This Policy does not form part of any employment contract or contract to provide services. If you provide services to us through or in connection with another company, we are not responsible for that company’s privacy practices.
We collect, store, and use various types of personal information through the application and recruitment process or during the relevant engagement or employment with us. We collect such information either directly from you or (where applicable) from another person or entity, such as an employment agency or consultancy, background check provider, or other referral sources.
Information we collect. The type of information we collect about you may include:
How we use this personal information. We collect, use, share, and store personal information from job applicants for our and our service providers’ business and operational purposes in our recruitment and hiring process such as: processing your application; assessing your skills, qualifications, and interests; tracking your application through the recruitment process; contacting references; conducting background checks you authorize; evaluating you for current and future job opportunities, including matching your skills and interest to applicable job requirements; communicating with you throughout the hiring process; making hiring decisions; and fulfilling your requests. We will also use job applicant information for internal analysis purposes to understand the applicants who apply and to improve our recruitment process, including improving our diversity and inclusion efforts. We may sometimes need to use applicant information for legal purposes, such as in connection with any challenges made to our hiring decisions.
Information we collect. The type of information we have about you (and potentially your beneficiaries and emergency contacts) depends on your role with us and may include, where applicable:
We will disclose job applicant, employee, and contractor personal information to the following types of entities or in the following circumstances (where applicable):
If you have questions about this Policy, please email Privacy Department at firstname.lastname@example.org
This EU/UK Notice for residents of the UK and European Economic Area is provided in order to satisfy certain obligations that Lightspeed has under the EU General Data Protection Regulation (Regulation (EU) 2016/679) (the “GDPR”) and UK Data Protection Act 2018 (as amended from time to time) and any relevant transposition of, or successor or replacement to, that regulation (together, the “Data Protection Legislation”).
Under applicable law, Lightspeed is considered the “data controller” of the personal information we handle under this Policy. In other words, we are responsible for deciding how to collect, use and disclose this information, subject to applicable law. Our contact information appears in this Policy.
Data Protection Legislation may require us to explain to you the legal bases for our collection, processing, and use of your personal information. Our legal bases include:
Where the collection of personal information is required to comply with legal or contractual obligations, or to manage the employment relationship, the provision of personal information generally is mandatory. In all other cases, provision of requested personal information is optional; however, failure to provide the information may result in your inability to fully participate in the activity or benefit for which the personal information is requested, such as an optional benefit program. If you have any questions regarding whether provision of personal information is mandatory and the consequences for withholding such data, please contact us using the contact information in this Policy.
The personal information that we collect and process may also contain sensitive data relating to your race or ethnic origin, physical or mental health or condition, trade union membership, commission or alleged commission of criminal offences and any related legal actions. For example, Lightspeed may process health information in accordance with applicable laws, such as information on disabilities for purposes of accommodations in the workplace and for the purpose of arranging employee medical benefits. We only collect and process sensitive data where and to the extent permitted in accordance with applicable data protection laws.
Your personal information may be transferred to countries which may not have the same or equivalent data protection laws as the European Union. Where required, we make such transfers in compliance with Data Protection Legislation, such as through the use of model contractual clauses (as published by the European Commission).
We may retain personal information for so long as necessary for the purposes described above, unless a longer retention period is required or permitted by applicable law. To provide security and business continuity for the activities described in this notice, we may make backups of certain data, which we may retain for longer than the original data.
We take technical, administrative, physical, and procedural security measures to reduce the risk that personal information in our possession and control will undergo accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access. Please visit our Security & Compliance page for more detailed information of our data privacy and security practices.
Where the Data Protection Legislation applies, you have certain legal rights to request access to, and rectification or erasure of, personal information that we hold about you.
In some cases, you are entitled to receive, in portable form, a copy of the personal information you have provided to us or to request that we transmit it to a third party. You may also object to our processing of your personal information or request certain restrictions on the processing. You may withdraw any consent you have provided for the processing of personal information (which will not affect the legality of any processing that happened before the request takes effect). All such rights may be exercised by contacting the applicable entity listed below or by contacting Lightspeed as described above, who will handle or route the request as appropriate. These rights are subject to legal exceptions and limitations, which we must consider when addressing the request.
If you have any questions, concerns or complaints relating to our handling of personal information, please contact us as described in this Policy. You may also contact the relevant governmental authority (e.g., the UK Information Commissioner’s Office for UK individuals) with a complaint related to our handling of your personal information. However, we invite you to give us a chance to resolve the situation directly. Your privacy is important to us, and we will do our very best to address your concerns.
To exercise your rights in this EU/UK Notice or under the Data Protection Legislation (including to request further information on the mechanisms we have put in place in relation to personal information transfers outside the EU), to notify us of your preferences, or to provide us with complaints, concerns or questions, please contact us as follows:
Data Protection Officer: John Genter
Lightspeed Systems Privacy Department
2500 Bee Cave Road, Suite 350
Austin, TX 78746
Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Lightspeed Systems has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:
Pursuant to Article 27 of the UK GDPR, Lightspeed Systems has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:
This policy was last updated 06/02/2021 . Effective Date: 06/02/2021