Privacy Policy

At Lyreco, we believe privacy is important.

To protect your privacy, Lyreco will ensure all Personal Data is handled in a secure way and used only as outlined in the sections below.

This privacy policy informs you what Personal Data we collect, how we use it and the measures we take to keep it safe (hereinafter referred as “Privacy Policy”).

This policy is our commitment to privacy concerning the processing of Personal Data related to Lyreco Customers which employees, representatives or agents, are the users of Lyreco websites and webshops (hereinafter called “Customer Data Subjects”).

In this Privacy Policy, “you”, “yours”, refer to Customer Data Subjects whose Personal Data are processed by Lyreco through such websites and webshops (“Customer Personal Data”), and “we”, “our”, “us”, refer to Lyreco.

LYRECO Hong Kong. and all its Affiliated Companies (hereinafter referred as “Lyreco”) – is a company specialized in workplace solutions, including notably office supplies, personal protective equipment and packaging distribution. Lyreco is exclusively supplying to other companies in business-to-business relationships.

Scope

This Privacy Policy applies to Customer Personal Data only processed by Lyreco through such websites and webshops.

Lyreco processes Customer Personal Data fairly and lawfully in accordance with applicable data protection laws, including the Personal Data Protection Act and its further Amendments (“the Applicable Data Protection Law”).

In the event of any conflict between this Privacy Policy and the Applicable Data Protection Law, the provisions of the Applicable Data Protection Law shall prevail.

Our data protection contact may be contacted at privacy.office-HK@lyreco.com

Data Collection

In the course of supplying its Services to B2B Customers, which are in business relationship with Lyreco, Lyreco will need to process Customer Personal Data. Indeed, in principle Customer Data Subjects should be the sole end-users of the Lyreco’s website or webshops, acting on behalf of such Customers and under their own responsibility. Customer Personal Data to be processed through websites or webshops are primarily information required by Lyreco to be able to supply the Services to Customers, mainly to follow-up a purchase order placed on the website by Customer Data Subjects.

Lyreco may process the following categories of Customer Personal Data (non-exhaustive list):

·       Identity and contact : Customer Data Subjects’ name, telephone number and email address;

·       Professional information : Customer Company name, ID number and address;

·       Financial information, such as credit card or bank account numbers;

·       Transactional information based on Customer Data Subjects’ activities on the Website or webshop;

·       Digital Footprint :  Device and  connection information, statistics on page views, traffic, IP address and standard web log information, navigation data;

·       Any other information (of professional or private nature) Customer Data Subjects may share with us from surveys, chat, or any other communication channel.

For the avoidance of doubt, mandatory information required in online forms are identified by an asterix field.

Use

Your Personal Data are used by Lyreco to:

·       Create a Customer Account on our website;

·       Answer Customer enquiries;

·       Perform Customer management operations regarding orders, deliveries, invoices, accounting (management of receivable accounts)

·       Conduct targeted marketing campaigns

·       inform Customers about our products and services and promotional offers

·       Monitor our relationship with our Customers

·       Conduct Customer satisfaction surveys and conduct sales statistics

·       Resolve disputes, collect fees, and troubleshoot problems

·       Monitor Customer experience on our website.

We also use Cookies in order to enhance your customer experience on our website, please refer to the cookie policy section below in this document.

Data Retention

We will keep your Personal Data during the term of our commercial relationship with the concerned Customer, i.e. the Company you depend, and up to three (3) years after your last contact or order with Lyreco, unless applicable legislation prevents us from doing so, notably for archiving purposes. For example, Customer Personal Data mentioned in our invoices will be kept for a longer period, in accordance with any applicable law and regulations from time to time.

Disclosure to Third Parties

Your Personal Data are accessed and processed by authorized members of the commercial, financial and support departments of Lyreco, for the purposes described above.

Lyreco do not share Customer Personal Data with unaffiliated third parties, except as necessary for its legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law. This may include :

·       Third Party Providers Lyreco may grant access to Customer Personal Data:

o   To its service providers or contractors: Lyreco transfer Personal Data to its third party service providers, such as (IT) systems providers, hosting providers, consultants and other goods and services providers or contractors. Lyreco work with such providers so that they can process Customer Personal Data on its behalf. Lyreco will only transfer Personal Data to them when they meet Lyreco strict standards on the processing of data and security. Lyreco only share Customer Personal Data in order to provide its Services to Customers.

o   When you enter into transactions with others or make payments on Lyreco’s website, Lyreco will share transaction information with those third parties necessary to complete the transaction. We will require those third parties to respect your privacy, and adequately protect your Personal Data.

·       Courts, tribunals, law enforcement or regulatory bodies: Lyreco reserves the right to share Customer Personal Data or any other information related to its Customers to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state or company security is at issue (such as terrorist attacks), Lyreco reserves the right to share our entire database of Customers and Customer Personal Data with appropriate governmental authorities.

·       Internal auditors, professional accountants, legal advisers may access to documents, such as invoices, which may also contain Customer Personal Data, for the purpose of their mission.

·       Lyreco may transfer Customer Personal Data to a potential buyer, transferee, merger partner or seller and their advisers in connection with an actual or potential transfer or merger of part or all of Lyreco’s business or assets, or any associated rights or interests, or to acquire a business or enter into a merger with it.

Lyreco never sells your Personal Data to third parties, such as marketers.

Security

Lyreco implements commercially reasonable technical and organizational security controls to protect Customer Personal Data against theft, loss or misuse. Your Personal Data will be stored in a secure operating environment that is not accessible without authorization. Lyreco applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your Personal Data.

When you enter sensitive information (such as credit card numbers and passwords):

·       We encrypt that information to protect against eavesdropping using SSL.

·       This data is further protected by encryption in storage.

·       We also use measures to enhance security, such as analyzing account behavior for fraudulent or otherwise anomalous behavior.

·       We may limit use of site features in response to possible signs of abuse, may remove inappropriate content or links to illegal content, and may suspend or disable Customer accounts for violations of our terms and conditions.

Users Rights

We ask you to submit any request in writing.

Upon your Company request (either by you, if you are its unique representative, or by any other person mandated by the Customer concerned), we will close your account made on behalf of a Customer and remove your and/or any Customer Personal Data from view as soon as reasonably possible, based on the account activity and in accordance with applicable laws, including the Applicable Data Protection Law.

We may retain some Customer Personal Data from closed accounts to comply with our legal obligations related with: Fraud prevention, fees collection, disputes solving, troubleshoot problems, to assist authorities with any investigation, and take other actions otherwise permitted by law.

You shall also contact the Company to whom you depend in order to verify other contractual obligations such Customer may have towards Lyreco or to apply your rights as a Customer Data Subject directly with your Company.

Contact us

To exercise directly your rights, express a concern, raise a question, make a complaint, or to obtain additional information about the processing of your Personal Data made by Lyreco, you may send an e-mail to the following address: privacy.office-HK@lyreco.com or contact Lyreco customer support accompanied by a valid proof of ID (and/or the evidence you are the person who has created the Customer account on its behalf).

Lyreco undertakes to respond to your request within one (1) month and up to three (3) months depending on the complexity of the request and/or of the number of requests received by Lyreco.

In case of dispute, you may lodge a complaint with the Personal Data Protection Commission.

Update of Privacy Policy

Lyreco may occasionally update or modify this Privacy Policy.

Lyreco will notify you by placing a prominent notice on the home page of its website or, if legally required, by directly sending you a notification. Lyreco encourages you to periodically review this Privacy Policy to stay informed about how Lyreco is helping to protect the Customer Personal Data collected. Your continued use of the Lyreco Services constitutes your individual agreement to this Privacy Policy and any updates.

Cookie Policy

1. Definition :

Cookies, or other similar trackers, are files used by a server to interact with the browser (herein referred as “Cookies”). Cookies are used to send status information when a user visits a site. Status information can be, for example, a session ID, language, expiration date, response domain, and so on. Cookies make it possible to store status information during their validity period when a browser accesses the various pages of a website or when this browser returns to the said site later.

2. Retention :

There are different types of Cookies used by Lyreco:

·       session cookies that disappear as soon as you leave the browser or the site;

·       permanent cookies such as analytic cookies that remain on your device until they expire (up to 13 months) or until you delete them using your browser’s features.

3. What about google analytics cookies and usage on our website? :

Lyreco uses Google Analytics. More information about how Google Analytics is used by Lyreco can be found here: Google Analytics Privacy To provide website visitors with more choice on how their data is collected by Google Analytics, Google have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics. The Google Analytics Opt-out Browser Add-on does not prevent information from being sent to the website itself or to other web analytics services.