We use cookies to improve our services and to make you offers related to your preferences. If you continue browsing, we will consider that you allow us to use them. You can change the settings or get more information on our Terms of use & Cookies Policy.




Please wait while processing...

Data privacy policy



At Lyreco, we believe privacy is important. That’s why we have established a comprehensive privacy program, including a global privacy office and a chief privacy officer, designed to help us protect privacy rights.

To protect your privacy, Lyreco will ensure all personal data is handled in a secure way and used only as outlined in the sections below. This privacy policy informs you what personal data we collect, how we use it and the measures we take to keep it safe.

This policy is our commitment to privacy and includes provisions on processing of personal data related to clients, consumers. (hereinafter referred as “Privacy Policy”)

In this Privacy Policy, “you”, “yours”, refer to the Customer Data Subjects whose Personal Data are processed by or on behalf of Lyreco and “we”, “our”, “us”, refer to Lyreco.


LYRECO, a simplified joint stock company organized and existing under the laws of France, whose regis- tered offices are rue du 19 mars 1962, 59770 MARLY (France) and  all  its  affiliates (hereinafter referred as “Lyreco”) - is a company specialized in workplace solutions, including notably office supplies, personal protective equipment and packaging distribution. Lyreco is exclusively supplying to other companies in business-to-business relationships (hereinafter referred individually as “Customers” and collectively as “Customers”).


1  Definitions

1.1               Affiliated Companies means any companies being controlled by, or under common control with Lyreco.

1.2               Applicable Data Protection Law(s) means the relevant local personal data protection, data security, data retention, and data privacy laws and regulations to which the Personal Data are subject, including the GDPR.

1.3               Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

1.4               “Customer Data Subjects” means any employee, consultant, agent, or any other authorized natural person to place purchase order towards Lyreco on behalf of the Customer.

1.5               “Customer Personal Data” means Personal Data of the Customer Data Subjects processed by Lyreco as a Controller while supplying its Services to the Customer.

1.6               General Data Protection Regulation or GDPR means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.7               Personal Data means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirect- ly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.8               process,” “processes,” “processing,” and “processed” means any operation or set of operations which is performed on Personal Data or sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.9               Service means the supply and sale of. products and all associated services proposed globally or at local level by Lyreco

1.10            Third Party(ies)” means Lyreco authorized auditors, accountants, contractors, agents, vendors, and third party service providers that process Personal Data.


2  Scope

This Privacy Policy only applies to Customer Personal Data processed by or on behalf of Lyreco.


Lyreco processes Personal Data fairly and lawfully in accordance with Applicable Data Protection Laws.


In the event of any conflict between this Privacy Policy and Applicable Data Protection Laws, the provisions of Applicable Data Protection Laws shall prevail.


What Personal Data do we collect and use?

In the course of supplying products and/or services to Customer, Lyreco will need to process Customer’s employee(s) Personal Data. Indeed such employees are the sole end-users of the Website acting on behalf of the Customers, which are in business relationships with Lyreco. The Customers’ employees per- sonal data to be processed through the Website are mainly and basically the personal data required in order for Lyreco to be able to supply the products and/or services to the Customers, that is to say mainly to place and follow-up a purchase order placed on the Website.


Lyreco processes the following Personal Data of Customers and prospective Customers:

    Your  name, telephone number and email


    Company name, ID number and address


    Credit card information


    Location information (i.e.: IP address)


For the sake of clarity, mandatory information required in online forms are identified by an asterix field.


What do we use that information for?

The law allows us to process Personal Data, so long as we have a basis or “ground” under the law to do   so. It also requires us to tell you what those grounds are. As a result, when we process your personal data we will rely on one of the following processing conditions:

    Performance of a contract: this is when the processing of your personal information is necessary to perform our obligations under a contract;


Legal obligation: this is when we are required to process your personal information to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;


    Legitimate interests: we will process information about you where it is in our legitimate interest in running a lawful business to do so to further that business, so long as it doesn’t outweigh your interests;


    Your consent. In some cases, we will ask you for specific permission to process some of your personal information, and we will only process your personal information in this way if you agree to us doing so. This will be the case when we ask you if you wish to receive or newsletter, information about our products or services. You may withdraw your consent at any time by contacting us according to the section below in this document


Your Personal Data are used by Lyreco to:

    Create a Customer Account on our website


    Answer Customer’s enquiries


    Perform Customer management operations regarding orders, deliveries, invoices, accounting (management of accounts receivable)


    Conduct marketing campaigns and inform Customers about our products and services


    Monitor our relationship with our Customers conduct Customer satisfaction surveys, conduct sales statistics


    Manage unpaid invoices recovery and disputes with our Customers


    Monitor Customer’s experience on our website


We also use Cookies in order to enhance your Customer experience on our website, please to the cookie policy section in this document


For How long do we keep your Personal Data:

We will keep your Personal Data during the term of our commercial relationship and up to 3 years after your last contact or order with Lyreco, unless applicable legislation prevents us from doing so, notably for archiving purposes. For  example, Personal Data of our Customer mentioned in our invoices will be kept   for a longer period, in accordance with local regulations.


With whom share your information:

Your Personal Data are accessed and processed by authorized members of our commercial, financial and support departments of Lyreco, for the purposes described above.


Lyreco do not share Personal Data with unaffiliated third parties, except as necessary for our legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law.


This would include:

  Third Party Providers: Lyreco may grant access to Customer’s Personal Data:

    Our service providers or contractors: We transfer Personal Data to our third party service providers, such as our (IT) systems providers, our hosting providers, our payroll providers, consultants and other goods and services providers or contractors. Lyreco work with such providers so that they can process your Personal Data on our behalf. Lyreco will only transfer Personal Data to them when they meet our strict standards on the processing of data and security. We only share personal information that allows them to provide their services


    When you enter into transactions with others or make payments on Lyreco’s website, we will share transaction information with those third parties necessary to complete the transaction. We will require those third parties to respect your privacy, and adequately protect your personal data


  Courts, tribunals, law enforcement or regulatory bodies: Lyreco reserves the right to share your information to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state or company security is at   issue (such as terrorist attacks), Lyreco reserves the right to share our entire database of customers and customer personal data with appropriate governmental authorities


  Internal auditors, professional accountants, legal advisers may access to documents, such as invoices, which contain Customers Personal Data, for the purpose of their mission


  Lyreco may transfer Personal Data to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Lyreco’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it


Lyreco never sell your personal data to third parties, such as marketers.


Lyreco do not provide any personal data to “people finder,” “public directory” or “white pages” sites.


Localization – Data Transfer

We transmit your personal data only within countries of the European Economic Area (EEA) and to or  from countries that provide adequate protection as confirmed by the European commision except under the conditions below.


If the processing involves a transfer of Personal Data to a country outside the European Union and which does not provide adequate protection as confirmed by the European Commission, Lyreco undertakes to secure the transfer by one of the following mechanisms:

    Standard Contractual Clauses approved by the European Commission (such as Standard Contractual Clauses for Data Controllers 2004/915/EC or Standard Contractual Clauses for Data Processors 2010/87/EU or any subsequent version);


    Binding Corporate Rules: in case the Third Parties concerned have adopted EU Binding Corporate Rules that cover the Personal Data that Third Parties Process


    Any other mechanism officially recognized by Applicable Data Protection Laws as ensuring an adequate level of protection of Personal Data


Lyreco processes and shall cause Third Parties to process Personal Data in adequate jurisdictions as defined in Applicable Data Protection Law(s). These jurisdictions include countries of the European Economic Area and countries recognized as providing an adequate level of protection by the commission (For more information, see European Commission, (“Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries.”)


Security of the processing:

Lyreco implements commercially reasonable technical and organizational security controls to protect your personal data against theft, loss or misuse. Your data will be stored in a secure operating environ- ment that is not accessible without authorization. Lyreco applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your personal data.


When you enter sensitive information (such as credit card numbers and passwords):

    We encrypt that information to protect against eavesdropping using SSL


    This data is further protected by encryption in storage


    We also use measures to enhance security, such as analyzing account behavior for fraudulent or otherwise anomalous behavior


    We may limit use of site features in response to possible signs of abuse, may remove inappropriate content or links to illegal content, and may suspend or disable accounts for violations of our terms and conditions


Your rights:

You have the following rights concerning the processing(s) of your Personal Data made by or on behalf of Lyreco:


In addition to the information that is available on Lyreco’s website, you have the right to access the personal data that Lyreco holds about you, all subject to the exemptions as con- tained in applicable laws and regulations. If you request the data, then Lyreco will assist you. Your identity will need to be confirmed before you are provided with access to personal data. Generally, Lyreco does not charge for providing information, but if the request is manifestly unfounded or excessive, in particular because of their repetitive character, Lyreco reserves the right to charge a fee for such requests. We ask that you to submit your request in writing. An access request form is available on Lyreco’s website and in all locations for you to fill out. If you choose to write a letter rather than fill out a form, please include the following:


1       Your full mailing address

2       Your daytime telephone number

3       Names of specific files or types of records to which you request access, including specific dates of those records, where possible


Please provide as much detail as possible.


All formal access requests will be directed to the privacy contact, who will then review each request to determine whether Lyreco will disclose the requested information. The data privacy officer can be reached directly at the following address : privacy.office@lyreco.com



If you believe there is a mistake in your personal data, you have a right to ask for the infor- mation to be corrected. We may ask you to provide documentation to show where Lyreco’s files are incorrect. We will amend the erroneous data within a month and will notify you once the correction you have requested has been completed. GDPR provides you with the right

to request correction of your personal data held by Lyreco if you believe there is an error or omission. You are entitled to attach a statement of disagreement with the information,

reflecting any correction you requested, but which was not made by Lyreco. Lyreco will notify any person or organization to which your personal data was disclosed within the year before you requested correction and advise them about the correction or statement of disagreement



You may obtain and reuse the personal data held by Lyreco for your own purposes across dif- ferent services. Lyreco allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right applies to your personal data held by Lyreco, where the processing was automated and used  in the light of Lyreco services provision within the contract the Customer have with Lyreco, or where such processing was based on the consent you gave Lyreco for it


You may log in to Lyreco’s online web portal and download the information provided in the “Export” section of the portal



Lyreco does not store personal data without a predefined and documented purpose. We follow laws that require us to delete personal data if the reason for its collection and storage no longer exists. We believe this fulfills the requirements of the privacy principle of “the right to be forgotten.”

Where the personal data that Lyreco holds is based on the execution of the contract, and you wish to be removed from our systems prior to the retention period indicated in the “How Long We Use Personal Data” section, please contact our privacy officer at privacy.office@lyreco.com.

If you have registered your personal details with us, you can deactivate your account at any time. For  safety reasons, we have implemented a seven-day grace period after you request  the account to be deleted; however, logging on to your account during the grace period will reactivate the account. To prevent impersonation, once your account is deactivated and after expiration of the grace period, your account will be irrevocably suspended, ensuring that nobody can use that account identifier again


       Object to processing:

You  have the right to object to us processing your Personal Data if we are not entitled to   use it any more. In this case, Lyreco shall no longer process the Personal Data unless Lyreco

demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms of the or for the establishment, exercise or defense of legal claims


Contact, Questions & Complaints


To exercise your rights, express a concern, raise a question, make a complaint, or to obtain additional information about the processing of your Personal Data by the Lyreco, you may send an e-mail

to the following address: privacy.office@lyreco.com or contact Lyreco customer support accompanied by a valid proof of ID.


Lyreco undertakes to respond to your request within one month and up to 3 months

depending on the complexity of the request and/or of the number of requests received by the company.


In case of dispute, you may lodge a complaint with the local Data Privacy Regulatory Authority (i.e For French customers, the CNIL).


Change to the policy:

We may occasionally update or modify this privacy policy.

We  will notify you by  placing a prominent notice on the home page of our website or, if legally   required, by directly sending you a notification. Lyreco encourage you to periodically review this privacy

policy to stay informed about how Lyreco is helping to protect the customer personal data collected. Your continued use of the Lyreco services constitutes your agreement to this privacy policy and any updates.


Cookie Policy:


Cookies, or other similar trackers, are files used by a server to interact with the browser (herein referred as “Cookies”). Cookies are used to send status information when a user visits a site. Status information can be, for example, a session ID, language, expiration date,

response domain, and so on. Cookies make it possible to store status information during their validity period when a browser accesses the various pages of a website or when this browser returns to the said site later



There are different types of Cookies used by Lyreco:

session cookies that disappear as soon as you leave the browser or the site; permanent cookies such as analytic cookies that remain on your device until

they expire (up to 13 months) or until you delete them using your browser’s features


       What about google analytics cookies and usage on our website ?

Lyreco uses Google Analytics. More information about how Google Analytics is used by Lyreco can be found here: http://www.google.com/analytics/learn/privacy.html  To provide website visitors with more choice on how their data is collected by Google

Analytics, Google have developed the HYPERLINK “https://tools.google.com/dlpage/ga- optout” Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services

The best brands are on Lyreco: