In compliance with the provisions of the Organic Law on the Protection of Personal Data (hereinafter, “LOPDP”), and considering the fundamental right to data protection and privacy in the processing of personal data, LYRA-EXPORTS SAS (hereinafter "LYRA") has developed this Privacy and Personal Data Protection Policy (hereinafter, the “Policy”). provide data subjects with information about LYRA's policy. This policy may change based on legislative or self-regulatory requirements, so data subjects are advised to review it periodically .
Database or File: Structured set of data, regardless of the form, method of creation, storage, organization, type of support, treatment, processing, location or access, centralized, decentralized or distributed in a functional or geographical manner. Job Candidate: A natural person who submits their resume and/or personal and contact information, either directly or through a third party, in order to be considered within the selection processes managed by LYRA. Client: Natural person who obtains the provision of a service or good from LYRA. Collaborator: Natural person who provides a service to LYRA under an employment contract. Bank Details: Bank account number, name of the bank account holder, and credit and/or debit card numbers. Identification Data: Name and surname, home address, email address, telephone number, identity card, passport, signature, fingerprint, and electronic signature. Personal Data: Data that identifies or makes a natural person identifiable, directly or indirectly. Academic and Professional Data: Training and qualifications, student history, professional experience, membership in professional associations or colleges. Personal Data: Marital status, date of birth, place of birth, age, sex, nationality, blood type, emergency contact. Employment Data: Profession, job positions and history of the Collaborator. Sensitive Data: Data relating to ethnicity, gender identity, cultural identity, religion, ideology, political affiliation, judicial history, immigration status, sexual orientation, health, biometric data, genetic data, and data whose improper processing may give rise to discrimination, violate or may violate fundamental rights and freedoms. Data Processor: A natural or legal person, public or private, public authority, or other body that alone or jointly with others processes Personal Data on behalf of and on behalf of a Personal Data Controller . Organic Law on the Protection of Personal Data: Organic Law on the Protection of Personal Data. Supplier: A natural person who supplies goods or services to LYRA, under a commercial agreement. Regulations to the Organic Law on the Protection of Personal Data: Regulations to the Organic Law on the Protection of Personal Data. Controller: Natural or legal person, public or private, public authority, or other body, which alone or jointly with others decides on the purpose and processing of Personal Data Owner: Natural person whose data is subject to processing. Transfer or Communication: Manifestation, declaration, delivery, consultation, interconnection, assignment, transmission, dissemination, disclosure or any form of revelation of Personal Data made to a person other than the Owner, Controller or Person in Charge of the Processing of Personal Data. Processing: Any operation or operations carried out on Personal Data, whether by automated, partially automated or non-automated technical means, such as: collection, compilation, obtaining, recording, organization, structuring, conservation, custody, adaptation, modification, elimination, indexing, extraction, consultation, elaboration, use, possession, exploitation, distribution, assignment, communication or transfer, or any other form of enabling access, comparison, interconnection, limitation, deletion, destruction and, in general, any use of Personal Data. Visitor: A natural person who enters LYRA facilities, whether for professional or personal reasons, and whose Personal Data may be recorded by LYRA for security and access control purposes. Personal Data Security Breach: A security incident that affects the confidentiality, availability, or integrity of Personal Data .
LYRA, with RUC No. 0992434805001, telephone No. 0993374070001, email hello@svgroup.ec , domiciled at km 1.5 of the Samborondón road, Xima building , 2th floor 209 Office, Samborondón- Ecuador is the Controller of your Personal Data.
We are committed to complying with current legislation regarding the protection of personal data, which requires us to meet certain requirements, primarily related to the collection and use of Personal Data, the quality and security of Personal Data, and the rights of Data Subjects with respect to their information. In this context, we are committed to the protection and appropriate processing of the data to which we have access in the regular operation of our businesses, whether it be data from Employees, Job Candidates, Clients, Suppliers, among others. This Policy sets forth the practices developed by LYRA for the Processing of Personal Data in order to ensure respect for the rights of its Data Subjects, as well as compliance with the current regulatory framework .
The Policy applies to all LYRA Databases, as well as to the Processing of such Databases by LYRA or by Processors.
The principles that will govern the Processing of Personal Data in LYRA from its collection will be those determined in the LOPDP: Principle of legality: LYRA will process Personal Data in accordance with the LOPDP (Legal Data Protection Act), other applicable regulations, and jurisprudence. The collection of information through fraudulent, unfair, or unlawful means is prohibited. Principle of consent: LYRA may not process Personal Data without the prior, express, unequivocal, and free consent of the Data Subject, except for the exceptions provided for in the LOPDP. Purpose principle: Personal Data must be collected by LYRA for a specific, explicit, lawful, legitimate purpose, communicated to the Data Subject. The processing of such Personal Data shall not extend to a purpose other than that unequivocally stated at the time of collection or incompatible with the purpose for which it was obtained. Principle of proportionality: All processing of Personal Data carried out by LYRA must be adequate, necessary, timely, relevant and not excessive to the purpose for which the information was collected or to the nature of the special categories of data. Quality Principle: The Personal Data that LYRA will process must be true, accurate, complete, precise, complete, verifiable, clear, and, to the extent possible, up-to-date, necessary, relevant, and adequate for the purposes for which it was collected. Such Personal Data must be retained in a manner that guarantees its security and only for the time necessary to fulfill the purpose of the processing. All reasonable measures will be taken to ensure that any Personal Data that is inaccurate with respect to the purposes for which it is processed is promptly deleted or rectified. Security Principle: LYRA and third parties acting as Data Processors of LYRA's Personal Databases must adopt the necessary technical, organizational, and legal measures to guarantee data security and protect it against any risk, threat, or vulnerability. These measures must be appropriate and consistent with the processing to be carried out and the category of data involved. Principle of adequate level of protection: In the event that LYRA carries out International Transfers of Personal Data, it must guarantee a sufficient level of protection in accordance with the provisions of the LOPDP. Principle of Fairness: The processing of Personal Data must be fair, so it must be clear to Data Subjects that Personal Data concerning them is being collected, used, consulted, or otherwise processed, as well as the ways in which such data is or will be processed. Under no circumstances may Personal Data be processed through unlawful or unfair means or for unfair purposes. Transparency Principle: The processing of personal data must be transparent, so all information or communications related to this processing must be easily accessible and easy to understand, and simple and clear language must be used. Relationships arising from the processing of personal data must be transparent and governed by the provisions contained in the LOPDP (Lopd), its Regulations, and other relevant regulations. Principle of relevance and minimization of Personal Data: Personal Data must be relevant and limited to what is strictly necessary to fulfill the purpose of the Processing. Confidentiality: The processing of personal data must be based on due confidentiality and secrecy; that is, it must not be processed or communicated for a purpose other than that for which it was collected, unless one of the grounds that enable further processing exists, in accordance with the legitimate processing conditions set forth in the LOPDP. To this end, the Data Controller will adapt technical and organizational measures to comply with this principle. Retention principle: Personal Data will be retained for no longer than necessary to fulfill the purpose for which it is processed. To ensure that Personal Data is not retained longer than necessary, the Data Controller has established deadlines for its deletion or periodic review. Extended retention of Personal Data will only be carried out for archiving purposes in the public interest, scientific, historical, or statistical research, provided that appropriate and necessary guarantees of security and protection of Personal Data are established to safeguard the rights provided for in the LOPDP (Legal Data Protection Act). Principle of proactive and demonstrated accountability: The Data Controller must demonstrate that it has implemented mechanisms for the protection of Personal Data; that is, compliance with the principles, rights, and obligations established in this LOPDP. To this end, in addition to the provisions of applicable regulations, it may use standards, best practices, protection codes, certification systems, Personal Data protection seals, or any other mechanism deemed appropriate for the purposes, the nature of the Personal Data, or the risk of processing. The Data Controller is required to account for the processing of Personal Data to the Data Subject and to the Personal Data Protection Authority. The Data Controller must continuously and permanently evaluate and review the mechanisms it adopts to comply with the principle of accountability, in order to improve its effectiveness in applying the LOPDP .
Job Candidates: Personal Data; Banking Information; and Academic and Professional Information. Job Applicants' Personal Data is collected through resumes and cover letters submitted by Job Applicants, through social media, physical forms, WhatsApp interactions, email exchanges, and phone calls. Additionally, information is collected through the LYRA form to exercise the rights established in the LOPDP. Clients: Identification Data; Personal Data; and Banking Data. Customer Personal Data is collected through LYRA forms located on the company's website, as well as through social media, WhatsApp interactions, email exchanges, phone calls, and event forms. Additionally, information is collected through the LYRA form to exercise the rights established in the LOPDP. Collaborators: Personal Data; Banking Data; Academic and Professional Data; and Sensitive Data. Employees' Personal Data is collected through Employee Registration Forms, Employment Contracts, direct communications with the Human Resources department, and through biometric capture and facial recognition technologies. Additionally, information is collected through the LYRA form to exercise the rights established in the LOPDP. Suppliers: Identification Data and Banking Data. Suppliers' Personal Data is collected through social media, WhatsApp interactions, email exchanges, and phone calls. Additionally, information is collected through the LYRA form to exercise the rights established in the LOPDP. Visitors: Identification data Personal Data is collected through access logs to LYRA facilities .
Job Candidates Purpose of Processing: Management of the relationship with job candidates at LYRA. Bases of Legitimation: Consent of the Owner and Legitimate Interests of the Controller . Customers: Purpose of Processing: Customer relationship management, including, but not limited to, service provision, customer service, and business management. Bases for Legitimation: Execution of a Contract, Consent of the Owner and Legitimate Interests of the Controller . Collaborators: Purpose of Processing: Management of the employment relationship, including, but not limited to, recruitment, payroll administration, training, and professional development. Bases for Legitimation: Execution of a Contract, Compliance with Legal Obligations and Legitimate Interests of the Controller . Suppliers: Purpose of Processing: Management of the relationship with suppliers, including, but not limited to, the contracting of services and administrative management. Bases for Legitimation: Execution of a Contract, Compliance with Legal Obligations and Legitimate Interests of the Controller . Visitors: Purpose of Processing: Safety of people and property on LYRA premises. Basis for Legitimation: Legitimate Interests of the Controller.
Data Subjects' refusal to provide the requested Personal Data may prevent LYRA from providing services or fulfilling contractual and legal obligations. In such a case, Personal Data Subjects may not be able to benefit from certain services or benefits offered by LYRA. Furthermore, the provision of incorrect or inaccurate Personal Data by Data Subjects may negatively affect the provision of services and the contractual relationship with LYRA. In situations where inaccurate or erroneous Personal Data prevents the Data Subject from being correctly identified or contacted, LYRA shall not be liable for any harm or inconvenience this may cause. Data Subjects shall also be liable for any damage or harm that the provision of incorrect or false data may cause to LYRA or third parties .
LYRA has a simple and free procedure for addressing the rights of Personal Data Subjects contemplated in the LOPDP, including: Right of Access: To know and obtain access to all your Personal Data and information about its Treatment. Right to Rectification and Update: Correct, update and rectify your inaccurate or incomplete Personal Data. Right to Erasure: Request the erasure of Personal Data when: the processing does not comply with the principles established in the LOPDP; the processing is not necessary or relevant for the fulfillment of the purpose; the Personal Data has fulfilled the purpose for which it was collected or processed; the retention period for Personal Data has expired; the processing affects fundamental rights or individual freedoms; you revoke the consent given or indicate that you have not granted it for one or more specific purposes, without any justification; or there is a legal obligation. Right to Object: Oppose or refuse the processing of personal data when: the fundamental rights and freedoms of third parties are not affected, the law allows it and it is not public information, of public interest or the processing of which is ordered by law; the processing of Personal Data is for direct marketing purposes, the interested party shall have the right to object at any time to the processing of Personal Data concerning him or her, including profiling, in which case the Personal Data will no longer be processed for such purposes; when his or her consent is not required for the processing due to the concurrence of a legitimate interest, and it is justified by a specific personal situation of the Owner, unless a law provides otherwise. LYRA will stop processing Personal Data in these cases, unless it demonstrates compelling legitimate grounds for processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. Right to Data Portability: To receive your Personal Data in a compatible, up-to-date, structured, common, interoperable, and machine-readable format, preserving its characteristics; or to transmit it to other data controllers. You may request that LYRA transfer or communicate your Personal Data to another data controller as soon as technically feasible, without LYRA being able to invoke any order to prevent access, transmission, or reuse of data by the Data Controller or another data controller. Once the data transfer is complete, LYRA will delete the data, unless the Data Controller requests its retention. The data controller who has received the information will assume the responsibilities contemplated in the LOPDP (Spanish Data Protection Act). For this right to be exercised, at least one of the following conditions must be met: the Data Subject must have given their consent for the Processing of their Personal Data for one or more specific purposes. The transfer or communication will be made between controllers of Personal Data when the operation is technically feasible; otherwise, the Personal Data must be transmitted directly to the Data Subject; the Processing must be carried out by automated means; a significant amount of Personal Data must be involved, according to the parameters defined in the LOPDP Regulations; or the Processing is necessary for the fulfillment of obligations and the exercise of rights of the Controller or Processor of Personal Data, or of the Data Subject in the areas of labor law and social security. This right will not apply when it involves information inferred, derived, created, generated or obtained from the analysis or processing carried out by LYRA based on the Personal Data provided by the Data Subject. Therefore, LYRA will take the necessary actions to address, in a timely manner and within the timeframes established by law, all requests and requirements related to these rights. Right to Suspension: Obtain suspension of the processing of Personal Data when any of the following conditions apply: when the Data Subject contests the accuracy of the Personal Data, while LYRA verifies its accuracy; the Processing is unlawful and the Data Subject opposes the erasure of the Personal Data and requests instead the restriction of its use; LYRA no longer needs the Personal Data for the purposes of the Processing, but the Data Subject requires them for the establishment, exercise, or defense of legal claims; and when the Data Subject has objected to the Processing pending verification whether the Controller's legitimate grounds override those of the Data Subject. LYRA may process Personal Data that has been the subject of the Data Subject's exercise of this right only in the following circumstances: for the establishment, exercise, or defense of legal claims, in order to protect the rights of another natural or legal person; or for reasons of important public interest. Right of Withdrawal: You may withdraw your consent to the processing of your Personal Data at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent prior to its withdrawal. LYRA may reject certain requests when the disclosure of the information or the nature of the request could jeopardize or hinder ongoing judicial or administrative proceedings, among other situations. You can exercise these rights using our Rights Exercise Form or by sending a request to the following email address: hello@svgroup.ec.
Personal Data processed by LYRA will only be transferred or assigned to third parties for the fulfillment of related purposes in accordance with Personal Data protection legislation. Where applicable, the express, free, unequivocal, and informed consent of the data subject will be obtained. Such consent will not be required in the cases permitted by Personal Data protection regulations. In addition to the foregoing, LYRA will not transfer or communicate the Information to third parties except in the following cases: when necessary for the purpose for which the information was collected; when your prior and express consent is obtained at the time of collecting the Information; when consent is not required; when the Information is required by public entities within the scope of their powers and in the exercise of their functions and attributions; when the information is requested pursuant to court orders or legal provisions; when access to the Information is provided by auditors, lawyers and other professionals in the exercise of their functions, who are obliged to maintain professional secrecy; when the data has been collected from publicly accessible sources, provided that it complies with the purpose of said data in accordance with the corresponding legislation; when the Processing responds to the free and legitimate acceptance of a legal relationship between the Controller and the Owner, the development, fulfillment and control of which necessarily imply the connection of said Processing with a Database; When the communication takes place between Public Administrations and is intended for the subsequent processing of data for historical, statistical, or scientific purposes, provided that said data is duly dissociated or at least anonymized; when the communication of personal data relating to health is necessary to resolve an emergency involving the vital interests of the data subject and the data subject is unable to give consent; and when the communication of Personal Data is necessary to conduct epidemiological studies of public interest, in compliance with international standards on human rights .
LYRA will only collect and process Sensitive Information and/or Data when strictly necessary, respecting the principles of purpose and proportionality and in accordance with the assumptions that enable the processing of Sensitive Data in accordance with the LOPDP.
LYRA has adopted technical and organizational measures to ensure the protection of the Personal Data it processes. These measures have been implemented taking into account the sector in which LYRA operates, the context of the processing of Personal Data, and the volume of Personal Data processed and stored on the company's servers and physical files. In the event of an incident, LYRA will notify the Data Protection Authority.
Whenever LYRA entrusts the processing of a database to a third party, or allows third parties to access its databases for the provision of a specific service, the following specifications must be taken into account: a) All data processing carried out by a third party other than LYRA will be regulated by a contract, expressly establishing that the data processing will be carried out following LYRA's instructions and that the information will only be processed for the purposes authorized or established in the contract, so that the person in charge will not use it for a different purpose, nor will it improperly communicate it to other people. b) The contract must stipulate the security measures that the Data Processor is obliged to implement, such as the return or destruction of the data once the assignment has been completed. c) The contract will establish that in case of non-compliance, the offender will be liable to the Owner and to the authorities for any unauthorized processing or use of the Information. d) If the Data Processor needs to subcontract with third parties to provide part of the services it is obliged to offer, it must have prior authorization from LYRA and this will only proceed provided that the subcontractor assumes the same obligations as the Data Processor. confidentiality obligations regarding the information to which the Controller has access, and these obligations will remain in force even after the end of the contract term .
LYRA will proceed to delete the Personal Data from its records once the Information Processing has been completed, the principle of purpose has been met, and there is no legal mandate or reason that justifies the conservation of the Information. Alternatively, dissociation, anonymization , or equivalent processes may be applied when, for commercial, statistical, or market analysis reasons, the convenience of retaining the information is justified .
If you have any questions, queries, would like to exercise your rights, or any other reason, you can contact us directly by email at this address: hello@svgroup.ec , or at the following address: km 1.5 of the Samborondón road, Xima building , 2th floor 209 Office, Samborondón, Ecuador.
The Policy will be reviewed periodically in accordance with LYRA's business activities and strategic objectives. It may also be adjusted in response to legal or regulatory changes or decisions by the Competent Authority. Last updated: December 31, 2024