NOTICE OF PRIVACY PRACTICES

This Notice of Privacy Practices (“Notice”) describes how Health Information (as defined below) about you within our control may be used and disclosed, how you can obtain access to this information, as well as other rights that you have. This Notice is in addition to, and does not replace or supersede, the Optimax Privacy Policy. In the event of any conflicts between this Notice and the Privacy Policy, the Privacy Policy governs. Capitalized terms in this Notice which are not defined shall have the same meanings as those defined in the Privacy Policy.
This Notice describes how we, Optimax Investment Ltd. (together with its subsidiaries, affiliates, or related companies, the “Company”, “our”, “we” or “us”), may use and disclose certain medical information about you, and how you can get access to this information. This Notice applies to www.glassesusa.com, m.glassesusa.com and www.ottica.com, as well as any other websites, mobile sites and mobile applications (collectively, our “Properties”) owned, operated and/or distributed by the Company. Any information which relates to eyeglasses, prescription, or the provision of eye care services, and is identified with a specific individual who is the subject of such eye care services is subject to the laws and regulations under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) (among numerous state laws), and is classified under HIPAA as personal health information (“PHI”). Therefore, even though we operate an eCommerce platform and are not considered a covered entity under HIPAA, we take the confidentiality and security of your health information (“Health Information”) very seriously and have chosen to comply with the requirements under HIPAA Rules in maintaining and processing Health Information as further detailed below in this Notice. We use your Health Information to fulfill your orders, for payment, or in connection with healthcare operational purposes and for other purposes permitted or required by law. Not every use or disclosure is listed in this Notice, but all of our uses or disclosures of your Health Information will fall into one of the categories set forth in this Notice. If we require your Health Information for any purpose not covered by this Notice, we will first obtain your written authorization.

This Notice takes effect February 1, 2026, and will remain in effect until we replace it. We reserve the right to change our privacy practices and the terms of this Notice at any time, provided such changes are permitted by applicable law.

1. Treatment: We may use and disclose your Health Information for treatment purposes, and we may share the Health Information with doctors, optometrists, and other personnel involved in your health care. This helps to coordinate your care and make sure that everyone who is involved in the provisioning and management of your care has the information they require to carry out their duties and obligations.
2. Vision and Prescription Information: When purchasing eyeglasses and contact lenses, we may request information about your medical history, vision, and prescriptions provided by a doctor or optometrist to complete the transaction and provide you with the products you purchased. In addition, we may use your vision and prescription Information to contact your prescriber on your behalf for the purpose of requesting that your prescriber furnishes us with a copy of your prescription. By providing your vision and prescription information, you affirmatively authorize us to do so.
3. Payment: We may use and disclose your Health Information to bill and collect payment from you, your insurance company, or a third party billing company. For example, we may contact your insurer, or other health care payors for adjudication and to confirm the amount of your co-payment. The information we provide these parties will include information that identifies you, as well as information about the products that we provided to you.
4. Healthcare Operations: We may use and disclose your Health Information for activities necessary to support our healthcare operations, such as performing quality checks on our testing, internal audits, developing reference ranges for our tools, accreditation, and licensing. We may also disclose your Health Information to another healthcare professional, or health plan for such things as quality assurance and case management, but only if that professional or plan also has or had a patient relationship with you. We may also use and disclose your Health Information to improve our services and offerings, and other internal business management purposes. We may use your Health Information to create de-identified data, which is stripped of your identifiable data and which no longer identifies you.
5. Business Associate Subcontractors: We may disclose your Health Information to third parties that are engaged to perform certain services for us, such as billing services, copy services or consulting services. these Third party service providers, referred to as Business Associate Subcontractors, may need to access your Health Information to perform services for us and in such cases they will be subject to binding contracts which require them to protect your Health Information and only use and disclose it as necessary to perform their services for us.
6. Family Members: We may disclose your Health Information to to a family members, and/ or other individuals identified by you, who are involved in your medical care or payment related to your care.
7. Reorders: We may use your Health Information to send you reminders for re-orders (e.g., re-orders of contact lenses), as described in the Privacy Policy. These communications may be sent via text or email, and subject to your prior affirmative consent. You may also withdraw your consent and opt-out of these communications at any time.
8. As Required by Law: We may use and disclose your Health Information as required by applicable law, which may include (without limitation): for judicial and administrative proceedings pursuant to court order or specific legal authority, to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining our compliance with HIPAA, to assist law enforcement officials in their law enforcement duties, as permitted by HIPAA, and to assist public health, safety or law enforcement officials avert a serious threat to the health or safety of you or any other person.
9. Safety, Quality Management, Public Health, and FDA: We may use and disclose your Health Information to relevant authorities to manage product recalls, repairs, or replacements.
10. Health Oversight Activities: We may use and disclose your Health Information for legally authorized oversight activities, such as audits, investigations, inspections, and credentialing.

1. Marketing Authorization: We will obtain your written authorization for the use or disclosure of your Health Information for marketing, except in limited circumstances where applicable law allows such uses or disclosure without your authorization. We may also provide you with information regarding products or services that we offer related to your health care needs; provided that we are not paid or otherwise receive compensation for such communications. “Marketing” refers to a communication that encourages you to purchase or use a product or service.

2. Sale of Your Health Information: We will never sell your Health Information without your prior authorization, except in the narrow circumstances permitted by HIPAA. Under HIPAA, we, or our subcontractors, may receive compensation (directly or indirectly) related to an exchange of your Health Information for the following limited purposes: (a) public health activities; (b) research purposes (if the price charged reflects the cost of preparation and transmittal of the information); (c) payment or compensation for your treatment; (d) health care operations related to the sale, merger or consolidation of all or part of our business; (e) performance of services by a subcontractor on our behalf; (f) providing you with a copy of your Health Information; or (g) other reasons determined necessary or appropriate by applicable laws or regulations.

3. Other Uses and Disclosures: We will also obtain your written authorization (or the authorization of a parent or guardian, if applicable) before using or disclosing your Health Information for purposes other than those described in this Notice or otherwise permitted by law.

4. Revoking your Authorization: You may revoke an authorization at any time by sending an email to privacy@glassesusa.com. Your email must reference the particular authorization or authorizations that you wish to revoke so that we can update our records accordingly. Upon receipt of the written revocation, we will stop using or disclosing your Health Information, except to the extent that we have already taken action in reliance on the authorization. We use third-party online tracking tools on our Properties for certain purposes, including to analyze our users’ behavior throughout the Properties and to enhance and optimize the efficiency, design, and quality of our Properties. Although the tracking tools that we use may collect personally identifiable information from users, they will not collect any Health Information that would otherwise constitute Health Information. We reserve the right to disclose this information to our third party vendors, all of which will be subject to confidentiality covenants.

Additional information, including the tools we use, as well as your opt-out rights, is available through our Cookie Policy here.

1. Access to Health Information and Receive a Copy: You have the right to review and access your Health Information and health related information within our control, with limited exceptions. You may obtain a copy of your Health Information including a paper copy, by sending an email request to privacy@glassesusa.com. If you so request, you may also direct us to transmit a copy of your Health IInformation to a third party expressly designated by you. We may charge a fee for the costs of copying, mailing or other tasks associated with carrying out your request.
2. Alternative Communication: You have the right to request in writing that we communicate with you about your Health Information by alternative means or to alternative locations. Your request must specify the alternative means or location, that you desire. We will endeavor to accommodate all reasonable requests.
3. Restrict Uses and Disclosures of Health Information: You have the right to request additional restrictions on our use or disclosure of your Health Information. We are not required to agree to these additional restrictions except in the case where the disclosure is to a health plan for purposes of carrying out payment or health care operations, or applicable law. Note, we will not disclose your Health Information to a health plan for purposes of payment or health care operations when the information relates solely to a service or product for which you paid out-of-pocket in full.
4. Amendment of Health Information: If you believe that Health Information we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, send an email request to privacy@glassesusa.com and explain why the information should be amended. We may deny your request under certain circumstances, and if so, we will provide you with a written explanation for the reason for our denial.
5. Accounting of Disclosures of Health Information: You have the right to receive a list of instances in which we disclosed your Health Information for purposes other than treatment, payment, health care operations, and certain other purposes, for the prior 6 years (or less if our relationship with you has existed for less than 6 years). To request a list of such disclosures, send an email request to privacy@glassesusa.com. Your request must specify the time period for which you would like an accounting (within the maximum 6-year period). If you request this accounting more than once in a 12 month period, we may charge you a reasonable, cost based fee for responding to these additional requests.
6. Health Information Breach Notification: In the unlikely event we become aware that there is a breach or unauthorized release of your Health Information, you will receive notice and information on steps that you may take to protect yourself from harm.

• We are required by law to maintain the privacy and security of your Health Information.
• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your Health Information.
• We must follow the duties and privacy practices described in this Notice.
• We must provide you with a copy of the latest version of this Notice if you request it by sending a request to privacy@glassesusa.com.
• We will not use or share your Health Information other than as described here unless you authorize us to do so. If you provide such authorization, you may revoke your authorization at any time by contacting us at: privacy@glassesusa.com.
• If a state or other applicable law requires us to restrict the disclosure of your information beyond what is provided in this Notice, we will follow the applicable provisions of those laws.
• We have designated a Privacy Officer as your primary contact person for all issues regarding patient privacy and your rights under the federal privacy standards. You may contact this person at legal@glassesusa.com.

If you have questions or would like further information about this Notice or if you feel we have violated your rights under this Notice, you may file a complaint by contacting us at privacy@glassesusa.com.

You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. A complaint must be made in writing and will not in any way affect the quality of care we provide you. We expressly reserve the right to amend this Notice to reflect changes in our privacy practices and to implement new terms and practices applicable to all Health Information that we maintain about you, provided such changes are permitted by applicable law. Any amendments made to this Notice will be equally binding on the Health Information we’re already maintaining prior to the effective date of a Notice revision, as well as any Health Information we may receive in the future. We will post a copy of the current Notice here.

Last Updated: February 2026