Privacy laws are designed to protect and empower the privacy of citizens and to reshape the way organizations across the region approach data privacy. As a Lightspeed restaurateur, it's imperative to respect and follow these privacy laws according to your region to ensure compliance with any stored personal info. The main privacy laws include:

• Europe's General Data Protection Regulation (GDPR), in effect since May 25, 2018
• The California Consumer Privacy Act (CCPA), in effect since Jan 01, 2020

Requesting a data processing agreement (DPA)

Restauranteurs must sign a DPA to be in compliance with privacy laws.

1. On the top right-hand side the screen on any page in this Restaurant Help Center, select Submit a request.
2. From the drop-down, select Privacy request.
3. Complete the form, making sure to indicate the right would you like to exercise under privacy laws is: DPA request.
4. Select Submit.

Privacy FAQs

1. What are privacy laws?

   Privacy laws aim to give citizens more control over personal data by regulating how businesses use this data. These regulations govern the viewing, storing, changing, transferring and even deleting of personal data. Personal data is defined as any information related to a natural person (or "data subject") that can be used to directly or indirectly identify them. This includes information such as names, addresses, email addresses and phone numbers.

   For more information on privacy laws and Lightspeed's efforts to comply with them, please view Lightspeed's privacy policy.

   GDPR related:

   • FAQs about GDPR (English only)

   CCPA related:

   • What does CCPA mean for merchants? (English only)

2. Who is affected by privacy laws?

   There are currently two privacy laws:

   • GDPR - Merchants that process or control personal data for residents of the European Union (EU).
     
   • CCPA - Merchants that do business in California who meet at least one of these minimum thresholds:
     • Exceed a gross revenue of $25 million, 
     • Collect or sell personal information of 50,000 consumers
     • Receive 50% or more of annual revenue from selling personal information.

3. What are Data Processing Agreements (DPAs) and why do I need to sign them?

   Since Lightspeed products help restaurateurs process of personal data, we are required by law to enter into a Data Processing Agreement (DPA) with restauranteurs affected by privacy laws. If you're a restaurant established in the European Union, you should have received the DPA by email. 

   Signing the DPA is fully to your benefit as it creates specific rights for you in relation to Lightspeed’s processing activities. Also, it clearly describes all privacy obligations by Lightspeed. Once you've signed the DPA, it is effective immediately and is legally binding. If you haven't received the DPA from us yet, it's important that you request one and sign it as soon as possible. This will ensure that you're compliant with privacy laws and will avoid fines from your local privacy authorities.

   It's also important to note that Lightspeed shares its personal data with many integration partners. This allows partners to pull the data they need to build their integrations and Lightspeed to offer the best business solution to its merchants. Because of the data-sharing nature of our partner integrations, restaurants that are impacted by privacy laws and have also integrated their accounts also need to enter into a DPA with our partners.  

   To request a DPA and for more information, please contact our integration partners directly.