We, Johann Froescheis Lyra-Bleistift-Fabrik GmbH & Co. KG (“Lyra”), shall herein provide comprehensive information on the processing of personal data collected during web browsing, on registration to the site or through participating in our initiatives (events, competitions, workshops) and more generally within the scope of using the services offered by us.

We, as Data Owner in accordance with EU Regulation 679/2016, operates in full compliance with domestic and European regulations on personal data protection and is highly cognisant of the confidentiality of the personal data of its users, observing the appropriate security measures to ensure the protection of the information collected.

Data Owner

The Data Owner is Johann Froescheis Lyra Bleistift Fabrik GmbH & Co. KG, Willstätterstraße 54-56, 90449 Nürnberg (Germany), Phone: +49 911 6805-0, Fax: +49 911 6805-200, e-mail:

You can contact our Data Protection Officer at the above address or at

Which data is processed?

1) Browsing data
In principle, it is possible to browse the website without having to provide any personal data. The website comprises separate sections, some of which may require data entry, while others may not.

The computer systems and software procedures used to operate this website acquire, as part of their normal operation, certain information that is implicitly sent in the use of internet communication protocols. The following information is processed: Browser type, operating system, Internet service provider and IP address of the user, date and time of access, website from which access is made and websites accessed.

This information may, by its nature, through association and the processing of data held by third parties, allow users/visitors to be identified (e.g. via their IP address, computer domain names used to connect to the website, etc.).

This data is mainly used to create statistics, to check the correct functioning of the website and to make browsing more efficient.

Such web contact data is not retained after processing and will be erased after the end of the session, at the latest after seven days, unless required to investigate any cyber-crimes against the website. No data from the web service will be communicated or disseminated.

For further information specifically concerning cookies, please refer to the Cookie Policy section.

2) Data provided voluntarily by users or visitors
Registration to our website or the requesting of information and services by users may require the collection and subsequent processing of personal data such as one’s name, surname, e-mail address, telephone number, residential address, gender, date of birth, profession, etc..

This type of data may be collected for:

  • Entry to specific competitions
  • Participation in events organised or sponsored by F.I.L.A.
  • Filling out forms online
  • Registration and publication of contributions through Social Networks
  • Sending requests through the Contacts section of the site

To secure our IT systems and prevent misuse, the following data is also automatically collected and stored when you fill out a form: IP address of the user, date and time of the respective input.

Within the scope of the activities listed above, we shall not process data of a sensitive nature, as per Article 9(1) (“special categories of personal data”) of the Regulation (i.e. data “…which may indicate racial and ethnic origin, religious, philosophical or other beliefs, political opinions, membership of parties, trade unions, associations or organisations of a religious, philosophical, political or trade union nature, in addition to personal data pertaining to one’s health and sex life”).

We invite users not to send such data (e.g. through the blank fields on contact forms) unless strictly necessary with respect to the request being made. In this case, the need to give explicit consent to the processing of special categories of data, should it be decided to share such information, is underlined.


We pay particular attention to the protection of personal data of underage persons. The F.I.L.A. group websites currently do not provide for the collection of personal data directly from minors. Although content of interest also for persons in the under-16 age category exists. We have taken reasonable precautions to ensure that it does not intentionally collect, store, use or process personal information from minors who may use the F.I.L.A. website and services without adequate parental consent.

Purpose of processing and legal basis

We process personal data for the following purposes:

    a. For the functioning of the websites, to improve and personalise the user experience (legal basis: legitimate interest in maintaining our IT systems, Art. 6(1)(f) GDPR)
    b. For registration to F.I.L.A. group websites, when necessary to access reserved sections of the site or to provide specific services of interest to users; this includes sending “transactional” e-mails, linked to site registration and account maintenance (legal basis: processing necessary for the execution of a contract or pre-contractual measures, Art. 6 (1)(b) GDPR).
    c. To respond to users’ requests about F.I.L.A. products/services through the contact forms or other methods (legal basis: legitimate interest in answering requests, Art.6 (1)(f) GDPR)
    d. For direct marketing activities, surveys and communication, i.e. sending information about the F.I.L.A. group‘s products and initiatives also by e-mail, SMS, ordinary mail, social channels (legal basis: specific consent when necessary, Art. 6(1)(a) GDPR, or legitimate interest in cultivating relationships with users in order communicate initiatives and new services, Art. 6 (1)(f) GDPR)
    e. To send the newsletter on F.I.L.A. group products, educational initiatives, sponsored public events, partnerships with other companies, etc. (legal basis: specific consent, Art. 6(1)(a) GDPR)
    f. To manage registration for and participation in competitions and prize-giving events, including the awarding of prizes (legal basis: performance of a contract or pre-contractual measures, Art. 6 (1)(b) GDPR).
    g. To improve products and services provided by the F.I.L.A. group, determine consumer clusters and optimise communications, through the analysis of web browsing behaviour, social interactions and transactional data (legal basis: specific consent, Art. 6(1)(a) GDPR).
    h. To comply with EU laws, regulations and provisions of an administrative, fiscal, accounting nature etc. To comply with contractual obligations and to exercise and defend a right in court (legal basis: fulfilment of a legal obligation, Art. 6(1)(c) GDPR, performance of a contract, Art. 6(1)(b) GDPR, or our legitimate interest, Art. 6 (1)(f) GDPR).

Upon the refusal or revocation of consent, the only consequences of any kind are the cessation of communication activities; the activities carried out before the revocation of consent are considered valid and lawful. Users may at any time object to the processing carried out for direct marketing purposes by contacting the Owner.

Additional specific informative notices may be provided and published from time to time on the Group and partner company websites in relation to individual operations involving the provision of specific personal data (e.g. in the case of special events, competitions, etc.).

Video and photographic material

With regard to video content (images and videos) recorded during events organised or sponsored by us, we inform you that such may be used, only where the specific release is signed, for public relations initiatives such as, by way of example but not limited to: videos, notice boards, print publications and on websites, social networks and other web communication channels owned by the F.I.L.A. group. Please note that the photographic and video material shall be published anonymously.

To the extent required by law, we obtain consent from persons depicted. The legal basis for the processing of the image material in the case of consent is Art. 6(1)(a) GDPR. If consent is not required, our legitimate interest in public relations is the legal basis, Art. 6(1)(f) GDPR.

Data security and retention time

The processing is performed using automated tools (e.g. using electronic procedures and supports) and/or manually (e.g. on paper) for the time necessary to achieve the purposes for which the data was collected, always in compliance with any regulations in force and in any case no later than the revocation of consent for those purposes that permit such.

In order to protect the security and confidentiality of data, the Owner adopts (and requires its partners to adopt) technical and organizational security measures in order to prevent the risk of loss, destruction, unauthorized access and unlawful use of data.
We have developed a procedure to deal with and manage possible violations of personal data (“Data Breach”), as required by the European Regulation. Violations will be notified to the Authority if the violation poses a risk to the rights and freedoms of the persons concerned.

Nature of conferment

The provision of data may be necessary to comply with legal obligations and to perform a contract or provide a specific service (e.g. registration for a competition, request for information from the site, etc.). In these cases, any refusal to process in whole or in part may result in the impossibility for us to perform contractual relations or in any case to provide that requested.

For all other purposes, apart from that already specified for browsing data, users/visitors are free to provide their personal data. Failure to provide such may only result in the impossibility of obtaining that requested or of remaining informed in the best possible way.

If you register on the site or subscribe to the Newsletter, users are required to provide updated, complete and truthful information. If the User provides false, inaccurate, outdated or incomplete information or we consider, at our own discretion, that the information provided by the User is false, inaccurate, not current or incomplete, we will still have the right to deactivate, temporarily or permanently, the account of the User in question and to prevent any subsequent use of the service.

Scope of communication and circulation of data

Personal data may be brought to the attention of our employees or collaborators or those of other Group companies. Such parties are formally appointed and authorised to process and receive appropriate operational instructions in this regard. In addition, the data may be processed by outside natural or legal persons whom we utilise in managing relations with users (internet providers, communication agencies, individual professionals or firms) or for organisational needs. These parties act, where appropriate, as external data processors.

The above-mentioned recipients may operate in other locations than those where the data is collected, although always within the European Economic Area. Should it be necessary to transfer data outside this area, the Owner undertakes to comply with the provisions of Chapter V of the Regulation and to do all necessary to ensure adequate levels of protection and safeguarding of personal data.

The personal data is, in any case, not subject to general disclosure.

Rights of the Data Subject

You may exercise your rights against the Data Owner at any time; they are summarised below, although for an exhaustive description we invite you to check Articles 15 to 22 of the Regulation. You have the following rights as data subject:

  • Right of access: In accordance to Art. 15 GDPR you have the right to request information about the personal data we process, in particular
    • confirmation as to whether or not personal data related to him or her are being processed;
    • communication of the transfer of data to a third country or an international organisation;
    • obtain a copy of the personal data being processed (if and only if the rights and freedoms of others are not violated);
  • Right to rectification: In accordance with Art. 16 GDPR you have the right to request without undue delay the rectification of inaccurate or the completion of your personal data processed by us.
  • Right to erasure: In accordance with Art. 17 GDPR you have the right to request the erasure of your personal data stored by us (“right to be forgotten”).
  • Right to restriction of processing: In accordance with Art. 18 GDPR you have the right to request the restriction of the processing of personal data, insofar as the accuracy of the data is contested by you, or the processing is unlawful, but you object to its erasure, or we no longer need the data, but you need it for the establishment, exercise or defence of legal claims, or you have objected to the processing.
  • Right to data portability: In accordance with Art. 20 GDPR you the right to receive the personal data, which you have provided to us, in a structured, commonly used and machine-readable format or have the personal data transmitted directly to another controller.
  • Right to object: In accordance with Art. 21 GDPR you have the right to object at any time, on grounds relating to your particular situation, to the processing of data relating to you which is carried out on the legal basis of Art. 6(1)(e) or (f) GDPR.
    If the personal data concerned is processed for the purpose of direct marketing, you have the right to object at any time of the processing of the data for the purpose of such marketing.
  • Right to withdraw consent: You have the right to withdraw any declarations of consent under data protection law at any time. The withdraw of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdraw.

The data subject also has the right to receive timely communication in case of a violation of personal data that could damage their dignity and freedom.

Finally, the data subject has the right to lodge a complaint with the Data Protection Supervisory Authority. You can contact the supervisory authority of the usual place of the residence or workplace or the registered office of Lyra for this purpose. The supervisory authority for Lyra is: Bayerisches Landesamt für Datenschutzaufsicht, Promenade 27, 91522 Ansbach, Phone: +49 981 53-1300, Fax: +49 981 53-981300, e-mail:


We may update and modify this Privacy Policy at any time to the broadest extent permitted by applicable law. The version published on the site is that currently in force.

Status: April 2021