This Personal Data Protection Charter (PDPC) formalises our commitment regarding the use of your personal data and specifies the types of personal data which the Lyra Group (hereinafter called LYRA) collects, how they are processed and your rights.
LYRA refers to Lyra Network and all of its European subsidiaries, as well as Lyra Collect.
This PDPC describes the information we use during your contact with LYRA (whether it is when you visit our website, as part of our contractual relationship, when you use our services, etc.) and explains how it may be used by LYRA and its partners and subcontractors.
We take great care when processing your data and with the confidentiality of the personal information you entrust to us.
All of the operations involving your personal data are conducted in accordance with current regulations, including Law No.78-17 on “Data Processing, Data Files and Individual Liberties” of 6 January 1978 as amended and Regulation (EU) 2016/679 on Data Protection.
By using our Website and/or our Services, you agree to the terms of this Charter.
We are free to amend this Charter at any time.
If you disagree with any of these terms, you are free to no longer use our Website and/or our Services.
You should therefore refer to the Charter each time you visit our Website and read the latest version, available on our website https://www.lyra.com.
1. Which personal data are collected?
“Personal data” means any information relating to an identified individual or an individual who can be identified, directly or indirectly, by reference to a customer number or one or more factors specific to him or her.
When LYRA collects your Personal Data, it does so with complete transparency through information statements (FAQ) or by referring back to this Policy.
You may also be required to disclose different categories of personal data, including:
As a potential customer during contact by telephone or when requesting access to our products and services
- first and last name, e-mail address, business telephone number and other information you voluntarily disclose to us so that we can offer you a tailored service and provide an efficient response to your requests
As a customer
- information about your identity and/or the identity of your legal representative, necessary for getting in touch with you (first and last name, business e-mail address, business phone number, signature within the framework of a contract)
- identification and authentication data, in particular during the use of your back office (technical logs, digital evidence, safety information)
As an end user of our services
- transaction data, necessary for providing the service and technical analysis of these operations (first and last name, e-mail, encrypted card number, card expiry date, shopping cart, payment amount, IP address)
As part of our activity as a Payment Institution
- We also collect certain specific information in connection with our legal obligations such as proof of identity.
LYRA also collects Data that you disclose voluntarily via the form on our website https://www.lyra.com, particularly when you submit a contact request or subscribe to the newsletter.
We may also collect personal data which you have not disclosed when you take part in events organised by LYRA or by partner companies as well as information which appears on professional social media accounts and pages (e.g.: LinkedIn) that you have made public.
2. What are your Personal Data used for?
The processing of personal data of prospective customers, customers and partners is authorised for the purposes of drawing up, performing or terminating contracts.
We use the personal data you disclose to get in touch with you, provide you with information about our products and services, draw up business proposals, establish a contractual relationship, etc.
These data are intended exclusively for LYRA and its partners to carry out our services.
The data are processed and collected on paper, electronically, in Excel files and any communication medium (postal or electronic mail, by telephone including by SMS, MMS, etc.), by fax or by any other electronic means such as the Website or applications).
As part of the delivery of our services, your Personal Data are necessary so that we can:
- ensure that our business relationship proceeds smoothly
- ensure that the contract concluded is performed properly
- tailor our communication for your attention, according to your preferences, needs and choices
- tailor our Services, especially via the customisation of the Website based on your observed and/or stated preferences and your needs
- conduct sales solicitations and prospecting activities
- provide you with offers from Partners and/or LYRA depending on your choices
- produce trade, analysis and marketing operation statistics
- handle debt collection
- follow up on your feedback and ratings on the web pages we publish that are hosted on our Social Media websites
- deal with requests for exercising rights connected with the use of your data.
As part of our Payment Institution activities, your data are also required for:
- managing the Payment Account opened in the Trader’s name
- implementing obligations for countering money laundering and the financing of terrorism
- consulting the French national directory for the identification of natural persons (RNIPP)
- providing proof of Payment Transactions and the performance of Services
- handling debt collection
- countering external fraud and internal fraud
- processing claims and disputes regarding your customers’ payment transactions.
3. What information do we share with third parties?
Personal data may be shared with our partners and subcontractors as well as third-party companies in the following cases:
- for purposes connected with the performance of the contract
- where required by law, LYRA may transmit data to the legal authorities for processing the claims made against it and complying with administrative and judicial procedures
- for fulfilling our legal obligations (statutory auditors).
All of the Personal Data collected from you by LYRA are strictly confidential.
LYRA will not disclose your Personal Data to any third party liable to use them for commercial and/or direct advertising purposes without your consent.
However as contractually agreed, LYRA may temporarily and securely disclose certain Personal Data to third parties (Partners, Subcontractors) necessary for operating your customer file, running and maintaining our services, accomplishing the tasks necessary for performing services and countering fraud and any activity in general which is punishable under criminal law.
Our EU and non-EU Partners and/or subcontractors process your Data on our behalf, according to our instructions, in compliance with this Personal Data Protection Charter and any appropriate security and privacy measures.
4. How long are your Personal Data kept?
Traffic measurement statistics and the raw data on your visits to the website are not kept for more than twenty-four (24) months.
Bank details are kept for fifteen (15) months.
Your Personal Data connected with a request for information (first and last name, product or service, e-mail address, telephone number, etc.) are kept for five (5) years from the request.
We can, however, delete them at any time should you so request.
However, after the aforementioned timeframes, including where necessary from your request for deletion, your Personal Data may be subject to intermediate Archiving in order to fulfil our legal, accounting and tax requirements (such as the requirement to keep invoices for ten (10) years laid down by Article L.123-22 of the French Commercial Code) and at the very least for the applicable limitation period (like the five (5) year limitation period under common law as set out in Article 2224 of the French Civil Code).
In the event of litigious proceedings, including with regard to LYRA, the aforementioned Personal Data and any information, documents and papers containing Personal Data for establishing facts liable to be alleged or concerning non-payment (last name, last name used, first names, gender, date and place of birth, nationality, address, telephone and fax numbers, e-mail address) may be kept for the duration of the proceedings, which might last for a longer period of time than those indicated.
5. Which security and privacy measures are implemented?
Lyra Network is certified PCI DSS Level-1 V3.2 and implements the following security actions:
- Information Systems Security Policy
- monitoring and protection of buildings by access control
- secure servers and data backup
- regular audit of information systems
- highly secure hosting centres
- highly secure firewalls
- backup redundancy
- high availability servers
- file transfer encryption
- protection by authentication
- limited data access rights
6. What are your rights?
In line with EU Directive 2016/679 of 27 April 2016 on Data Protection, you can exercise your rights for legitimate reasons relating to all of your data. You can enforce the rights listed below by sending a letter to the following address:
For the attention of the DPO,
109 rue de l’Innovation
For the attention of the Data Protection Officer
109 rue de l’Innovation
To have these rights, you must provide proof of your identity by providing a copy of an identity document in order to guarantee data privacy.
LYRA shall respond within one month from receiving the request. If necessary this timeframe may be extended by two months, in view of the complexity and number of requests. If so, you shall be informed of this extension and the reasons for it within one month from receipt of the request.
Your personal data rights are as follows:
- you can exercise your right of access, to find out your personal data, their nature, their origin and how they are used
- if your personal data held by LYRA is incorrect, you can request that they be updated or completed
- you can request that your personal data held by LYRA be deleted, in accordance with applicable law
- you can request the portability of your Data
- as the processing is based on your explicit consent or a contract, and carried out by automatic means, you have the right to receive the data in a structured, commonly used, machine readable and interoperable format and transmit them to another controller without hindrance from LYRA
- you have the right to restrict processing when you dispute the accuracy of the data, when their processing is unlawful or when you need them for the establishment, exercise or defence of your rights in court.
Furthermore, you can tell us, at any time, that you do not want your Personal Data disclosed to a third party in the event of your death.
We will send you our response within a maximum of one (1) month after the date your request is received.
You can file a complaint with the relevant supervisory body at any time (in France, the CNIL – the French Data Protection Authority: www.cnil.fr)