Welcome to Lezar. We develop and advise the most promising projects currently shaping the Web 3.0.
The “Website” means Lezar' website (including related platforms and subdomains), and the “Services” means Lezar' products and services, in each case in whatever format they may be offered now or in the future.
Lezar is a simplified joint stock company with a capital of 5000 euros.
The main activity of the company is business consulting and support of companies in the field of Web 3.0.
The head office of the company is located at 379 carrer de Rossello, 08025 Barcelona.
Registration to the trade and companies register
Lezar is registered in the Spanish Trade and Companies Register under the number NIF : B10668697.
Intra Community VAT number
The company acts under the intra-community VAT number ESB10668697.
Details of the site host
The Lezar website is hosted by the company Amazon Technologies Inc. at the address lezar-studio.com (Gandi servers)
The contact information and modules of the site host can be found at the adress : https://aws.amazon.com/fr/contact-us/
The entire content present on the lezar-studio.com website is the property of the company Lezar SAS.
The content of the website is composed by :
- the images
- the illustrations
- the photographs
- the texts
- the 3D models
The above list of elements is not exhaustive and may be modified later.
The use of any document coming from the lezar-studio.com website is authorized only for information purposes for a private and personal use. Any reuse, reproduction, retranscription, modification that could be made for other purposes is expressly forbidden without prior written authorization from the company.
“Client” means the Party (or Parties) signatory (or signatories) of the engagement letter or contract with Lezar and beneficiary (or beneficiaries) of the Services.
“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
“Data Subject” means any identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to the person’s physical, physiological, mental, economic, cultural or social identity.
“Personal Data” means any information relating to an identified or identifiable Data Subject.
“process,” “processes,” “processing,” and “processed” shall mean any operation or set of operations that is performed upon Personal Data or on sets of Personal Data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, transfer, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, restriction, erasure or destruction.
“Processor” means a natural or legal person which processes personal data on behalf of the Controller, pursuant to specific and written instructions.
“Sensitive Personal Data” means Personal Data: revealing information as to a Data Subject’s racial or ethnic origin, political opinions, religious or philosophical beliefs, offences, criminal convictions, criminal history, trade union membership, genetic data, biometric data, health, sex life or sexual orientation.
“Services” means services to be delivered by Lezar to Client under the terms and conditions set forth in an engagement letter or contract.
This Privacy Notice only applies to Personal Data which are processed by or on behalf of Lezar.
Lezar processes Personal Data fairly and lawfully in accordance with Applicable Data Protection Laws.
This Privacy Notice should not conflict with Applicable Data Protection Laws in France.
Principles for Handling Personal Data as a Controller
Where Lezar collects Personal Data directly from Data Subjects, Lezar will provide those Data Subjects with information about how Lezar processes their Personal Data to the extent necessary to ensure that processing is fair and lawful. In circumstances where Lezar Clients transfer Personal Data to Lezar, the company shall not be obliged to inform Data Subjects on the type of Personal Data processing made by Lezar in connection with the Services.
Data minimization and accuracy
Where we act as controller, we will ensure that Personal Data is accurate and where necessary, kept up to date. The Personal Data we hold must be adequate, relevant and not excessive for the purposes for which they are transferred between Lezar entities and should only be retained for as long as necessary for the purposes of the processing. Where we act as a processor of Personal Data on behalf of a Client, we will, at the Client’s request, put in place reasonable measures to have that data updated, corrected, anonymized or deleted (subject to certain limited exceptions).
Legal basis of Processing
The Applicable Data Protection Laws allow us to process Personal Data so long as we have a ground under the law to do so. It also requires us to tell you what those grounds are. As a result, when we process your Personal Data, we will rely on one of the following processing conditions:
- Performance of a contract: this is when the processing of your Personal Data is necessary in order to perform our obligations under a contract;
- Legal obligation: this is when we are required to process your Personal Data in order to comply with a legal obligation such as keeping records for tax purposes or providing information to a public body or law enforcement agency;
- Legitimate interest: we will process information about you where it is in our legitimate interest in running a lawful business to do so in order to further that business, so long as it doesn’t outweigh your interest;
- Your consent: in some cases, we will ask you for specific permission to process some of your Personal Data, and we will only process your Personal Data in this way if you agree to us doing so. You may withdraw your consent at any time by writing to the following mail address : firstname.lastname@example.org
We only collect “sensitive” data when the relevant individuals voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards.
Lezar will only process Personal Data for the purposes (i) set out in the engagement letter or contract entered between Lezar and its Client or provider or in any notice made available to the relevant Data Subjects which are relevant to Lezar; (ii) as required by law; (iii) for the pursuing of Lezar’ legitimate interests, (iv) for public interests or (v) where consented to by the relevant Data Subjects.
Examples of the ‘legitimate interests’ referred to above are:
- To prevent fraud or criminal activity and to safeguard our IT systems, assets and places of work.
- To meet Lezar’ corporate and social responsibility obligations.
- To exercise our fundamental rights in the EU under Articles 16 and 17 of the Charter of Fundamental Rights, including our freedom to conduct a business and right to property.
- To benefit from cost-effective services (e.g. Lezar may opt to use certain IT platforms offered by suppliers).
Data quality and proportionality
Personal Data shall be kept accurate and where necessary, up to date. The Personal Data Lezar holds must be adequate, relevant and not excessive for the purposes for which they are processed and shall only be retained for as long as necessary for the purposes of the relevant processing. Lezar applies its policies relating to the retention of documents in compliance with the law, regulatory requirements and other requirements related to its business. These policies apply to any document or file, in physical or electronic forms. After expiry of the retention period, documents and files are securely deleted in compliance with standards applicable to our line of business and our policies.
Security and confidentiality
Reasonable precautions must be taken to secure Personal Data against accidental or unlawful destruction or loss, alteration, unauthorized disclosure or access. These precautions include technical, physical and organizational security measures, such as measures to prevent unauthorized access, that are commensurate with the sensitivity of the information and the level of risk associated with the processing of the Personal Data.
Data Subjects’ rights
Data Subjects shall have access to their Personal Data that is held by Lezar, where those requests (i) are reasonable and permitted by law, (ii) do not violate our ethical obligations and (iii) do not conflict with our professional obligations or any other obligation of confidentiality. Lezar agrees to rectify, amend, or delete Personal Data upon request where it is inaccurate or where it is being used contrary to these key principles, and to the extent that those rights are not subject to any limitation under applicable regulation.
Data Subjects shall be able to object to the processing of their Personal Data if there are compelling legitimate grounds relating to their particular situation, to the extent required and permitted by Applicable Data Protection Laws. Data Subjects have also a right to data portability pursuant article 20 of the General Data Protection Regulation, as well as the other rights provided by Applicable Data Protection Laws.
Sensitive Personal Data
Where Lezar process Sensitive Personal Data, it will take such additional measures (e.g., relating to security) as are necessary to protect such Sensitive Personal Data in accordance with Applicable Data Protection Laws.
We only collect Sensitive Personal Data when the relevant individuals voluntarily provide us with this information or where such information is required or permitted to be collected by law or professional standards.
Data used for marketing purposes
Where Lezar processes Personal Data for the purposes of direct marketing, Lezar will have effective procedures allowing Data Subjects at any time to “opt-out” from having their Personal Data used for such purposes.
Where Lezar processes Personal Data on a purely automated basis that has a significant impact on a Data Subject, Lezar shall give the Data Subject the opportunity to discuss the output of such processing before making those decisions (save to the extent otherwise permitted under Applicable Data Protection Laws).
Information transfer and compliance
Within the global network of Lezar, Personal Data may be transferred outside the country in which it was collected, including countries outside of the European Economic Area, for legitimate business activities in accordance with Applicable Data Protection Laws. In addition, in accordance with Applicable Data Protection Laws, Lezar may store Personal Data in facilities operated by third parties on behalf of Lezar outside the country in which the Personal Data was collected.
Nevertheless, Personal Data must not be transferred to another country unless the transferor has assurance that an adequate level of protection is in place in relation to that Personal Data as required under Applicable Data Protection Laws.
Lezar will ensure that where Personal Data is transferred to third parties outside of the Lezar network for processing (for example to Lezar’ service providers to support Lezar’ business), it is only done where the Personal Data is adequately protected. Lezar will achieve this by entering into written agreements with third parties which impose obligations that reflect the requirements of this Privacy Notice or using Standard Contractual Clauses approved by the European Commission (such as Standard Contractual Clauses for Data Controllers 2004/915/EC or Standard Contractual Clauses for Data Processors 2010/87/EU or any subsequent version) or any other mechanism officially recognized by Applicable Data Protection Laws as ensuring an adequate level of protection of Personal Data.
Acting as a Processor
Lezar will be “Processor” where it processes Personal Data on behalf of a “Controller” who instructs him how it can use the Personal Data. Where Lezar acts in a capacity as a Processor of Personal Data on behalf of Clients, it shall act in accordance with the instructions of the Controller of such Personal Data.
Lezar may be Processor on those Client engagements where Client provides specific instructions on (i) which type of Personal Data provided by Client to Lezar shall be processed by Lezar, (ii) which operation or set of operations shall be performed by Lezar on Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction, (iii) for which duration Personal Data shall be processed and stored by Lezar, (iv) which technical means (such as software or tools) Lezar shall use to process Personal Data on behalf of Client, (v) what additional security measures shall be taken by Lezar.
If complying with such instructions is not possible for any reason (for example due to a conflict with current or future legislation), Lezar will promptly inform the Client of its inability to comply with its instructions.
When Lezar ceases to act on behalf of a Client, it will (at the Client’s option) return, destroy or continue to properly protect all Personal Data it had received from that Client, save as provided otherwise under applicable law.
Save as specifically provided otherwise in the engagement letter or contract entered between Lezar (Processor) and Client (Controller), Lezar is authorized to (i) use any technical means it finds suitable to provide the Services and process Personal Data (such as selecting appropriate software solutions) all in accordance with the Lezar security policies, (ii) engage sub-Processors to provide parts of the Services, access and use Personal Data, including outside the European Union, provided that sub-Processors are bound by written agreements that require them to provide at least the level of Personal Data protection required by this Privacy Notice, and subject to principle 10-“Information transfer and compliance” above.
Where Lezar acts as such a Processor, it also has a duty to help Client to comply with the law (subject to the Client meeting the Lezar’ related costs and expenses), for example (i) by informing the Client about the processing activities that Lezar carry out so that it may inform the relevant Data Subjects; (ii) at the Clients request putting in place reasonable measures to have that Personal Data updated, corrected, anonymized or deleted (subject to certain limited exceptions); and (iii) sending to the Client any requests they receive from Data Subjects for access to their Personal Data that Lezar holds, so that the Client may respond to those Data Subjects.
Where acting as such a Processor of Personal Data, Lezar will in any event treat such Personal Data in accordance with the above paragraphs relating to security and confidentiality and information transfer and compliance, only transfer Personal Data where the Client has agreed to such a transfer (which it may do in advance under the terms of engagement with Lezar) and inform the Client if there is serious breach of security in relation to Personal Data so that it can inform the Data Subjects concerned, where necessary.
Retention period for which data will be stored or the criteria used to determine this period
We make reasonable efforts to retain Personal Data only for so long as the information is necessary to comply with an individual’s request, as necessary to comply with legal, regulatory or internal policy requirements or until that person asks that the information be deleted.
Recipients or categories of recipients of Personal Data
We do not share Personal Data with third parties, except as necessary to our legitimate professional and business needs to carry out your request and/or as required or permitted by law or professional standards. This would include:
- Our service providers: We transfer Personal Data to our third-party service providers such as our IT systems providers. Lezar works with such providers so they can process your Personal Data on our behalf. Lezar will only transfer Personal Data to them when they meet our strict standards on the Processing of data and security. We only share Personal Data that allows them to provide their services.
- If we are reorganized or sold to another organization: Lezar will typically also disclose Personal Data in connection with sale, assignment or other transfer of the business to which the data relates.
- Courts, tribunals, law enforcement or regulatory bodies: Lezar will disclose Personal Data in order to respond to requests of courts, tribunals, government or law enforcement agencies where it is necessary or prudent to comply with applicable laws, court or tribunal orders or rules, or government regulations.
- Audits: disclosure of Personal Data will also be needed for data privacy or security audits and/or to investigate or respond to a complaint or security threat;
Your Rights, Complaints, Questions and Additional Information
Lezar is committed to the protection of your personal information.
If Lezar processes Personal Data about you, you have the following rights:
- Access and correction: you have the right to access your Personal Data. This will be done by addressing an email with the subject “Subject Access Request” to the address email@example.com. If we agree that we are obliged to provide personal information to you, we will provide it to you free of charge. Before providing personal information to you, we may ask for proof of identity and sufficient information about your interactions with us that we can locate your Personal Data. If the information we hold about you is incorrect, you are entitled to ask us to correct any inaccuracies in the personal information.
- Object to Processing: you have the right to object to us processing your Personal Data if we are not entitled to use it any more
- Other rights: in addition, you may have the rights to have your personal Data deleted if we are keeping it too long, have its processing restricted in certain circumstances and/or to obtain copies of information we hold about you in electronic form.
You also have a right to data portability, a right of giving instructions regarding your data in the event of death, a right to limit the processing, and a right to erasure.
You may exercise your rights and request a copy of the suitable safeguards implemented in the event of transfer outside the European Economic Area, by using the mail address mentioned above. We will make all reasonable and practical efforts to comply with your request, so long as it is consistent with applicable law and professional standards.
We will acknowledge your email and seek to resolve your concern within one month of receipt. Where the concern is complex or we have a large volume of concerns, we will notify you that the concern will take longer than one month to resolve, and we will seek to resolve your concern within three months of the concern being first raised.
We may accept your request (in which case we will implement one of the measures mentioned in the section "Data Subjects’ rights" above) or reject it on the basis of legitimate reasons.
In any event, you always have the right to lodge a complaint with the French Data Privacy Regulatory Authority, the Commission Nationale de l’Informatique et Libertés (CNIL).
If you have questions or comments regarding compliance with the present Privacy Notice, please contact our Data Protection Officer at firstname.lastname@example.org.
In this policy we use the term “cookies” to refer to cookies and other similar technologies covered by the EU Directive on privacy in electronic communications.
What is a cookie?
A cookie is a small piece of data that a website asks your browser to store on your computer or mobile device. The cookie allows the website to "remember" your actions or preferences over time.
Most Internet browsers support cookies; however, users can set their browsers to decline certain types of cookies or specific cookies. Further, users can delete cookies at any time.
What types of cookies do we use?
Session cookies are temporary cookies that are used to remember you during the course of your visit to the website, and they expire when you close the web browser.
Persistent cookies are used to remember your preferences within the website and remain on your desktop or mobile device even after you close your browser or restart your computer. We use these cookies to analyze user behavior to establish visit patterns so that we can improve our website functionality for you and others who visit our website(s). These cookies also allow us to serve you with targeted advertising and measure the effectiveness of our site functionality and advertising.
How are third party cookies used?
How do I reject and delete cookies?