pursuant to art. 13 of Regulation 2016/679/EU ("GDPR")

This information policy illustrates the methods and purposes of the processing carried out by Safilo Group S.p.A., with registered office in Settima Strada 15, 35129 Padua, Italy, in its capacity as Data Controller (hereinafter, "Safilo", "Data Controller" or "Company"), on the personal data of users who access the www.safilogroup.com website ("Website").”). The Company has appointed a Data Protection Officer, who can be contacted at the e-mail address dpo@safilo.com. The information is provided only for the Site and for the sub-sites/sections referable to it, but not for other websites that may be accessible through links available on the Site and for which reference is made to the respective information on the processing of personal data. The reproduction or use of pages, materials and information contained within the Site, by any means and on any medium, is not permitted without the prior written consent of Safilo. Copying and/or printing of the contents of the site is permitted for personal and non-commercial use only. For requests and clarifications, you can contact the Data Controller at the addresses indicated below. Other uses of the content, services and information on this site are not permitted.

In order to allow you to use the Site and its services, including the possibility of following up on your request or message (hereinafter, the "Services"), we need to know and process some of your personal data. Browsing data Safilo informs that the so-called "navigation" data of the site by users will be processed in compliance with the applicable legislation. The computer systems and software procedures used for the operation of the Site acquire, during their normal operation, some personal data whose transmission is implicit in the use of the Internet. This information is not collected to be associated with identified data subjects, but by its very nature could, through processing and association with data held by the Data Controller or by third parties, allow users of the site to be identified. This category of data includes the "IP addresses" or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the resources requested, the time of the request, the method used to submit the request to the web server, the size of the file obtained in response, the numerical code indicating the status of the response given by the web server (successful, error, etc.) and other parameters related to the operating system and the user's computer environment. These data are usually used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check the correct functioning of the www.safilogroup.com website. Data communicated by the user Safilo collects, stores and processes your personal data for the purpose of providing the requested information on the products and services offered by the Data Controller. The optional, explicit and voluntary sending of e-mails to the addresses indicated in individual sections of the Website, communication via social networks, call centres, etc., involves the subsequent acquisition of some of your personal data, necessary to respond to requests.

1. Use of the contents and Services of the Site(i) and guarantee of network and information security (ii, iii). For the pursuit of these purposes, the Company is required to process your data to provide you with the requested Services (e.g., access to the Site, response to your request, etc.). In addition, the Company will process your data to the extent strictly necessary to ensure the proper functioning of the Site, as well as the security of networks and information due to the legitimate interests of the Company and the obligations provided for by law. Legal bases: (i) Performance of a contract (ii) Compliance with legal obligations (iii) Legitimate interest Nature of data provision: the provision of your personal data for the use of the Services and for the guarantee of network and information security refers to contractual and legal obligations, respectively. For this reason, failure to provide your data may make it impossible for the Company to provide you with the content and Services requested, as well as the impossibility of guaranteeing network and information security. 2. Compliance with legal obligations(i) and protection of the Company's rights in court(ii). In order to pursue this purpose, the Company is required to process your personal data, in accordance with the terms and conditions provided for by law, where this is necessary for the fulfilment of regulatory obligations or to ensure the protection of the Company's rights. Legal bases: (i) Compliance with legal obligations (ii) Legitimate interest Nature of data provision: the provision of your data refers to a legal obligation. For this reason, failure to provide your personal data may not allow the Company to comply with its obligations under the law or to ascertain, exercise and legitimately protect its rights in court.

The processing is also carried out with the aid of electronic or automated means and is carried out by the Data Controller and/or third parties whom the Data Controller may use to store, manage and transmit the data. The processing of data will be carried out with the logic of organization and processing of the User's personal data, also relating to the logs originating from the access and use of the services made available via the web, of the contents and services used related to the purposes indicated above and, in any case, in such a way as to guarantee the security and confidentiality of the data. With regard to data security, in the sections of the website set up for particular services, where personal data is requested from the User, the data is encrypted using a security technology called Secure Sockets Layer (abbreviated as SSL). SSL technology encrypts information before it is exchanged via the Internet between the user's computer and Safilo's central systems, making it incomprehensible to unauthorized persons and thus ensuring the confidentiality of the information transmitted. The personal data communicated voluntarily will be stored only for the time strictly necessary to follow up on the request sent to the Company through the use of the Site. The personal data collected to provide you with the Services made available through the Website will be stored for a maximum of 10 years from the termination of the contract under which the relevant processing is carried out, in accordance with the provisions of current legislation on prescription. Finally, where it is necessary to comply with legal obligations or to ascertain, exercise or protect your rights, we may retain your personal data for the limitation period provided for by the applicable regulatory provisions (e.g., compliance with legal obligations regarding the statute of limitations) or in any case for the extent necessary for the exercise of the Company's rights in court.

The Site, through widgets and buttons, can interact with external platforms and social networks. In this case, the information collected depends on the settings of the profiles used by the User on each social network and not on the administrator of this Site, especially if the User has a login profile for these platforms. Links with Facebook®, YouTube®, Instagram®, X® (and links to other social networks that may be inserted over time), allow you to interact with the www.safilogroup.com pages present in social networks and share ideas, opinions or topics of the Site with the respective social platforms and may collect User data. Please note that by using Safilo's dedicated social media pages, you may post content that is publicly available on the Internet. Before interacting with these areas, please read the General Terms and Conditions of Use of social media carefully, bearing in mind that, in certain circumstances, the information published can be viewed by anyone and all the information you include in your publications can be read, collected and used by third parties. More information can be obtained from the websites of the companies that offer the service. Please note that in this case, during such navigation, your personal data is not managed by Safilo, whose intervention is limited to making the connection available through these buttons only to offer an additional service to the User but has no control over them.

Your personal data will not be disclosed to third parties, but may still be communicated in relation to the processing purposes previously set out to the following subjects: − those who can access the data by virtue of legal provisions provided for by European Union or national law; − subjects who carry out activities functional to the pursuit of the purposes referred to in paragraph 3, i.e. companies that offer IT infrastructures and IT assistance and consultancy services as well as the design and implementation of software and websites, companies or consultants appointed to provide further services to the Company, within the limits of the purposes for which they were collected. In addition to the aforementioned categories of recipients, your personal data may be disclosed to persons acting under the authority and within the organization of the Company, who are instructed and authorized to process it pursuant to Article 29 of the GDPR and Article 2-quaterdecies of Legislative Decree No. 196/2003 as amended.

The Data Controller does not transfer your personal data to third countries outside the European Union.

Users, Interested in the definition of the GDPR, are granted the rights referred to in art. 15 to 22 of the GDPR. In particular, the data subject has the right to obtain access to his or her personal data from the Company, to withdraw consent to the processing of data at any time, to request its rectification, to limit the processing of the data, even partially, to object to the processing carried out on the basis of a legitimate interest at any time, for reasons related to his or her particular situation, to request its portability, where applicable to the processing carried out by the Data Controller, and the possible deletion as well as not to be subject to a fully automated decision, including profiling. The rights can be exercised to the extent that the processing is not mandatory by legal provisions or regulations. You may also lodge a complaint with the Supervisory Authority pursuant to Article 77 of the GDPR. A list of EU data protection authorities can be found at https://www.edpb.europa.eu/about-edpb/about-edpb/members_en If the Data Subject wishes to exercise the rights recognized by law, the Data Protection Officer can contact the Data Protection Officer at dpo@safilo.com

This privacy policy was updated in October 2025. Any updates will always be available at https://www.safilogroup.com/it/privacy-policy