At Lyreco, we believe privacy is important. That's
why we have established a comprehensive privacy program, including a global
privacy office and a chief privacy officer, designed to help us protect privacy
To protect your privacy, Lyreco will
ensure all Personal Data is handled in a secure way and used only as outlined
Personal Data we collect, how we use it and the measures we take to keep it
This policy is our commitment to privacy concerning
the processing of Personal Data related to Customers. (hereinafter referred as
the Customer Data Subjects whose Personal Data are processed by or on behalf of
Lyreco and “we”, “our”, “us”, refer to Lyreco.
LYRECO, a simplified joint stock company organized and existing under
the laws of France, whose registered offices are rue du 19 mars 1962, 59770
MARLY (France) and all its Affiliated Companies (hereinafter referred as “Lyreco”) including
Lyreco (thailand) Co.,Ltd.
- is a company specialized in
workplace solutions, including notably office supplies, personal protective
equipment and packaging distribution. Lyreco is exclusively supplying to other
companies in business-to-business relationships (hereinafter referred
individually as “Customer” and collectively as “Customers”).
Companies” means any companies being controlled by, or under common control
Data Protection Law(s)” means the relevant local personal data protection,
data security, data retention, and data privacy laws and regulations to which
the Personal Data are subject, including the PDPA.
“Controller” means the natural or legal person, public authority,
agency or other body which, alone or jointly with others, determines the
purposes and means of the processing of Personal Data.
Subjects” means any
employee, consultant, agent, or any other authorized natural person to place
purchase order towards Lyreco on behalf of the Customer.
Data” means Personal Data of the Customer Data Subjects processed by Lyreco
as a Controller while supplying its Services to the Customer.
Protection Act” or “PDPA” refers to Personal
Data Protection Act, B.E. 2562 (2019) published on Government Gazette on 27 May
2019 regarding the law concerning personal data protection.
“Personal Data” means any information
relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be
identified, directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, an online identifier
or to one or more factors specific to the physical, physiological, genetic,
mental, economic, cultural or social identity of that natural person.
“processes,” “processing,” and “processed”
means any operation or set of operations which is performed on Personal Data or
sets of Personal data, whether or not by automated means, such as collection,
recording, organization, structuring, storage, adaptation or alteration,
retrieval, consultation, use, disclosure by transmission, dissemination, or
otherwise making available, alignment or combination, restriction, erasure, or
1.9 “Service” means the
supply and sale of products and all associated services proposed globally or at
local level by Lyreco
“Third Party(ies)” means Lyreco
authorized auditors, accountants, contractors, agents, and third party service
providers that process Personal Data.
processed by or on behalf of Lyreco.
Personal Data fairly and lawfully in accordance with Applicable Data Protection
Data Protection Laws, the provisions of Applicable Data Protection Laws shall
What Personal Data do
we collect and use?
In the course of supplying its Services to Customers, Lyreco will need to process Customer Personal Data. Indeed,
the Customer Data Subjects are the sole end-users of Lyreco and the Lyreco’s
website acting on behalf of the Customers, which are in business relationships
with Lyreco. The Customer Personal
Data to be processed through the website are mainly and
basically the Personal Data required for Lyreco
to be able to supply the Services to the Customers,
that is to say mainly to place and follow-up a purchase order placed to Lyreco.
Lyreco processes the
following categories of Customer Personal Data :
- Your name, telephone number and email
- Company name, ID number and address
- Credit card information
- Location information (i.e.: IP address)
For the sake of
clarity, mandatory information required in online forms are identified by an
What do we use that
information for ?
PDPA allows us to process Personal Data, so long as we
have a basis or “ground” under the law to do so. It also requires us to tell
you what those grounds are. As a result, when we process your Personal Data, we
will rely on one of the following processing conditions:
Performance of a contract: this is when
the processing of your personal information is necessary to perform our
obligations under a contract;
Legal obligation: this is when we are
required to process your personal information to comply with a legal
obligation, such as keeping records for tax purposes or providing information
to a public body or law enforcement agency;
Legitimate interests: we will process
information about you where it is in our legitimate interest in running a
lawful business to do so to further that business, so long as it doesn’t
outweigh your interests;
Your consent. In some cases, we
will ask you for specific permission to process some of your personal
information, and we will only process your Personal Data in this way if you
agree to us doing so. This will be the case when we ask you if you wish to
receive a newsletter, or information about our products or services. You may
withdraw your consent at any time by contacting us according to the section
below in this document.
Data are used by Lyreco to:
- Create a Customer Account on our
- Answer Customer’s enquiries
- Perform Customer management
operations regarding orders, deliveries, invoices, accounting (management of
- Conduct marketing campaigns and
inform Customers about our products and services,
- Monitor our relationship with our
Customers conduct Customer satisfaction surveys, conduct sales statistics,
- Manage unpaid invoices recovery
and disputes with our Customers,
- Monitor Customer’s experience on
We also use
Cookies in order to enhance your customer experience on our website, please
For How long do we keep
your Personal Data ?
We will keep
your Personal Data during the term of our commercial relationship and up to 3
years after your last contact or order with Lyreco, unless applicable legislation prevents us from
doing so, notably for
archiving purposes. For example, Customer Personal
Data mentioned in our invoices will be kept for a longer period, in accordance
with local applicable regulations.
With whom do we share
your information ?
Data are accessed and processed by authorized members of the commercial,
financial and support departments of Lyreco, for the purposes described above.
Lyreco do not share Personal Data with unaffiliated third parties, except as necessary for its legitimate
professional and business needs, to carry out your requests, and/or as required
or permitted by law. This would include:
Third Party Providers Lyreco may grant access to Customer Personal Data:
o To its service providers or contractors: Lyreco transfer Personal Data
to its third party service providers, such as (IT) systems providers, hosting
providers, consultants and other goods and services providers or contractors.
Lyreco work with such providers so that they can process your Personal Data on
its behalf. Lyreco will only transfer Personal Data to them when they meet
Lyreco strict standards on the processing of data and security. Lyreco only
share Personal Data in order to provide its Services to Customers.
o When you enter into transactions with others or make payments on
Lyreco's website, Lyreco will share transaction information with those third
parties necessary to complete the transaction. We will require those third
parties to respect your privacy, and adequately protect your Personal Data.
Courts, tribunals, law enforcement or regulatory bodies: Lyreco reserves
the right to share your information to respond to duly authorized information
requests of governmental authorities or where required by law. In exceptionally
rare circumstances where national, state or company security is at issue (such
as terrorist attacks), Lyreco reserves the right to share our entire database of
Customers and Customer Personal Data with appropriate governmental authorities.
Internal auditors, professional accountants, legal advisers may access to documents, such as invoices, which contain Customer
Personal Data, for the purpose of their mission.
Lyreco may transfer
your Personal Data to a potential buyer,
transferee, merger partner or seller and their advisers in connection with
an actual or potential transfer or merger of part or all of Lyreco’s business
or assets, or any associated rights or interests, or to acquire a business or
enter into a merger with it.
sells your Personal Data to third parties, such as marketers.
Lyreco do not provide
any Personal Data to "people finder," "public directory" or
"white pages" sites.
What about the localization and transfer of your Personal Data ?
transmit your personal data to other countries in which they provide adequate protection of personal
data or they are countries in the European Economic Area where GDPR laws and
regulations governing personal data provide
adequate protection in order to comply to your personal rights and maintain
security in the processing of personal data properly and comply to applicable
data protection laws.
If it is
necessary to transmit or transfer your personal data to a country that has
lower personal data protection standards than Thailand or countries in the
European Economic Area, we undertake various measures to ensure the management of data and its transmission is safe
and comply to applicable data protection laws.
How do we secure the processing of your Personal Data
commercially reasonable technical and organizational security controls to
protect your Personal Data against theft, loss or misuse. Your Personal Data
will be stored in a secure operating environment that is not accessible without
authorization. Lyreco applies mitigation measures following periodic risk
assessments to ensure an adequate level of protection of your Personal Data.
When you enter
sensitive information (such as credit card numbers and passwords):
- We encrypt that
information to protect against eavesdropping using SSL.
- This data is
further protected by encryption in storage.
- We also use
measures to enhance security, such as analyzing account behavior for
fraudulent or otherwise anomalous behavior.
- We may limit use
of site features in response to possible signs of abuse, may remove
inappropriate content or links to illegal content, and may suspend or
disable accounts for violations of our terms and conditions.
What are your rights
concerning our processing(s) of your Personal Data ?
You have the following rights concerning the processing(s) of your
Personal Data made by or on behalf of Lyreco :
In addition to the
information that is available on Lyreco's website, you have the
right to access the Personal Data that Lyreco holds about you, all
subject to the exemptions as contained in Applicable Data Protection Laws. If
you request the data, then Lyreco will assist you. Your
identity will need to be confirmed before you are provided with access to your
Personal Data. Generally, Lyreco does not charge for
providing information, but if the request is manifestly unfounded or excessive, in particular because of their
repetitive character, Lyreco reserves the right to charge a fee for such
We ask you to submit
your request in writing. An access request form is available on Lyreco's website and in all
locations for you to fill out. If you choose to write a letter rather than fill
out a form, please include the following:
Your full mailing
Names of specific
files or types of records to which you request access, including specific dates
of those records, where possible
Please provide as much
detail as possible.
All formal access
requests will be directed to the data privacy officer, who will then review
each request to determine whether Lyreco will disclose the requested
information. The data privacy officer can be reached at the directly at the
following address : firstname.lastname@example.org
Modification and Rectification
If you believe there is
a mistake in your Personal Data, you have a right to ask for the information to
be corrected. We may ask you to provide documentation to show where Lyreco's
files are incorrect. We will amend the erroneous data within a month and
will notify you once the correction you have requested has been completed. PDPA provides you with the
right to request correction of your Personal Data held by Lyreco if you believe
there is an error or omission. You are entitled to attach a statement of
disagreement with the information, reflecting any correction you requested, but
which was not made by Lyreco. Lyreco will notify any
person or organization to which your Personal Data was disclosed within the
year as from your requested correction and advise them about the correction or
statement of disagreement.
may obtain and reuse the Personal Data held by Lyreco for your own purposes across different services. Lyreco allows you to move, copy or transfer Personal Data easily from one IT
environment to another in a safe and secure way, without hindrance to
usability. This right applies to your Personal Data held by Lyreco, where the processing was automated and used in the light of Lyreco
Services provision within the contract the Customer has with Lyreco, or where
such processing was based on the consent you gave Lyreco for it.
may Log in to Lyreco's online web portal and download the information provided
in the "Export" section of the portal.
Lyreco does not store Personal
Data without a predefined and documented purpose. We follow laws that require
us to delete Personal Data if the reason for its collection and storage no
longer exists. We believe this fulfills the requirements of the privacy
principle of "the right to be forgotten."
the Personal Data that Lyreco holds is based on the execution of a contract, and you
wish to be removed from our systems prior to the retention period indicated in
the "How Long Do We Use Personal Data" section, please contact our
Data Privacy point of contact at the following address : email@example.com
you have registered your personal details with us, you can deactivate your
account at any time. For safety reasons, we have implemented a seven-day grace
period after your request for the account to be deleted; however, logging on to
your account during the grace period will reactivate the account. To prevent
impersonation, once your account is deactivated and after expiration of the
grace period, your account will be irrevocably suspended, ensuring that nobody
can use that account identifier again.
have the right to object to us processing your Personal Data if we are not
entitled to use it anymore. For instance, if you are no longer work for or authorized
by our customer’s company. In this case, Lyreco
shall no longer process the Personal Data unless Lyreco demonstrates compelling
legitimate grounds for the processing which override your interests, rights and
freedoms of the or for the establishment, exercise or defense of legal
claims. In the course of supplying its
Services to Customers, Lyreco will need to process Customer Personal Data.
Indeed, the Customer Data Subject assigned or acts on behalf of the customer is
a user of Lyreco and/or the Lyreco’s website. The Customer Personal Data that
are processed are mainly and basically the Personal Data required for Lyreco to
be able to supply the Services to the Customers, such as to place and follow-up
a purchase order placed to Lyreco. Therefore, in order to protect the interests
and prevent damage to the operations of your company, you should therefore
study and inquire about the impacts that may occur before exercising your right
addition, you have the right to object to collection, use and/or disclosure of
your Personal Data carried out for purposes related to direct marketing, scientific,
historical or statistical research.
Withdrawal of Consent
you have given us consent to collect, use and/or disclose your personal
information. You have the right to withdraw consent at any time. Unless that
withdrawal of consent is limited by law or a contract that provides benefits to
customers. For example, if the company, organization, or juristic person in
which you perform duties maintains customer status or business relationships
with Lyreco, withdrawing that consent may affect your organization to not
receive benefits, promotions, offers or not to receive better products or
services or information that is beneficial to your organization due to the fact
that in the course of supplying its Services to Customers, Lyreco will need to
process Customer Personal Data. Indeed, the Customer Data Subject assigned or
acts on behalf of the customer is a user of Lyreco and/or the Lyreco’s website.
The Customer Personal Data that are processed are mainly and basically the
Personal Data required for Lyreco to be able to supply the Services to the
Customers, such as to place and follow-up a purchase order placed to Lyreco.
Therefore, in order to protect the interests and prevent damage to the
operations of your company, you should therefore study and inquire about the
impacts that may occur before exercising your right to withdraw consent.
Restrict Processing or
Suspension of Data Usage
have the right to temporarily suspend the use of your personal data during the
review of the request to exercise the rights regarding your personal data or in
the event that the personal data will be deleted or destroyed but you choose to
request suspension instead, or it is pending to prove legitimate grounds for
the collection, use and/or disclosure of that data.
Right to complaint
have the right to make a complaint to the relevant board or legal authority. If
you believe that the collection, use and/or disclosure of your personal data is
violating or noncompliance with relevant laws.
However, executing your
rights regarding personal data mentioned above may be restricted under
applicable laws. Or there may be cases where it is necessary for us to refuse
or unable to process your request of the rights, such as to comply to relevant
laws or court orders, the benefit of the public, legitimate interest, or the use of that right
may violate the rights of others. If we reject your request above, we will let
you know the reason for rejection.
How can you contact, raise questions and/or complaints to Lyreco ?
To exercise your
rights, express a concern, raise a question, make a complaint, or to obtain
additional information about the processing of your Personal Data by Lyreco,
you may send an e-mail to the following address: firstname.lastname@example.org accompanied
by a valid proof of ID.
undertakes to respond to your request within one month and up to 3 months
depending on the complexity of the request and/or of the number of requests
received by the company.
notify you by placing a prominent notice on the home page of its website or, if
legally required, by directly sending you a notification. Lyreco encourages you
helping to protect the Customer Personal Data collected. Your continued use of