2. Lawful Collection and Use of Data
Lightspeed collects information in several ways from different parts of our Sites, our mobile application and other activities such as social media, apps and surveys. Examples of these activities are explained below and include:
Registration to our services: some personal data is gathered when you register for our Services, including when you fill out request forms on our Sites, such as name, email address, postal address, job title and mobile device ID.
Research Activities: personal data may also be collected from you when you participate in a survey or in a research activity proposed by Lightspeed to the Users.
The main purposes for which we use your personal data are to:
- Contact you in relation to our Services via email, through mobile notifications or texts or any other proposed communication options you have consented to
- Inform you of updates to our Services, new features and details relevant to you
- Help you when you contact us
- Protect Lightspeed from fraudulent behaviour
- Update, enrich and clean your data to better understand your needs and how we can improve our Services
We have set out below more detailed information about how we use your personal data. We are also required by law to explain the legal basis for processing your personal data. These legal bases are listed below and could be different for each use case:
- we have your consent for the use of your personal data
- we need to use your personal data in order to perform a contract with you
- we need to process your data to comply with a legal obligation
- we need to process your data in order to protect your vital interests or someone else
- the processing is necessary to perform a task in the public interest or
- the use of your personal data is necessary for our (or our clients’) legitimate interests (in which case we will explain what those interests are).
We will never misrepresent ourselves or what we are doing. If you receive an email that concerns you, purporting to be from us, please let us know as shown below in ‘How to Contact Us’.
|Fraud Protection||Protection of our business interests against fraudulent behaviour||IP address, browser specifications, device specifications, postal addresses, email addresses|
|Survey Participation Uniqueness||Prevention of multiple entries in surveys by the same individuals||IP address, browser specifications, device specifications|
|Data Matching and Enrichment||We enrich the data we hold on file about you by matching your personal data with third parties. This will help us to improve our Services and ensure that we contact you for the Services relevant to you.We utilize matching services (i.e. third parties who are specialized in data management) to acquire additional information about you from public and private data sources (such as social networks, B2B databases and content subscription services with whom you have an account) or to use your personal data as an aid to develop new offers and services (i.e. we identify particular needs and we package an offer to answer those needs). The matching service (our partner) holds the personal data we share for a short time, uses it to assemble the additional information, and then return the combined information to us. Partners are contractually bound to delete the data we share with them and are not authorised to use it in any way other than for this specific purpose.||Contact details, email address, social login, cookie, mobile device ID|
We will not make your personal data available to anyone else without your agreement unless it is for research purposes or if required by law and/or by regulators or authorities. In these cases, the legal basis of our disclosure of your personal data is it is necessary to comply with a legal obligation. The data that we disclose may include your name and e-mail address.
Our third party partners are all contractually bound to keep any information they collect and disclose to us, or that we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.
Where We Store Your Personal Data
For personal data subject to the GDPR and transferred to a country or territory outside the European Economic Area (EEA), we shall put adequate safeguards in place to ensure the transfer is made by a lawful method for the purposes of EU data protection law and secure. For personal data which is not subject to the GDPR, Lightspeed shall strictly follow any other applicable data protection laws.
Lightspeed’s data storage servers are located in Europe and in the United States of America (USA) and are managed by third party service providers in the cloud.
We take appropriate technological and organisational measures to protect your personal data, both during transmission and once we receive it. Our security procedures are consistent with generally accepted standards used to protect personal data.
All our employees are contractually obliged to follow our policies and procedures regarding confidentiality, security and privacy.
Your account information and personal data are password-protected so you and only you have access to your information. In order to keep your personal data safe, we recommend you do not divulge your password to anyone. Lightspeed will never ask you for your password in an unsolicited phone call or in an unsolicited email. Also, please remember to sign out of your Lightspeed account and close your browser window when you have finished visiting our site. This is to ensure others cannot access your personal data and correspondence if you share a computer with someone else or are using a computer in a public place like a library or Internet cafe. Please change your password regularly.
3. Confidentiality and Industry Requirements
Ultimately, you are solely responsible for maintaining the secrecy of your passwords and/or any account information. Please be careful and responsible whenever you’re online.
We adhere to standards and industry requirements, including:
- American Marketing Association (AMA)
- British Healthcare British Intelligence Association (BHBIA)
- Insights Association
- European Pharmaceutical Market Research Association (EphMRA)
- European Society for Opinion and Market Research (ESOMAR)
- Italian Society for Opinion and Market Research (ASSIRM)
- Market Research Society (MRS)
- Intellus Worldwide
- And also: ARF, DGOF, AMSRS, Baqmar, Jmra, Kora, Moa, Mria-Arim, MRS Singapore, MRS New Zealand, Women in Research
4. Cookie Disclosure
Cookies are small text files stored on your computer or mobile device by a website that assigns a numerical user ID and stores certain information about your online browsing. They are used to help users navigate websites efficiently and perform certain functions. The website sends information to the browser which then creates a text file on the user’s computer or mobile device. Every time the user goes back to the same website, the browser retrieves and sends this file to the website’s server.
We gather certain information automatically and store it. This information may include things like Internet Protocol addresses (IP address), browser type, Internet service provider (“ISP”); referring/exit pages, operating system and date/time stamp.
We use this automatically collected information to analyse trends such as browser usage and to administer the site, e.g. to optimise the Sites experience depending on your browser type. We may also use your IP address to identify your country and also to protect our business against fraudulent behaviour.
Lightspeed defines cookies within 3 categories:
- Required to use the Sites
- Behavioural or advertising research cookies
For more information, please log in and access your cookie preferences page for your account where you are able to adjust your cookie settings.
As you use the Internet, a trail of electronic information is left at each website you visit. This information, which is sometimes referred to as ‘clickstream data’, may be collected and stored by a website’s server. Clickstream data can tell us the type of computer and browsing software you use and the address of the website from which you linked to the Site. We may collect and use clickstream data as aggregated information to anonymously determine how much time visitors spend on each page of our Sites, how visitors navigate throughout the Sites and how we may tailor our web pages to better meet the needs of visitors. This information will be used to improve our Sites and our Services. Any collection or use of clickstream data will be anonymous and will not intentionally contain any personal data.
We take reasonable steps to keep personal data in our possession or control accurate, complete and current, based on the most recent information made available to us by you and/or by our client.
We rely on you to help us keep your personal data accurate, complete and current by answering our questions honestly. You are responsible for ensuring that you notify us of any changes to your personal data.
6. Children’s Data
Lightspeed recognizes the need to provide further privacy protections with respect to personal data collected from children. Our Sites are not intended or designed to attract children under the age of 16. We do not knowingly collect personal information from or about any person under the age of 16. If you are under 16 years old and wish to ask a question or use this Site in any way which requires you to submit your personal information, please ask your parent or guardian to do so on your behalf.
7. Rights of Individuals
To request access to personal data that we hold about you, you should submit your request in writing to the e-mail address or postal address shown below in “How to Contact Us”.
You have the following rights in relation to your personal data:
- Right to change your mind and to withdraw your consent
- Right to access your personal data
- Right to rectify your personal data
- Right to erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
- Right to port your personal data (portability right)
- Right to restrict processing of your personal data
- Right to object to the processing of your personal data
We shall also notify third parties to whom we have transferred your personal data of any changes that we make on your request. Note that while Lightspeed communicates to these third parties, Lightspeed is not responsible for the actions taken by these third parties to answer your request. You may be able to access your personal data held by these third parties and correct, amend or delete it where it is inaccurate.
As part of the Lightspeed Business Continuity Plan, and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and the physical media destroyed to ensure the data is erased completely.
8. Data Storage and Retention
Personal data will be retained only for such period as is appropriate for its intended and lawful use. Lightspeed will retain your personal data for as long as you have not unsubscribed from our database. In case you unsubscribe from our database, we shall retain data for no longer than 3 months after you unsubscribe, unless otherwise required by law. Personal data that is no longer required will be disposed of in ways that ensure their confidential nature is not compromised.
As part of the Lightspeed Business Continuity Plan, and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period of time in a strictly controlled environment. Once expired, the data is deleted and destroyed to ensure the data is erased completely.
9. Notification of Material Change
10. How to Contact Us
If you have any questions or concerns relating to your privacy or to Lightspeed privacy practices, you can contact Lightspeed:
- by email at email@example.com
- by post to: Lightspeed, Privacy Office, 4 Millbank, Westminster, London SW1P 3JA, United Kingdom
11. Complaints and Country Specific Disclosure
If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state or jurisdiction of your habitual residence, your place of work or the place of the alleged infringement. To find the contact details of your country supervisory authority, please consult our dedicated page.