For opticians

Privacy Policy

Notes on data processing

This privacy policy informs you about the processing of your personal data by Leica Eyecare GmbH and provides an overview of the rights to which you are entitled under data protection regulations (in particular the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

1. Responsible person

The person responsible for data processing within the meaning of the GDPR is:

Leica Eyecare GmbH Auf dem langen Furt 27, 35452 Heuchelheim Phone: 06441 565 40 41-00 Email: eyecare@leica-eyecare.com

Management: Jörg Bauer

You can contact our data protection officer at the above postal address or at the following email address: eyecare@leica-camera.com

2. Automated data processing

When you access our website, your device automatically transmits data for technical reasons that are required to establish the connection and to retrieve the requested and integrated content (e.g. texts, images, videos and product information as well as files made available for download). These are

• the IP address or device ID assigned to the respective end device,

• Type of device,

• Browser type/version,

• operating system used,

• page accessed,

• the previously visited page (referrer URL), date and time of the server request and

• HTTP status code.

The purpose of the collection and further processing is to deliver the contents of our website to you and to make the functions and services related to our website available to you.

We store this data for the following purposes:

• Ensuring the security of our IT systems, e.g. to defend against specific attacks on our systems and detect attack patterns;

• Ensuring the proper operation of our IT systems, e.g. if errors occur that we can only correct by storing the IP address;

• in the case of concrete indications of criminal offenses for the purpose of criminal prosecution, threat prevention or legal action.

The processing is carried out on the basis of our overriding legitimate interests mentioned above, Art. 6 (1) lit. f) GDPR.

We retain this data for a period of 14 days. After this, we delete or anonymize the data, including the IP addresses.

Longer storage will only occur if there is a reasonable suspicion of illegal use based on concrete evidence and further examination and processing of the data is necessary for this reason.

3. Hosting

For hosting and operating our website, we use the services of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, based in Germany ("Hetzner"). Hetzner processes your personal data on our behalf, i.e. exclusively in accordance with our instructions (see Art. 4 No. 8, 28 GDPR).

4. Scope, purpose and legal basis of further data processing

On our website you have the option of contacting us using our contact form. For the purpose of processing and answering contact requests, we process the data you provide on the contact form (name, email address and free text). The legal basis for data processing is Art. 6 Paragraph 1 Sentence 1 Letter b of GDPR.

We also offer a B2B area on our website, which opticians can access after registering. For the purpose of providing the B2B area, including granting access, we process your data (name, address, email address and telephone number). To register, you will receive a customer number and must choose a password. The legal basis for data processing is Art. 6 Paragraph 1 Sentence 1 Letter b of GDPR.

For the purpose of establishing, executing and processing orders, we process the data you provide on the order form or - in the case of a telephone order - over the telephone (name and address of the purchaser, other contact details such as email address, details of the order, payment details). Names and addresses are transmitted to the transport service provider commissioned for the purpose of delivery. The legal basis for data processing is Art. 6 Para. 1 Sentence 1 Letter b GDPR. By storing your order data, we also comply with our legal obligations as a manufacturer of medical devices in order to ensure the traceability of the lenses for any product information and recalls, Art. 6 Para. 1 Letter c GDPR in conjunction with Art. 25 Medical Devices Regulation.

In order to protect against payment defaults and misuse, we carry out a credit check in individual cases. To do this, we send the name and address of a purchaser to Euler Hermes Deutschland, branch of Euler Hermes SA, Gasstraße 29, 22761 Hamburg, and receive credit information from the credit agency based on mathematical and statistical procedures. We save this feedback from the credit agency and use the credit information for the automated decision on the desired order and payment options. Automated decision-making therefore takes place in accordance with Art. 22 Para.

2 lit. a GDPR, which is necessary to conclude or fulfill the contract with you. You have the right to a manual review of the automated decision, for example to reject the desired payment method, to explain your own point of view and to contest the decision. To exercise your rights, please contact the Leica Eyecare GmbH address given above or by email to eyecare@leica-camera.com. The legal basis for data processing is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in securing claims when we make advance payments. You have the right to object to data processing. Further details on your right of objection can be found below in the "Data subject rights" section. An objection to the credit check may mean that we can only offer you limited payment options or refuse to conclude a contract.

Depending on the payment method selected and the agreements made with you, payment processing can be carried out via purchasing groups. In such cases, for the purpose of payment processing, we transmit individual order data (names and addresses of purchasers, invoice amounts, bank details) to the purchasing group involved. The legal basis for the data transmission is Art. 6 Para. 1 lit. b GDPR.

If you have given your consent, we will process your name and contact details for the purpose of sending you advertising information. Details can be found in the declaration of consent. The legal basis for data processing is Art. 6 Paragraph 1 Letter a of GDPR. Your order will be processed by LensWare International GmbH, Robert-Bosch-Str. 32, 63225 Langen. Your customer data will be managed by ISC it & software consultants GmbH, Wörnitzstraße 115a, 90449 Nuremberg in the CRM system SugarCRM. You can revoke your consent at any time with effect for the future without giving reasons, for example by email to eyecare@leica-camera.com. Even after you revoke your consent, we may contact you for advertising purposes during an implementation period of up to four weeks.

You are not obliged to provide us with any personal data. However, if you wish to have goods delivered, you must provide us with the data marked as mandatory on the order form so that we can process your order and, if necessary, conclude and execute a contract.

6. Recipients of the data

In addition to the data recipients expressly named in the above sections, other third parties who work for us within the framework of a data processing agreement or to whom you have explicitly consented to the data transfer may also receive data from us. These include, in particular, companies in the categories of IT services, logistics, printing services, telecommunications, advice and consulting, sales and marketing.

Recipients of personal data may also be authorities and other public bodies and institutions if there is a corresponding legal or official obligation to do so.

If data is transferred to a third country (outside the European Union or the European Economic Area), we undertake to ensure the proper processing of the data by taking precautions in accordance with Art. 44 et seq. of the GDPR. Either we contractually oblige the data recipient to comply with the data protection level applicable within the European Union and/or for the country in which the data recipient is based, the EU Commission has confirmed the existence of a data protection level equivalent to that of the European Union by means of a corresponding adequacy decision.

8. Duration of data storage

If necessary, we process and store your personal data for the duration of the business relationship, which also includes, for example, the initiation and processing of a contract. In addition, we are subject to various retention and documentation obligations, which arise, among other things, from the German Commercial Code (HGB) and the German Tax Code (AO). The retention and documentation periods specified there are six to ten years. Article 25 of the Medical Devices Regulation stipulates the obligation to retain data for the traceability of medical devices for a period of ten years. Finally, the storage period is also determined by the statutory limitation periods, which, for example, can generally be three years according to Sections 195 ff. of the German Civil Code (BGB).

If data must be retained for legal reasons, processing will be restricted. The data will then no longer be available for further use.

If you have consented to receive promotional information, we will retain your data for this purpose until you revoke your consent.

9. Cookies and similar technologies

We use cookies solely to increase the functionality of the website (strictly necessary cookies).

Cookies are text files that contain information. They are stored on your end devices (computer or mobile device) when you visit our website. A general distinction can be made between two types of cookies (so-called session and persistent cookies):

Session cookies are small information units in which a randomly generated identification number, the so-called session ID, is stored. By using session cookies, we can provide login data or shopping cart contents, etc. as a personal default setting on the next visit, which makes it possible, for example, to maintain a login session. A session cookie also stores information about its origin and the storage period. These cookies cannot store any other data. When you log out of the customer account, the session cookies used are deleted.

Persistent cookies store information that may include personal data from your browser. This may include, for example, your IP address, device type, domain, browser type and language used, operating system, country and time zone, previously visited websites or information about interaction with our sites, such as click behavior.

According to the laws of the EU member states implementing the EU Directive 2002/58/EC on the protection of privacy and electronic communications, as amended by the EU Directive 2009/136/EC, no consent is required for the setting and reading of absolutely necessary cookies (see, for example, Section 25 Paragraph 2 No. 1 TTDSG). The legal basis for the processing of your personal data, which is also included here, is our legitimate interests (Article 6 Paragraph 1 Letter f) GDPR). We have an interest in keeping our website technically accessible, secure and usable.

You can also visit our website without cookies. Most internet browsers accept cookies automatically. You can prevent cookies from being saved on your computer by selecting "do not accept cookies" in your browser settings. Please refer to your browser's help function to find out how this works in detail. You can delete cookies that have already been set on your device at any time. If you do not accept cookies, this may lead to functional restrictions on our offers.

10. Your rights

With regard to the processing of your personal data, you have the rights described below. In addition to the options already mentioned, you can assert your rights by submitting a request by post or email to the address specified in section 1 above.

right to information

You have the right to receive from us at any time, upon request, information about the personal data concerning you that we process within the scope of Art. 15 GDPR and Section 34 BDSG.

Right to rectification

In accordance with Art. 16 GDPR, you have the right to request that we correct any personal data concerning you if it is incorrect. In addition, you have the right to request that we complete any incomplete personal data.

Right to delete

You have the right to request that we delete your personal data under the conditions described in Art. 17 GDPR and Section 35 BDSG.

Right to demand processing restrictions

You have the right to request that we restrict processing in accordance with Art. 18 GDPR.

Right to data portability

You have the right to receive from us the personal data concerning you that you have made available to us in a structured, common and machine-readable format in accordance with Art. 20 GDPR.

Right of objection

You have the right to object at any time to the processing of personal data concerning you which is carried out on the basis of Art. 6 (1) (f) GDPR, for reasons arising from your particular situation, in accordance with Art. 21 GDPR. We will stop processing your personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

To the extent that we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for these purposes, including profiling. After your objection, we will stop processing.

Right to cancel


According to Art. 7 Paragraph 3 Sentence 1 GDPR, you have the right to revoke your consent at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until the revocation.

Right of appeal

You have the right to contact a supervisory authority of your choice if you believe that the processing of your personal data violates applicable data protection law.

Data processing when exercising your rights

Finally, we would like to point out that we process the personal data you provide when exercising your rights in accordance with Art. 7 Paragraph 3 Sentence 1 GDPR and Art. 15 to 22 GDPR for the purpose of implementing these rights and in order to be able to provide evidence of this and, if necessary, to defend legal positions.

In this context, we store your data for three years after your rights as a data subject have been fully processed. We will only store the data for a longer period if we still need it for legal defense. In this case, the data will be deleted after the procedure has been completed, plus the statutory limitation periods.

This processing for the purpose of implementation and proof of legally compliant implementation is based on the legal basis of Art. 6 Para. 1 lit. c) GDPR in conjunction with Art. 7 Para. 3 Sentence 1 GDPR and Art. 15 to 22 GDPR as well as Section 34 Para. 2 BDSG. Insofar as we process the personal data for the purposes of legal defense, this also constitutes our legitimate interest, Art. 6 Para. 1 lit. f) GDPR.

You are neither contractually nor legally obliged to provide your personal data, but we can refuse to fulfill your request to exercise your rights as a data subject in accordance with Art. 12 Para. 2 Sentence 2 GDPR if you do not provide us with the data required for your unambiguous identification, if requested.

Links to other websites and online services

Our website may contain links to websites or online services of other providers to which this privacy statement does not apply. If you click on one of these links, you will automatically be redirected to the linked external website or the corresponding online service. You can recognize this, for example, in the input bar of your browser by the change in the website address (URL). Information on the processing of your personal data can be found in the corresponding privacy statements of the respective websites and online services.

Changes to this data protection declaration

The current version of this privacy policy is available at any time at leica-eyecare.com.

Version of 04.05.2023