Joint Controller Agreement
JOINT CONTROLLERSHIP AGREEMENT – EXTRACT
This is an excerpt from the joint controller agreement in force between the companies of L&S Group listed below. The purpose of this document is to make available to the Data Subject the essence of the joint controllership agreement, pursuant to article 26 paragraph 2 GDPR.
JOINT CONTROLLERSHIP AGREEMENT
BETWEEN
L. & S. Italia S.p.A. – a sole shareholder company –
L&S Lighting Corporation – a sole shareholder company –
L&S Deutschland GmbH – a sole shareholder company –
LS Lightning (Shanghai) Co., Ltd. – a sole shareholder company –
FLUX s.r.l. – a sole shareholder company –
Visplay GmbH – a sole shareholder company –
Visplay Inc – a sole shareholder company –
Visplay Ltd. – a sole shareholder company –
Visplay SAS – a sole shareholder company –
(hereinafter jointly referred to as the “Joint Controllers” or the “Parties”)
1. Recitals and considerations
The recitals form an integral and substantial part of this Agreement.
2. Subject matter of the Agreement
This Joint Controllership Agreement aims to regulate the scope of action and the responsibilities of the Joint Controllers with regard to compliance with the obligations arising from Regulation (EU) 2016/679 (GDPR), including relations with the categories of data subjects whose data will be processed.
In particular, this Agreement is intended to define the duties of the Joint Controllers in relation to the activities attributable to each of them and, within the context of the project, applies exclusively to entities that play an active role in terms of personal data processing.
3. Parties involved in the project
In their capacity as Joint Controllers and parties to this Agreement, the Parties jointly determine the purposes and means of the processing within the framework of the Group CRM project.
The Joint Controllers shall be jointly and severally liable towards data subjects for any damage arising from the processing, without prejudice, in their internal relations, to the liability of each controller for the activities directly attributable to it.
4. Categories of data processed and purposes of processing
4.1 Categories of data processed
Within the framework of the Group CRM project, the following data shall be collected:
- Common data (data necessary for the performance of an existing contract or data preparatory to the conclusion of such contract) relating to Customers and Prospective Customers;
- Common data (contact details) relating to Newsletter subscribers;
- Personal data voluntarily provided through the optional sending of messages to the contact addresses published on the websites and to any social media profiles/pages, as well as through the completion and submission of contact forms, including the sender’s contact details necessary to provide a response, as well as any personal data contained in such communications;
4.2 Purposes of processing
Subject to the obtaining of specific and prior consent (where required), data shall be processed for the following purposes:
- Establishment and performance of contractual relationships with Customers and Prospective Customers;
- Management of commercial and marketing activities, aimed at identifying new customers and promoting products or services suitable to meet their needs, including through the creation of sales networks, distribution channels, and promotional and advertising initiatives;
- Assessment of customer satisfaction levels and preparation of statistics for internal use (legitimate interest of the Controller relating to the management and monitoring of internal quality standards);
- Upon the Data Subject’s express request, subscription to the Group newsletter, which may contain informational, promotional and/or commercial content;
- Management of the Group’s websites, depending on the services activated on each website;
- Management of the various categories of cookies used;
- Handling of requests for information and of reports/notifications of any kind, including those submitted through contact forms;
- Management of any newsletter subscription forms.
5. Joint controllership of the processing
The Joint Controllers jointly process the data of the data subjects (natural persons), as described below, in order to ensure more effective management of the activities aimed at the implementation of the project.
| JOINT CONTROLLERS | ACTIVITIES |
|---|---|
| All Joint Controllers |
|
| L. & S. Italia S.p.A. | Maintenance of the technological components of the website, management of the newsletter service, information notices pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 |
| L. & S. Italia S.p.A. |
|
6. Summary table of the data processed, purposes and methods of processing
| TYPE OF PROCESSING AND/OR RELATED DATABASE | PURPOSES OF PROCESSING | DATA RETENTION PERIODS | PERSONAL DATA | CATEGORIES OF DATA SUBJECTS |
|---|---|---|---|---|
| Group CRM | Establishment and performance of contractual relationships with Customers and Prospective Customers Management of commercial and marketing activities, aimed at identifying new customers and promoting products or services suitable to meet their needs, including through the creation of sales networks, distribution channels, promotional and advertising initiatives Assessment of customer satisfaction levels and preparation of statistics for internal use (legitimate interest of the Controller relating to the management and monitoring of internal quality standards) | Retention period established based on contractual, civil and tax obligations (pursuant to Articles 2220 and 2946 of the Italian Civil Code) or other applicable sector-specific regulations, without prejudice in any case to compliance with the requirements of Article 5(1)(e) of Regulation (EU) 2016/679 | Common data | Customers and Prospective Customers |
| Group NEWSLETTER | Upon the Data Subject’s express request, subscription to the Group newsletter, which may contain informational, promotional and/or commercial content | Contact details are deleted in the event of prolonged inactivity (failure to open the newsletter) for at least 24 months and, in any case, upon request for unsubscription | Common data | Users, Leads, Prospects and Prospective Customers |
| Group WEBSITE |
|
|
Common data | Users, Leads, Prospects and Prospective Customers |
7. Additional obligations
7.1 Privacy information notice
The Joint Controllers jointly undertake to provide, at the time of data collection, the information required under Articles 13 and 14 of Regulation (EU) 2016/679 and applicable national legislation.
7.2 Exercise of Data Subject rights
All requests relating to the exercise of the rights provided for under Articles 15–22 of Regulation (EU) 2016/679 shall be managed, on behalf of and in the interest of all Joint Controllers, by L. & S. Italia S.p.A., with registered office at Viale L. Zanussi, 8 – 33070 Maron di Brugnera (PN), Italy – Tel. +39 0434 616611 – e-mail: privacy@ls-light.com , under the supervision of the Data Protection Officer (DPO), who may be contacted at the following e-mail address: rpd@legalmail.it , within the limits and under the conditions set out in the relevant appointment.
The Joint Controllers are therefore required to forward any requests for the exercise of data subject rights received to L. & S. Italia S.p.A. and to cooperate with the same in the management of such requests.
7.3 Personal Data Breach
Any Personal Data Breach shall be managed on a case-by-case basis, identifying, depending on the circumstances, which Joint Controller is required to notify which supervisory authority, with L. & S. Italia S.p.A. acting as the primary coordinator.
Each Joint Controller shall therefore promptly inform L. & S. Italia S.p.A. of any data breach events, in order to allow a joint assessment and any required notifications to the Supervisory Authorities and to the data subjects.
For integral confirmation and acceptance
Brugnera, 11.02.2026