Privacy Policy | HOYA Vision Care

HOYA VISION CARE PRIVACY POLICY

When you visit the HOYA Vision Care websites including www.hoyavision.com, www.sensitylenses.com, www.seikovision.com, www.pentaxoptical.com, and visionaryalliance.com (“Website”), order HOYA products as a Customer; or use our tools and platforms including but not limited to, ordering platforms, marketing platforms, learning platforms, HOYA Hub, and more (together referred to as the “Services”), this HOYA Data Privacy Policy applies.

This privacy notice applies to personal data collected through this website by HOYA Vision Care Europe / HOYA Holdings N.V., which acts as the primary data controller for such processing. However, for activities not conducted through the website—such as local recruitment processes, employment relationships, vendor engagements, or contractual matters—the relevant HOYA subsidiary, affiliate, or group company with which you interact may act as the data controller for those specific purposes.

Please read this Privacy Policy carefully so that you understand your rights in relation to your personal data, and how we will collect, use and process your personal data. This Privacy Policy supplements any other privacy related notices and policies we may provide to you from time to time, and is not intended to override them.

If you are a user located in California please see the additional terms relevant to you in the Addendum below.

1. Collection of Personal Information

We collect and process different categories of Personal Information depending on your relationship with HOYA Vision Care, including customers, job applicants, website visitors, vendors, and healthcare professionals.

Personal Information You Provide to Us

Contact Details – If you interact with us as a customer, consumer, job applicant, vendor, or website visitor, we may collect your name, email address, phone number, company details, job title, and communication preferences.
Ordering Lenses as a Consumer via Your Eye Care Professional – If you purchase lenses or spectacles with prescription lenses through your optician, we process:

Prescription details to manufacture and deliver your lenses.
Warranty card details, which may include your name (if your optician provides it with consent), to generate a warranty card.
Lens and frame advisory tool data, which may include your name, gender, age, prescription details, satisfaction levels, and lifestyle preferences, to provide product recommendations.
Face image, postural behaviour and blur sensitivity analysis (if you use our advisory tools for frame selection or personalization on the lens design).
We may also use this data in an aggregate form for product development and improvement.

Job Applications & CV Information – If you apply for a job with us, we collect your CV, cover letter, employment history, qualifications, interview notes, and any other information you provide as part of the application process.
Marketing & Communications – If you sign up for newsletters, events, or marketing communications, we collect your name, email, company, and preferences. We may also track email engagement (e.g., whether emails are opened) to improve our communications.
Vendor & Payment Information – If you are a vendor or service provider, we may collect business contact details, contractual information, payment details, and any materials or deliverables provided as part of your services.
Training & Event Participation – If you attend HOYA Vision Care training sessions or events, we collect your name, contact details, professional details, event participation records, and any preferences you provide.
Customer Testimonials – If you submit a testimonial or review, we collect your first name, last name, country, and the content of your testimonial, which we may use for promotional purposes with your consent.
Other Information – If you attend our events, interact with us online, or provide feedback through surveys, we may collect additional details relevant to your interaction.

Personal Information We Collect Automatically

Cookies and Tracking Technologies – We use cookies, pixel tags, and similar technologies to understand how you interact with our website and services. Additionally, our marketing emails may contain tracking pixels that allow us to measure engagement (e.g., whether emails were opened, links clicked) to improve content relevance. You can disable email tracking by adjusting your email client settings. Please check the disclaimer at the end of the email.
Device & Technical Information – We collect details about the device, browser, operating system, and IP address used to access our services.
Usage Information– We track website interactions, including pages visited, time spent on our website, number of clicks, navigation patterns, interactions with forms, downloads, video views, and engagement with marketing materials. This information may be collected through cookies and other tracking technologies to help us improve user experience and optimise our services.

Personal Information We Collect from Third Parties

Marketing & Business Intelligence – We may collect publicly available business contact information to reach out to potential customers and partners.
Third-Party Logins – If you register for events or interact with our services using a third-party login (e.g., LinkedIn, Google), we may receive your name, email, and profile details.
Vendor & Partner Information – If you are a vendor or business partner, we may collect information from public databases or industry sources to manage our relationship.
Healthcare & Optical Professionals – If you are an optician, healthcare provider, or eye care professional working with us, we may receive data from third parties regarding your professional status, training participation, and business interactions.

Providing Personal Information is Optional but May Be Required

Providing certain Personal Information may be required by law, contract, or service functionality. Where applicable, we will inform you of any consequences of not providing the required information.

2. Legal ground

How We Use Your Personal Information (Legal Basis)

Depending on the country in which you are located, we will only process your Personal Information based on a valid legal ground. The table below describes the purposes for which we process your Personal Information and the legal grounds.

Purpose	Description	Legal Ground (where required under applicable law)
Providing Vision Care Services	We process your Personal Information to provide vision care services, including processing orders for lenses, spectacles, and optical products.	The processing is necessary for entering into or performing a contract to which you are a party or a third party beneficiary.
Communicating with You	We use your Personal Information to respond to inquiries, provide customer support, send service updates, and manage business relationships.	We have a legitimate interest in ensuring effective business communication and customer service.
Marketing	We process your Personal Information to send newsletters, event invitations, promotional materials, and other marketing communications related to our vision care services.	We have a legitimate interest in promoting our services, engaging with existing and potential customers, and providing relevant content. In some cases, we rely on consent where required by law.
Vendor & Supplier Management	We process Personal Information related to vendors and suppliers to manage business relationships. This includes contact details, contractual information, payment details, and compliance records.	The processing is necessary for entering into or performing a contract to which you are a party.
Job Applications	If you apply for a job at HOYA, we collect and process your CV, cover letter, and other relevant application materials to assess your suitability for a role.	The processing is necessary for entering into an employment contract to which you would be a party as we are required to assess candidates’ suitability.
Obtaining Professional References for Job Applicants	We may collect and process career history and past engagement information as part of our reference checks to assess whether to engage you for services.	The processing is necessary for entering into an employment contract to which you would be a party as we are required to verify qualifications and experience to ensure we engage qualified individuals.
Prescription Lens Processing & Advisory Tools	We process your prescription details and preferences to manufacture your lenses and provide vision care recommendations through our advisory tools.	We have a legitimate interest in processing prescription details and preferences as the processing is necessary for fulfilling your eye care professional’s order and performing the service. In some cases, consent may be required.
Training & Event Management	We collect and process Personal Information of opticians and healthcare professionals who participate in HOYA-organized training sessions and events.	The processing is necessary for event participation and engagement. In some cases, we rely on consent.
Subscription to Newsletters & Knowledge Articles	We collect your email address and preferences when you subscribe to our newsletters and industry knowledge articles.	Consent.
Cookies and Tracking Technologies	We use cookies and similar technologies to enhance website functionality, track engagement, and analyze website traffic.	Consent.
Security and Fraud Prevention	We process Personal Information to detect and prevent fraudulent, malicious, or unauthorized activity on our website, IT systems, and ordering platforms.	We have a legitimate interest in protecting against fraud, maintaining security, and ensuring the integrity of our services and website.
Data Storage and Infrastructure	We store Personal Information using third-party cloud services to support our operations, including order fulfillment, customer management, and business continuity.	We have a legitimate interest in securely storing Personal Information to ensure service reliability.
Regulatory Compliance	We process Personal Information to comply with legal and regulatory obligations, such as tax laws, industry regulations, and government requests.	The processing is necessary to comply with legal obligations.
Administrative and Legal Matters	We may use Personal Information to address administrative or legal issues, including regulatory inquiries, contract enforcement, and dispute resolution.	We have a legitimate interest in handling legal and administrative matters to protect our business and comply with obligations.
Performance & Service Evaluation for Vendors & Business Partners	We process data related to vendor performance, quality control, and service feedback to ensure high standards.	We have a legitimate interest in evaluating service providers to maintain product and service quality.
Customer Testimonials	If you submit testimonials about our services, we process your name, country, and testimonial content for promotional purposes.	Consent.
Mergers, Acquisitions & Business Transactions	If HOYA undergoes a business transition (e.g., sale, merger, acquisition), we may transfer your data to relevant third parties.	We have a legitimate interest in restructuring or selling our business as needed.
Reporting and Analytics	We may process Personal Information to generate business insights, improve product development, and analyze industry trends in the vision care sector.	We have a legitimate interest in understanding business performance, improving our services, and making informed strategic decisions.
Service Improvement, Testing & Analytics (using de-identified/anonymized data)	We may de-identify or anonymize Personal Information to use it in a form that no longer identifies individuals. This data is used for improving our services and products, conducting statistical analyses, and system testing.	Where required, we rely on our legitimate interests in product and service development, ensuring quality, and gaining business insights. No longer considered Personal Information under applicable privacy laws once properly anonymized.

3. Cookies

We use cookies and other similar technologies to collect information about your browsing activities over time and across different websites following your use of our Services.

We use necessary, preference, statistical and marketing cookies and similar technologies. Cookies allow us to personalise content and ads, to provide social media features and to analyse our traffic. This helps us to improve our Services and the way our Website works.

You can find more information about cookies and how to manage them here. A change of cookie settings will have no effect on the information collected before such change.

4. Sharing of personal data with third parties

We may share your Personal Information with trusted third parties as necessary to operate our business, comply with legal obligations, and provide our services effectively. We ensure that all third parties processing data on our behalf adhere to strict confidentiality and security standards.

Categories of Data Recipients

Affiliates & Subsidiaries – We may share Personal Information with our parent company, subsidiaries, and affiliated entities for internal administrative purposes, compliance, and service delivery. We may act as joint controllers.

Service Providers & Vendors – We engage third-party vendors to provide IT services, cloud storage, payment processing, marketing assistance, recruitment, customer support, and other operational services. These service providers are contractually obligated to protect your Personal Information.

Regulatory, Legal, and Government Authorities – Where required by law, we may disclose Personal Information to regulatory bodies, government agencies, law enforcement, courts, or other public authorities. This includes compliance with legal processes such as subpoenas, court orders, or regulatory investigations.

Professional Advisors & Auditors – We may disclose Personal Information to external legal advisors, auditors, or tax consultants where necessary for compliance, litigation, fraud prevention, or financial reporting.

Corporate Transactions – If we are involved in a merger, acquisition, financing, reorganisation, bankruptcy, or sale of assets, your Personal Information may be shared as part of that transaction in accordance with applicable data protection laws.

Other Authorised Third Parties – In specific situations, we may share data with other parties where you have given consent or where sharing is necessary to fulfil contractual obligations.

5. Transfer of data outside Your Home Country

Within the above mentioned purposes for the processing of data by HOYA, your personal data are transferred to third parties and to employees located in countries around the world.

The level of protection for your personal data in those countries may not be considered to be similar to your country or adequate to your country’s requirements. We have, however, entered into standard contractual clauses (SCCs), or any equivalent contracts, or have otherwise ensured that the data will be held consistent with the laws of your home country. A copy of these SCCs may be obtained by sending a request to DPO@hoya.com.

6. Storage period

All personal data will be stored no longer than required by the GDPR and national regulations, such as financial and tax obligations.

In case you order products from us, we keep your data as long as reasonably necessary in order to comply with our warranty obligations under the applicable period.

In case you have opted in to receive newsletters from us, your personal profile is based on a history of 2 years preceding the newsletter.

If as an end user you have made use of our advisory tools, your data is kept for no longer than 1 year after the advice was provided.

The storage period for customer testimonials is 3 years after the testimonial is provided.

7. Rights

You have the rights afforded to you under applicable laws. This may include the right to access, correct, port, restrict, object, or delete your personal data. Where the processing of your personal data is based on your consent, you are at all times entitled to withdraw this consent. For more information on how these rights are applied in your country, you can click here.

Our Services are not intended for children, and we do not knowingly collect data relating to children. Children must not use our Services, except where their parent or guardian has provided consent, if this option is available in your location.

Please note that a number of these rights only apply in certain circumstances, and all of these rights may be limited by law. For example, where fulfilling your request would adversely affect other individuals or our trade secrets or intellectual property, where there are overriding public interests, or where we are required by law to retain your personal data.

To exercise any of these rights, you can contact us at DPO@hoya.com.

Furthermore, you may always object against the use of your data for direct marketing purposes.

If you think we have infringed data protection laws, please contact our Data Protection Officer at DPO@hoya.com and we will respond to your request as soon as possible. You can file a claim with the relevant data protection supervisory authority.

If you would like more information especially on joint controllership or sharing of information within Hoya Group please contact our Data Protection Officer at DPO@hoya.com.

8. Security

We take data security seriously and implement strict measures to protect Personal Information from unauthorised access, misuse, loss, or alteration. Our security framework includes administrative, technical, and physical safeguards.

Security Measures We Apply

Data Encryption – We use industry-standard encryption protocols to protect data in transit and at rest.
Access Controls & Authentication – We implement multi-factor authentication, role-based access, and user monitoring to restrict access to sensitive data.
Network & System Security – Firewalls, intrusion detection systems, and endpoint protection tools help prevent cyber threats and unauthorised access.
Employee Training & Awareness – We provide regular security awareness training to employees and contractors handling Personal Information.
Incident Response & Breach Management – We have a dedicated incident response plan in place to detect, assess, and mitigate security breaches effectively.

Although we do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the website and associated services or over email; any transmission is at your own risk.

9. Third-party websites

Our Website may contain links to other online platforms, plug-ins, or other applications operated by third parties. We do not control such other sites or applications, and are not responsible for their content, their privacy policies, or their use of your information.

Information you provide on public or semi-public venues, including information you share on third-party social networking platforms, may also be viewable by other users of the website and/or users of those third-party online platforms without limitation as to its use by us or by a third party. Our inclusion of such links does not, by itself, imply any endorsement of the content on such platforms or of their owners or operators except as disclosed on the Website. We expressly disclaim any and all liability for the actions of third parties, including but without limitation to actions relating to the use and/or disclosure of personal data by third parties. Any information submitted by you directly to these third parties is subject to that third party’s privacy policy.

10. Contact

We welcome your questions, comments, and concerns about this Privacy Policy or your personal data by contacting our Data Protection Officer at DPO@hoya.com.

11. Changes to this policy

HOYA reserves the right to change this policy.

Make sure you are always familiar with the latest version of this policy posted here.

12. Addendum for California Residents

This section applies only to residents of California, under the California Consumer Privacy Act (CCPA) and similar laws.

Categories of Personal Information Collected & Disclosed (Past 12 Months)

We may have collected and disclosed the following categories:

Identifiers (e.g. name, contact details, physical traits)
Internet activity (e.g. website interactions)
Prescription and commercial information
Payment and transaction data

These categories may be shared with:

Affiliates and service providers (bound by contract)
Legal and regulatory authorities
Professional advisors (e.g. auditors, lawyers)
Acquirers in a business transition
Others with your consent or instruction

Purposes for Use:

To provide and personalise services
To process orders and payments
To improve service quality and fix issues
To ensure safety and compliance

Your CCPA Rights

You have the right to:

Know what personal information we collect and how it is used/shared
Access specific personal information we hold about you
Delete your personal information (subject to exemptions)
Opt out of the sale or sharing of personal information
Not be discriminated against for exercising these rights

To opt out of sale/sharing, you can:

Email: DPO@hoya.com with subject line “Do Not Sell or Share My Personal Information”
Call toll-free: (844) 735-5773
Adjust your cookie settings via the “Cookie Preferences” link on our website

We aim to fulfil verified requests within 45 days (extensions may apply). You may also appoint an authorised agent to act on your behalf, subject to identity verification.