This is an informative notice provided, pursuant to Articles 13 and 14 of the General Data Protection Regulation (“GDPR” / EU Regulation 2016/679), to those connecting to the corporate website of Johann Froescheis Lyra-Bleistift-Fabrik GmbH & Co. KG (“Lyra”) at the address https://www.fila.it/de/de/.
Data Controller is Johann Froescheis Lyra-Bleistift-Fabrik GmbH & Co. KG with business seat in Willstätterstraße 54-56 in 90499 Nürnberg (Germany). The Data Protection Officer can be contacted under the address given or under firstname.lastname@example.org.
This notice is provided exclusively in relation to the aforementioned website and other specific websites of Lyra for example for sweepstakes or other competitions, for example at the address https://gewinnspiel-lyra.de, but not in relation to other third-party sites that may be visited by the user via links.
Lyra guarantees compliance with national and international regulations regarding the protection of personal data (in particular GDPR and German Data Protection Act (“Bundesdatenschutzgesetz”)).
Additional specific informative notices may be provided and published from time to time on the website in relation to individual operations involving the provision of specific personal data (e.g. in the case of sweepstakes, competitions, other special events)
Purposes of the processing of personal data
Listed below are the purposes of the processing of personal data, i.e. information conferred directly by users through the completion of online forms, through the use of social networks or acquired automatically during navigation.
The purposes of the processing of personal data are to:
1) For the automated collection and processing of data when accessing the website (“browsing data”): Improve and customize the user experience of the website, ensure the functionality of the website. An evaluation of the data for marketing purposes does not take place in this context.
2) For using various services and offers: Allow registration on the website in order to access specific sections of the website and to provide and manage the various services offered (e.g. participating in sweepstakes, competitions and other special events).
3) For publishing own content: Allow users to publish their own content directly on the website or on websites managed independently by third parties, such as, by way of example but not limited to, social networks such as Facebook, Instagram and YouTube.
4) For sending promotion and information material as well as Lyra’s newsletter: Individualise promotion and information material, handle the delivery, also via email, MMS and SMS, store the corresponding declarations of consent, avoid misuse of the services and the contact data used for this purpose.
Type and source of data, legal basis for data processing
In principle, it is possible to browse the website without having to provide any personal data. The website is divided into separate sections, some of which may require data entry and others of which may not.
1) Browsing data
The computer systems and software procedures used to absolutely necessary to operate this website acquire, as part of their normal operation, some information that is automatically transmitted in the use of internet communication protocols, i.e. each time you visit the website.
The following data is collected: browser typ, the operating system used, Internet Service Provider, user’s IP address, date and time of access, website from which user visit us and website user is visiting.
The legal basis for the collecting and processing of data is Art. 6 para. 1 lit. f GDPR. The aforementioned purpose constitutes our legitimate interest.
For further information specifically in relation to cookies, please refer to our Cookies Policy.
2) Data provided voluntarily by users/visitors
When users/visitors, connecting to this website, send personal information in order to access certain services (e.g. newsletters, sweepstakes or other competitions) or to make requests or to publish own consent, Lyra collects and stores the data entered and queried in this context. This data shall then be processed exclusively in order to respond to the particular request or to provide the service (e.g. setting up and managing a user account, sending a newsletter, participating in an action).
To secure our IT systems and prevent misuse, the following data is automatically collected and stored: IP address of the user, date and time of the respective entries.
Insofar as we obtain explicit consent to the collection and storage of data for the provision of services (e.g. newsletter, participation in a competition, sending of advertising material), Art. 6 para. 1 lit. a GDPR is the legal basis for processing the data. If, for example, the purpose of registration or contact is to fulfil a contract or to implement pre-contractual measures, Art. 6 para. 1 lit. b GDPR is the legal basis for processing the data. In all other cases, the exercise of legitimate interests according to Art. 6 para. 1 lit. f GDPR serve as the legal basis.
Processing methods, period of storage
The processing of personal data is performed using automated tools (e.g. using electronic procedures and storage media) by using SSL encryption and/or manually (e.g. on paper) for the time necessary to achieve the purposes for which the data was collected and, in any case, in compliance with applicable regulations in force. In relation to such processing, F.I.L.A. has taken opportune technical and organizational measures to ensure data integrity and confidentiality.
We do not store the browsing data permanently. The data will be deleted when the respective session ends, but at the latest after seven days, unless it is necessary to clarify an abuse of our website/IT systems.
The data voluntarily provided by users will be deleted as soon as storage is no longer necessary to achieve the purpose for which it was collected (e.g. managing a user account, sending a newsletter or advertising material, participating in a sweepstake) and deletion does not conflict with tax and commercial data retention obligations.
Disclosure of data to third parties
The browsing data will not be passed on to third parties.
In order to fulfil specific services and offers such as sending a newsletter or operating a sweepstake, Lyra uses external service providers with whom appropriate data processing agreements have been concluded to secure the data.
Rights of the Data Subject
The Data Subject, to whom personal data refers, may exercise his/her rights in relation to the Data Controller at any time in accordance with the GDPR. These rights are as follows:
Right of access: Pursuant to Art. 15 GDPR, the data subject has the right to request information about his/her personal data processed by us; in particular, data subject may request information about the purposes of processing, the category of personal data, the categories of recipients to whom his/her data have been or will be disclosed, the planned storage period, the existence of a right of rectification, erasure, restriction of processing or opposition, the existence of a right of appeal, the source of data, if not obtained by us directly from the data subject, and the existence of automated decision-making, including profiling and, if applicable, require meaningful information on their details.
Right to rectification: In accordance with Art. 16 GDPR the data subject has the right to demand immediately the rectification of incorrect or the completion of incomplete personal data stored by us.
Right of erasure: In accordance with Art. 17 GDPR, the data subject has the right to request the erasure of his/her personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
Right of restriction: According to Art. 18 GDPR, the data subject has the right to request the restriction of the processing of his/her personal data if the accuracy of the data is disputed by the data subject, the processing is unlawful, but the data subject refuses its erasure and we no longer need the data, but the data subject needs it to assert, exercise or defend legal claims or the data subject has filed an objection to the processing in accordance with Art. 21 GDPR.
Right to data portability: In accordance with Art. 20 GDPR, the data subject has the right to receive his/her personal data that he/she has provided to us in a structured, common and machine-readable format or to request its transfer to another person responsible.
Right of appeal: Under Art. 77 GDPR, the data subject has the right to complain to a supervisory authority. As a rule, he/she can contact the supervisory authority of his/her usual place of residence or workplace or our place of business. In the present case, the competent supervisory authority is: Data Protection Authority of Bavaria, Promenade 27, 991522 Ansbach, Germany, phone: +49 (0) 981 53-1300, fax: + 49 (0) 981 53-981300, email: email@example.com.
Right to object: According to Art. 21 GDPR, the data subject has the right to object at any time to the processing of his/her personal data on the basis of Art. 6 para. 1 lit. e or f GDPR for reasons arising from his/her particular situation. This also applies to profiling based on these provisions.
If his/her personal data are processed for direct marketing purposes, the data subject has the right to object at any time to the processing of the personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising.
Right of withdrawal: The data subject has the right to withdraw his/her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
Integration of YouTube videos
We include YouTube videos on our website, which are stored on http://www.YouTube.com and can be played directly from our website. YouTube is a video portal of the U.S. company YouTube LLC, headquartered at 901 Cherry Avenue, San Bruno, CA 94066, USA, a subsidiary of Google LLC. The videos are all in “extended privacy mode”, which means that no data about you as a user will be transmitted to YouTube if you do not play the videos. Only when you play the videos will the data specified in the following paragraph be transmitted. We have no influence on this data transmission.
Integration of the ShareThis Plugin
Our website uses so-called social plugins (“plugins”) of the social network ShareThis, which is operated by ShareThis, Inc. 4005 Miranda Avenue Suite 100, Palo Alto, CA 94304-1227 USA (“ShareThis”). The plugins can be recognized by buttons with a white arrow on a green background. An overview of the ShareThis plugins and their appearance can be found here: http://www.sharethis.com/get-sharing-tools/.
Users can also completely prevent the ShareThis plugins from loading with add-ons for his/her browser, e.g. with the script blocker “NoScript” (http://noscript.net/).
Last updated: May 2018