All merchants are required to complete the following actions:
- Enable eCom's feature to request permission to enable cookies
- Update your privacy policy
- Notify customers after any data breach
CCPA affected merchants are required to:
Depending on your eCom store you may also need to:
Enable eCom's feature to request permission to enable cookies
Read Notifying customers about cookies to understand how to configure the correct cookie bar settings for your region.
Update your privacy policy
In order to update your privacy policy in Lightspeed eCom:
- Login to your eCom Back Office and click Content.
- In the list of pages, locate and click Privacy policy.
- Use the text editor to add content or make changes. For more information about the text editor, click here.
- Click Save.
Make sure your privacy policy includes the following:
- A list of all personal information you collect from customers.
- Why you are collecting personal information.
- How you use personal information.
- Instructions on how to update or revoke permission for cookies. This is done by visiting your website's privacy policy page. The cookie bar will be triggered again when customers visits, where they can then revoke permissions.
- Make sure your terms of service and privacy policy are up to date.
- Outline a cookie policy that explains why your website uses cookies. Include a list of functional cookies that your theme and apps require. Obtain this list by contacting them. Include the third-party partner's functional cookies along with Lightspeed's functional cookies. These are Lightspeed's functional cookies.
IMPORTANT: Make sure to replace 'Your web domain' with your actual domain:
Name Domain Expiration time Description session_id', Your web domain 1 year These cookies are used for platform stability and to store cookie preferences. They do not collect personally identifiable information and cannot be disabled. backend_session_id', Your web domain 1 year COOKIELAW_ADS', Your web domain 1 year COOKIELAW_SOCIAL', Your web domain 1 year COOKIELAW_STATS', Your web domain 1 year COOKIELAW', Your web domain 1 year
Notify customers after any data breach
Under privacy laws, a data breach is defined as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed."
If the data breach relates to data Lightspeed is processing on behalf of you as a processor, we will always notify you within 36 hours after discovery. It is then your responsibility as a Lightspeed eCom merchant to make an assessment whether or not you should be notifying the supervisory authorities, your customers and your employees.
If you've determined that the data breach is likely to result in a high risk to the rights and freedoms of your customers and/or employees, you'll need to:
- Notify the supervisory authorities within 72 hours after discovery.
- Notify the affected customers and/or employees ("data subjects") as soon as possible and include the following information:
- a description of the nature of the breach.
- the name and contact details of your data protection officer or other contact point;
- a description of the likely consequences of the breach.
- a description of the measures that you've taken or have proposed to take to address the breach, including, where appropriate, measures to mitigate its possible adverse effects
If any of the following conditions are met however, communications to each individual customer and/or employee wouldn't be required:
- You've implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorized to access it, such as encryption.
- You've taken subsequent measures which ensure that the high risk to the rights and freedoms of your customers and/or employees is no longer likely to materialize.
- Communicating to your customers and/or employees would involve disproportionate effort. In such a case, you'll be required to send a public communication or similar measure whereby they'll be informed in an equally effective manner.
Enable a page titled "Do not sell my personal information"
When affected by the CCPA, you're required to have a page titled Do not sell my personal information.
Enable this page by:
- Log in to your eCom back office and click Content.
- Click 'Do not sell my personal information'. If you can't find this page, click Add page and enter Do not sell my personal information as the title.
- Make the page visible by activating the switch beside VISIBILITY.
- Enter the page content.
- Click Save.
You can add a link to your eCom store's contact us page and/or privacy policy. For more information on what to add on this page, click here.
Modify Google Analytics settings
If you use Google Analytics with your eCom store to track information, according to privacy laws, customers can choose not to be tracked by Google Analytics, so some modification to Lightspeed eCom is required. For more information, click here.
Verify newsletter subscriptions
If you had newsletter subscribers before May 25, 2018, you may need to confirm that they still wish to be subscribers.
Subscribers actively added
Take no action if you're sure all subscribers have actively subscribed by entering their email or by selecting a checkbox during checkout.
Subscribers passively added
If some customers were added manually to the list of newsletter subscriptions or have been added without actively subscribing, it is recommended that you:
Doing so will ensure that any new customers who subscribe in the future are guaranteed to be active subscribers.
Email subscribers asking them to resubscribe
- Send the email using any mailing tool that you use to send newsletter subscriptions.
- The email should contain a link to your website with instructions on how to resubscribe.
Archive your subscribers
After you email your subscribers, you will need to archive them.
NOTE: You cannot unarchive a customer.
- In Lightspeed eCom, click Marketing > Newsletter.
- Select the checkbox in the column headers to select all your subscribers.
- Click X items selected > Archive selected newsletter subscriptions > OK.