LYS ("we", "us", or "our") is committed to protecting the privacy of our customers and website visitors. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our website https://whoislys.com, make a purchase, or otherwise interact with us.

We are committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, which govern the processing of personal data in the United Kingdom.

Your Data Controller

For the purposes of UK data protection law, the data controller is:

• Company Name: LYS
• Address: 14 rue Jean Rostand, 91300 Massy, France
• Email: hello@whoislys.com
• Website: https://whoislys.com

As a company processing personal data of individuals in the UK, LYS is required to register with the Information Commissioner's Office (ICO). We ensure our practices comply with these registration requirements.

What Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data: Includes first name, last name, username or similar identifier, title, date of birth, and gender.
• Contact Data: Includes billing address, delivery address, email address, and telephone numbers.
• Financial Data: Includes payment card details (processed by secure third-party payment processors) and bank account details for refunds. We do not store full payment card details on our servers.
• Transaction Data: Includes details about payments to and from you and other details of products and services you have purchased from us.
• Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• Usage Data: Includes information about how you use our website, products, and services.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third parties and your communication preferences.

We collect personal data from and about you through various methods:

• Direct interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, or otherwise. This includes personal data you provide when you:
  • Create an account on our website;
  • Place an order for our products;
  • Subscribe to our newsletter;
  • Enter a competition, promotion, or survey;
  • Give us feedback or contact us.
• Automated technologies or interactions: As you interact with our website, we will automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies. Please see our "Cookies and Similar Technologies" section below for more details.
• Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources, such as analytics providers (e.g., Google Analytics), advertising networks (e.g., Meta, TikTok), and payment and delivery services.

How We Use Your Personal Data and Our Legal Basis

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.
• Where you have given your consent.

Here is a table outlining the purposes for which we use your personal data and the legal bases we rely on:

Purpose/Activity	Type of Data	Legal Basis for Processing
To register you as a new customer	Identity, Contact	Performance of a contract with you
To process and deliver your order, including: Manage payments, fees, and charges Collect and recover money owed to us	Identity, Contact, Financial, Transaction	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you, including: Notifying you about changes to our terms or privacy policy Asking you to leave a review or take a survey	Identity, Contact, Profile, Marketing & Communications	Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to participate in a prize draw, competition, or complete a survey	Identity, Contact, Profile, Usage, Marketing & Communications	Performance of a contract with you Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data)	Technical, Usage, Identity, Contact	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Identity, Contact, Profile, Usage, Technical, Marketing & Communications	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business, and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships, and experiences	Technical, Usage	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business, and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you	Identity, Contact, Technical, Usage, Profile	Necessary for our legitimate interests (to develop our products/services and grow our business)
To send you marketing communications (where you have opted in)	Identity, Contact, Marketing & Communications	Consent

Note on Consent: Where we rely on consent as a legal basis for processing your personal data, you have the right to withdraw that consent at any time by contacting us using the details provided in this policy.

How Long We Keep Your Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

• For example, by law we have to keep basic information about our customers (including Contact, Identity, Financial, and Transaction Data) for six years after they cease being customers for tax purposes.
• Where you have provided consent for marketing, we will retain your data until you withdraw your consent or object to processing, or if we determine that you are no longer engaging with our marketing communications.
• Technical and Usage Data collected via cookies may be retained for shorter periods, typically up to 2 years, depending on the cookie type and purpose.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Who We Share Your Personal Data With

We may share your personal data with the parties set out below for the purposes described in this Privacy Policy:

• Internal Third Parties: Other companies within our group acting as joint controllers or processors and who provide IT and system administration services and undertake leadership reporting.
• External Third Parties:
  • Service providers acting as processors who provide IT and system administration services, payment processing, delivery services, and other business support services. This includes Shopify Inc., our e-commerce platform provider.
  • Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance, and accounting services.
  • HM Revenue & Customs, regulators, and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Marketing and advertising partners (e.g., Meta, TikTok, Google) to deliver targeted advertising and measure campaign effectiveness, where you have provided consent.
  • Analytics providers (e.g., Google Analytics) to help us understand website usage and improve our services.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers of Your Personal Data

Some of our external third parties are based outside the UK, so their processing of your personal data will involve a transfer of data outside the UK.

Specifically, our website is hosted by Shopify Inc., which is based in Canada. When you place an order or interact with our website, your personal data may be transferred to and stored by Shopify in Canada.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK government (e.g., Canada benefits from a UK adequacy regulation).
• Where we use certain service providers, we may use specific contracts approved by the UK government which give personal data the same protection it has in the UK (e.g., UK Standard Contractual Clauses).

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

Your UK GDPR Rights

Under certain circumstances, you have rights under UK data protection laws in relation to your personal data. These include:

The Right to Access (SAR)

You have the right to request a copy of the personal data we hold about you. This is commonly known as a "data subject access request".

The Right to Rectification

You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.

The Right to Erasure (Right to be Forgotten)

You have the right to request that we delete or remove your personal data where there is no good reason for us to continue processing it. This right is not absolute and may not apply in certain circumstances (e.g., where we have a legal obligation to retain the data).

The Right to Restrict Processing

You have the right to request that we suspend the processing of your personal data in certain scenarios, for example, if you want us to establish the data's accuracy or the reason for processing it.

The Right to Object to Processing

You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.

The Right to Data Portability

You have the right to request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Rights in Relation to Automated Decision Making and Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless certain exceptions apply. We do not currently engage in such automated decision-making that would have a significant impact on you.

The Right to Withdraw Consent

Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

How to Exercise Your Rights: If you wish to exercise any of the rights set out above, please contact us at hello@whoislys.com. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Cookies and Similar Technologies

Our website uses cookies and similar technologies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site.

What are Cookies?

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

How We Use Cookies

We use cookies for various purposes, including:

• Strictly Necessary Cookies: These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart, or make use of e-billing services.
• Analytical/Performance Cookies: They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. We use Google Analytics for this purpose.
• Functionality Cookies: These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name, and remember your preferences (for example, your choice of language or region).
• Targeting/Marketing Cookies: These cookies record your visit to our website, the pages you have visited, and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. We use Meta Pixel (Facebook Pixel) and TikTok Pixel for targeted advertising and conversion tracking.

Third-Party Pixels

• Meta Pixel (Facebook Pixel): This pixel allows us to track conversions from Facebook ads, optimise ads, build targeted audiences for future ads, and remarket to people who have already taken some action on our website. Data collected includes IP addresses, information about the browser, data about the website visited, and the "pixel ID".
• TikTok Pixel: Similar to the Meta Pixel, the TikTok Pixel helps us measure the effectiveness of our TikTok advertising campaigns, understand user behaviour on our site, and create custom audiences for future ad campaigns on TikTok. Data collected includes user interactions, device information, and event data.
• Google Analytics: We use Google Analytics to collect information about how visitors use our website. This includes data such as pages visited, time spent on pages, and the path taken through the website. This information is anonymised and used to improve our website's functionality and user experience.

Managing Your Cookie Preferences

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.

How to Complain to the ICO

If you have any concerns about our use of your personal data, you can make a complaint to us directly at hello@whoislys.com.

You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

The ICO's contact details are:

• Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
• Helpline number: 0303 123 1113
• Website: www.ico.org.uk

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The latest version will always be posted on our website. We will notify you of any significant changes where required by law.

This Privacy Policy was last updated on: [Insert Date of Last Update].