Privacy policy
LIGHTSPEED PRIVACY POLICY
Welcome! At Lightspeed, we believe that protecting your Personal Data is very important. In this Privacy Policy we want to explain to you what we do with the Personal Data that Lightspeed POS Inc. and all its affiliates (hereafter referred to as “Lightspeed”, or “we” or “us” or “our”) receives or collects. If you are a Subscriber, this Privacy Policy is incorporated by reference into the Lightspeed Service Agreement between you and Lightspeed, as is our data processing agreement located here: http://www.lightspeedhq.com/dpa (the “Data Processing Agreement”).
TABLE OF CONTENTS
I. |
Interpretation………………………………………………………………………………………. |
1 |
II. |
Information that we Collect from you………………………………..…………………. |
2 |
A. |
Personal Data that you Provide to Lightspeed………………….…………………… |
2 |
B. |
Information that Lightspeed may Collect Independently from you………… |
4 |
III. |
How we Use the Information that we Collect………………….……………….…… |
5 |
A. |
Why do we Collect your Personal Data? ………………….……………………………. |
5 |
B. |
Do we Disclose your Personal Data? ………………….…………………………………. |
5 |
C. |
What Kinds of Personal Data have we Disclosed? …………………………………. |
7 |
D. |
Do we Sell your Personal Data? ………………….………………….…………………….. |
8 |
IV. |
How do we Protect your Personal Data? ………………….………………………….. |
8 |
A. |
Location of Personal Data………………….………………….……………………………… |
8 |
B. |
Retention of Personal Data………………….………………….……………………………. |
8 |
C. |
Privacy Shield………………….………………….…………………………………………….…. |
9 |
V. |
Your Rights in Relation to your Personal Data………………….……………………. |
9 |
A. |
What are my Rights? ………………….………………….………………….…………………. |
9 |
B. |
How can I Invoke my Rights? ………………….………………….…………………………. |
10 |
VI. |
Country-Specific Rules………………….………….…….………………….………………… |
11 |
A. |
For Canadian Visitors and Subscribers………………….………………………………. |
11 |
B. |
Electronic Messages to Canadians………………….………………….…………………. |
11 |
VII. |
General Matters………………….………………….………………….………………………… |
11 |
A. |
Changes to the Privacy Policy………………….………………….………………………… |
11 |
B. |
Contacting us………………….………………….………………….…………………………….. |
11 |
C. |
Privacy Shield: Dispute Resolution………………….………………….………………… |
12 |
- Interpretation
This privacy policy applies only to the following persons (collectively “you” or “your”):
Visitors means any person who visits lightspeedhq.com, as well as any other websites that Lightspeed uses and where a link to this Privacy Policy is included, such as websites created for contests or promotional purposes (the “Websites”);
Subscribers means any individual person, including a business owner, who is subscribed to the Lightspeed software services or otherwise purchases services from Lightspeed (the “Services”), either through a paid subscription or a trial; and
End-Users means any person whose Personal Data is processed using the Services, including a Subscriber’s customers.
Definition of Personal Data
When we use the term Personal Data, we mean any information that relates to an identified or identifiable natural person. This includes the obvious data such as a name, home address, email address and phone number, but it includes IP-address and data specific to the physical, physiological, genetic, economic, cultural or social identity of natural persons. To clarify, we do not consider information about a business, such as its name or physical address, to be Personal Data.
Third-Party Websites
This Privacy Policy does not apply to any third-party websites, products or services, even if they are accessible through Lightspeed’s Websites or Services. The linking to a third-party website, service or application is subject to the terms and conditions of such website, service or application.
Responsibility of our Subscribers
Subscribers are responsible for complying with all applicable laws and regulations concerning the Personal Data of End-Users they process when using our Services, including the Personal Data customers and employees of Subscribers. Such processing of Personal Data shall not be governed by this Privacy Policy but by the applicable agreement and privacy policy of Subscribers. Our role in relation to the processing of such Personal Data on behalf of our Subscribers is governed by the terms of our Data Processing Agreement.
We process Personal Data of our Subscribers’ End-Users only as instructed by these Subscribers or in accordance with this Privacy Policy. If you are an End-User who interacts with a Subscriber using our Services and would either like to amend your information or no longer wish to be contacted by one of our Subscribers, please contact the Subscriber directly.
Children
Our Websites and Services are not directed to children under 16, and we do not knowingly collect or store any Personal Data about persons under the age of 16. If we learn that we have collected Personal Data of a child under 16, we will take steps to delete such information from our files as soon as practicable. We do not sell Personal Data of children under the age of 16.
II. Information that we Collect from you
A. Personal Data that you Provide to Lightspeed
When you use our Websites to download a whitepaper, request a trial or ask for any other information, you will be asked to provide contact details which we will then use to deliver the requested information/service.
If you are using or accessing our Services, whether in connection with a paid subscription, a free trial or purchased service, we may ask for specific information, such as your name,
address, e-mail address and phone number for us to be able to perform our obligations under the terms of these Services. In addition, we may need your payment details to be able to process the payment of your subscription fee or purchase price.
Finally, Subscribers have the ability to provide Personal Data of End-Users and other third parties by inputting such Personal Data into the Services. This transfer of Personal Data to Lightspeed may happen when, for instance, Subscribers use the Services to process a transaction. Below are the categories of Personal Data that Lightspeed has collected from Visitors, Subscribers and End-Users in the past twelve (12) months:
Category of Personal Data |
Source of Collection |
Purpose for Collection |
First and last name |
Lightspeed Websites |
To provide Visitors with requested information or product demonstrations |
Subscriber account creation process |
To create Subscriber’s Lightspeed account |
|
Standard use of the Services |
To process transactions for Subscribers and End-Users |
|
Contact information (email address, phone number, home or business address) |
Lightspeed Websites |
To provide Visitors with requested information or product demonstrations |
Subscriber account creation process |
To create Subscriber’s Lightspeed account |
|
Standard use of the Services |
To process transactions for Subscribers and End-Users |
|
Language |
Lightspeed Websites |
To redirect Visitors to the appropriate version of Lightspeed’s Website |
Subscriber account creation process |
To create Subscriber’s Lightspeed account |
|
Date of birth |
Subscriber account creation process |
To create Subscriber’s Lightspeed account |
IP address |
Subscriber account creation process |
To create Subscriber’s Lightspeed account |
Standard use of the Services |
To process transactions for Subscribers and End-Users |
|
Geolocation data (excluding nationality) |
Standard use of the Services |
To create Subscriber’s Lightspeed account |
Government identification numbers (e.g. social security numbers) |
Subscriber account creation process |
To create Subscriber’s Lightspeed Payments account |
Category of Personal Data |
Source of Collection |
Purpose for Collection |
Bank account details |
Subscriber account creation process |
To create Subscriber’s Lightspeed account |
Credit bureau |
Subscriber account creation process |
To create Subscriber’s Lightspeed Payments account |
Please note that some Subscribers may choose to use the Services to record some or all of the categories of Personal Data listed above, even though such collection is not strictly required to operate the Services.
B. Information that Lightspeed may Collect Independently from you
Technologies Used by us
As part of our Websites and Services, we use various technologies such as “session” and “persistent” cookies (small data files that we transfer to your computer), web beacons (tiny image files on web pages that communicate information about the page viewer to the beacon owner), log data, and third-party analytics services to collect and analyze information about Visitors, Subscribers and End-Users. Technology is, by its nature, dynamic and ever-changing; the technological tools used today by Lightspeed are therefore subject to modification and replacement in the future.
Session Cookies
We use "session" cookies to keep you logged in while you use our Services, to better understand how you interact with our Services, and to monitor aggregate usage and web traffic information on our Services.
Persistent Cookies
We use "persistent" cookies to recognize you each time you return to our Websites or Services. For example, we create a persistent cookie that includes some basic information about you, like your most recent search. We use this persistent cookie to remember your preferences and, if you create an account, to make your user experience consistent after you register.
Tracking Technologies
Web beacons, tags and scripts may be used on our Websites, our Services, in e-mails or other electronic communications we send to you. These technologies help us in understanding how our Websites and Services are used, what other websites our visitors have visited and when an email is being opened and acted upon.
Log Data
Our servers automatically record information created by your use of the Websites or Services (“Log Data”). Log Data may include information such as your IP address, browser type, operating system, the referring web page, web pages visited, location, your mobile carrier, your computer or mobile device type, search terms and cookie information. We receive Log
Data when you interact with our Websites or Services, for example, when you visit our Websites, sign into our Services, or interact with our email notifications.
Information that we Receive from Third Parties
We may sometimes obtain Personal Data about you from third parties (e.g., Facebook, Twitter, Google) and use it to improve or re-market our Services, or to provide a more tailored experience with our Services.
III. How we Use the Information that we Collect
A. Why do we Collect your Personal Data?
We collect your Personal Data for the following purposes:
- To send you communications or documents you have indicated you wish to receive (such as offers, demonstrations, whitepapers, newsletters, marketing materials);
- To call you to ask you if you have any questions about the products or information that you have requested from us;
- To communicate with you via email, telephone, text (SMS), postal services, social media and websites regarding Lightspeed-related news and inform you about products or services that may be of interest to you, if you allow us to do so;
- To respond to your questions or requests for additional information;
- To set up a trial or regular account for our Services;
- To provide our Services to you;
- To share and exchange reports and information with credit reporting agencies, credit bureaus and/or any other entity connected with the use of our payments processing services; and to use other third party databases (including registries, licensing authorities, identification services, telecom providers) or references provided by you to obtain or verify information about your financial circumstances, background and to identify and detect fraud;
- To manage our customer relationship with you and to provide you with customer support;
- To process payments to us;
- To get a better understanding on how you browse our Websites so that we can optimize your searches;
- To research and analyze your use of or interest in our Services and those products and services offered by others;
- To analyze the effectiveness of our Services;
- To help you find the most relevant information by customizing our Services to optimize your experience;
- To verify your eligibility and deliver prizes in connection with promotions, contests and sweepstakes;
- To perform any additional purposes explicitly described to you at the time of collection and for which we received your
Legal grounds for processing (for individuals residing in European Economic Area (EEA))
If you are an individual residing in the EEA we can only process your Personal Data if we have a lawful ground to do so. Depending on the processing activity, we can process your Personal Data on the following grounds:
- In order to comply with our obligations under an agreement we concluded, for example for the provision of our Services;
- Where you have freely given your active explicit consent have not revoked this consent;
- Where we are pursuing a legitimate interest, which is not outweighed by your fundamental rights or
- Pursuant to legal obligation under EU law or the law of a member state of the EU, or in very exceptional cases to protect your vital
B. Do we disclose your Personal Data?
In the following circumstances, we may choose to share your Personal Data with third parties.
Information that we share with affiliated companies
Lightspeed is a global company consisting of several companies having offices around the world. To do business globally and help improve the Services provided, Lightspeed may share Visitor, Subscriber and End-User Personal Data with its subsidiaries and affiliates. Some of these affiliated companies may be located outside the EEA. If this is the case, we will provide for an adequate level of protection regarding your Personal Data. Otherwise, we will only share your Personal Data at your direction and according to this Privacy Policy.
Information that we share with third parties
We may engage third-party service providers to work with us to administer, provide and improve the Services and the Websites, and these third-party service providers have access to Subscribers’ and/or End-Users’ Personal Data only to perform these services for us. Due to our continuous efforts to improve our Websites and Services, our third-party service providers may change periodically and are too numerous to specify. As an example, we engage with third parties who provide data storage solutions, data security tools, and information management services. In addition, our third-party service providers include our integration partners who contribute to our Services by providing added functionality. A list of our integration partners can be located at https://www.lightspeedhq.com/integrations/. Some of these third-party service providers may be located outside the EEA. If this is the case, we will provide for an adequate level of protection regarding Personal Data. Otherwise, we will only share Personal Data at your direction and according to this Privacy Policy.
Non-Personally Identifiable Information
In order to provide and improve our Services, we may use and disclose to third parties, (for example, our service providers and analytics partners), non-personally identifiable information which we collect, including cookie data and Log Data. This may include Personal Data which has been aggregated and anonymized in such a way that the data cannot be reidentified. We retain the right to use, at our reasonable discretion, any information, in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred.
Social Network Sharing
When you use any social network sharing function in connection with the Services (for example, sharing on Facebook), your sharing activity will be processed through a third party's site or service. These third-party privacy policies, not ours, govern the collection and use of the information collected on those sites or networks, including Personal Data.
User-Generated Content (UGC)
Some parts of our Websites and Services allow Visitors and Subscribers to submit and view UGC. UGC includes such things as posting a question, an answer or a blog post. When you post UGC, other Visitors or Subscribers will be able to see certain information about you, such as your username or handle. You should be aware that any Personal Data you submit in UGC can be read, collected, distributed or used by other Visitors or Subscribers and could be used by third parties to send you unsolicited messages. We are not responsible for the Personal Data you choose to include in the UGC you provide through the Websites or Services.
Protecting Ourselves and our Subscribers
We may release Personal Data when we believe that doing so is appropriate to comply with applicable laws, regulations or legal requests; to enforce or apply our policies and guidelines; to initiate, render, bill, and collect amounts owed to us; to protect our rights or property; to protect the safety of our Subscribers; to address fraud, security or technical issues; to prevent or stop activity that we consider to be illegal or unethical; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay. Without limiting the generality of the foregoing, we may also be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Sale/Merger:
Information about our Subscribers is a business asset of Lightspeed. Consequently, information about our Subscribers, including Personal Data, may be disclosed as part of any merger or acquisition involving Lightspeed, the creation of a separate business to provide some or all the Services, the sale or pledge of Lightspeed’s assets, as well as in the event of an insolvency, bankruptcy or receivership.
C. What Kinds of Personal Data have we Disclosed?
Within the last twelve (12) months, we have disclosed the following categories of Personal Data. We have done so for one of the valid business purposes outlined in this Privacy Policy.
|
Category of Personal Data |
First and last name |
|
Contact information (email address, phone number, home or business address) |
|
Language |
|
Date of birth |
|
IP address |
|
Geolocation data (excluding nationality) |
|
Category of Personal Data |
Government identification numbers (e.g. social security numbers) |
|
Bank account details |
|
Credit bureau |
D. Do we Sell your Personal Data?
Lightspeed does not sell Personal Data within the meaning of applicable laws. However, Lightspeed may sell non-personally identifiable information that has been derived from aggregated and anonymized Personal Data, provided such information cannot be used to re- identify individual Visitors, Subscribers or End-Users.
IV. How do we Protect your Personal Data?
We treat your Personal Data as private, confidential information and we strive to ensure that Personal Data under our control, regardless of format, is protected and kept secure at all times. Please be aware, however, that no method of transmitting information over the Internet or of storing information is completely secure. Accordingly, we cannot absolutely guarantee the protection of any information shared with us. In the event of an unauthorized loss or disclosure of Personal Data, Visitors, Subscribers and End-Users may be subject to a risk of harm resulting from such loss or disclosure. Depending on various factors, such as the type and amount of Personal Data disclosed, individuals may be affected by changes to their credit bureau, financial situation, or may be victims of identity theft, to name a few consequences. In such case, Lightspeed will comply with applicable laws concerning data incident notification requirements and will endeavor to mitigate any risks of residual harm to the affected individuals.
A. Location of Personal Data
Your Personal Data may be stored on servers located in a country other than where you reside or do business. Please refer to our Data Processing Agreement for a list of our sub-processors by location. Personal Data is subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental authorities and law enforcement agencies in those jurisdictions. When the data concerns Personal Data of data subjects from the EEA, we will provide for an adequate level of protection of this data.
B. Retention of Personal Data
We will delete your Personal Data in accordance with and upon receipt of written instructions from you to this effect, unless we are legally required to keep it. You may choose to do this in the event you terminate your agreement for the Services. If deletion is not possible, we will anonymize it in a way that it cannot be reversed. If anonymizing is not possible (for example,
because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
C. E.U./U.S. and Swiss/U.S. Privacy Shield
Privacy Shield Principles
All Personal Data that Lightspeed POS USA Inc. and Lightspeed Payments USA Inc. receive from the individuals residing in the EEA shall be processed in accordance with the Privacy Shield Principles.
Accountability for Third Parties
We may transfer Personal Data to third parties for processing on our behalf. We will ensure that such data may only be processed for limited and specified purposes consistent with the consent provided by you. In addition, any such third-party processor will process the data with the same level of protection as the protection provided by us including adherence to the E.U./U.S. and Swiss/U.S. Privacy Shield Principles to the extent it relates to Personal Data that is transferred from the EEA. We remain liable for any failure of the third party to do so unless we can prove that we are not responsible.
Compliance
Lightspeed POS USA Inc. and Lightspeed Payments USA Inc. comply with the E.U./U.S. Privacy Shield Framework and Swiss/U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union, Switzerland and the United Kingdom to the United States. Lightspeed POS USA Inc. and Lightspeed Payments USA Inc. have certified to the U.S. Department of Commerce that they adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.
Enforcement Authority
The Federal Trade Commission has jurisdiction over Lightspeed USA POS Inc. and Lightspeed Payments USA Inc.’s compliance with the E.U./U.S. Privacy Shield Framework and the Swiss/U.S. Privacy Shield Framework.
V. Your Rights in Relation to your Personal Data
A. What are my Rights?
Right to Know about the Collection, Disclosure and Sale of Personal Data
You may ask us about the Personal Data we have collected from you and whether or not we have disclosed or sold such Personal Data to third parties.
Right to Access, Rectify, or Transfer your Personal Data
You have the right to access your Personal Data at any time and to receive a copy of the Personal Data undergoing processing. You can require us to rectify your Personal Data if it is not correct. You can also ask us to provide your data in a commonly used electronic form.
Right to Object to Further Processing of your Personal Data
If we are processing your Personal Data on the basis of a legitimate interest, you may object to the processing activity. Upon receipt of an objection we will cease the processing activity unless we can demonstrate a legitimate ground which overrides your interests, or that the processing is necessary for the establishment, exercise or defense of legal claims. Please note that your exercise of this right may result in Lightspeed being unable to continue providing all or part of the Services to you.
Right to Deletion and to Restrict Processing of your Personal Data
If there is no longer a reason for us to process your Personal Data or if we don’t have a legal ground for the processing, you can require us to delete your Personal Data. We will take steps to delete your information as soon as is practicable, but some information may remain in archived/backup copies for our records or as otherwise required by law. In addition, we may choose to de-identify your Personal Data instead of deleting it, provided we have a legitimate business reason for doing so. You can also require us to restrict the processing of your data if such processing is unlawful or if there is a dispute about the accuracy of the data.
Right to Opt-Out of the Sale of your Personal Data
Lightspeed does not currently sell Personal Data within the meaning of applicable privacy laws. Should Lightspeed consider selling Personal Data, we will only do so with your consent, and you will have the right to opt-out from the sale of your Personal Data by following the procedures outlined below. Lightspeed will wait a minimum of twelve (12) months after receiving your opt-out request before seeking authorization to sell your Personal Data again.
Right to Non-Discrimination for Exercising your Rights
In the event you exercise one of the rights outlined in this section, Lightspeed will not discriminate against you for having done so. In particular, we will not deny you any goods or services, charge you different prices for goods or services, or provide you with different quality levels of goods or services.
B. How can I Invoke my Rights?
If you wish to invoke any of your rights in relation to your Personal Data, you may do so using one of the following methods.
Online Privacy Request. You may submit a request to exercise any of your data rights (a “Privacy Request”) by filling out the online form located here: https://retail- support.lightspeedhq.com/hc/en-us/requests/new.
Phone Number. You may reach out to one of our Support agents by dialing 1-866- 932-1801 (Toll-free - North America) or 1-514-907-1801 (International). Our Support agents will assist you in submitting your Privacy Request.
In order for us to verify your identity, we may require that you provide identifying documentation such as a copy of your government-issued identification card. As an added level of security, we may also verify your identity by contacting you at the email address or
phone number we have on file. We will only consider your Privacy Request validly received after we have successfully identified you.
VI. Country-Specific Rules
A. For Canadian Visitors and Subscribers
When you voluntarily and expressly provide Personal Data, an existing business relationship is created under Canada’s Anti-Spam Law (CASL). We may use your Personal Data to provide you with information that is relevant to you or your business, such as newsletters, event invitations, or updates about Services. In some cases, we may collect, use or disclose Personal Data without your consent or knowledge (e.g. we may use your Personal Data where it’s been conspicuously published on a website or directory). While we offer you some control over marketing communications, certain transactional, relationship and legally required communications will not be affected by the choices you have made about marketing communications. You have the right to revoke your consent to the collection, use and disclosure of your Personal Data and to unsubscribe to electronic communications at any time.
B. Electronic Messages to Canadians
Our Services allow Subscribers to collect and use the Personal Data of End-Users, through communications or transactions facilitated by Lightspeed. You may not use the Services to send your Canadian-based End-Users commercial electronic messages without first obtaining their express consent or otherwise complying with other legal requirements.
VII. General Matters
A. Changes to the Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our information practices. If we make material changes to our Privacy Policy, we will notify you by prominently posting the revised Privacy Policy on this Site (including the revision date). Your continued access or use of our Websites and/or Services constitutes your acceptance of the Privacy Policy as revised. It is your responsibility to review the Privacy Policy periodically.
B. Contacting us
If you have any questions or suggestions regarding our Privacy Policy, please do not hesitate to contact us. You can email us at [email protected] or send a letter to the attention of the Legal Department at either of the following addresses:
If you are from outside the European Economic Area Lightspeed POS Inc.
700 Saint-Antoine St. E., Suite 300 Montréal (Québec)
H2Y 1A6, Canada
If you are from inside the European Economic Area Lightspeed POS Belgium B.V.
Sint-Denijslaan 489
9000 Ghent Belgium
C. Privacy Shield: Dispute Resolution
If we are not able to solve your complaint in relation to our non-compliance with the Privacy Shield Principles, you have the right to refer your complaint to JAMS which we designated as our independent recourse mechanism. Mediation will be conducted pursuant to JAMS International Mediation Rules. If you wish to file case please be referred to JAMS’ website for more information (https://www.jamsadr.com/eu-us-privacy-shield).
If the independent dispute resolution has not resolved your complaint, you have the possibility, under certain conditions, to invoke binding arbitration. For more information about the process, we refer to Annex 1 to the Privacy Shield Principles (https://www.privacyshield.gov/article?id=ANNEX-I-introduction).