FREE shipping on orders over $99
Welcome! At Lightspeed, we believe that protecting your Personal Data is very important. In this
Privacy Policy we want to explain to you what we do with the Personal Data that Lightspeed Commerce
Inc. and all its affiliates (hereafter referred to as “Lightspeed”, or “we” or “us” or “our”) receives or
collects. If you are a Subscriber, this Privacy Policy is incorporated by reference into the Lightspeed
Service Agreement between you and Lightspeed, as is our data processing agreement, (the “Data
Processing Agreement”).
TABLE OF CONTENTS
I. Interpretation 3
II. Information that we Collect from you 4
A. Personal Data that we collect directly from you 4
B. Information that Lightspeed may collect about you through our Websites and Applications 4
C. Information that we Receive from Third Parties 5
D. Information collected about Subscribers, Visitors and End-Users in the last 12 months 5
III. How we Use the Information that we Collect 6
A. Why do we Collect your Personal Data? 6
B. Do we disclose your Personal Data? 7
C. What Kinds of Personal Data have we Disclosed? 8
D. Do we Sell your Personal Data? (For individuals located in California only) 9
E. Automated decision-making and profiling (For individuals located in EEA and UK only) 9
IV. How do we Protect your Personal Data? 9
A. Location of Personal Data 9
B. Retention of Personal Data 9
C. International Data Transfers 10
V. Your Rights in Relation to your Personal Data 11
A. What are my Rights? 11
B. How can I Invoke my Rights? 12
VI. Canada’s Anti-Spam Law (CASL) 12
A. For Canadian Visitors and Subscribers 12
B. Electronic Messages to Canadians 12
VII. General Matters 12
A. Changes to the Privacy Policy 12
B. Contacting us 13
C. Privacy Shield: Dispute Resolution 13
2
I. Interpretation
This privacy policy applies only to the following persons (collectively “you” or “your”):
Visitors means any person who visits www.lightspeedhq.com, as well as any other
Lightspeed applications or websites that Lightspeed uses and where a link to this
Privacy Policy is included, such as websites created for contests or promotional
purposes (the “Websites”);
Subscribers means any business owner or business that subscribes to the Lightspeed software
services or otherwise purchases services from Lightspeed (the “Services”), either
through a paid subscription or a trial; and
End-Users means any person who uses Services, including Lightspeed applications, or whose
Personal Data is processed using the Services, including a Subscriber’s customers
and employees.
Definition of Personal Data
Personal Data means any information that relates to an identified or identifiable natural person. This
includes data such as name, home address, email address and phone number, as well as IP-address
and data specific to the physical, physiological, genetic, economic, cultural or social identity of natural
persons. Information about a business, such as its name or physical address, is not Personal Data.
Third-Party Websites and applications
This Privacy Policy does not apply to any third-party websites, applications or services, even if these
are accessible through Lightspeed’s Websites or Services. The linking to a third-party website, service
or application is subject to the terms and conditions of the third-party website, service or application.
Responsibility of our Subscribers
Subscribers are responsible for complying with all applicable laws and regulations concerning the
Personal Data of End-Users they process when using our Services, including the Personal Data of their
customers and employees. Such processing is governed by the applicable agreement and privacy
policy between the Subscriber and its End-Users. We only process Personal Data of End-Users on
behalf of and at the direction of our Subscribers, as further described in our Data Processing
Agreement.
Subscribers are responsible for addressing any privacy requests from their End-Users. If you are an
End-User who interacts with a Subscriber using our Services and you have a privacy question or
request, please review the Subscriber’s privacy policy and contact the Subscriber directly.
Children
Our Websites and Services are not directed to children under 16, and we do not knowingly collect or
store any Personal Data about persons under the age of 16. If we learn that we have collected
Personal Data of a child under 16, we will take steps to delete such information from our files as soon
as practicable. We do not sell Personal Data of children under the age of 16.
3
II. Information that we Collect from you
A. Personal Data that we collect directly from you
When you use our Websites or mobile applications to download a whitepaper, request a trial or ask
for any other information, you will be asked to provide contact details which we will then use to deliver
the requested information and/or service.
If you are using or accessing our Services, whether in connection with a paid subscription, a free trial
or purchased service, we may ask for specific information, such as your name, address, e-mail address
and phone number for us to be able to perform our obligations under the terms of these Services. In
addition, we collect your payment details to be able to process the payment of your subscription fee
or purchase price.
Subscribers may provide Personal Data of End-Users and other third parties by inputting that Personal
Data into the Services, for example, when they process a transaction. This Personal Data is collected
and used in accordance with the Subscriber’s privacy policy.
B. Information that Lightspeed may collect about you through our Websites
and Applications
Technologies Used by us
As part of our Websites, including applications, and Services, we use various technologies such as
“session” and “persistent” cookies (small data files that we transfer to your computer), web beacons
(tiny image files on web pages that communicate information about the page viewer to the beacon
owner), log data, and third-party analytics services, such as Google Analytics, to collect and analyze
information about Visitors, Subscribers and End-Users. For more information on how Google
processes your personal data within the framework of Google Analytics, please consult this web page.
Technology is, by its nature, dynamic and ever-changing; the technological tools used today by
Lightspeed are therefore subject to modification and replacement in the future.
Session Cookies
We use "session" cookies to keep you logged in while you use our Services, to better understand how
you interact with our Services, and to monitor aggregate usage and web traffic information on our
Services.
Persistent Cookies
We use "persistent" cookies to recognize you each time you return to our Websites or Services. For
example, we create a persistent cookie that includes some basic information about you, like your most
recent search. We use this persistent cookie to remember your preferences and, if you create an
account, to make your user experience consistent.
Tracking Technologies
Web beacons, tags and scripts may be used on our Websites, our Services, in e-mails or other
electronic communications we send to you. These technologies help us in understanding how our
Websites and Services are used, what other websites our visitors have visited and when an email is
being opened and acted upon so that we can improve our Services.
Log Data
Our servers automatically record information created by your use of the Websites or Services (“Log
Data”). Log Data includes information such as your IP address, browser type, operating system, the
4
referring web page, web pages visited, location, your mobile carrier, your computer or mobile device
type, search terms and cookie information. We receive Log Data when you interact with our Websites
or Services, for example, when you visit our Websites, sign into our Services, or interact with our email
notifications.
You may delete or disable certain of these technologies at any time via your browser settings. To optout of analysis by Google Analytics on our website and other websites, please visit Google’s web page.
C. Information that we Receive from Third Parties
We may sometimes obtain Personal Data about you from third parties (e.g., Facebook, Twitter,
Google) and use it to improve or re-market our Services, or to provide a more tailored experience with
our Services.
D. Information collected about Subscribers, Visitors and End-Users in the last
12 months
Below are the categories of Personal Data that Lightspeed collects and has collected about Visitors,
Subscribers and End-Users in the past twelve (12) months:
Category of Personal Data Source of Collection Purpose for Collection
First and last name
Lightspeed Websites
To provide Visitors with requested
information or demonstrations of
the Services
Subscriber account creation process To create Subscriber’s Lightspeed
account
Standard use of the Services To process transactions
Contact information (email
address, phone number, home
or business address)
Lightspeed Websites To provide Visitors with requested
information or demonstrations of
the Services
Subscriber account creation process To create Subscriber’s Lightspeed
account
Standard use of the Services To process transactions
Language
Lightspeed Websites To redirect Visitors to the
appropriate version of Lightspeed’s
Website
Subscriber account creation process To create Subscriber’s Lightspeed
account
Date of birth Subscriber account creation process To create Subscriber’s Lightspeed
account
IP address
Subscriber account creation process To create Subscriber’s Lightspeed
account
Standard use of the Services To process transactions
Online identifiers, device
identifiers Cookies To improve user experience and
Lightspeed’s Websites and Services
Geolocation data (excluding
nationality) Standard use of the Services To create Subscriber’s Lightspeed
account
5
Government identification
numbers (e.g. social security
numbers)
Subscriber account creation process To create Subscriber’s Lightspeed
Payments account
Financial information (Bank
account details and/or credit
card details)
Subscriber account creation process To create Subscriber’s Lightspeed
account
Credit score or details Subscriber account creation process
and credit reporting agencies
To create Subscriber’s Lightspeed
Payments account
III. How we Use the Information that we Collect
A. Why do we Collect your Personal Data?
Purposes for data processing
We collect your Personal Data for the following purposes:
● To send you communications or documents you have requested (such as offers, demonstrations,
whitepapers, newsletters and marketing materials);
● To contact you to ask you if you have any questions about the Services or information that you
have requested from us;
● To communicate with you via email, telephone, text (SMS), postal services, social media and
websites regarding Lightspeed-related news and inform you about Servicesthat may be of interest
to you, if you allow us to do so;
● To respond to your questions or requests for additional information;
● To set up a trial or regular account for our Services;
● To provide our Services to you;
● To share and exchange reports and information with credit reporting agencies, credit bureaus
and/or any other entity connected with the use of our payments processing services; and to use
other third party databases (including registries, licensing authorities, identification services,
telecom providers) or references provided by you to obtain or verify information about your
financial circumstances, background and to identify and detect fraud;
● To manage our customer relationship with you and to provide you with customer support;
● To process payments to us for the Services;
● To get a better understanding of how you browse our Websites so that we can optimize your
experience;
● To research and analyze your use of or interest in our Services and those products and services
offered by others;
● To analyze the effectiveness of our Services;
● To improve the functionality of our Websites and Services;
● To help you find the most relevant information by customizing our Services to optimize your
experience;
● To verify your eligibility and deliver prizes in connection with promotions, contests and
sweepstakes;
● To perform any additional purposes explicitly described to you at the time of collection and for
which we receive your consent.
Lawful grounds for processing (for individuals located in the EEA or the UK)
If you are an individual residing in the European Economic Area (“EEA”) or the United Kingdom (“UK”)
we can only process your Personal Data if we have a lawful ground to do so. Depending on the
processing activity, we can process your Personal Data on the following grounds:
6
1. In order to comply with our obligations under an agreement we concluded with you, such as to
provide our Services;
2. Where you have freely given your explicit consent and this consent has not been revoked;
3. Where we are pursuing a legitimate interest, which is not outweighed by your fundamental
rights or freedoms; or
4. Pursuant to a legal obligation under EU law or the law of a member state of the EU; or
5. In very exceptional cases to protect your vital interests.
B. Do we disclose your Personal Data?
We will only share your Personal Data in accordance with this Privacy Policy. In the following
circumstances, we may share your Personal Data with third parties.
Information that we share with affiliated companies
Lightspeed is a global company with affiliates all over the world. To do business globally and help
improve the Services provided, Lightspeed may share Visitor, End-User and Subscriber Personal Data
with its affiliates. Some of these affiliated companies may be located outside the EEA or the UK. In this
case, Lightspeed will ensure an adequate level of protection for the Personal Data transferred outside
the EEA or the UK.
Information that we share with third parties
Service providers: We engage third-party service providers (companies operating on our behalf) to
help us administer, provide and improve the Services and the Websites. We share Personal Data with
these third-party service providers to enable them to provide these services for us. Due to our
continuous efforts to improve our Websites and Services, our third-party service providers may
change periodically. As an example, we engage with third parties who provide data storage solutions,
data security tools, and information management services. Some of these third-party service
providers may be located outside the EEA or the UK. If this is the case, we will provide for an adequate
level of protection regarding Personal Data. Otherwise, we will only share Personal Data at your
direction and according to this Privacy Policy.
Integration partners: Subscribers may choose to connect the Services to the services of one of our
many integration partners for added functionality. By setting up these connections, you allow
Lightspeed to share certain information with these integration partners.
Linking third parties: If you arrived at our Website via a link from a third-party website or application
("Linking Third Party"), we may collect a unique code related to that Linking Third Party. This will help
us identify how you arrived at our Website. Once on our Website, if you become a Subscriber or submit
Personal Data to us for another reason (i.e. for marketing purposes, to sign up for a product trial or
demo), we may inform the Linking Third Party that a Visitor originating on their website or application
has become a Lightspeed lead (Subscriber or potential Subscriber). Any collection or use of your
Personal Data by the Linking Third-Party is subject to the privacy policy of the Linking Third Party.
Non-Personally Identifiable Information
In order to provide and improve our Services, we may use and disclose to third parties (for example,
our service providers and analytics partners) non-personally identifiable information which we collect,
including cookie data and Log Data. This may include Personal Data which has been aggregated and
de-identified in such a way that the data cannot be reidentified. We retain the right to use, at our
reasonable discretion, any information, in any form, about more than one individual where the
identity of the individuals is not known and cannot be inferred.
7
Social Network Sharing
When you use any social network sharing function in connection with the Services (for example,
sharing on Facebook), your sharing activity will be processed through a third party's site or service.
These third-party privacy policies, not ours, govern the collection and use of the information collected
on those sites or networks, including Personal Data.
User-Generated Content (UGC)
Some parts of our Websites and Services may allow Visitors, End-Users and Subscribers to submit and
view UGC. UGC includes such things as posting a question, an answer or a blog post. When you post
UGC, other Visitors or Subscribers will be able to see certain information about you, such as your
username or handle. You should be aware that any Personal Data you submit in UGC can be read,
collected, distributed or used by other Visitors or Subscribers and could be used by third parties to
send you unsolicited messages. We are not responsible for the Personal Data you choose to include
in the UGC you provide through the Websites or Services.
Protecting Ourselves and our Subscribers
We may release Personal Data when we believe that doing so is appropriate to comply with applicable
laws, regulations or legal requests; to enforce or apply our policies and guidelines; to initiate, render,
bill, and collect amounts owed to us; to protect our rights or property; to protect the safety of our
Subscribers; to address fraud, security or technical issues; to prevent or stop activity that we consider
to be illegal or unethical; or if we reasonably believe that an emergency involving immediate danger
of death or serious physical injury to any person requires disclosure of communications or justifies
disclosure of records without delay. Without limiting the generality of the foregoing, we may also be
required to disclose Personal Data in response to lawful requests by public authorities, including to
meet national security or law enforcement requirements.
Sale/Merger
Information about our Subscribers is a business asset of Lightspeed. Consequently, information about
our Subscribers, including Personal Data, may be disclosed as part of any merger or acquisition
involving Lightspeed, the creation of a separate business to provide some or all of the Services, the
sale or pledge of Lightspeed’s assets, as well as in the event of an insolvency, bankruptcy or
receivership.
C. What Kinds of Personal Data have we Disclosed?
Within the last twelve (12) months, we have disclosed the following categories of Personal Data. We
have done so for one of the valid business purposes outlined in this Privacy Policy.
Category of Personal Data
First and last name
Contact information (email address, phone number, home or business address)
Language
Date of birth
IP address
Geolocation data (excluding nationality)
Government identification numbers (e.g. social security numbers)
Bank account details and other financial information
8
Credit bureau rating and reports
D. Do we Sell your Personal Data? (For individuals located in California only)
Lightspeed does not sell Personal Data within the meaning of applicable laws. However, Lightspeed
may sell non-personally identifiable information that has been derived from aggregated and deidentified Personal Data, provided such information cannot be used to re-identify individual Visitors,
Subscribers or End-Users.
E. Automated decision-making and profiling (For individuals located in EEA
and UK only)
We do not use automated decision-making. We use Google Analytics for profiling. For further
information about our use of Google Analytics, see section II.B. above.
IV. How do we Protect your Personal Data?
We treat your Personal Data as private, confidential information and we strive to ensure that Personal
Data under our control, regardless of format, is protected and kept secure at all times. Please be
aware, however, that no method of transmitting information over the Internet or of storing
information is completely secure. Accordingly, we cannot absolutely guarantee the protection of any
information shared with us. In the event of an unauthorized loss or disclosure of Personal Data,
Visitors, Subscribers and End-Users may be subject to a risk of harm resulting from such loss or
disclosure. Depending on various factors, such as the type and amount of Personal Data disclosed,
consequences for individuals could include changes to their credit bureau rating or financial situation
or identity theft. Lightspeed will at all times comply with applicable laws concerning data breach
notification requirements and will endeavor to mitigate any risks of residual harm to the affected
individuals.
A. Location of Personal Data
Your Personal Data may be stored on servers located in a country other than where you reside or do
business. Please refer to this webpage for our list of service providers (sub-processors) and their
established location. Personal Data may be subject to the local laws of the jurisdictions within which
it is collected, used, disclosed and/or stored, and may be accessed by governmental authorities and
law enforcement agencies in those jurisdictions. When the data concerns Personal Data of data
subjects from the EEA or the UK, we will provide for an adequate level of protection of this data.
B. Retention of Personal Data
Lightspeed retains your Personal Data for as long as it is reasonably needed to deliver the Services.
The retention terms can be longer if we are required to keep Personal Data longer on the basis of
applicable law or to administer our business. Where you have the right to request deletion, we will
delete your Personal Data in accordance with and upon receipt of written instructions from you to
this effect, unless we are legally required to keep it. You may choose to do this in the event you
terminate your agreement for the Services. If deletion is not possible, we will de-identify it in a way
that cannot be reversed. If de-identification is not possible (for example, because your Personal Data
9
has been stored in backup archives), then we will securely store your Personal Data and isolate it from
any further processing until deletion is possible.
C. International Data Transfers
We may transfer to, and store the data we collect about you in, countries other than the country in
which the data was originally collected, including the United States, Canada or other destinations
outside the European Economic Area (“EEA”) or the United Kingdom (“UK”). Those countries may not
have the same data protection laws as the country in which you provided the data. However, when
we transfer your data to other countries, we will protect the data as described in this Privacy Policy
and comply with applicable legal requirements for the transfer of data to third countries outside the
EEA or the UK.
If you are located in the EEA or the UK, we will only transfer your personal data if the country to which
the personal data will be transferred has been granted a European Commission adequacy decision, or
if we have put in place an appropriate transfer mechanism and appropriate safeguards with any
recipient or sub-processor, such as Standard Contractual Clauses as adopted by the European
Commission or Data Processing Agreements ensuring an adequate level of data protection.
Privacy Shield?
Even though the Privacy Shield is no longer a valid mechanism to transfer data out of the EU or
Switzerland and into the US, Lightspeed remains Privacy Shield certified, and continues to comply with
the Privacy Shield Principles and obligations.
Privacy Shield Principles
All Personal Data that Lightspeed POS USA Inc., Lightspeed Commerce USA Inc., Payment Revolution
LLC, Upserve Inc. and Lightspeed Payments USA Inc. receive from individuals located in the EEA, UK
or Switzerland shall continue to be processed in accordance with the Privacy Shield Principles.
Accountability for Third Parties
We may transfer Personal Data to third parties for processing on our behalf. We will ensure that such
data may only be processed for limited and specified purposes consistent with the purposes for which
such Personal Data was collected or the consent provided by you. In addition, any such third-party
processor will process the data with the same level of protection as the protection provided by us
including adherence to the data processing agreement executed with us to the extent it relates to
Personal Data that is transferred from the EEA, the UK or Switzerland. We remain liable for any failure
of the third party to do so unless we can prove that we are not responsible.
Compliance
Lightspeed POS USA Inc., Lightspeed Commerce USA Inc., Payment Revolution LLC, Upserve Inc. and
Lightspeed Payments USA Inc. comply with the E.U./U.S. Privacy Shield Framework and Swiss/U.S.
Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection,
use, and retention of personal information transferred from the European Union, Switzerland and the
United Kingdom to the United States. Lightspeed POS USA Inc., Lightspeed Commerce USA Inc.,
Payment Revolution LLC, Upserve Inc. and Lightspeed Payments USA Inc. have certified to the U.S.
Department of Commerce that they adhere to the Privacy Shield Principles. If there is any conflict
between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles
shall govern. To learn more about the Privacy Shield program, and to view our certification, please
visit the Privacy Shield website.
10
Enforcement Authority
The Federal Trade Commission has jurisdiction over the compliance of Lightspeed POS USA Inc.,
Lightspeed Commerce USA Inc., Payment Revolution LLC, Upserve Inc. and Lightspeed Payments USA
Inc. with the E.U./U.S. Privacy Shield Framework and the Swiss/U.S. Privacy Shield Framework.
V. Your Rights in Relation to your Personal Data
A. What are my Rights?
Right to Know about the Collection, Disclosure and Sale of Personal Data
You may ask us about what Personal Data we have collected about you and whether or not we have
disclosed or sold such Personal Data to third parties.
Right to Access, Rectify, or Transfer your Personal Data
You have the right to access your Personal Data at any time and to receive a copy of the Personal Data
undergoing processing. You can require us to correct or complete your Personal Data if it is not correct
or complete. You can also ask us to provide your data in a commonly used electronic form.
Right to Object to Further Processing of your Personal Data
If we are processing your Personal Data on the basis of a legitimate interest, you may object to the
processing activity. Upon receipt of an objection we will cease the processing activity for the future
unless we can demonstrate a legitimate ground which overrides your interests, or that the processing
is necessary for the establishment, exercise or defense of legal claims. Please note that your exercise
of this right may result in Lightspeed being unable to continue providing all or part of the Services to
you.
Right to Deletion and to Restrict Processing of your Personal Data
If there is no longer a reason for us to process your Personal Data or if we don’t have a legal ground
for the processing, you can require us to delete your Personal Data. We will take steps to delete your
information as soon as is practicable, but some information may remain in archived/backup copies for
our records or as otherwise required by law. In addition, we may choose to de-identify your Personal
Data instead of deleting it, provided we have a legitimate business reason for doing so. You can also
require us to restrict the processing of your data if such processing is unlawful or if there is a dispute
about the accuracy of the data.
Right to Non-Discrimination for Exercising your Rights
In the event you exercise one of the rights outlined in this section, Lightspeed will not discriminate
against you for having done so. In particular, we will not deny you any goods or services, charge you
different prices for goods or services, or provide you with different quality levels of goods or services.
Right to Opt-Out of the Sale of your Personal Data (For individuals located in California only)
Lightspeed does not currently sell Personal Data within the meaning of applicable privacy laws. Should
Lightspeed consider selling Personal Data, we will only do so with your consent, and you will have the
right to opt-out from the sale of your Personal Data by following the procedures outlined below.
Lightspeed will wait a minimum of twelve (12) months after receiving your opt-out request before
seeking authorization to sell your Personal Data again.
Right to lodge a complaint with a supervisory authority (For individuals located in the EEA & UK only)
You have the right to lodge a complaint with a supervisory authority, in particular in the European
Member State of your habitual residence, place of work or place of the alleged infringement, if you
11
consider that Lightspeed’s processing of your personal data infringes the GDPR. Please visit the
website of the relevant supervisory authority for more information on how to submit such a
complaint.
B. How can I Invoke my Rights?
If you wish to invoke any of your rights in relation to your Personal Data, you may do so using one of
the following methods.
Online Privacy Request. You may submit a request to exercise any of your data rights (a
“Privacy Request”) by filling out this online form.
Phone Number. You may reach out to one of our Support agents by dialing 1-866-932-1801
(Toll-free - North America), 1-514-907-1801 (International) or contact a local helpdesk. Our
Support agents will assist you in submitting your Privacy Request.
In order for us to verify your identity and honour your request, we may require that you provide
identifying documentation such as a copy of your government-issued identification card. As an added
level of security, we may also verify your identity by contacting you at the email address or phone
number we have on file. We will only consider your Privacy Request validly received after we have
successfully identified you.
VI. Canada’s Anti-Spam Law (CASL)
A. For Canadian Visitors and Subscribers
When you voluntarily and expressly provide Personal Data, an existing business relationship is created
under Canada’s Anti-Spam Law (CASL). We may use your Personal Data to provide you with
information that is relevant to you or your business, such as newsletters, event invitations, or updates
about Services. In some cases, we may collect, use or disclose Personal Data without your consent or
knowledge (e.g. we may use your Personal Data where it’s been conspicuously published on a website
or directory). While we offer you some control over marketing communications, certain transactional,
relationship and legally required communications will not be affected by the choices you have made
about marketing communications. You have the right to revoke your consent to the collection, use
and disclosure of your Personal Data and to unsubscribe to electronic communications at any time.
B. Electronic Messages to Canadians
Our Services allow Subscribers to collect and use the Personal Data of End-Users, through
communications or transactions facilitated by Lightspeed. You may not use the Services to send your
Canadian-based End-Users commercial electronic messages without first obtaining their express
consent or otherwise complying with other legal requirements.
12
VII. General Matters
A. Changes to the Privacy Policy
We may update this Privacy Policy from time to time to reflect changes to our information practices.
Any changes we make will become effective when we post a modified version of the Policy on this
webpage. The "Effective Date" at the top of the Policy indicates when it was last updated. If we make
material changes to the Policy, we will post a notice on our Websites or in our Services. Your continued
use of our Websites or Services after the modified version of the policy is posted constitutes your
acceptance of those changes to the policy, as well as any additional applicable requirements. If you
do not agree to the changes to our policy, it is your sole responsibility to stop using our Websites or
Services. You are required to ensure that you read, understand and agree to the latest version of the
Policy.
B. Contacting us
If you have any questions or suggestions regarding our Privacy Policy, please do not hesitate to contact
us. You can email us at privacy@lightspeedhq.com or send a letter to the attention of the Legal
Department at either of the following addresses:
If you are located outside the European Economic Area or United Kingdom
Lightspeed Commerce Inc.
700 Saint-Antoine St. E., Suite 300
Montréal (Québec)
H2Y 1A6, Canada
If you are located inside the European Economic Area (except Germany) or United Kingdom
Lightspeed POS Belgium B.V.
Sint-Denijslaan 489
9000 Ghent
Belgium
If you are located in Germany
Data Protection Officer: Karina Filusch
Friedrichstraße 95
D-10117 Berlin
Germany
Email: info@datenschutzbeauftragte-berlin.eu, with a copy to: privacy@lightspeedhq.com
C. Privacy Shield: Dispute Resolution
If we are not able to resolve a complaint you have made in relation to our non-compliance with the
Privacy Shield Principles, you have the right to refer your complaint to JAMS which we designated as
our independent recourse mechanism. Mediation will be conducted pursuant to JAMS International
Mediation Rules. If you wish to file a claim please be referred to JAMS’ website for more information.
This dispute resolution mechanism continues to apply despite the invalidation of the EU-U.S. and
Switzerland-U.S. Privacy Shield as adequate mechanisms for transferring personal data from the EEA,
the UK or Switzerland to the U.S.
13
If the independent dispute resolution has not resolved your complaint, you have the possibility, under
certain conditions, to invoke binding arbitration. For more information about the process, we refer to
Annex 1 to the Privacy Shield Principles.