What You Should Know
Data Protection Overview
The following flyer, Data Protection Overview, provides a concise overview of how ZEISS online services (websites, apps, social networks) collect and process your personal information. Full details of this process are available in the complete version of our Data Protection Notice.
What information do we collect?
I. When you open and/or use one of our online services, the information collected includes:
- The type of browser you are using
- The pages you have visited on our website
- The operating system
- Your IP address or shortened IP address
- User behavior (e.g. mouse movements, click behavior, session duration, etc.)
This information is predominantly collected and used in an anonymized or pseudonymized form.
II. If you have registered on our website, you have voluntarily provided information about yourself, which includes:
- First name, last name and title
- Payment information
- Contact information (e.g. email, phone)
- Address and order information
- Company, group assignment
- Products and equipment you use
- Personal interests and preferences
How is information collected by ZEISS online services?
The ZEISS online services use various types of cookies or tracking technologies with different functions. These perform purely technical functions, while also contributing to the optimisation of the web pages, to interactions with social media, as well as to the usage-related advertisement both on our side and the partners' side. As a result, we also provide information to our partners for analysis, marketing and social media purposes. You can object to the use of these technologies at any time and in different stages. Click on "Settings" to select your personal cookie settings:
Data is collected by ZEISS online services via automated processes or user entry, e.g. by means of:
- Cookie tracking pixels
- Direct user entry
- Cross-device tracking, mouse tracking and similar methods
Cookies make websites more user-friendly, effective and secure. A cookie is a text file containing information about user activity which is temporarily saved in the user's browser. They can be used to define and save visitor preferences and website settings.
Note: Additional information about cookies and other internet technologies is available in our Data Protection Notice.
Why do ZEISS online services process and use my personal information? When does ZEISS use and process my personal information?
It should be noted that ZEISS only collects personal information on a case-by-case basis and for specific purposes. The following list of reasons is therefore not exhaustive.
- For the provision of our products and services
- To comply with legal obligations
- For credit checks when processing payments that use insecure payment methods
- To prevent fraud on purchases for advertising purposes
- For web analytics and to improve our website
- For contests
- For newsletters and other subscriptions
- For online applications
- For contact purposes and in contact forms
- During the use of protected areas, such as ZEISS ID, and for authentication
- In the online shop
- For orders
- During the use of ZEISS digital services, e.g. platforms, subscribing to/unsubscribing from newsletters, and during the use of apps.
We know that it is important to you that your personal information be handled with care. Since data protection is a high priority issue at ZEISS, we make sure that your information is collected, processed and used strictly in accordance with the law. The instances listed above are those in which we require personal information from you.
This information helps us continually improve our websites and provide you with an individualized user experience. The individual items of personal information are used to process your orders, to deliver purchased goods and products to you, to verify your creditworthiness, to process payments, to prevent fraud, and to keep you informed about your orders and our products, services, and special offers.
To ensure that we can get in touch with you quickly, we request that you provide us with your email address. Your address will only be used for advertising purposes if you have given your explicit permission for this.
Legal basis for processing personal data
We process your data only in compliance with the applicable laws. In particular, we will process your data in accordance with Article 6 and Article 9 of the General Data Protection Regulation (GDPR), as well as in accordance with the conditions for consent in Article 7 GDPR. We will process your data, among other things, upon the following legal bases. Please note that this is not a complete or exhaustive list of the legal bases. Instead, these are merely examples intended to render the legal bases more transparent.
- Consent (point (a) of Article 6, paragraph 1 and Article 7 GDPR or point (a) of Article 9, paragraph 2 and Article 7 GDPR): we will only process specific data according to your explicit and voluntary consent, provided in advance. You have the right to revoke your consent at any time with effect for the future.
- performance of a contract / pre-contractual measures (point (b) of Article 6, paragraph 1 GDPR): we require access to certain data to initiate or implement your contract with ZEISS and ZEISS partners.
- Compliance with a legal obligation (point (c) of Article 6, paragraph 1 GDPR): ZEISS is subject to several legal requirements. In order to meet these requirements, we must process specific data.
- Protection of legitimate interests (point (f) of Article 6, paragraph 1): ZEISS will process specific data to protect its interests or those of third parties. However, this only applies if your interests in the individual case do not prevail.
Where is my personal information processed?
Generally, your information is processed on servers located in Germany. If permitted, your information may also be processed in countries other than Germany. User information is processed in part by external companies hired by ZEISS. The forwarding of data within the ZEISS Group (if permitted), the transfer of data abroad, and the processing of data via external partners are performed in accordance with the applicable data privacy protection laws. These activities are secured by means of the statutory regulations on data privacy protection including data processing agreements, EU standard contractual clauses, and international conventions.
What rights do I have?
- The right to information
- The right to object, including the right to withdraw your objection
- The right to have information deleted or released/transferred
- The right to limit or block the processing of information
- The right to have information corrected
- The right of appeal, also through a responsible supervisory authority
- The right to withdraw your consent
- The right to not be subject to a decision stemming from the automated processing of information or profiling
For data protection requests, please contact our corporate data protection representatives:
Contact by e-mail (please do not send confidential or sensitive information): datap rivacy @zeiss .com
Contact by phone: +49 7364 20-0 (keyword: "data protection")
Contact via online form: View form
When does my personal information get deleted?
We delete your personal information when the purpose for which it was collected no longer exists; this could include information collected during the execution of a contract which has been terminated. In order to adhere to trade/tax law and other legal obligations, it may be necessary to store your personal information beyond the purpose for which it was collected, or to initially block the information so that it can be used for later processing. This may also be necessary for the assertion, exercise and defence of legal claims.
How does ZEISS safeguard my personal information?
When you sign in to specially protected areas, e.g. via ZEISS ID, or into online shops, when you register to participate in contests or when you place an order, your personal information is transferred to us. To ensure that your information does not end up in the wrong hands, it is encrypted using standard, state-of-the-art methods such as SSL encryption (secure sockets layer). This is a proven and secure method of transferring information on the Internet.
ZEISS also employs a wide range of additional technical and operational security measures to ensure the safeguarding of personal information for its partners and customers. In conjunction with these security measures, we may occasionally request that you provide proof of your identity before granting you access to your personal information.
Your ZEISS ID account
Your ZEISS ID account can be used to sign in to a wide range ZEISS products and services. When you sign in, the information you provided voluntarily is used to create a personalized data record which helps us provide products and services which are better tailored to you personally.
Withdrawing permission to use your personal information
To withdraw permission for the use of your personal information, click the link below:
View withdrawal form
Falsified emails (spoofing), spam and phishing
Beware of phishing and spoofing activities
Unfortunately, the ZEISS brand is among those which are misused for deceptive purposes. In more specific terms, this means that users sometimes receive falsified emails supposedly sent from ZEISS. These emails are often visually designed to look like ZEISS communications and can in some cases be difficult to tell apart from authentic emails from ZEISS.
In these cases, the persons sending the falsified emails are attempting to exploit the trust between ZEISS and its customers in order to steal sensitive information (e.g. login details, customer information, payment information) or to install malicious software on your computer or smartphone.
These emails are not created or sent by ZEISS, even if our name is used to make it appear so. Unfortunately, this also means the ZEISS has no control over the creation and sending of illegitimate emails.
The following characteristics can help you identify whether the email you received is actually from ZEISS:
- Confirmation emails and invoices from ZEISS should only be for items you actually ordered.
- Emails from ZEISS should be free of typographical and grammatical errors, since they are proofread before being sent.
In some areas of our websites, we also provide information about, and links to, third-party websites. We do this only if we are firmly convinced of the seriousness of the respective supplier. However, ZEISS is not responsible for the data protection stipulations or contents of these websites and assumes no liability in this regard. These external links are marked with the following icon:
The right way to deal with spam, phishing and spoofing emails:
- We recommend that you delete suspicious emails immediately.
- Never open links or attachments in suspicious emails and never give out your personal information.
- We also recommend running a virus scan on your computer.
If an email contains unusual or suspicious information regarding your order or your customer information, sign into the online shop with which you placed the order. There, you will find a list of all the orders you have actually placed, along with the status and invoice number for each order. To do this, manually enter the address for the ZEISS website or platform in your browser. Manually entering the address allows you to avoid the risk of being sent to fraudulent websites via links contained in the email.
Tip: If you're unsure about an email you've received, use our contact service to get in touch with us or write us a message at View form
Important information about the safeguarding of your information
Safeguarding your personal information
In today's connected world, unauthorized attempts to access information are a reality which private individuals and companies are confronted with on a daily basis. Safeguarding information against such attempts is a considerable challenge.
Data protection is a high priority issue at ZEISS, and we invest time, energy and money into ensuring that our systems are secure and monitored around the clock. When you use ZEISS websites and platforms, you entrust us with your personal information. Safeguarding this information is important to us. There are also things that you can do to protect your personal information against unauthorized access. Below you will find information about how you can help ensure that your information stays safe.
How can I protect my personal information?
The rule of thumb here is to protect the information on your computer, laptop and mobile devices with passwords and PIN codes that only you know. Also, make sure you sign out of ZEISS websites, platforms and shops after you are finished using them.
Make sure that you only use one unique password per account. Never use the same password for different service providers or online portals. Check to make sure that the passwords you use on ZEISS websites and platforms are not being used for other websites as well. If they are, we recommend changing all of your ZEISS passwords immediately.
Do not write your passwords down where other people can see them. Once again, make sure that you are the only person who has access to these passwords.
How do I create secure passwords?
You want to make sure that your passwords are not easy to guess. This means not using common, everyday words, your own name or the names of family members in your passwords. For added security, it is a good idea to use a combination of upper and lowercase letters, numbers, and special characters.
Is there anything else I should know?
If you use a public computer to access ZEISS websites or platforms, be sure to sign out of your account when you are finished.
If you receive unsolicited emails asking you to provide your password or payment information, ignore these and contact ZEISS immediately (contact formular). We will look into the matter.
Data Protection Notice
Data processing at ZEISS (e.g. collection, processing, transfer) is performed in accordance with the law. The personal information needed from you for business transactions is stored by us and transferred to service providers contracted by ZEISS to the extent necessary to process the transactions.
This data protection notice applies to websites, domains, social media platforms and applications belonging to companies in the ZEISS Corporate Group (hereinafter referred to as ZEISS). They do not apply to the websites of ZEISS companies that, for example, have amended data protection and legal notices due to national legislation. Therefore, please note the respective data protection and legal notices of all ZEISS websites you visit or programs you use.
In some cases, ZEISS websites also contain links to websites of third-party, ZEISS-external companies to which this data protection and legal notice does not apply.
General Data Protection Standard
ZEISS is a corporation operating on a global scale which has cross-border legally independent companies, business processes, management structures, and technical systems.
When you visit our websites, data may be collected which may, in some cases, be of a personal nature. In this notice, we point out what personal information ZEISS companies collect during your visit to our websites, and how we handle this data.
We consider the protection of your personal information a very serious matter. Our processing of your personal information collected during your visit to our websites is carried out fully in accordance with the relevant legal stipulations. In addition, our approach to dealing with personal information is based on the EU data protection principles which provide for the greatest possible degree of transparency, observance of the right to choose, access rights and the transmission and lawful processing of personal information.
Every ZEISS company complies with the data protection laws which are applicable in its own particular case. In addition, the handling of personal information is specified in a company directive for all ZEISS companies within the Group. This ZEISS company directive serves to ensure that your data is processed properly and in compliance with the applicable laws at the ZEISS companies which handle personal information. At the same time, we have instructed our employees to refer to and comply with our data protection rules wherever personal information is requested on any website.
To the extent legally permissible and with due regard for your legitimate interests in excluding the transmission or use of information, we may forward your address and creditworthiness data to, or request this data from, credit agencies in order to run credit checks for orders.
For orders paid for by invoice, and installment purchases, we use address data in addition to other creditworthiness data to estimate the risk of payment defaults in individual cases.
ZEISS and other companies in the ZEISS Group generally provide their customers with the option of using insecure payment methods (e.g. paying by invoice, credit purchases). The following is a non-exhaustive list of companies in the ZEISS Group:
- Carl Zeiss Industrielle Messtechnik GmbH
- Carl Zeiss Spectroscopy GmbH
- Carl Zeiss Meditec Vertriebsgesellschaft mbH
- Carl Zeiss Vision GmbH
- Carl Zeiss Microscopy GmbH
Companies which offer their customers the option of using insecure payment methods have a justified interest in protecting themselves against payment defaults. This is usually done by checking the customer's creditworthiness before offering the option of using an insecure payment method. For credit checks, ZEISS is entitled to use negative creditworthiness information about the customer that it has collected itself or which has been transferred to it by another company in the ZEISS Group.
ZEISS is also entitled to transfer negative creditworthiness information about the customer to other companies in the ZEISS group before these other companies offer the customer the option of using an insecure payment method.
Creditworthiness information pertains to information about outstanding payments and information which provides direct indication that the customer is at risk of defaulting on his or her payment (e.g. bankruptcy, debt counseling, deferrals due to inability to pay). Before ZEISS stores the collected negative information about outstanding payments for the purpose of transferring this information to other companies in the ZEISS Group, the customer will receive notice that this information may possibly be transferred. ZEISS is also entitled to transfer information about exceedingly atypical orders (e.g. simultaneous orders for multiple items with the same delivery address placed using different customer accounts) to other companies in the ZEISS Group and to use information about exceedingly atypical orders that it has received from other companies in the ZEISS Group. This is intended to prevent the occurrence of payment defaults and to protect our customers against having their identities used for fraudulent purposes.
Furthermore, ZEISS is permitted to collect and process address and order information for its own marketing purposes. This means, for example, that ZEISS may compare email addresses collected during order processes with Facebook Ireland Limited's email address lists in order to display personalized advertisements to the owner of the address. Facebook Ireland Limited is not permitted, however, to use the email address for any purpose other than comparing it with its address list. Information is sent to third parties for advertising purposes only in cases where it is legally permissible to do so.
You may object to the use, processing, and transfer of your personal information at any time by means of an informal written letter addressed to ZEISS or via email (withdrawal form). Upon receipt of your objection, we will cease to use, process, and transfer the information in question for any purpose other than carrying out the orders and tasks you have requested; we will also cease to send you advertising and promotional materials.
Disclosure or objection:
Want to know which of your personal information is processed by ZEISS? Want to object to having your information used?
According to Article 15 of the Basic Regulation on Data Privacy Protection, or according to Article 34 of the Federal Data Protection act (Bundesdatenschutzgesetz, BDSG) of 2017, this is your legal right, and we would be more than happy to fulfil your request.
Gathering, Processing, and Transfer of Personal Information
ZEISS wants to give you as much control as possible over your personal information. Normally, you can access ZEISS websites without providing any personal information.
However, in certain areas of the ZEISS websites, you are requested to provide us with personal information in order to help us enhance the site and keep in contact with you. Any personal information you submit is treated as confidential and is saved and processed exclusively within the scope of the relationship between you and ZEISS. Your personal information will not be forwarded, published, or otherwise made available to third parties for marketing purposes without your prior approval.
However, as part of the provision of our services, your information may under certain circumstances be transferred to third parties who we have included in order processing, e.g. business partners or IT service providers. When transferring personal information to these third parties, we restrict ourselves to the information which is necessary for the provision of the service in question and we ensure that this transfer is carried out in compliance with the required data security. ZEISS companies will only transfer your personal information to third parties which have committed themselves to data protection and to the processing of your information in compliance with the applicable laws.
In addition, ZEISS may be forced by court or official order to reveal your data and associated information. Likewise, we reserve the right to use your information for the assertion of or defense against legal claims.
In the event of a takeover or merger with another company, it may be necessary to disclose or transfer your information to actual or potential buyers. In this case, ZEISS will aspire to the highest possible level of data protection and will comply with the legal stipulations.
Rights of the Data Subject
You are entitled to request information regarding the personal data we process at any time; you may also object to the processing of this information as well as request that the extent to which your personal information is processed be limited, that information be corrected or that information be deleted. Please note that ZEISS may only delete your personal information in the event that no legal stipulations exist which require this information to be stored, or in the event that ZEISS' right to store this information does not take precedence over your right to have it deleted. Please also note that once you have requested to have your information deleted, to have the processing of your information limited, or you have objected to the processing of your information, you may then no longer use ZEISS services, in part or in full, which require the use of your personal information.
If your personal information is being used by ZEISS because you have agreed to have it used, or because it is required for the fulfilment of a contract you have concluded with ZEISS, you may request a copy of the information that you have made available to ZEISS. Please send your request to the email address provided below. Be sure to include which data or processing activities you are requesting information about, in what format you would like to receive this information, and whether the information should be sent to you or another recipient. ZEISS will carefully review your request and inform you of the best way to fulfil it.
You may also request that ZEISS limit the future processing of your personal information in the following cases:
- If you claim that the personal information held by ZEISS is incorrect (however, the processing of information in this case will only be limited during the period of time needed by ZEISS to verify the accuracy of the personal information in question);
- If there is no legal basis for the processing of your personal information by ZEISS and you request that ZEISS cease processing your information;
- If ZEISS no longer needs your personal information, but you claim that ZEISS must store this information so that legal claims can be raised or exercised, or so that the claims of third parties can be defended;
- If you object to the processing of your personal information by ZEISS (on the basis of ZEISS' legitimate interest), for the length of time required to verify if ZEISS' interest in processing your personal information takes precedence or if a legal requirement to store the information exists.
Personal Information of Children:
ZEISS does not intentionally collect or process the information of children under the age of 16, or as required by local laws, except on websites intended specifically for children. ZEISS adheres to the applicable data protection laws on these websites.
Compliance with Legal Regulations
ZEISS and its products, services and technologies are subject to the export regulations of various countries, including those of the European Union and its members states and those of the United States. You acknowledge that ZEISS is required, per applicable export regulations, trade sanctions, and embargos, to take measures to prevent companies, organizations, and parties named in sanction party lists from acquiring certain products, technologies, and services through ZEISS websites or delivery channels controlled by ZEISS. These measures may include the following:
- The automated comparison of user registration information described in this notice and other information related to the user's identity with applicable sanction lists;
- Regular and repeated comparisons of this information as sanction lists are updated or as the user updates his or her information;
- The blocking of access to the services and systems of ZEISS if a user is found in an applicable sanction list;
- Establishing contact with the user in the event his or her information is found in a sanction list, in order to verify his or her identity.
Furthermore, you acknowledge that information required to carry out activities in accordance with your decision to have your personal information processed and used, or to receive marketing and promotional materials from ZEISS (regardless of the country in which the ZEISS company in question is located, and whether you have provided your explicit permission or objection to receive marketing and promotional materials) may be stored by companies in the ZEISS Group and exchanged between them to the extent this is required by law.
Legitimate Interest of ZEISS
Each of the items listed below presents a case in which ZEISS has a legitimate interest in processing and using your personal information. If you do not agree to having your information processed and used by ZEISS in these ways, you may object to these processing activities.
Surveys and questionnaires
ZEISS may invite you to participate in a customer survey. The questionnaires used for these surveys are designed in such a way that the questions can be answered without providing personal information. However, any personal information provided in a questionnaire or survey may be used by ZEISS to improve its products and services.
Generation of anonymized data records
ZEISS may anonymize the personal information covered by this data privacy protection notice to create anonymized data records which can be used to improve ZEISS products and services as well as those of its associated companies.
Recording of telephone and chat conversations for the purpose of improving service quality
ZEISS may record telephone or chat conversations for the purpose of improving the quality of its service. The recording process will begin only after you have been informed of it during the conversation.
To keep you informed of new products and services and to collect customer feedback
Within the framework of ZEISS' relationship with you as a customer, ZEISS may keep you informed, to the extent permitted by law, about its products and services (e.g. webinars, seminars and events) which are similar to the products and services from ZEISS which you have already purchased or which you use, or products or services which are directly related. Moreover, ZEISS may contact you to collect feedback regarding products, services, seminars, webinars or events which you have purchased or attended for the purpose of improving the product, service, webinar, seminar, or event in question.
Informationen on Data Security
ZEISS understands the importance of the protection and discreet handling of the information which you transfer to us via the Internet. Data security on our websites is a top priority. We have therefore made great efforts to ensure that our online security measures are effective. Essential data traffic on the ZEISS websites is therefore encrypted. ZEISS endeavors to update its encryption technology on a continuous basis in line with technical progress, in order to guarantee the confidential handling of the information you send us over the Internet.
We use different technologies for authentication, to simplify navigation, and to improve usability. These technologies include “cookies” which measure the use and efficacy of a website. A cookie is a data item which a website sends to your browser. It is stored on your system and is used to identify it (see Cookies, Web Tracking and Web Analytics).
Visitors' IP addresses are captured on our websites for the analysis of malfunctions, for website administration, and for the attainment of demographic characteristics. Furthermore, we use the IP addresses and other information, made available to us by you on this website or by other means as required, to find out which of our websites are being visited and what topics interest our visitors.