This "Data Privacy Policy" (the "Policy") aims to detail how the company Lysta ("Lysta") processes personal data as a data controller.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("GDPR"), applicable from 25 May 2018, applies to all companies that collect, store, or process personal data.
The concept of personal data ("Personal Data") refers to any information relating to an identified or identifiable natural person. An "identifiable natural person" is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.
Lysta transparently processes personal data when legally making certain information from the National Business Registers available through its software.
National Registers serves an official role in legal publicity by making publicly available the declarations and documents filed, as well as the information it includes (notably regarding company executives and partners). This information and these documents are therefore public data serving the public interest.
Individuals who provide information (including Personal Data) to commercial court registries regarding their business can reasonably expect that such data will be subject to subsequent processing.
Since Law No. 2015-990 of 6 August 2015 on growth, activity, and equal economic opportunities, National Registers information may be reused by the public (including for reproduction, communication, or commercial/non-commercial exploitation).
Lysta acts within this legal framework and enables its clients to access a portion of this information via its software for fraud detection purposes.
Information and documents are provided to Lysta by the following sources:
In this context, Lysta necessarily processes the Personal Data included in these sources:
This processing is based on Article 6.1.f) of the GDPR, as it is necessary for the legitimate interests:
No other objectives are pursued by this processing.
Personal Data is retained for the duration of the individual’s involvement in the company, extended by the legal limitation periods. After these periods, the Personal Data is deleted.
Lysta does not intend to transfer the collected data outside the European Union.
Personal Data may be shared with Lysta employees who need it to perform their duties, as well as with internal control departments. It may also be disclosed to government agencies, legal representatives, and court officers when Lysta is legally required to do so, or when such disclosure is necessary to enforce terms and agreements or protect Lysta’s or concerned individuals' rights and property.
Under the GDPR, individuals have various rights over their personal data, including the right to access, rectify, delete, restrict processing, data portability, object to processing, and determine the fate of their data after death.
However, as previously noted, the information in the National Registers:
As a result, Lysta is not legally authorized to fulfill such data rights requests. Nevertheless, requests may be directed to the commercial court registries.
Individuals may also file a complaint with a supervisory authority, such as the CNIL in France, if they believe their data is not being processed in accordance with regulations:
CNIL – Complaints Department
3, Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22
Lysta has implemented physical, electronic, organizational, and technical protection measures, in accordance with best practices, to prevent any loss, misuse, unauthorized access or disclosure, alteration, or destruction of Personal Data.
The software may provide links to third-party websites that may be of use to Lysta clients.
However, Lysta has no control over the content or data protection practices of such third-party websites. Consequently, Lysta disclaims any responsibility for the processing of any Personal Data on those sites.
This Policy may be amended or updated at any time, especially in response to changes in laws, case law, CNIL recommendations, or industry practices.
Any new version of this Policy will be communicated to Lysta’s clients by any means chosen by Lysta, including electronically (e.g., by email or through its software).