first Lyreco - Home

Heading Lyreco - Home

Heading one more Lyreco - Home



At Lyreco, we believe privacy is important. That's why we have established a comprehensive privacy program, including a global privacy office and a chief privacy officer, designed to help us protect privacy rights.


To protect your privacy, Lyreco will ensure all Personal Data is handled in a secure way and used only as outlined in the sections below. This privacy policy informs you what Personal Data we collect, how we use it and the measures we take to keep it safe.


This policy is our commitment to privacy concerning the processing of Personal Data related to Customers. (hereinafter referred as "Privacy Policy")


In this Privacy Policy, "you""yours", refer to the Customer whose customer Personal Data are processed by or on behalf of Lyreco and "we""our""us", refer to Lyreco.


Lyreco UK Limited, a company incorporated in England and Wales under number 00442696 whose registered office is at LYRECO Deer Park Court, Donnington Wood, Telford, Shropshire TF2 7NB and all its Affiliated Companies (hereinafter referred as “Lyreco”) - is a company specialized in workplace solutions, including notably office supplies, personal protective equipment and packaging distribution. Lyreco is exclusively supplying to other companies in business-to-business relationships.

1. Definitions

1.1 "Affiliated Companies" means any companies being controlled by, or under common control with Lyreco and any companies, which, either directly or indirectly, control Lyreco.

1.2 "Applicable Data Protection Law(s)" means the relevant local personal data protection, data security, data retention, and data privacy laws and regulations to which the Personal Data are subject, including the GDPR.

1.3 "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

1.4 “Customer” means the natural or legal person, public authority, agency or other body which is receiving a Service from Lyreco.

1.5 "Customer Data Subjects" means any employee, consultant, agent, or any other authorized natural person to place purchase order towards Lyreco on behalf of the Customer.

1.6 "Customer Personal Data" means Personal Data of the Customer Data Subjects processed by Lyreco as a Controller while supplying its Services to the Customer.

1.7 "General Data Protection Regulation" or "GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

1.8 "Personal Data" means any information relating to an identified or identifiable natural person (‘Data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

1.9 "process," "processes," "processing," and "processed" means any operation or set of operations which is performed on Personal Data or sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.10 "Service" means the supply and sale of products and all associated services proposed globally or at local level by Lyreco

1.11 "Third Party(ies)" means Lyreco authorized auditors, accountants, contractors, agents, and third party service providers that process Personal Data.

2 Scope

This Privacy Policy only applies to Customer Personal Data processed by or on behalf of Lyreco.

Lyreco processes Personal Data fairly and lawfully in accordance with Applicable Data Protection Laws.

In the event of any conflict between this Privacy Policy and Applicable Data Protection Laws, the provisions of Applicable Data Protection Laws shall prevail.

Our nominated data protection contact is John Mason who may be contacted at uk.gdpr@lyreco.com.

What Personal Data do we collect and use?

In the course of supplying its Services to Customers, Lyreco will need to process Customer Personal Data. Indeed the Customer Data Subjects are the sole end-users of the Lyreco’s website acting on behalf of the Customers, which are in business relationships with Lyreco. The Customer Personal Data to be processed through the website is primarily the Personal Data required in order for Lyreco to be able to supply the Services to the Customers, that is to say mainly to place and follow-up a purchase order placed on the website.


Lyreco processes the following categories of Customer Personal Data:

For the avoidance of doubt, mandatory information required in online forms are identified by an asterix field.

What do we use that information for?

The GDPR allows us to process Personal Data, so long as we have a basis or "ground" under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your Personal Data we will rely on one of the following processing conditions:

Your Personal Data are used by Lyreco to:

We also use Cookies in order to enhance your customer experience on our website, please refer to the cookie policy section below in this document.

For How long do we keep your Personal Data?

We will keep your Personal Data during the term of our commercial relationship and up to 3 years after your last contact or order with Lyreco, unless applicable legislation prevents us from doing so, notably for archiving purposes. For example, Customer Personal Data mentioned in our invoices will be kept for a longer period, in accordance with any applicable law and regulations from time to time.

With whom do we share your information?

Your Personal Data are accessed and processed by authorized members of the commercial, financial and support departments of Lyreco, for the purposes described above.

Lyreco do not share Personal Data with unaffiliated third parties, except as necessary for its legitimate professional and business needs, to carry out your requests, and/or as required or permitted by law. This would include:

Lyreco never sells your Personal Data to third parties, such as marketers.

Lyreco do not provide any Personal Data to "people finder," "public directory" or "white pages" sites.

What about the localization and transfer of your Personal Data?

Lyreco transmit your Personal Data only within countries of the European Economic Area (EEA) and/or to countries that provide adequate protection as confirmed by the European Commission except under the conditions below

If the processing involves a transfer of your Personal Data to a country outside the European Union and which does not provide adequate protection as confirmed by the European Commission, Lyreco undertakes to secure the transfer by one of the following mechanisms:

Lyreco processes and shall cause Third Parties to process Personal Data in adequate jurisdictions as defined in Applicable Data Protection Law(s). These jurisdictions include countries of the European Economic Area and countries recognized as providing an adequate level of protection by the European Commission (For more information, see European Commission, "Commission Decisions on the Adequacy of the Protection of Personal Data in Third Countries").

How do we secure the processing of your Personal Data?

Lyreco implements commercially reasonable technical and organizational security controls to protect your Personal Data against theft, loss or misuse. Your Personal Data will be stored in a secure operating environment that is not accessible without authorization. Lyreco applies mitigation measures following periodic risk assessments to ensure an adequate level of protection of your Personal Data.


When you enter sensitive information (such as credit card numbers and passwords):

What are your rights concerning our processing(s) of your Personal Data?br/>

You have the following rights concerning the processing(s) of your Personal Data made by or on behalf of Lyreco:


In addition to the information that is available on Lyreco's website, you have the right to access the Personal Data that Lyreco holds about you, all subject to the exemptions as contained in Applicable Data Protection Laws. If you request the data, then Lyreco will assist you. Your identity will need to be confirmed before you are provided with access to your Personal Data. Generally, Lyreco does not charge for providing information, but if the request is manifestly unfounded or excessive, in particular because of their repetitive character, Lyreco reserves the right to charge a fee for such requests.

We ask you to submit your request in writing. An access request form is available on Lyreco's website and in all locations for you to fill out. If you choose to write a letter rather than fill out a form, please include the following:

  1. Your full mailing address
  2. Your daytime telephone number
  3. Names of specific files or types of records to which you request access, including specific dates of those records, where possible

Please provide as much detail as possible.

All formal access requests will be directed to the data privacy officer, who will then review each request to determine whether Lyreco will disclose the requested information. The data privacy officer can be reached at the directly at the following address: uk.gdpr@lyreco.com.


If you believe there is a mistake in your Personal Data, you have a right to ask for the information to be corrected. We may ask you to provide documentation to show where Lyreco's files are incorrect. We will amend the erroneous data within a month and will notify you once the correction you have requested has been completed. GDPR provides you with the right to request correction of your Personal Data held by Lyreco if you believe there is an error or omission. You are entitled to attach a statement of disagreement with the information, reflecting any correction you requested, but which was not made by Lyreco. Lyreco will notify any person or organization to which your Personal Data was disclosed within the year as from your requested correction and advise them about the correction or statement of disagreement.


You may obtain and reuse the Personal Data held by Lyreco for your own purposes across different services. Lyreco allows you to move, copy or transfer Personal Data easily from one IT environment to another in a safe and secure way, without hindrance to usability. This right applies to your Personal Data held by Lyreco, where the processing was automated and used in the light of Lyreco Services provision within the contract the Customer has with Lyreco, or where such processing was based on the consent you gave Lyreco for it. You may Log in to Lyreco's online web portal and download the information provided in the "Export" section of the portal.


Lyreco does not store Personal Data without a predefined and documented purpose. We follow laws that require us to delete Personal Data if the reason for its collection and storage no longer exists. We believe this fulfills the requirements of the privacy principle of "the right to be forgotten". Where the Personal Data that Lyreco holds is based on the execution of a contract, and you wish to be removed from our systems prior to the retention period indicated in the "How Long Do We Use Personal Data" section, please contact our Data Privacy point of contact at the following address: uk.gdpr@lyreco.com.

If you have registered your personal details with us, you can deactivate your account at any time. For safety reasons, we have implemented a seven-day grace period after your request for the account to be deleted; however, logging on to your account during the grace period will reactivate the account. To prevent impersonation, once your account is deactivated and after expiration of the grace period, your account will be irrevocably suspended, ensuring that nobody can use that account identifier again.


You have the right to object to us processing your Personal Data if we are not entitled to use it any more. In this case, Lyreco shall no longer process the Personal Data unless Lyreco demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms of the or for the establishment, exercise or defense of legal claims.