Updated: May 2, 2022

Introduction

Luna Solutions, LLC and its Affiliates (“Company” or “We”) respect your privacy and are committed to protecting it through our compliance with this policy. We are a business-to-business (B2B) provider offering an integrated suite of technologies and services to eyewear retailers, brands and doctors all around the world.

This policy describes the types of information we may collect from you or that you may provide when you visit the website(s) www.luna.io or www.demo.luna.io and dependent pages (our “Website“), download our Apps, or use our services, and our practices for collecting, using, maintaining, protecting, sharing and disclosing that information.

“Affiliates” means Ditto Technologies, Inc., Premium Vision, LLC, 6over6 Vision, Ltd., and Rx Renewal, LLC.

This policy applies to information we collect:

• On and through this Website.
• In email, text, and other electronic messages (e.g., forms) between you and this Website.
• Through mobile and desktop applications you may download from our Website or a third-party source (e.g., Apple Store), which provide dedicated non-browser-based interaction between you and this Website.
• When you use our Virtual Try On, Model Try On, Perfect Pair, Online Pupillary Distance, Digital Lensometer, Face Insights or other services, including services offered under brands Ditto, 6over6, and Premium Vision. Different information may be collected depending on the particular service used, and not all information described herein will be collected for each service.
• When your request an online demo of our applications or services, including but not limited to our B2B virtual services.
• When you interact with our applications and services available through links on third-party websites and services, such as when our services are accessed through an eyeglass provider’s website or mobile application.

It does not apply to information collected by:                                                                       

• Us offline or through any other means, including on any other website operated by Company or any third party; or
• Any third party, including through any application or content (including advertising) that may link to or be accessible from or on the Website.

This privacy policy does not apply to the practices of the eyewear or vision providers or other third parties that we do not own or control, including any third party websites, services and applications that you elect to access. We are not responsible for the privacy policies and practices of eyewear or vision providers that make available to you for your personal use our Virtual Try On technology and other services, and we encourage you to carefully review their privacy policies and notices before you access their services or provide them with your information.

Certain of our businesses and services we provide may be governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and we adhere to HIPAA’s required privacy protections for your protected health information where applicable.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website, Apps or services. By accessing or using this Website, Apps or services you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website or our other resources after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children Under the Age of 16

Our Website and services are not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this Website or on or through any of its features. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us at: info@luna.io or privacy@luna.io

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, Apps or services including information:

• By which you may be personally identified, such as name, postal address, e-mail address, telephone number, or any other identifier by which you may be contacted online or offline (“personal information“);
• That is about you but individually does not identify you. Certain information we collect may not individually identify you; and/or
• About your internet connection, the equipment you use to access our Website or services, and usage details.

We collect this information:

• Directly from you when you provide it to us.
• Automatically as you navigate through the Website. Information collected automatically may include usage details, IP addresses, device identifiers, and information collected through cookies, web beacons, and other tracking technologies.
• When you register to use or view a demo of our products or services.
• When you use our services or download our applications.
• From third parties, for example, our business partners including eyeglass or optical retailers or other business customers, or our service providers that may provide us with information about you. For example, we may be provided with information about your session and session identifier on the eyewear provider’s website when you click on their link to use our Virtual Try On services, or your contact information from an optical retailer in order to fulfill a contact lens order placed by you with the retailer.

Information You Provide to Us. 

The information we collect on or through our Website may include:

• Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, registering or requesting to view a demo of our products or services, subscribing to our services (including our B2B services on behalf of your business or employer), posting material, or requesting further services or information. We may also ask you for information when you report a problem with our Website.
• Records and copies of your correspondence (including email addresses and fillable forms), if you contact us.
• Details of transactions you carry out through our Website or related pages and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website or related pages.
• Your search queries on the Website.

You also may provide information to be published or displayed (hereinafter, “posted“) on public areas of the Website, or transmitted to other users of the Website or third parties (collectively, “User Contributions“). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Website with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.

Optical, Facial Scans and Other Information We Collect When You Use Our Applications Or Services.

We collect information that you voluntarily provide to us, including when you use our Virtual Try On and other services.

Face scans: You may decide to consent to the scan, capture, processing, and storage of images of your face to use our Virtual Try On and Face Insights technologies. By clicking to proceed or agreeing to use our technology you consent to a capture of your face. Any such information shall be used by us for the sole purpose of showing virtual eyewear on your face and providing customized information and recommendations about eyewear. We use scans of your facial geometry to show you through our online services how eyewear will look and to ensure the appropriate fit. Your facial geometry may include ear junction, eye corner width, face shape, nose bridge height and width and temple length, among other measurements calculated from the face scan. We may share your measurement information with eyewear providers in order to provide our service and so that any glasses you order fit properly. Your face scans are maintained by us on our systems or those of our service providers, such as web hosting services. Service providers, such as web hosting organizations, may have had access to your facial scans for purposes of providing services to us.

Optical Data: Certain of our services enable users to measure the refraction error of their eyes (GoEyes only) or find their pupillary distance and the lens power of their glasses. This is done by using tools implemented in our Apps. For these purposes, users may be asked to provide us additional data such as their mobile phone number (as part of the download process of the App, and without retaining such number once the App is installed); glasses parameters; lens analysis and pupillary distance; depth data (which is required to measure eyes’ distance and head angle in real-time); frontal facial pictures (which are cropped and anonymized immediately thereafter); and a “Calibration Image” (which is an image with a known size such as plastic standard magnetic card to set as a reference object). Please note that when you are using our services, we may ask you to present a magnetic card in order to facilitate the service. Once this is identified in the image, we make reasonable efforts to apply an obfuscation process, so to avoid saving any recognizable details that may exist on the card itself on our systems. For 6over6 services, this Calibration Image will not be linked to any personally identifying data.

Prescription Information: We may collect your prescription information in connection with certain services.

Gender: We may collect this information in connection with certain of our technologies and services.

We retain your face scans for a maximum of three years following collection. We will permanently destroy your face scans no later than the end of the three year period.

Information We Collect Through Automatic Data Collection Technologies.

As you navigate through and interact with our Website, Apps or services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Website, including traffic data, location data, logs, usage statistics, connectivity information and other communication data and the resources that you access and use on the Website.
• Information about your computer, mobile device, and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking).

The information we collect automatically may include personal information. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Website according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website. We may use both first and third party cookies, and session and persistent cookies.
• Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
• Web Beacons. Pages of our Website and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Use of Third Party Cookies and Other Technologies

Some content or applications, including advertisements, on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

• To present our Website and its contents to you.
• To provide you with information, products, or services that you request from us.
• To market and advertise our products or services.
• To fulfill any other purpose for which you provide it.
• To provide you with notices about your account, including expiration and renewal notices.
• To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
• To fulfill our contractual commitments with our partners.
• To notify you about changes to our Website or any products or services we offer or provide though it.
• To allow you to participate in interactive features on our Website.
• In any other way we may describe when you provide the information.
• For any other purpose with your consent.

We may also use your information to contact you about our own and third-parties’ goods and services that may be of interest to you.. For more information, see Choices About How We Use and Disclose Your Information.

We may use the information we have collected from you to enable us to display advertisements to you and our advertisers’ target audiences. If you click on or otherwise interact with an advertisement, the advertiser may assume that you meet its target criteria.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose information that we collect or you provide as described in this privacy policy:

• To and among our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our business.
• To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Luna Solutions, LLC’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Luna Solutions, LLC about our Website users is among the assets transferred.
• To fulfill the purpose for which you provide it.
• To our business partners, such as eyeglass and optical retailers.
• For any other purpose disclosed by us when you provide the information.
• With your consent.

We may also disclose your personal information:

• To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes.
• If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Luna Solutions, LLC, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

Notice of Collection of Personal Information and Privacy Notice under the California Consumer Privacy Act (CCPA)

This Notice of Collection Of Personal Information and Privacy Notice applies to the collection of personal information from California residents on and after January 1, 2020 to the extent applicable. This Notice supplements our “Privacy Policy” set forth above to provide California residents with information and rights required by the California Consumer Privacy Act (CCPA).

For purposes of this CCPA Notice, we refer to personal information according to the following definition given in the CCPA: “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a California resident or household. Personal information does not include publicly available information, information that is de-identified or aggregate consumer information, or information or rights that are outside the scope of the CCPA. Depending on the individual circumstances, for example, certain information we collect in connection with our services may be outside the scope of the CCPA because it is your medical information or health information, or because it does not individually identify you. You may direct any questions concerning your individual information to info@luna.io or privacy@luna.io.

By accessing our Website, using our services or Apps, or submitting personal information to us, you consent to the collection, use and sharing of any personal information as set forth in this CCPA Notice, as it may be updated from time to time.

What categories of personal information do we collect about you?

We may collect the following categories of personal information:

• Identifiers: this information may include your name, address, email address and IP address.
• Characteristics of protected classifications under California or federal law: gender.
• Internet and electronic history: technical information concerning your use of our services, such as information from your visits to our website or applications, your device and your session.

In the past twelve (12) months, depending on the individual circumstances, we have collected the following categories of personal information: Identifiers, Protected Characteristics, Geolocation and Internet History.

Who we share your personal information with

We do not sell your personal information.

In the past twelve (12) months, depending on the individual circumstances, we have shared the following categories of personal information: Identifiers, Protected Characteristics, Geolocation and Internet History with the following: service providers and third party businesses.

Your rights regarding your personal information

Under the California Consumer Privacy Act, you have the following rights in any personal information held by us:

• You have the right to request that we disclose the personal information we collect, use, disclose and share. You may request (i) the categories of personal information that we have collected about you; (ii) the categories of sources from which the personal information is collected; (iii) the business or commercial purpose for collecting or sharing personal information; (iv) the categories of third parties with whom we share your personal information; and (v) the specific pieces of personal information that we have collected about you.
• You have the right to receive your personal information in a portable format that allows you to transmit the information to another entity.
• You have the right to request deletion of personal information under certain circumstances. For example, we may not be required to delete personal information if we need to retain the information to complete the transaction for which the personal information was collected, perform on a contract with us, or to comply with a legal obligation.
• You have the right not to receive discriminatory treatment for the exercise of any of these rights. We will not discriminate against you because you have exercised your rights.

You may submit verifiable requests concerning any of your rights by contacting us at info@luna.io or privacy@luna.io. We will use reasonable methods for verifying that the person making a request to know, data portability or a request to delete is the individual about whom we have collected information. To the extent that you wish to use an authorized agent to make requests concerning the rights set forth above, you will need to provide us either with a power of attorney or, alternatively, with written authorization to communicate with your authorized agent.

We will (i) confirm receipt of requests to know, data portability or to delete within 10 days of the request; and (ii) generally respond to requests to know, data portability or to delete within 45 days of the request. If we need additional time to respond to your request beyond the 45 days, we will provide you with notice explaining the reasons we need more time, and we will then take up to an additional 45 days to respond to your request.

Our Role In Providing Services to Our Business Customers

In certain instances, your personal information may not have been collected by us directly, but provided to us by our business customers. In such circumstances, you may contact the business directly concerning your rights, including as to any request to delete your personal information shared with us. In certain circumstances, should you direct your request to us, we may not be required to comply with a deletion request submitted by you directly to the extent that we have collected, used, processed, or retained your personal information in our role as a Service Provider or Contractor to the business.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI“) on the NAI’s website.

Security of your information

We have in place reasonable technical, administrative and physical safeguards to protect your information. Unfortunately, due to the nature of the Internet, unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time. We do not guarantee or warrant that the techniques we employ will prevent unauthorized access to information about you that we store.

California Shine the Light Law/Online Privacy Protection Act

For California Residents: California Civil Code §1798.83 provides that California residents may request certain information concerning the disclosure of information to third parties for direct marketing purposes. Pursuant to California Business Code §§22575-22579, you may review and request changes to any of your personally identifiable information that we have collected. Should you wish to request this information or exercise these rights, please reach us at the contact information provided below.

Notice of Collection of Personal Data Under the General Data Protection Regulation (GDPR)

This Notice supplements our “Privacy Policy” set forth above to provide residents of the European Union with information and rights required by the GDPR.

For this section, we use the terms “Personal Data” and “processing” as they are defined in the GDPR, but “Personal Data” generally means information that can be used to individually identify a person (“Data Subject”), and “processing” generally covers actions that can be performed in connection with data such as collection, use, storage and disclosure. Certain information we collect may not be “Personal Data” to the extent it does not identify you.

We will only process your Personal Data if we have a lawful basis for doing so including:

• the Data Subject has given consent to the processing of his or her Personal Data for one or more specific purposes;
• processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract
• processing is necessary for compliance with a legal obligation to which Luna is subject;
• processing is necessary for the purposes of the legitimate interests pursued by Luna or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject which require protection of personal data.

We will not use your Personal Data in connection with any automated decision making process or for any profiling purpose.

We may collect the following Personal Data: Name, address, email address, IP address, and identifying technical information concerning your use of our Virtual Try On and other services, such as information from your visits to our website or applications, and your device and session.

Do you have rights in your personal data?

You have the following rights in your Personal Data held by Luna:

• Access: right to access your Personal Data and request certain information concerning your Personal Data, such as an explanation of the purpose of the processing and disclosure of third parties with whom Luna shares the data;
• Rectification: right to rectify inaccuracies in your Personal Data or to ensure that it remains up to date. Luna is committed to ensuring that your information is accurate and kept up to date.  Please inform us of any changes to your personal data;
• Erasure: right to erasure of your Personal Data under certain circumstances. For example, you may request erasure if the data is no longer needed in connection with the reasons it was collected or processed or if you withdraw your consent to further processing.  Luna may deny your request where it is required or permitted by law to retain your Personal Data or when we need to retain your information in connection with the exercise or defense of legal claims;
• Restriction: right to restrict processing where you contest the accuracy of the data in order to permit time to rectify the inaccuracies and in other circumstances;
• Data Portability: right to data portability by requesting a copy be provided in a structured, commonly used and machine-readable format and/or requesting that Luna transmit your personal data to a third party where technically feasible;
• Objection: right to object to processing of your personal data where you contest that the processing is necessary for the purposes of Luna’s or its business partners’ legitimate interests. Luna may deny your request because it has compelling legitimate business interests or the exercise or defense of legal claims;
• Complaint: right to bring a complaint before the applicable governmental privacy regulator.

You may contact us at info@luna.io or privacy@luna.io concerning your rights. If are covered by the GDPR, you have the right to lodge a complaint with an EU supervisory authority.

If you wish to make a formal request for information we hold about you, you can contact us at info@luna.io or privacy@luna.io.

For EU residents using 6over6 products, Apps or services, PRIGHTER has been designated as 6over6’s representative in the European Union and the UK for data protection matters pursuant to the GDPR or UK GDPR, as applicable. PRIGHTER may be contacted only on matters related to the processing of Personal Data. To make such an inquiry, please visit https://prighter.com/q/15084591.

6over6 has appointed PrivacyTeam as our Data Protection Officer (DPO), for monitoring and advising on 6over6’s ongoing privacy compliance and serving as a point of contact on privacy matters for data subjects and supervisory authorities. If you have any concerns regarding your privacy, or if you wish to make a complaint about how your personal data is being processed by 6over6, you can contact  dpo@6over6.com.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at:

info@luna.io or privacy@luna.io