights Officer, Internal Audit);
    • Responsible HR department and managers of the employees concerned;
    • If necessary, external law firms and other partners to assist in clarifying compliance indications;
    • Other responsible parties, such as government investigative authorities like public prosecutors.

    If you, as a whistleblower, have provided your identity as part of the compliance report, we are generally obligated under the GDPR to inform any accused persons of your identity as the source of personal data no later than one month after receipt of your report (Art. 14(3)(a) GDPR). If there is a substantial risk that such notification would jeopardize the effective investigation of the allegation or otherwise interests worthy of protection (e.g., protection of the whistleblower), the notification may be postponed as long as this risk exists (Art. 14(5)(b) GDPR).

    Personal data will only be transferred to a recipient (e.g. a ZEISS company or authority) in a third country (based outside the EU or EEA) if this is necessary for processing the compliance notice. The relevant requirements of Art. 44 et seq. GDPR are taken into account accordingly.

    ZEISS Integrity Line" whistleblower system

    The "ZEISS Integrity Line" enables whistleblowers to anonymously report compliance notices and communicate via an encrypted connection.

    Carl Zeiss AG has commissioned EQS Group AG, Karlstraße 47, 80333 Munich, Germany ("EQS") with the technical provision of the "ZEISS Integrity Line" platform. The service provider was carefully selected. He is responsible for regular monitoring in the careful handling and securing of data. For the technical implementation, we transfer personal data to EQS. For this purpose, we have concluded an order data processing agreement with EQS. Processing by EQS takes place exclusively in ISO 27001 certified high-security data centers in Germany and Switzerland.

    When using the platform for reporting compliance notices and when communicating via the platform, the personal data provided by the whistleblower in the notice is processed on a specially secured database by EQS and encrypted according to the current state of the art. The IP address and the current location are not processed at any time.

    Only ZEISS Corporate Compliance, i.e. Chief Compliance Officer, Head of Corporate Compliance and Corporate Compliance Officer, as well as specially authorized administrators of EQS are permitted to view the data on the "ZEISS Integrity Line".

  • The ZEISS learning platforms support you in your continuing education. The purpose of the ZEISS learning platforms is to provide you with learning content, organize learning processes, support learning scenarios and track learning progress during the processing of learning content. Communication between teachers and learners is also enabled for this purpose.. The ZEISS learning platforms send e-mails and calendar entries with relevant information for the participants as part of the organization of learning processes.

    The legal basis for data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • ZEISS wants to make it easy for you to contact us. We therefore offer contact forms for inquiries on all our websites.

    If you contact us via a contact form, we therefore collect your name and e-mail address so that we can respond to your inquiry quickly and individually. Based on the reason why you want to contact ZEISS and the respective contact form we may collect additional data like your telephone number, place of residence, country,  or other data.

    If you wish to contact us by telephone, please also provide us with your telephone number. Depending on the purpose of the contact form, your address, company name and job title may also be requested.

    All the collected data will only be used to answer your inquiry, it will not be used for any other purpose.

    The legal basis for data processing is your consent in accordance with Art. 6(1)(a) GDPR or the fulfillment of a contract or the implementation of pre-contractual measures in accordance with Art. 6(1)(b) GDPR. You have the right to withdraw your consent at any time with effect for the future.

  • ZEISS would like to send you information about our products and services that may be of interest to you. For this we gather and process your data in different ways.

    Data you provide to us

    We use your personal data collected as part of a newsletter registration, in particular the areas of interest indicated, to provide you with product and service information tailored to you personally. By providing your name, you enable us to address you personally and to easily manage your data. If you provide your address data, e.g. your postal code, we can also provide you with regionally tailored offers.

    The legal basis of the data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future. You will find unsubscribe instructions in the footer of each newsletter.

    Data we get by purchasing or using our products or services

    The data we receive in the course of purchasing one of our products or services as well as in the use of them will be used for direct marketing measures to draw attention to news and updates about purchased or related products or services. The legal basis for data processing is the safeguarding of the legitimate interests of ZEISS in accordance with Art. 6(1)(f) GDPR. Our overriding legitimate interest follows from our interest in being able to send you news and improvements to the products or services you have purchased or related products or services.

    You can object to the processing of your personal data for advertising purposes by ZEISS at any time with effect for the future. The objection can be made easily via the request form provided at the bottom of this page or by using the unsubscribe link in the footer of each newsletter.

    Stitching

    Stitching means combining and linking data from different ZEISS sources to create a more comprehensive profile of our users. By combining information from various interactions, both online and offline, we aim to improve your experience, tailor our products and services to your preferences and provide you with personalized recommendations.

    How we use Stitching: We use Stitching to better understand your interests and needs so that we can improve our products and services and provide you with a more personalized experience. By analyzing data from multiple touchpoints, we can provide you with relevant content, promotions, and recommendations that are tailored to your preferences.

    Types of Data Affected: Data subject to stitching includes, but is not limited to, your demographic information, purchase history, browsing behavior on our websites, interaction with our apps, and survey feedback. We ensure that all data processed through Stitching is handled in accordance with applicable data protection laws.

    Third Party Involvement: We work with trusted partners to enhance our data profiles through Stitching. These partners are carefully selected and bound by strict confidentiality agreements. Rest assured that we maintain control over the combined data and ensure that it is only used for the purposes outlined in this privacy notice.

    The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR. We respect your rights with respect to your personal information. If you prefer not to participate in the stitching process or related profiling activities, you obviously have the right to opt out. You can exercise this option by contacting us here.

    Analysis

    Furthermore, we are always striving to improve our offer. For this purpose, evaluations are made of the newsletters sent, e.g. whether a communicated e-mail address can be reached, which newsletters are opened, which links are clicked on within the newsletter, etc. The data is collected and processed exclusively by ZEISS. The data will not be transmitted to other external companies.

  • "My vision profile" and the "ZEISS Online Vision Check" are online services for determining personal vision habits and identifying individual needs based on visual acuity, contrast and color vision as well as astigmatism and field of view for individual lens solutions from ZEISS. The data collected in this process is used exclusively for the analyses required in each case. The results of "My Vision Profile" can be subsequently accessed via a code provided with the result; on request, this code can also be provided by email.

    Various data are collected for the determination of the vision profile or the vision check: Age, limitation of vision, previously used visual aid, vision problems, occupational and daily activities, duration of use of mobile devices, etc.

    If you would like to receive the results by email, your email address will also be collected for sending the QR code with the analysis results. The email address will not be stored further.

    The legal basis for the data processing is your consent according to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • For some ZEISS products ZEISS provides a warranty of two years from the date of purchase. For some of these products this warranty period can be extended to three years if the product is registered via ZEISS online registration within four weeks of the date of purchase.
    The legal basis for this data processing is the fulfillment of a contract or the performance of pre-contractual measures pursuant to Art. 6(1)(b) GDPR.

  • For some of our services, we offer single sign-on procedures. This procedure allows you to log in to some of our services with the help of a user account of a provider of single sign-on procedures (e.g. Facebook or Apple ID). The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR, the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR or to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR. You have the right to revoke your consent at any time with effect for the future.

    Our overriding legitimate interest follows from our obligation to ensure the security of the services offered. For this purpose, certain personal data is processed by ZEISS and transmitted to us in the course of the single sign-on procedure.

  • ZEISS also offers you extensive contact and information options via our presence in social media. These social media services may independently collect personal data, e.g. via your created profile. In the process, data is also processed outside the European Union. The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.

     

    Social media platforms

    We offer you extensive contact and information options via our presence on social media on the basis of Art. 6(1)(f) GDPR. These social media services may independently collect personal data, e.g. via your created profile.

    On some ZEISS websites you will find buttons to social plugins of other online services. These buttons do not yet establish contact with the provider's server. Only by clicking on these buttons do you give your consent to communication with the provider of the respective platform and a connection is activated.

    If you are already logged in to a social network of your choice, this takes place without another window. Since this transmission is direct, we do not obtain knowledge of the transmitted data. What is transmitted is the fact that you have called up the corresponding page. If you are logged into Facebook & Co. at the same time, this information is assigned to your social media account and is thus associated with your person.

    For more information about the further use and storage of your personal data by Facebook and Twitter, please contact these social media companies directly.

    It is also possible to block social plugins with add-ons through your browser.

     

    Facebook for Business - Automatic advanced matching

    This functionality is only active if you have consented in our Cookie Consent banner to use Facebook's tracking pixel. If you give this consent, automatic advanced matching will be used on some ZEISS websites. This function transmits your email address and/or phone number when you enter it in a form on a ZEISS website and submit the form. The data is encrypted before transmission and is used by Facebook to better assign people to specific target groups. Afterwards, the transmitted data is deleted by Facebook.

     

    Facebook Fanpages

    According to a ruling by the European Court of Justice in 2018, running a Facebook Fanpage is a shared responsibility between Facebook and the company operating the page. Facebook collects and processes personal data to provide insights about how people interact with the page, but this information is only given to ZEISS in an anonymous form, so we can't see individual users' information. ZEISS uses these insights to understand how people interact with their content and improve it. The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.

  • Customer satisfaction surveys

    ZEISS has a legitimate interest in improving its own products and services. We may therefore invite you to participate in customer surveys. The questionnaires used for this purpose are generally designed to be anonymous, so that you do not have to provide any personal data. If you nevertheless provide personal data in a questionnaire or survey, ZEISS may use this personal data to improve its own products and services.

    The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR or to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.. You have the right to revoke any consent given at any time with effect for the future.

    Our overriding legitimate interest is to improve the products and services we offer.

     

    Surveys for user research

    We use information from user research surveys to test prototypes or concepts and ideas on our website and to improve our services based on feedback we receive from website visitors or users recruited through agencies. The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR. You have the right to revoke your consent at any time with effect for the future.

    What information do we collect?

    • Name
    • E-mail address
    • Behavioral data (user interactions with the prototype, likes, dislikes, preferences)
    • Location (country)
    • Demographic data: Age, age range, gender (not always required)
    • Job title

    If videos and images are recorded as part of user research, this will only happen if you have given us your consent. You can unsubscribe at any time and without giving any reason by sending an e-mail to research.panel@zeiss.com. We store this information in our databases because it is possible that not all members of the project team will participate in the interview (if applicable).

    The service provider maze.com is used to conduct the user research surveys. A data protection agreement has been concluded with the service provider. Your personal data will not be shared with any other service provider.

    We store personal data collected as part of user research for a period of 2 years. Anonymized data (i.e. data that cannot identify you) may be stored for longer.

  • If you participate in one of our events, the processing of your personal data may become necessary for your participation for processing and billing reasons.

    The legal basis for data processing is the performance of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR or, if there is no contractual relationship between you and ZEISS, the protection of the overriding legitimate interests pursuant to Art. 6(1)(f) GDPR. Our overriding legitimate interest is the effective implementation of our events (offline or online).

    We use the following platforms and applications to conduct virtual meetings or webinars:

    As a rule, only your e-mail address, first and last name, and IP address are processed for the event. For paid events, data may also be processed for billing purposes.

    An encrypted connection is established between you and the service provider of the webinar. We do not record the audio or visual information transmitted during this session. By clicking "Join", you confirm that you will not record or screen capture this session either.
    You can end the session at any time by simply closing the browser window or exiting the program or app. If your contact ends the session, your session participation will automatically end as well.

    During and after the webinar, statistical data is transmitted to us. If you participate in a webinar, ask or answer a question during the webinar, in addition to your registration data, we receive information about the duration of participation, interest in the webinar, the question asked, or answer for further support or expansion of the user experience.

    We would also like to point out that the providers collect their own data as part of the provision, which we cannot influence. Detailed information on this can be found on the websites of the providers.

  • ZEISS monitors security-relevant areas inside and outside buildings and premises by means of video recording. Video surveillance of public areas does not take place as a matter of principle. As soon as you are in the detection range of the cameras, you are the subject of this data processing. The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.

    ZEISS has an overriding legitimate interest in the use of video surveillance. This helps to ensure largely full building and personal security. Video surveillance pursues the following purposes:

    • Exercise of domiciliary rights
    • Detection of illegal access attempts
    • (Necessary) monitoring of alarmed doors
    • Detection of blocked emergency exits
    • Clarification and prosecution of unauthorized access
    • Prevention, containment and clarification of criminally relevant behavior, e.g. vandalism

    Video surveillance enables the prompt initiation of measures to eliminate grievances arising from the above-mentioned points. It thus serves not only to protect the building, but also your personal safety and the safety of ZEISS employees.

    Video data is only evaluated on an ad hoc basis. In the event of a violation of the house rules, the commission of a crime, or certain legal requirements, the recordings may be handed over to security authorities.

    As a rule, the data is recorded or stored for 7 days. Depending on the location, the data may be recorded for a different period (for a maximum of  one month). Normally, a notice is posted at each location where video surveillance is conducted to inform data subjects of their rights.

    In the case of a specific reason, these image sequences are required for the duration of the investigation.

  • As a rule, you can use the ZEISS websites without providing us with any personal information. Exceptions are so-called technically necessary cookies, which are required to provide certain functionalities such as secure login or cookie management. For some functionalities offered on the websites, we will request personal information from you in order to be able to process the respective service quickly and in a user-friendly manner or to be able to offer the service at all. See also "Use of cookies and similar technologies".

    Some data is already collected automatically and for technical reasons when you visit our website. You can find detailed information on this under "Access data on websites and webshops".

    The legal basis for this data processing is your consent pursuant to Art. 6(1)(a) GDPR or to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR. You have the right to revoke your consent at any time with effect for the future.

  • In our webshops you can order different products. For the processing of the order process, various personal data are processed.

    To process an order, we process your contact data, i.e. title, surname, first name, telephone number and the delivery and billing address. We use your e-mail address to send you an order confirmation and other important information about your order and to verify your identity when creating a customer account. Furthermore, we collect your payment data during the ordering process. If necessary for the fulfillment of an order, we use postal, forwarding and shipping companies. In the event of a delay in payment, we transmit - if the other legal requirements are met - the data necessary for the enforcement of our claim to a collection service provider. The processing of credit card payments and PayPal is also carried out by an external service provider.

    The legal basis for this data processing is the fulfillment of a contract or the implementation of pre-contractual measures pursuant to Art. 6(1)(b) GDPR. Deviating from this, data processing for the above-described credit check and, if necessary, the involvement of a debt collection service provider is carried out on the basis of Art. 6(1)(f) GDPR. Our overriding legitimate interest is to avoid payment defaults.

    Some data accrue automatically and for technical reasons already when you visit our webshops. You can find detailed information on this under "Access data to websites and webshops".

  • For the processing of contractual relationships, we offer our customers secure payment options and use other payment service providers in addition to banks for this purpose. The legal basis of the data processing is the fulfillment of a contract or the implementation of pre-contractual measures according to Art. 6(1)(b) GDPR.

      Personal data is processed by the payment service providers (such as name, address, bank data, such as account numbers or credit card numbers). This processing is necessary to carry out the transactions. However, the data entered in this process is only processed by the payment service providers and stored by them. ZEISS only receives information with confirmation or negative information of the payment.

        Further transmissions may be made by the payment service providers for the purpose of checking identity and creditworthiness. In this regard, we refer to the terms and conditions and data protection information of the payment service providers. The terms and conditions and data protection notices of the respective payment service providers apply, which can be accessed within the respective websites or transaction applications.

        • Mastercard
          Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium
          Privacy policy
        • Visa
          Visa Europe Services Inc, London Branch, 1 Sheldon Square, London W2 6TT, GB;
          Privacy policy
        • PayPal
          PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg
          Privacy policy
        • Paymetric Inc.
          300 Colonial Center Pkwy #130, Roswell, GA 30076, United States
          Privacy policy
        • Computop
          Computop Paygate GmbH, Schwarzbergstraße 4, D-96050 Bamberg, Germany
          Privacy policy
      • ZEISS ID is the identity and access management system for all ZEISS applications that can be used by customers, partners, suppliers and employees. In this way, digital services from ZEISS can be used via a single access point. The integrated "single sign-on" function makes it possible to switch between different services without having to log in again - and this is also possible within the ZEISS companies through automatic registration.

        For registration, the user must provide his surname, first name, e-mail address and, if required for the service used, his title, customer number, telephone number, delivery and billing address. We use the data provided for the purpose of user administration. Insofar as this user data is required for the implementation of further applications, e.g. for the processing of orders in the web store, the data required for the corresponding application will be transmitted to them.

        Within the ZEISS ID account profile, you can view and change your personal data or the status of your marketing consent, optional data can be deleted. A ZEISS ID can also be deleted as such. In this case, your data will be deleted and you will lose access to the ZEISS ID applications. Your ZEISS ID account and your data will be automatically deleted if your account is inactive for 2 years.

        The legal basis for the data processing is your consent pursuant to Art. 6(1)(a) GDPR.

      • As a website or webshop operator, ZEISS collects data about access to our websites and webshops and stores this data as so-called "server log files". The following information is collected automatically and stored for 7 days:

        • The website or page of the webshop visited
        • Date and time of access
        • The website from which the access was made (so-called referrer URL)
        • Browser used
        • Operating system used
        • The IP address of the requesting end device

        The aforementioned data is processed by us for the following purposes:

        Monitoring and evaluation of system security and stability.

        • Ensuring a smooth connection of the website
        • Ensuring a comfortable use of our website

        The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR. Our overriding legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about individual persons.

      • The Virtual Try-on Service of Carl Zeiss Vision GmbH gives you recommendations for eyeglass frames based on a previously created virtual avatar of you. The biometric data collected will only be processed by ZEISS as part of the Virtual Try-on Service.

        The legal basis of the data processing is your consent according to Art. 6(1)(a) GDPR.

      • Legal basis and purpose

        We will use this information to test prototypes or concepts and ideas from our website and improve our services based on the feedback we received from website visitors or users recruited via agencies. The legal basis for this data processing is to safeguard the legitimate interests of ZEISS pursuant to Art. 6(1)(f) GDPR.

        What information do we collect?

        • Name
        • Email Address
        • Behavioral data (user interactions with the prototype, likes, dislikes, preferences)
        • Location (country)
        • Demographic data: age, range, gender (not always required)
        • Job title

        Do you record videos and images?

        Yes, provided you have given us your consent. You can opt out at any time and without giving reasons by sending an email to research.panel@zeiss.com

        We store this information in our databases as it is possible that not all project team members will participate in the interview (if applicable). Recordings and notes allow us to share content and access it reliably and accurately later.

        Do you share my personal data with third parties?

        We may involve external agencies to conduct the surveys on our behalf. Additionnally, we share your personal data with the tools used for conducting the surveys. In either case, we have signed the corresponding data protection agreement and carried out an appropriate privacy vendor assessment.

        For how long you will store my personal data?

        We will store your personal data for a period of 2 years. Aggregate data and/or anonymized data (meaning data that cannot identify you) will be stored for a longer period.

        International transfer of data

        Your data could be stored outside of the EEA and in the context of digital services supported by the cloud (e.g. e-mail, surveys tool). This means that your data may be stored or accessed in countries outside the EEA under non-EU law, where its use may not be subject to the same strict legal protection requirements. However, our third-party service providers do not have any right to use the information we share with them beyond what is necessary to assist us.

        To give you the most privacy guarantees and data protection assurance – we carefully reviewed and vetted our third parties. To ensure compliance with data protection requirements on international transfers, the Standard Contractual Clauses (SCC) as adopted by the European Commission are signed with these providers.

        All information is confidential

        Maintaining your confidentiality: All information you provide to ZEISS during the interview will be treated confidentially. ZEISS undertakes not to disclose any information whatsoever unless required by law or necessary to protect the rights of a person.

        Maintaining ZEISS' confidentiality: All information that ZEISS communicates to you during the interview is confidential. Any feedback you provide to ZEISS regarding ZEISS products and/or services is confidential and you agree that ZEISS is the owner of such feedback. This has no effect whatsoever on any ownership rights you may hold to any other content you provide to us during the conversation.

        Ownership of the media

        ZEISS is the owner of the media, and you grant ZEISS express permission to use recordings as well as images of you for media or for derivative activities in connection with our project (publication may be internally).

      Contact form

      Form is loading...

      If you want to have more information on data processing at ZEISS please refer to our data privacy notice.

      • 1

        Last updated: April 26th, 2024