Type above and press Enter to search. Press Esc to cancel.

Privacy Statement for Consumers

Back to main page

Privacy Statement for Consumers

 

Effective date: June 1, 2023

Welcome! At Lightspeed, we believe that protecting your Personal Data is very important. This privacy statement explains how Lightspeed Commerce Inc. and all its affiliates (collectively, “Lightspeed”, “we”, “us” or “our”) handle your Personal Data. It applies to the processing of Personal Data of Consumers who place an order on one of Lightspeed’s consumer-facing platforms, websites, applications or services (including but not limited to Lightspeed Order Anywhere and Chronogolf by Lightspeed – collectively, the “Services”) (referred to in this policy as “Consumers” or “you”). 

Note: If you have entered into a Lightspeed Service Agreement (“Subscriber”) or are a visitor to Lightspeed’s website or the homepage of any Lightspeed affiliate (including but not limited to www.lightspeedhq.com) (“Visitor”), please see the Lightspeed Privacy Policy, which applies to your interactions with Lightspeed. 

If you are located in the EEA, the UK or Switzerland, the data controllers for processing Personal Data you submit are Lightspeed Commerce Inc. and Lightspeed Netherlands B.V.

Definition of Personal Data

Personal Data means any information that relates to an identified or identifiable natural person. This includes data such as name, home address, email address and phone number, as well as IP-address and data specific to the physical, physiological, genetic, economic, cultural or social identity of natural persons. Information about a business, such as its name or physical address, is not Personal Data.

What Personal Data we collect

Lightspeed collects and uses your Personal Data to provide you with our Services. In the past 12 months, we have collected the following Personal Data and used it for the following purposes:

Category of Personal Data Purpose of Collection
Information you provide about yourself, like your name, address, email address, phone number and language preference. To provide you with and improve the Service you are trying to use (e.g. to identify you, to execute a transaction, to contact you in connection with your account or transaction)

If you so choose, to create a Lightspeed account to use the Services

To advertise and market Lightspeed services or features to you

To determine if you are eligible for specific offers or payment methods

To comply with legal requirements
Payment information you provide, such as your payment card number or bank account number To process payment for a transaction

To pre-fill payment information using your Lightspeed account to pay for future transactions

To determine if you are eligible for specific offers or payment methods

To comply with legal requirements
If using a Lightspeed account: Purchase information and order history To display your past orders and related information in your account 

To personalize your experience (i.e. to recommend items that you may wish to re-order)
Information about how you access and use Lightspeed Services, including Lightspeed apps, websites, and other services, including information about the device and browser you use, your network connection, your IP address, submissions through the app, and details about how you browse through our apps and sites. We collect some of this information by using “cookies” or other similar technologies directly from your device.  To get a better understanding of how you browse our Services so that we can optimize your experience

To research and analyze your use of or interest in our Services and those products and services offered by others

To analyze the effectiveness of our Services

To improve the functionality of our Services

To help you find the most relevant information by customizing our Services to optimize your experience

To serve ads based on your prior visits to our website or other websites (you may opt out of ad personalization by updating your Google Ad Settings)
Copies you provide of your government-issued identification. To verify that we are speaking with you if you contact us

To comply with legal requirements

Technologies used to collect Personal Data

As part of our Services, we use various technologies such as “session” and “persistent” cookies (small data files that we transfer to your computer), web beacons (tiny image files on web pages that communicate information about the page viewer to the beacon owner), log data, and third-party analytics services, such as Google Analytics, to collect and analyze information about you. For more information on how Google processes your personal data within the framework of Google Analytics, please consult this web page. Technology is, by its nature, dynamic and ever-changing; the technological tools used today by Lightspeed are therefore subject to modification and replacement in the future.

Session Cookies

We use “session” cookies to keep you logged in while you use our Services, to better understand how you interact with our Services, and to monitor aggregate usage and web traffic information on our Services.

Persistent Cookies

We use “persistent” cookies to recognize you each time you return to our Services. For example, we create a persistent cookie that includes some basic information about you, like your most recent search. We use this persistent cookie to remember your preferences and, if you create an account, to make your user experience consistent.

Tracking Technologies

Web beacons, tags and scripts may be used on our Services, in e-mails or other electronic communications we send to you. These technologies help us in understanding how our Services are used, what other websites our visitors have visited and when an email is being opened and acted upon so that we can improve our Services.

Log Data

Our servers automatically record information created by your use of the Services (“Log Data”). Log Data includes information such as your IP address, browser type, operating system, the referring web page, web pages visited, location, your mobile carrier, your computer or mobile device type, search terms and cookie information. We receive Log Data when you interact with our Services or emails we send to you.

Remarketing

We use Google Analytics’ 3rd-party audience data such as age, gender, and interests to better understand the behavior of our users and work with companies that collect information about your online activities to provide advertising targeted to suit your interests and preferences. For example, you may see certain ads on this website or other websites because we contract with Google and other similar companies to target our ads based on information we or they have collected, including information that was collected through automated means (such as cookies and web beacons). These companies also use automated technologies to collect information when you click on our ads, which helps track and manage the effectiveness of our marketing efforts.

We may sometimes obtain Personal Data about you from third parties (e.g., Facebook, Twitter, Google) and use it to improve or re-market our Services, or to provide a more tailored experience with our Services. You may opt out of the automated collection of information by third-party ad networks for the purpose of delivering advertisements tailored to your interests, by visiting the consumer opt-out page for the Self-Regulatory Principles for Online Behavioral Advertising. You may opt out of ad personalization by updating your Google Ad Settings. You may also delete or disable certain of these technologies at any time via your browser settings. To opt out of analysis by Google Analytics on our website and other websites, please visit Google’s web page.

Lawful grounds for processing

Depending on the processing activity, we process your Personal Data on the following grounds:

  1. In order to comply with our obligations under an agreement we concluded with you, such as to provide our Services or process a transaction;
  2. Where you have freely given your explicit consent and this consent has not been revoked;
  3. Where we are pursuing a legitimate interest, which is not outweighed by your fundamental rights or freedoms;  
  4. Pursuant to a legal obligation; or
  5. In very exceptional cases to protect your vital interests.

Age

Our websites and Services are not directed to children under 16, and we do not knowingly collect or store  any Personal Data about persons under the age of 16. If we learn that we have collected Personal Data of a child under 16, we will take steps to delete such information from our files as soon as practicable.

How long we store Personal Data

Lightspeed retains your Personal Data for as long as it is reasonably needed to deliver the Services. The retention terms can be longer if we are required to keep Personal Data longer on the basis of applicable law or to administer our business. Where you have the right to request deletion, we will delete your Personal Data in accordance with and upon receipt of written instructions from you to this effect, unless we are legally required to keep it.  If deletion is not possible, we will de-identify it in a way that cannot be reversed. If de-identification is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.

Sharing your Personal Data with merchants

Lightspeed shares your Personal Data (name, address details and telephone number, order) with the merchant you selected (i.e. golf course, restaurant, retail shop, ecommerce shop) so that the merchant can fulfill your transaction. As you are a direct customer of the merchant, the merchant will have its own responsibility and obligations with respect to the processing of your Personal Data. If you have questions about how the merchant handles your Personal Data or would like the merchant to delete your Personal Data, please contact the merchant directly.

Sharing your Personal Data with others (not merchants)

  • Service providers: We engage third-party service providers (companies operating on our behalf) to help us administer, provide and improve the Services. We share Personal Data with these third-party service providers to enable them to provide these services for us.  In such cases, we will enter into a written agreement to ensure a level of protection and confidentiality of your Personal Data that is at least equal to that provided by this privacy statement. 
  • Non-Personally Identifiable Information: In order to provide and improve our Services, we may use and disclose to third parties (for example, our service providers and analytics partners) non-personally identifiable information which we collect, including cookie data and log data. This may include Personal Data which has been aggregated and de-identified in such a way that the data cannot be reidentified. We retain the right to use, at our discretion, any information, in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred. 
  • Protecting Ourselves and our Consumers: We may release Personal Data when we believe that doing so is appropriate to comply with applicable laws, regulations or legal requests; to enforce or apply our policies and guidelines; to initiate, render, bill, and collect amounts owed to us; to protect our rights or property; to protect the safety of our Consumers; to address fraud, security or technical issues; to prevent or stop activity that we consider to be illegal or unethical; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay. Without limiting the generality of the foregoing, we may also be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • Sale/Merger: Information about our Consumers is a business asset of Lightspeed.  Consequently, information about our Consumers, including Personal Data, may be disclosed as part of any merger or acquisition involving Lightspeed, the creation of a separate business to provide some or all of the Services, the sale or pledge of Lightspeed’s assets, as well as in the event of an insolvency, bankruptcy or receivership.

We do not sell your Personal Data

Lightspeed does not sell Personal Data within the meaning of applicable laws. However, Lightspeed may sell non-personally identifiable information that has been derived from aggregated and de-identified Personal Data, provided such information cannot be used to re-identify individual Consumers. 

Third-party websites

Our Services may include links to third-party websites. When accessing such third-party websites, bear in mind that each of these websites has its own privacy statement. Although Lightspeed takes great care in selecting websites to link to, we cannot assume responsibility for the way in which they handle your Personal Data.

How do we protect your personal data

Lightspeed takes Personal Data protection very seriously and we therefore implement appropriate safeguards to protect your Personal Data against misuse, loss, unauthorised access, unwanted disclosure, and unauthorised alteration. Please be aware, however, that no method of transmitting information over the Internet or of storing information is completely secure.  Accordingly, we cannot absolutely guarantee the protection of any information shared with us. In the event of an unauthorized loss or disclosure of Personal Data, Consumers could be subject to a risk of harm resulting from such loss or disclosure. Depending on various factors, such as the type and amount of Personal Data disclosed, consequences for individuals could include changes to their credit bureau rating or financial situation or identity theft. Lightspeed will at all times comply with applicable laws concerning data breach notification requirements and will endeavor to mitigate any risks of residual harm to the affected individuals.  

Location of Personal Data

Lightspeed is a Canadian company, but we have affiliate companies and use service providers located across the globe. As such, your Personal Data may be transferred to and stored on servers located in a country or region other than where you reside or do business. Personal Data may be subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental authorities and law enforcement agencies in those jurisdictions. When the data concerns Personal Data of data subjects from the EEA, Switzerland or the UK, we transfer it outside of Europe in accordance with European laws.

Your rights in relation to your Personal Data

You have various rights with respect to the Personal Data we collect about you. Depending what Services you use, you may have the right to request access to, correct, amend, delete, port to another service provider, restrict or object to certain uses of your Personal Data. You may submit your data subject request to us using the form available here. We will respond to your request as soon as possible, and in any case no later than four weeks after receiving your request.

How to contact us

If you have any other questions or complaints about the processing of your Personal Data, we will be happy to address these. Our Legal Counsel, Privacy is our Privacy Officer. You can email our Privacy Officer at [email protected] or send a letter to the attention of the Legal Department at either of the following addresses:

If you are located outside the European Economic Area, Switzerland and the United Kingdom

Lightspeed Commerce Inc.
700 Saint-Antoine St. E., Suite 300
Montréal (Québec)
H2Y 1A6, Canada

If you are located inside the European Economic Area, Switzerland or the United Kingdom

Lightspeed Netherlands B.V.
Haarlemmerweg 331 A
1051 LH Amsterdam
The Netherlands

We will respond to your request as soon as possible, and in any case no later than four weeks after receiving your request.

Data Protection Authority

Besides the option of lodging a complaint with us, you have the right to lodge a complaint with the relevant privacy commissioner or other supervisory authority for the protection of Personal Data. To do so, contact the relevant supervisory authority directly.