We use cookies to improve our services and to make you offers related to your preferences. If you continue browsing, we will consider that you allow us to use them. You can change the settings or get more information on our Terms of use & Cookies Policy.




Please wait while processing...

Data privacy policy


At Lyreco, we believe privacy is important. That's why we have established a comprehensive privacy program, including a global privacy office and a chief privacy officer, designed to help us protect privacy rights.

To protect your privacy, Lyreco will ensure all Personal Data is handled in a secure way and used only as outlined in the sections below. This privacy policy informs you what Personal Data we collect, how we use it and the measures we take to keep it safe.

This policy is our commitment to privacy concerning the processing of Personal Data related to Customers. (hereinafter referred as “Privacy Policy”)

In this Privacy Policy, “you”, “yours”, refer to the Customer Data Subjects whose Personal Data are processed by or on behalf of Lyreco and “we”, “our”, “us”, refer to Lyreco.

LYRECO, a simplified joint stock company organized and existing under the laws of France, whose registered offices are rue du 19 mars 1962, 59770 MARLY (France) and all its Affiliated Companies (hereinafter referred as “Lyreco”)  including Lyreco (thailand) Co.,Ltd. - is a company specialized in workplace solutions, including notably office supplies, personal protective equipment and packaging distribution. Lyreco is exclusively supplying to other companies in business-to-business relationships (hereinafter referred individually as “Customer” and collectively as “Customers”).


1        Definitions

1.1     Affiliated Companies” means any companies being controlled by, or under common control with Lyreco.

1.2    Applicable Data Protection Law(s)” means the relevant local personal data protection, data security, data retention, and data privacy laws and regulations to which the Personal Data are subject, including the PDPA.

1.3    Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

1.4    “Customer Data Subjects” means any employee, consultant, agent, or any other authorized natural person to place purchase order towards Lyreco on behalf of the Customer.

1.5    “Customer Personal Data” means Personal Data of the Customer Data Subjects processed by Lyreco as a Controller while supplying its Services to the Customer.

1.6    “Personal Data Protection Act” or “PDPA” refers to Personal Data Protection Act, B.E. 2562 (2019) published on Government Gazette on 27 May 2019 regarding the law concerning personal data protection.

1.7     Personal Data” means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.8    Process,” “processes,” “processing,” and “processed” means any operation or set of operations which is performed on Personal Data or sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.


1.9    “Service” means the supply and sale of products and all associated services proposed globally or at local level by Lyreco


1.10  Third Party(ies)” means Lyreco authorized auditors, accountants, contractors, agents, and third party service providers that process Personal Data.


2        Scope

This Privacy Policy only applies to Customer Personal Data processed by or on behalf of Lyreco.

Lyreco processes Personal Data fairly and lawfully in accordance with Applicable Data Protection Laws.

In the event of any conflict between this Privacy Policy and Applicable Data Protection Laws, the provisions of Applicable Data Protection Laws shall prevail.


What Personal Data do we collect and use?

In the course of supplying its Services to Customers, Lyreco will need to process Customer Personal Data. Indeed, the Customer Data Subjects are the sole end-users of Lyreco and the Lyreco’s website acting on behalf of the Customers, which are in business relationships with Lyreco. The Customer Personal Data to be processed through the website are mainly and basically the Personal Data required for Lyreco to be able to supply the Services to the Customers, that is to say mainly to place and follow-up a purchase order placed to Lyreco.

Lyreco processes the following categories of Customer Personal Data :

-       Your name, telephone number and email

-       Company name, ID number and address

-       Credit card information

-       Location information (i.e.: IP address)

For the sake of clarity, mandatory information required in online forms are identified by an asterisk (*).


What do we use that information for ?

PDPA allows us to process Personal Data, so long as we have a basis or “ground” under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your Personal Data, we will rely on one of the following processing conditions:

·         Performance of a contract: this is when the processing of your personal information is necessary to perform our obligations under a contract;


·         Legal obligation: this is when we are required to process your personal information to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement agency;


·         Legitimate interests: we will process information about you where it is in our legitimate interest in running a lawful business to do so to further that business, so long as it doesn’t outweigh your interests;


·         Your consent. In some cases, we will ask you for specific permission to process some of your personal information, and we will only process your Personal Data in this way if you agree to us doing so. This will be the case when we ask you if you wish to receive a newsletter, or information about our products or services. You may withdraw your consent at any time by contacting us according to the section below in this document.

Your Personal Data are used by Lyreco to:

-       Create a Customer Account on our website

-       Answer Customer’s enquiries

-       Perform Customer management operations regarding orders, deliveries, invoices, accounting (management of accounts receivable),

-       Conduct marketing campaigns and inform Customers about our products and services,

-       Monitor our relationship with our Customers conduct Customer satisfaction surveys, conduct sales statistics,

-       Manage unpaid invoices recovery and disputes with our Customers,

-       Monitor Customer’s experience on our website


We also use Cookies in order to enhance your customer experience on our website, please refer to the cookie policy section below in this document.


For How long do we keep your Personal Data ?


We will keep your Personal Data during the term of our commercial relationship and up to 3 years after your last contact or order with Lyreco, unless applicable legislation prevents us from doing so, notably for archiving purposes. For example, Customer Personal Data mentioned in our invoices will be kept for a longer period, in accordance with local applicable regulations.


With whom do we share your information ?

Your Personal Data are accessed and processed by authorized members of the commercial, financial and support departments of Lyreco, for the purposes described above.

Lyreco do not share Personal Data with unaffiliated third parties, except as necessary for its legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law. This would include:

·         Third Party Providers Lyreco may grant access to Customer Personal Data:


o    To its service providers or contractors: Lyreco transfer Personal Data to its third party service providers, such as (IT) systems providers, hosting providers, consultants and other goods and services providers or contractors. Lyreco work with such providers so that they can process your Personal Data on its behalf. Lyreco will only transfer Personal Data to them when they meet Lyreco strict standards on the processing of data and security. Lyreco only share Personal Data in order to provide its Services to Customers.

o    When you enter into transactions with others or make payments on Lyreco's website, Lyreco will share transaction information with those third parties necessary to complete the transaction. We will require those third parties to respect your privacy, and adequately protect your Personal Data.


·           Courts, tribunals, law enforcement or regulatory bodies: Lyreco reserves the right to share your information to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state or company security is at issue (such as terrorist attacks), Lyreco reserves the right to share our entire database of Customers and Customer Personal Data with appropriate governmental authorities.


·           Internal auditors, professional accountants, legal advisers may access to documents, such as invoices, which contain Customer Personal Data, for the purpose of their mission.


·         Lyreco may transfer your Personal Data to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Lyreco’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.

Lyreco never sells your Personal Data to third parties, such as marketers.

Lyreco do not provide any Personal Data to "people finder," "public directory" or "white pages" sites.


What about the localization and transfer of your Personal Data ?

Lyreco may transmit your personal data to other countries in which they provide adequate protection of personal data or they are countries in the European Economic Area where GDPR laws and regulations governing personal data provide adequate protection in order to comply to your personal rights and maintain security in the processing of personal data properly and comply to applicable data protection laws.

If it is necessary to transmit or transfer your personal data to a country that has lower personal data protection standards than Thailand or countries in the European Economic Area, we undertake various measures to ensure the management of data and its transmission is safe and comply to applicable data protection laws.


How do we secure the processing of your Personal Data ?

Lyreco implements commercially reasonable technical and organizational security controls to protect your Personal Data against theft, loss or misuse. Your Personal Data will be stored in a secure operating environment that is not accessible without authorization. Lyreco applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your Personal Data.

When you enter sensitive information (such as credit card numbers and passwords):

  • We encrypt that information to protect against eavesdropping using SSL.
  • This data is further protected by encryption in storage.
  • We also use measures to enhance security, such as analyzing account behavior for fraudulent or otherwise anomalous behavior.
  • We may limit use of site features in response to possible signs of abuse, may remove inappropriate content or links to illegal content, and may suspend or disable accounts for violations of our terms and conditions.


What are your rights concerning our processing(s) of your Personal Data ?

You have the following rights concerning the processing(s) of your Personal Data made by or on behalf of Lyreco :

·         Access


In addition to the information that is available on Lyreco's website, you have the right to access the Personal Data that Lyreco holds about you, all subject to the exemptions as contained in Applicable Data Protection Laws. If you request the data, then Lyreco will assist you. Your identity will need to be confirmed before you are provided with access to your Personal Data. Generally, Lyreco does not charge for providing information, but if the request is manifestly unfounded or excessive, in particular because of their repetitive character, Lyreco reserves the right to charge a fee for such requests.

We ask you to submit your request in writing. An access request form is available on Lyreco's website and in all locations for you to fill out. If you choose to write a letter rather than fill out a form, please include the following:

-       Your full mailing address

-       Your daytime telephone number

-       Names of specific files or types of records to which you request access, including specific dates of those records, where possible

Please provide as much detail as possible.

All formal access requests will be directed to the data privacy officer, who will then review each request to determine whether Lyreco will disclose the requested information. The data privacy officer can be reached at the directly at the following address : th.pdpa@lyreco.com


·         Modification and Rectification

If you believe there is a mistake in your Personal Data, you have a right to ask for the information to be corrected. We may ask you to provide documentation to show where Lyreco's files are incorrect. We will amend the erroneous data within a month and will notify you once the correction you have requested has been completed. PDPA provides you with the right to request correction of your Personal Data held by Lyreco if you believe there is an error or omission. You are entitled to attach a statement of disagreement with the information, reflecting any correction you requested, but which was not made by Lyreco. Lyreco will notify any person or organization to which your Personal Data was disclosed within the year as from your requested correction and advise them about the correction or statement of disagreement.


·         Portability

You may obtain and reuse the Personal Data held by Lyreco for your own purposes across different services. Lyreco allows you to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right applies to your Personal Data held by Lyreco, where the processing was automated and used in the light of Lyreco Services provision within the contract the Customer has with Lyreco, or where such processing was based on the consent you gave Lyreco for it.

You may Log in to Lyreco's online web portal and download the information provided in the "Export" section of the portal.


·         Deletion

Lyreco does not store Personal Data without a predefined and documented purpose. We follow laws that require us to delete Personal Data if the reason for its collection and storage no longer exists. We believe this fulfills the requirements of the privacy principle of "the right to be forgotten."

Where the Personal Data that Lyreco holds is based on the execution of a contract, and you wish to be removed from our systems prior to the retention period indicated in the "How Long Do We Use Personal Data" section, please contact our Data Privacy point of contact at the following address : th.pdpa@lyreco.com

If you have registered your personal details with us, you can deactivate your account at any time. For safety reasons, we have implemented a seven-day grace period after your request for the account to be deleted; however, logging on to your account during the grace period will reactivate the account. To prevent impersonation, once your account is deactivated and after expiration of the grace period, your account will be irrevocably suspended, ensuring that nobody can use that account identifier again.


·         Objection

You have the right to object to us processing your Personal Data if we are not entitled to use it anymore. For instance, if you are no longer work for or authorized by our customer’s company. In this case, Lyreco shall no longer process the Personal Data unless Lyreco demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms of the or for the establishment, exercise or defense of legal claims.  In the course of supplying its Services to Customers, Lyreco will need to process Customer Personal Data. Indeed, the Customer Data Subject assigned or acts on behalf of the customer is a user of Lyreco and/or the Lyreco’s website. The Customer Personal Data that are processed are mainly and basically the Personal Data required for Lyreco to be able to supply the Services to the Customers, such as to place and follow-up a purchase order placed to Lyreco. Therefore, in order to protect the interests and prevent damage to the operations of your company, you should therefore study and inquire about the impacts that may occur before exercising your right to object.

In addition, you have the right to object to collection, use and/or disclosure of your Personal Data carried out for purposes related to direct marketing, scientific, historical or statistical research.


·         Withdrawal of Consent

If you have given us consent to collect, use and/or disclose your personal information. You have the right to withdraw consent at any time. Unless that withdrawal of consent is limited by law or a contract that provides benefits to customers. For example, if the company, organization, or juristic person in which you perform duties maintains customer status or business relationships with Lyreco, withdrawing that consent may affect your organization to not receive benefits, promotions, offers or not to receive better products or services or information that is beneficial to your organization due to the fact that in the course of supplying its Services to Customers, Lyreco will need to process Customer Personal Data. Indeed, the Customer Data Subject assigned or acts on behalf of the customer is a user of Lyreco and/or the Lyreco’s website. The Customer Personal Data that are processed are mainly and basically the Personal Data required for Lyreco to be able to supply the Services to the Customers, such as to place and follow-up a purchase order placed to Lyreco. Therefore, in order to protect the interests and prevent damage to the operations of your company, you should therefore study and inquire about the impacts that may occur before exercising your right to withdraw consent.


·         Restrict Processing or Suspension of Data Usage

You have the right to temporarily suspend the use of your personal data during the review of the request to exercise the rights regarding your personal data or in the event that the personal data will be deleted or destroyed but you choose to request suspension instead, or it is pending to prove legitimate grounds for the collection, use and/or disclosure of that data.


·         Right to complaint

You have the right to make a complaint to the relevant board or legal authority. If you believe that the collection, use and/or disclosure of your personal data is violating or noncompliance with relevant laws.

However, executing your rights regarding personal data mentioned above may be restricted under applicable laws. Or there may be cases where it is necessary for us to refuse or unable to process your request of the rights, such as to comply to relevant laws or court orders, the benefit of the public,  legitimate interest, or the use of that right may violate the rights of others. If we reject your request above, we will let you know the reason for rejection.


How can you contact, raise questions and/or complaints to Lyreco ?

To exercise your rights, express a concern, raise a question, make a complaint, or to obtain additional information about the processing of your Personal Data by Lyreco, you may send an e-mail to the following address: th.pdpa@lyreco.com accompanied by a valid proof of ID.

Lyreco undertakes to respond to your request within one month and up to 3 months depending on the complexity of the request and/or of the number of requests received by the company. 


How do we update/amend this Privacy Policy ?

Lyreco may occasionally update or modify this Privacy Policy. Lyreco will notify you by placing a prominent notice on the home page of its website or, if legally required, by directly sending you a notification. Lyreco encourages you to periodically review this Privacy Policy to stay informed about how Lyreco is helping to protect the Customer Personal Data collected. Your continued use of the Lyreco Services constitutes your agreement to this Privacy Policy and any updates.


What is our Cookie Policy ?

1.     Definition :

Cookies, or other similar trackers, are files used by a server to interact with the browser (herein referred as “Cookies”). Cookies are used to send status information when a user visits a site. Status information can be, for example, a session ID, language, expiration date, response domain, and so on. Cookies make it possible to store status information during their validity period when a browser accesses the various pages of a website or when this browser returns to the said site later.

2.     Retention :

There are different types of Cookies used by Lyreco:

-       session cookies that disappear as soon as you leave the browser or the site;

-       permanent cookies such as analytic cookies that remain on your device until they expire (up to 13 months) or until you delete them using your browser's features.

3.     What about google analytics cookies and usage on our website ?

Lyreco uses Google Analytics. More information about how Google Analytics is used by Lyreco can be found here: http://www.google.com/analytics/learn/privacy.html

To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.

The best brands are on Lyreco: