Privacy laws are designed to protect and empower the privacy of citizens and to reshape the way organizations across the region approach data privacy.

• Europe's General Data Protection Regulation (GDPR) took effect on May 25, 2018
• The California Consumer Privacy Act (CCPA) took effect on Jan 1, 2020

You can read helpful answers to the essential FAQs. Lightspeed is committed to assisting you to comply with privacy laws. Read the following articles to aid you in your preparedness:

• Review required privacy actions for your store, by visiting: Required privacy actions.
• Learn how to start Managing privacy requests from customers.
• Personal data from you and your employees lives in our internal Lightspeed systems. You can submit requests to our Support team to exercise privacy rights for yourself or your employees. Find out how to begin the process of Managing GDPR requests for back office accounts.

Privacy FAQ

1. What are privacy laws?

   Privacy laws aim to give citizens more control over personal data by regulating how businesses use this data. These regulations govern the viewing, storing, changing, transferring and even deleting of personal data. Personal data is defined as any information related to a natural person (or "data subject") that can be used to directly or indirectly identify them. This includes information such as names, addresses, email addresses and phone numbers.

   For more information on privacy laws and Lightspeed's efforts to comply with them:

   Lightspeed's privacy policy

   GDPR related:

   • Lightspeed GDPR blog post  (Dutch only) 
   • Lightspeed HQ FAQs (English only)
   • Implementing GDPR - Lightspeed blog post (English only)

   CCPA related:

   • What does CCPA mean for merchants? - Lightspeed blog post (English only)

2. Who is affected by privacy laws?

   There are currently two privacy laws:

   • GDPR - Merchants that process or control personal data for residents of the European Union (EU).
     
   • CCPA - Merchants that do business in California who meet at least one of these minimum thresholds:
     • Exceed a gross revenue of $25 million, 
     • Collect or sell personal information of 50,000 consumers
     • Receive 50% or more of it's annual revenue from selling personal information.

3. What are rights can I exercise under privacy laws?

   You can make a requests to:

   1. Receive access to your personal information.
      • For example, you want to know what personal data we store in our internal systems at Lightspeed.
   2. Modify inaccurate personal information.
      • For example, you want to change the email address we have for you on file.
   3. Object to processing your personal information.
      • For example, you want to be removed from our marketing campaigns.
   4. Delete your personal information.
      • For example, you have sold your business and would like to delete your personal information from our internal systems at Lightspeed.
   5. Receive a Data Processing Agreement (DPA).
      • For example, you are established in the European Union (EU) or you have customers based in the EU and you haven't received the DPA in your email yet. You want to sign the agreement to ensure that you're compliant with the GDPR.

4. What are some additional resources that can guide me as a merchant affected by privacy laws?

   Outside of complying with the a privacy laws as a Lightspeed Retail merchant, it's easy to get overwhelmed with the amount of privacy information that's circulating and its requirements. To point you in the right direction and help you get started, below you'll find some additional resources that aim to guide merchants affected by privacy laws.

   • Guide to the GDPR
   • Guide to documenting your processing activities under the GDPR
   • Guide to the CCPA