You have logged in with a hierarchy account that cannot be used to place orders. Therefore, no prices are displayed. Please select your desired delivery address under «Select account» by selecting it. If you have any further questions, please contact our customer service team on 0800 484 484 bestellungen.ch@lyreco.com.
Please wait while processing...
Dear customer,
We are processing your request.
Please do not leave the session, this operation can take several minutes.
You will be informed when it is complete.
Thank you for your patience.

Logout
Thank you for your visit, see you soon on Lyreco
Your trust is important to us, which is why we take the issue of data protection seriously at Lyreco Switzerland AG and ensure appropriate security. It goes without saying that we comply with the legal provisions of the Federal Data Protection Act (FADP), the Ordinance to the Federal Data Protection Act (DDPA), the Telecommunications Act (TCA) and any other applicable data protection provisions of Swiss or EU law, in particular the General Data Protection Regulation (GDPR).
If you have any questions about this privacy statement or the processing of your personal data, or if you have specific questions about data protection, you can contact us as follows: Lyreco Switzerland AG, Riedstrasse 4, 8953 Dietikon, ch.dataprotection@lyreco.com.
Lyreco Switzerland AG is also the responsible party pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR).
To help you understand what personal data we collect from you and for what purposes we use it, please read the information below.
1. surrendered data
You often provide us with personal data yourself, e.g. when you send us data or communicate with us. In particular, you usually provide us with master data, contract data and communication data yourself. You also frequently disclose preference data to us yourself.
For example, you provide us with personal data yourself in the following cases:
· You create a customer account; in order to place orders in the webshop, you must apply to open a customer account. When registering for a customer account, we collect the following data:
o Company name
o First and last name of the contact person
o Company address
o Delivery address
o Invoice address
o Phone number
o E-mail address
o Username
o Password
The data is collected for the purpose of providing the customer with password-protected direct access to his basic data stored with us. The customer can view his completed and open orders or manage or change his personal data.
· You are taking part in a sweepstake or competition;
· You contact our customer service;
· You register for other offers, for example our newsletter.
The provision of personal data is usually voluntary, i.e. you are usually not obliged to disclose personal data to us. However, we must collect and process those personal data that are necessary for the processing of a contractual relationship and for the fulfilment of associated obligations or are required by law, e.g. mandatory master and contract data. Otherwise, we cannot conclude or continue the contract in question.
If you provide us with data about other people (e.g. family members), we will assume that you are authorised to do so and that this data is correct. Please also ensure that these other persons have been informed about this privacy policy.
2. data collected
We may also collect personal data about you ourselves or automatically, e.g. when you shop with us, use our offers or make use of our services. This is often behavioural and transactional data as well as technical data (e.g. when you visit our website).
We independently collect personal data about you in the following cases, for example:
· You order a product in our webshop;
· You are visiting our website; when you visit our website, our servers temporarily save each access in a log file. The following technical data is stored by us without your intervention, as is generally the case with every connection to a web server:
o the IP address of the requesting computer,
o the name of the owner of the IP address range (usually your Internet access provider),
o the date and time of access,
o the website from which the access was made (referrer URL), if applicable with the search term used,
o the name and URL of the retrieved file,
o the status code (e.g. error message),
o the operating system of your computer,
o the browser you use (type, version and language),
o Your username from a registration/authentication, if applicable.
The collection and processing of this data is carried out for the purpose of enabling the use of our website (connection establishment), to ensure system security and stability on a permanent basis and to enable the optimisation of our internet offer as well as for internal statistical purposes.
· You click on a link in one of our newsletters or otherwise interact with one of our electronic promotional communications.
We may also derive personal data from existing personal data, for example by analysing behavioural and transactional data. Such derived personal data is often preference data.
For example, we can analyse the behavioural and transactional data generated by purchases in our webshop and make assumptions about your personal interests, preferences, affinities and habits based on this data. This enables us, for example, to tailor our offers and information to your individual needs and interests. In this way, we can send you an individual selection of offers that are relevant to you.
3. data received
We may also receive personal data from the Lyreco Group. However, we may also receive information about you from other third parties, such as companies we work with, people who communicate with us or public sources.
For example, we may receive information about you from the following third parties:
· from your employer and from work colleagues, in connection with an application and with their professional functions;
· from third parties when correspondence and meetings concern you;
· from people close to you (family members, legal representatives, etc.), e.g. your address for deliveries, references or powers of attorney;
· from credit agencies, e.g. when we obtain credit information;
· from Swiss Post and address dealers, e.g. for address updates;
· of banks, insurance companies, distributors and other contractual partners for purchases and payments;
· of providers of online services, e.g. providers of internet analysis services;
· Provider of cyber security services
· of information services for compliance with legal requirements such as anti-money laundering and export restrictions;
· of authorities, parties and other third parties in connection with official and judicial proceedings;
· by media monitoring companies in connection with articles and reports in which you appear;
· from public registers such as the debt enforcement register or the commercial register, from public agencies such as the Federal Statistical Office, from the media or from the internet.
4. For what purposes do we process personal data?
a) Communication
We would like to stay in contact with you and respond to your individual concerns. We therefore process personal data for communication with you, e.g. answering enquiries and customer care. For this purpose, we use in particular communication and master data and, insofar as the communication concerns a contract, also contract data. We may also personalise the content and timing of messages based on behavioural, transactional, preference and other data.
The purpose of communication includes in particular:
· answering enquiries;
· contacting you with any questions;
· customer service and customer care;
· communication related to product recalls (e.g. we may contact you directly if we know you have purchased a product that is affected by a recall);
· the delivery of other notifications (e.g. order status information);
· authentication, e.g. when using our online services;
· quality assurance and training;
· all other processing purposes, insofar as we communicate with you for this purpose (e.g. contract processing, information and direct advertising).
b) Contract execution
We want to provide you with the best possible service. We therefore process personal data in connection with the initiation, administration and processing of contractual relationships, e.g. in order to deliver an order, provide a service, arrange purchases and services, run a loyalty programme or organise a competition. The processing of the contract also includes any agreed personalisation of services. In particular, we use master data, contract data, communication data, behavioural and transaction data and preference data for this purpose.
The purpose of contract performance generally includes everything that is necessary or expedient to conclude, perform and, if necessary, enforce a contract.
This includes, for example, edits:
· in order to decide whether and how (e.g. with which payment options) we enter into a contract with you (including credit assessment);
· to provide contractually agreed services, e.g. deliver goods, provide services and provide functions (including personalised service components);
· to provide customer services and survey customer satisfaction;
· to run and manage loyalty programmes, e.g. to settle and credit earned entitlements and benefits (e.g. promotional vouchers and action codes);
· to determine, notify and, if applicable, publish the winners of competitions and prize draws;
· to invoice our services and generally for accounting purposes;
· to plan and prepare for the provision of our services, e.g. scheduling of our employees;
· to check the suitability of job applicants and, if necessary, to prepare and conclude the employment contract;
· to check whether we want to and can work with a company, and to monitor and assess its performance;
· to prepare and execute transactions under company law, e.g. company acquisitions, sales and mergers;
· to enforce legal claims arising from contracts (debt collection, court proceedings, etc.);
· to manage and administer our IT and other resources;
· to store data within the scope of retention obligations;
· to cancel and terminate contracts.
c) Information and marketing
We would like to make you attractive offers. We therefore process personal data for relationship management and marketing purposes, e.g. to send you written and electronic communications and offers and to carry out marketing campaigns. These may be our own offers or those of advertising partners. We may also act on behalf of other companies and take on the role of an agency, for example to carry out promotions for their products.
Messages and offers can also be personalised in each case in order to send you only information that is likely to be of interest to you. For this purpose, we use in particular master data, contract data, communication data, behavioural data and transaction data as well as preference data, but also image and sound recordings.
This may include, for example, the following notices and offers:
· Newsletters, promotional emails and other electronic messages;
· Advertising brochures, magazines and other printed matter;
· Advertising messages and spots on screens and other advertising spaces;
· Delivery of promotional vouchers and codes;
· Invitations to events, raffles and competitions.
You can refuse contacts for marketing purposes at any time (see section 15). For newsletters and other electronic communications, you can unsubscribe from the corresponding service via the customer account as well as via an unsubscribe link integrated in the communication.
Personalising our messages allows us to tailor information to your individual needs and interests and, as far as possible, only present you with offers that are relevant to you. Personalisation also enables you to find the products you are looking for more quickly in our large online offering. In general, aligning our activities with the wishes and needs of our customers allows us to simplify processes, such as purchases or sales, so that you can reach your destination more quickly.
d) Market research and product development
We want to continuously improve our offers and make them more attractive for you. We therefore process personal data for market research and product development. To this end, we process in particular master data, behavioural data, transaction data and preference data, but also communication data and information from customer surveys, polls and studies and other information, e.g. from the media, the Internet and other public sources. As far as possible, we use pseudonymised or anonymised data for these purposes.
Market research and product development include in particular:
· conducting customer surveys, polls and studies;
· the further development of our offers (e.g. design of the product range, choice of location, pricing and action planning, etc.);
· assessing and improving the acceptance of our offers and our communication in connection with offers;
· optimising and improving the user-friendliness of websites;
· the development and testing of new offerings;
· reviewing and improving our internal processes;
· statistical evaluations, e.g. to evaluate information about our customers' interactions with us on a non-personal basis;
· the assessment of the supply situation in a particular market and the behaviour of our competitors;
· market monitoring, e.g. to understand and react to current developments and trends.
e) Safety and prevention
We want to ensure your and our security and prevent abuse. We therefore also process personal data for security purposes, to ensure IT security, to prevent theft, fraud and abuse and for evidence purposes. This may involve all categories of personal data mentioned in sections 2 and 3, in particular also behavioural and transactional data as well as image and sound recordings. We may collect, analyse and store this data for the aforementioned purposes.
The purpose of safety and prevention includes, for example:
· the production and evaluation (manually and automatically) of video recordings for the detection and prosecution of criminal acts;
· the issuing of house bans and the administration of house ban lists;
· the analysis of behavioural and transactional data for the purpose of detecting suspicious patterns of behaviour and fraudulent activity;
· the evaluation of system-side records of the use of our systems (log data);
· the prevention, defence and detection of cyber attacks and malware attacks;
· Analyses and tests of our networks and IT infrastructures as well as system and error checks;
· Control of access to electronic systems (e.g. logins to user accounts);
· physical access controls (e.g. access to office premises);
· Documentation purposes and creation of backup copies.
f) Compliance with legal requirements
We want to create the conditions for compliance with legal requirements. We therefore also process personal data to comply with legal obligations and to prevent and detect violations. This includes, for example, receiving and processing complaints and other notifications, complying with orders of a court or authority and taking measures to detect and clarify abuses. This may concern all categories of personal data mentioned in sections 2 and 3.
Compliance with legal requirements includes in particular:
· the protection of minors and the protection of minors, e.g. the enforcement of age limits for the purchase of alcohol;
· the implementation of health and protection concepts;
· Clarifications about business partners;
· the receipt and processing of complaints and other reports;
· the conduct of internal investigations;
· ensuring compliance and risk management;
· the disclosure of information and documents to authorities if we have a factual reason to do so (e.g. because we ourselves are an aggrieved party) or are legally obliged to do so;
· the involvement in external investigations, e.g. by a law enforcement or regulatory authority;
· ensuring the legally required data security;
· the fulfilment of disclosure, information or reporting obligations, e.g. in connection with supervisory and tax obligations, e.g. archiving obligations and for the prevention, detection and clarification of criminal offences and other violations;
· the legally regulated fight against money laundering and terrorist financing.
In all cases, this may involve Swiss law, but also foreign regulations to which we are subject, as well as self-regulations, industry and other standards, our own "corporate governance" or official directives.
g) Upholding the law
We want to be able to enforce our claims and defend ourselves against claims by others. We therefore also process personal data for legal protection, e.g. to enforce claims in court, before or out of court and before authorities in Switzerland and abroad, or to defend ourselves against claims. In doing so, we process different personal data depending on the constellation, e.g. contact data as well as information about processes that have given or could give rise to a dispute.
The purpose of upholding the law includes in particular:
· clarifying and enforcing our claims, which may include claims of companies affiliated with us and our contractual and business partners;
· the defence of claims against us, our employees, companies associated with us and against our contractual and business partners;
· clarifying the prospects of litigation and other legal, economic and other issues;
· participating in proceedings before courts and authorities at home and abroad. For example, we can secure evidence, clarify the prospects of litigation or submit documents to an authority. It may also be that authorities request us to disclose documents and data carriers that contain personal data.
h) Group internal administration and support
We want to make our internal processes efficient. We therefore also process personal data for the internal administration of the Lyreco Group. For this purpose, we process in particular master data, contractual data and technical data, but also behavioural and transactional data as well as communication data.
Intra-group administration includes in particular:
· the management of IT and real estate;
· the accounting department;
· the archiving of data and the management of our archives;
· training and education, e.g. when we evaluate recordings of telephone, video or other communications;
· The centralised storage and management of data generated by several Lyreco Group companies be used;
· the review or implementation of transactions under company law, such as company acquisitions, sales and mergers;
· forwarding enquiries to the competent bodies
· the sale of receivables, where we provide the purchaser, for example, with information about the reason for and amount of the receivable and, if applicable, the creditworthiness and conduct of the debtor;
· generally reviewing and improving internal processes.
5. purchase in the webshop
If you wish to place orders in our webshop, we require the following data for the processing of the contract:
· Company name
· First and last name of the contact person
· Billing address (and if different, delivery address)
· Information within the scope of the payment (depending on the selected payment method)
· Login data, i.e. e-mail address, password, user name and telephone number (for registered customers)
If home delivery is selected, we also require the first and last name of the employee and their address.
Unless otherwise stated in this privacy policy or you have separately consented to this, we will use the aforementioned data to process the contract, namely to process your orders, to deliver the ordered products and to ensure correct payment.
6. Coffee Operating Service (COS)
If COS badges with payment functions and recharging possibilities at Lyreco charging stations are used for the offer, Lyreco will need the first and last names of the badge holders in addition to the data listed under points 2 and 3. The data will only be used to verify the number of badges issued per person.
7. newsletter
In the regularly published Lyreco Switzerland AG newsletter, we inform you about our products and services and provide up-to-date information about office supplies and workplace solutions.
Lyreco Switzerland AG guarantees the confidential treatment of your data. If you wish, you can unsubscribe from the newsletter at any time by clicking on the "Unsubscribe newsletter" link contained in every newsletter.
8. contacting
When you contact us by e-mail or via a contact form, the data you provide (your e-mail address, name and telephone number, if applicable) will be stored by us in order to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if legal retention periods exist.
9. disclosure of data to third parties and place of processing
We will only pass on your personal data if you have expressly consented to this, if there is a legal obligation to do so or if this is necessary to enforce our rights, in particular to enforce claims arising from the contractual relationship.
In addition, we pass on your data to third parties insofar as this is necessary within the framework of the use of the website and the processing of contracts (also outside the website), namely the processing of your bookings. This includes, among others, the respective transport service provider who has been entrusted with the shipment of ordered goods. Your personal data is also passed on to the following recipients: Lyreco Management SAS, Marly (F). A transfer to Lyreco Management SAS may serve the purpose of internal group administration or to support the group companies concerned and their own processing purposes (section 4), for example when we support the personalisation of marketing activities, the development and improvement of products and services, the performance of credit checks or efforts to prevent theft, fraud and abuse. Data processing takes place exclusively within Switzerland and the EU.
We may share your personal data with companies outside Lyreco when we use their services. As a rule, these service providers process personal data on our behalf as so-called "order processors". Our order processors are obliged to process personal data exclusively in accordance with our instructions and to take appropriate data security measures. Certain service providers are also jointly responsible with us or independently (e.g. debt collection companies). We ensure that data protection is guaranteed throughout the processing of your personal data by selecting the service providers and by means of suitable contractual agreements.
This involves, for example, services in the following areas:
· Forwarding and logistics, e.g. for the shipment of ordered goods;
· Advertising and marketing services, e.g. for sending communications and information;
· Warranty and return, e.g. for repair in case of defects
· Business administration, e.g. accounting or asset management;
· Payment services;
· Collection services;
· Insurance service provider
· Fraud prevention services that payment service providers carry out on their own responsibility, such as PayPal Fraud Protection. Corresponding procedures are only applied if you are already a customer of the respective payment service provider. More detailed information can then be found in the privacy policy of the respective service provider;
· IT services, e.g. services in the areas of data storage (hosting), cloud services, sending e-mail newsletters, data analysis and refinement, etc.;
· Consultancy services, e.g. services of tax consultants, lawyers, management consultants or consultants in the field of personnel recruitment and placement.
Insofar as we make advance payments, e.g. in the case of a purchase on account, we may, if necessary, obtain creditworthiness information from a credit reference agency on the basis of mathematical-statistical procedures in order to protect our legitimate interests. For this purpose, we transmit the personal data required for a credit check to the credit information agency (Creditreform, Teufener Strasse 36, 9000 St. Gallen) and use the information received about the statistical probability of a payment default for a weighed decision about the establishment, implementation or termination of the contractual relationship. The creditworthiness information may contain probability values (score values) which have been calculated on the basis of scientifically recognised mathematical-statistical procedures and which include address data in their calculation. Your interests worthy of protection are taken into account in accordance with the legal provisions.
Finally, when you pay by credit card on the website, we pass on your credit card information to your credit card issuer and to the credit card acquirer. Regarding the processing of your credit card information by these third parties, we ask you to also read the terms and conditions as well as the privacy policy of your credit card issuer. For example, if you contact us with a concern about a product, we may share that information with the Lyreco Owned Industry manufacturing company for the purpose of product and quality improvement.
It is also possible that we pass on personal data to other third parties, including for their own purposes, e.g. if you have given us your consent or if we are legally obliged or entitled to pass it on. In these cases, the recipient of the data is a separate data controller under data protection law.
This includes, for example, the following cases:
· information on product recalls by manufacturers if you have purchased a product from the manufacturer.
· the transfer of receivables to other companies such as collection agencies;
· the review or implementation of transactions under company law, such as company acquisitions, sales and mergers;
· the disclosure of personal data to courts and authorities in Switzerland and abroad, e.g. to law enforcement agencies in cases of suspected criminal offences;
· the processing of personal data in order to comply with a court order or official directive or to assert or defend legal claims or if we consider it necessary for other legal reasons. We may also disclose personal data to other parties involved in the proceedings.
Please also note our cookie information on independent data collection by third-party providers whose tools we have integrated on our websites.
As a matter of principle, we are not subject to any professional secrecy obligation (such as banking or medical secrecy). Please let us know in individual cases if you are of the opinion that certain personal data is subject to a duty of confidentiality so that we can examine your request.
10. cookies
Cookies help in many ways to make your visit to our website easier, more enjoyable and more meaningful. Cookies are information files that your web browser automatically stores on your computer's hard drive when you visit our website.
We use cookies, for example, to offer you the shopping cart function across several pages and to temporarily store your entries when you fill out a form on the website so that you do not have to repeat the entry when you call up another sub-page. Cookies may also be used to identify you as a registered user after you have registered on the website, without you having to log in again when you call up another sub-page.
Most internet browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears when you receive a new cookie.
Deactivating cookies may mean that you cannot use all the functions of our website.
11. tracking tools
a) General
For the purpose of demand-oriented design and continuous optimisation of our website, we use the web analysis service of Google Analytics. In this context, pseudonymised usage profiles are created and small text files stored on your computer ("cookies") are used. The information generated by the cookie about your use of this website is transmitted to the servers of the providers of these services, stored there and processed for us. In addition to the data listed under points 2 and 3, we may receive the following information as a result:
· Navigation path that a visitor follows on the site,
· Dwell time on the website or sub-page,
· the sub-page on which the website is left,
· the country, region or city from where access is made,
· End device (type, version, colour depth, resolution, width and height of the browser window) and
· Returning or new visitor.
The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services related to the use of the website and the internet for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf.
b) Google Analytics
The provider of Google Analytics is Google Inc, a company of the holding company Alphabet Inc, based in the USA. Before the data is transmitted to the provider, the IP address is shortened by activating IP anonymisation ("anonymizeIP") on this website within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. In these cases, we ensure through contractual guarantees that Google Inc. complies with a sufficient level of data protection. According to Google Inc., in no case will the IP address be associated with other data relating to the user.
For more information about the web analytics service used, please visit the Google Analytics website. Instructions on how to prevent the processing of your data by the web analysis service can be found at http://tools.google.com/dlpage/gaoptout?hl=en.
c) Hubspot
We use HubSpot, Inc to tailor content to website visitors and how we communicate with them. The provider is HubSpot, Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141 USA. The cookies collect data about the usage behaviour of visitors to our pages. This data flows into analyses and helps us to improve our website. The cookies collect data such as the number of visitors to the website, how they came to the site and which pages they visited. For more information about Hubspot cookies, please see HubSpot's privacy policy at https://legal.hubspot.com/privacy-policy.
d) Push Alert
We use Push Alert from InkWired Technologies Private Limited in India as a browser messaging service for web push notifications or to display messages on the website.
For more information on the cookies used, please see the privacy policy at https://pushalert.co/privacy-policy.html.
e) VWO (Visual Website Optimizer)
We use the VWO tool from Wingify, a company based in India, on our website to learn more about our users through A/B tests and to make our offer and website user-friendly. The data collected here is all anonymised and complies with the applicable data protection regulations. You can find the data protection declaration under the following link: https://vwo.com/privacy-policy/.
f) Getsitecontrol
We use the Getsitecontrol tool on our website to find out more about our users, to show relevant content for selected customer segments with anonymised customer accounts and to optimise our offering. All data collected here is anonymised and complies with the applicable data protection regulations. The privacy policy can be found at the following link: Privacy policy | Getsitecontrol
g) Social media plugins
Plugins of the network LinkedIn Inc., 2029 Stierlin Court, Mountain View, CA 94043, USA are used on our website.
Please note that the plugin establishes a connection between your browser and the LinkedIn server when you visit our website. LinkedIn is thus informed that our website has been visited with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account at the same time, you have the option of linking content from our website to your LinkedIn profile page. In doing so, you enable LinkedIn to associate your visit to our website with your user account.
You can find more information on this in LinkedIn's privacy policy at: https://www.linkedin.com/legal/privacy-policy
12. note on data transfers abroad
We process and store personal data mostly in Switzerland and the European Economic Area (EEA). However, in certain cases, we may disclose personal data to service providers and other recipients (see 9) located or processing personal data outside this area, in principle in any country in the world. These countries may not have laws that protect your personal data to the same extent as in Switzerland or the EEA. If we transfer your personal data to such a country, we will ensure the protection of your personal data in an appropriate manner.
One means of ensuring adequate data protection is, for example, the conclusion of data transfer contracts with the recipients of your personal data in third countries that ensure the necessary data protection. These include contracts approved, issued or recognised by the European Commission and the Federal Data Protection and Information Commissioner, so-called standard contractual clauses. Please note that such contractual arrangements can partially compensate for weaker or missing legal protection, but cannot completely exclude all risks (e.g. of government access abroad). In exceptional cases, the transfer to countries without adequate protection may also be permissible in other cases, e.g. based on consent, in connection with legal proceedings abroad or if the transfer is necessary for the performance of a contract.
For the sake of completeness, we would like to point out for users resident or domiciled in Switzerland that there are surveillance measures in place in the USA by US authorities which generally allow the storage of all personal data of all persons whose data has been transferred from Switzerland to the USA. This is done without any differentiation, limitation or exception based on the objective pursued and without any objective criterion that would make it possible to limit the access of the US authorities to the data and their subsequent use to very specific, strictly limited purposes that are capable of justifying the intrusion associated with both access to and use of this data. Furthermore, we would like to point out that in the USA, there are no legal remedies available to data subjects from Switzerland that would allow them to gain access to the data concerning them and to obtain their correction or deletion, or that there is no effective judicial legal protection against general access rights of US authorities. We explicitly draw the attention of the data subject to this legal and factual situation so that he or she can make an appropriately informed decision to consent to the use of his or her data.
We would like to point out to users residing in a member state of the EU that the USA does not have a sufficient level of data protection from the point of view of the European Union - among other things due to the issues mentioned in this section. Insofar as we have explained in this privacy statement that recipients of data (such as Google) are based in the USA, we will ensure either through contractual arrangements with these companies or by ensuring that these companies are certified under the EU or Swiss-US Privacy Shield that your data is protected with our partners with an appropriate level.
13. basis for the processing of your data
When processing personal data for the purposes described herein, we rely on, among other things, your consent to this Privacy Policy, the obligation to perform a contract, as well as the exercise of legitimate interests, for example, when data processing is a central part of our business activities, including in maintaining and managing the business relationship and communication with you, as a business contact, about our operations and events, or to comply with domestic and foreign laws.
14. How do we process sensitive personal data?
Certain types of personal data are considered "particularly worthy of protection" under data protection law, e.g. information on health and biometric characteristics. Depending on the constellation, the categories of personal data mentioned in points 2 and 3 may also include such particularly sensitive personal data. However, we generally only process sensitive personal data if it is necessary for the provision of a service, if you have provided us with this data of your own accord or if you have consented to the processing. We may also process particularly sensitive personal data if this is necessary to uphold the law or to comply with domestic or foreign legal provisions, if the data concerned has clearly been disclosed to the public by the person concerned or if the applicable law otherwise permits its processing.
We may process sensitive personal data in the following cases, for example:
· You want to order an alcoholic beverage in our webshop and add an ID document to your customer account for digital age verification;
· You apply for a job vacancy and provide information about your health, trade union affiliation or criminal record.
15. your rights in connection with the processing of your personal data; right to information, correction, deletion and restriction of processing; right to data portability
You have the right to object to data processing, especially if we process your personal data on the basis of a legitimate interest and the other applicable conditions are met. You can also object at any time to data processing in connection with direct marketing (e.g. advertising e-mails). This also applies to profiling, insofar as this is connected with such direct marketing.
To the extent that the applicable requirements in each case are met and no statutory exceptions apply, you also have the following rights:
· the right to request information about your personal data stored by us;
· the right to have inaccurate or incomplete personal data corrected;
· the right to request the deletion or anonymisation of your personal data;
· the right to request the restriction of the processing of your personal data;
· the right to receive certain personal data in a structured, common and machine-readable format;
· the right to revoke consent with effect for the future, insofar as processing is based on consent.
Please note that these rights may be restricted or excluded in individual cases, e.g. if there are doubts about the identity or if this is necessary to protect other persons, to safeguard interests worthy of protection or to comply with legal obligations.
You can exercise the most important of the above rights via the customer account or with Lyreco Customer Care. If you have a customer account, you can correct your master data stored there (e.g. your address) at any time. You can also request the deactivation of the customer account or the complete deletion of your personal data. In addition, you can unsubscribe from newsletters and other promotional emails by clicking on the corresponding link at the end of the email.
You are also free to lodge a complaint with a competent supervisory authority if you have concerns about whether the processing of your personal data complies with the law.
You also have the right to demand that we return the data you have given us (right to data portability). On request, we will also pass the data on to a third party of your choice. You have the right to receive the data in a common file format.
If the lawful processing is based on your consent, you have the right to revoke it at any time.
You can contact us for the aforementioned purposes via the e-mail address ch.dataprotection@lyreco.com. We may, at our discretion, require proof of identity to process your applications.
16. Profiling
"Profiling" means the automated processing of personal data in order to analyse personal aspects or make predictions, e.g. the analysis of personal interests, preferences, affinities and habits or the prediction of likely behaviour. Profiling can be used in particular to derive preference data (for more information, see "Preference data").
Profiling is a common process, e.g. in automated processing
· of master data, contract data, behavioural data and transaction data for purchases in our web shop;
· of behavioural, transactional and technical data in connection with our websites;
· of information in connection with attendance at events, or participation in competitions, prize draws and similar events;
· of communication data, e.g. your response to advertising and other communications;
· from other behavioural and transactional data.
Profiling helps us to do this, for example,
· to continuously improve our services and better tailor them to individual needs;
· to present our contents and offers to you in a way that meets your needs;
· As far as possible, only present you with advertisements and offers that are likely to be relevant to you;
· To better support you in customer service;
· to decide which payment options are available based on a credit check.
We carry out profiling, e.g. in connection with our webshop, by evaluating your shopping behaviour and assigning you to certain interests based on this. Such interests can be formed permanently or on a case-by-case basis and can relate, for example, to the motive for buying. This profiling enables us, for example, to send you relevant product suggestions via newsletter.
Profiling also takes place, for example, in connection with the customer account, e.g. by evaluating your usage and shopping behaviour in our webshop and on our website, for example in order to offer you an individual user experience and to provide you with offers tailored to your interests.
You can object to profiling in certain cases as described in section 15.
17. Data security
We use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments. However, like all companies, we cannot rule out data security breaches with absolute certainty; certain residual risks are unavoidable. Security measures of a technical nature include, for example, the encryption and pseudonymisation of data, logging, access restrictions and the storage of backup copies. Security measures of an organisational nature include, for example, instructions to our employees, training and controls. We also oblige our order processors to take appropriate technical and organisational security measures.
18. retention of data
We only store personal data for as long as it is necessary to use the tracking and analysis services mentioned above as well as the further processing within the scope of our legitimate interest.
This means that we process and store your personal data:
· as long as it is necessary for the purpose of the processing or the purposes agreed with it, in the case of contracts as a rule at least for the duration of the contractual relationship;
· as long as we have a legitimate interest in storing it. This may be the case in particular if we need personal data to enforce or defend claims, for archiving purposes and to ensure IT security;
· as long as they are subject to a statutory retention obligation. For certain data, for example, a ten-year retention period applies. For other data, shorter retention periods apply in each case, e.g. for recordings from video surveillance or for recordings of certain processes on the internet (log data).
In certain cases, we also ask for your consent if we want to store personal data for longer (e.g. for job applications that we want to keep pending). After expiry of the above-mentioned periods, we delete or anonymise your personal data.
We are guided by the following retention periods, for example, although we may deviate from these in individual cases:
· Customer account: Personal data is stored for the duration of the customer account. If a deletion of the customer account is ordered, the data will be deleted at the latest after 30 days following a review of outstanding claims and other relevant points that prevent immediate deletion.
· Contracts: As a rule, we keep master and contract data for ten years from the last contract activity or from the end of the contract. However, this period may be longer if this is necessary for reasons of evidence, legal or contractual requirements or for technical reasons. Transaction data in connection with contracts is generally retained for ten years.
· Technical data: Cookies are usually stored for between a few days and two years, unless they are deleted immediately after the end of the session.
· Communication data: E-mails, messages via the contact form and written correspondence are generally retained for ten years.
· Image and sound recordings: The retention period varies depending on the purpose. It ranges from a few days for security camera recordings to several years for reports on events with images.
· Job applications: As a rule, we delete application data within six months after completion of the application process. With your consent, we may keep your application pending with a view to possible subsequent employment.
We retain contractual data for a longer period of time because this is required by statutory retention obligations. Retention obligations that oblige us to retain data result from accounting regulations and tax regulations. According to these regulations, concluded contracts and accounting vouchers as well as, under certain circumstances, business communication must be retained for up to 10 years. Data that is not subject to this retention period will be deleted 3 years after the last contact or the last order.
19. right to complain to a data protection supervisory authority
You have the right to complain to a data protection supervisory authority at any time.
· The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).
· The competent supervisory authority in the Principality of Liechtenstein is the Data Protection Authority of the Principality of Liechtenstein.
· The competent supervisory authority in Germany is the Hamburg Commissioner for Data Protection and Freedom of Information, Klosterwall 6 (Block C), 20095 Hamburg, Germany.
· The competent supervisory authority in Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
· The competent supervisory authority in France is the Commission nationale de l'informatique et des libertés, 3 Place de Fontenoy, TSA 80715, 75334 PARIS CEDEX 07
· The competent supervisory authority in Italy is the Garante per la protezione dei dati personali, con sede in Piazza Venezia 11, IT-00187, Roma
20. Amendment of this Privacy Policy
This privacy policy may be amended over time, in particular if we change our data processing practices or if new legislation becomes applicable. We actively inform persons whose contact details are registered with us of such changes in the event of significant changes, if this is possible without disproportionate effort. In general, the data protection statement in the version current at the time of the start of the processing in question applies to data processing in each case.
June 2024