Privacy Policy

Download the PDF version of our Privacy Policy

Lightspeed Systems’ Commitment to Your Privacy

Your privacy is critically important to Lightspeed Systems. We have developed this Privacy Policy to outline how we collect, use, disclose, transfer, and store your information. Lightspeed Systems is fully committed to the security and protection of your privacy.

Lightspeed Systems provides a variety of services (“Services”) to securely manage technology users, internet-enabled devices, and internet access. We understand the importance of privacy to our online visitors, to schools who register for our Services, (“Schools”) and to students and staff (“End User”) whose information we may access on behalf of a School.

Our Commitment:

  • We will always be transparent in the data we collect and how it is used.
  • We will practice data minimization and only collect the data that is necessary for the solutions and functions that the school has purchased/contracted.
  • We will always treat that data with the utmost security and privacy.
  • We will never sell student personal information; we will never share it without the software license holders written authorization, and we will never use it to attempt to sell advertising to students.

Applicability of this Privacy Policy

This privacy policy applies to our Services and our websites, and describes the steps we take to protect your data. It details the terms surrounding our use of the personally identifiable information we collect, and our information gathering, use, maintenance, and dissemination practices necessary for the Services.

As you are navigating between school and related sites, please be aware that other parties’ privacy policies may come into play. If you are using any of the Services through a customer of Lightspeed Systems this policy does not supersede the terms of any agreements between Lightspeed Systems and any other party, nor does it affect the terms of any agreement between any End User of the Services and their employer, their educational institution, or any third party. Please make sure that you read the terms of any privacy policies that you enter into with parties other than Lightspeed Systems including your employer or educational institution, as those policies may also explain how your personal information is used by those parties. If you are accessing Lightspeed Systems through a third-party, public, or unsecured
internet provider, please be advised that any information you disclose or publish during the course of such access may be collected by any such provider and that Lightspeed Systems has no control and makes no representation as to the possible use of this information by any such provider.
Please note that each School controls its instance of the Services and any associated data processed within that instance (“School Data”). If you have any questions about a School’s privacy practices, please contact the applicable School. For more information about who is the controller of data and under what circumstances, refer to the “Your Rights Regarding Your Data” section below.

Your Data: How We Collect and Use Information

We collect the following types of information:

Information aboutSchool Personnel: Schools decide which data is integrated with our Services. When a School administrator registers a School with Lightspeed Systems or corresponds with us online, we ask for certain information including a contact name, school name, school district, school email address, school physical address and/or account name, phone number, job title, message content, and information relating to the School’s information systems. We may also retain information provided by a School if the School sends usa message, posts content to our website or through our Services, or responds to emails or surveys. Once a School begins using Services provided by Lightspeed Systems, we will keep records of activities related to the Services. We use this information to operate, maintain, and provide the features and functionality of the Services, including customer service, support, and billing; to analyze our offerings and functionality; to communicate with our Schools and website visitors; to exchange information, and to offer related services such as user group membership and event registration.

Student Data: Lightspeed Systems may have access to personally identifiable information about students (“Student Data”) in the course of providing Services to a School, including student name, email address, device information/identifiers and usage data We recognize Student Data is confidential and do not use such data for any purpose other than to provide the Services on the School’s behalf. Lightspeed Systems receives Student Data only from the School and never interacts with the
Student directly. The School confirms that it has obtained appropriate parental consent, as needed before the student is permitted to access the Services. Lightspeed Systems has access to Student Data only as requested by the School and only for the purposes of performing Services on the School’s behalf.We may also generate a login ID for the child that is different than the child’s actual name or under the School’s direction, collect login/authentication data via a student information system
identification number or other system designated by Customer.

Parent Data: When a parent uses the Services, including the parent portal, Lightspeed Systems may collect their full name and email address. We use this information to operate, maintain, and provide the features and functionality of the Services, including customer service and support; to analyze our offerings and functionality; and to communicate with parents.

Parents should consult the school’s acceptable/responsible use, social media, personnel, and instructional policies for more information about the school’s policies and practices for protecting children on the internet. Teachers are reminded to also be aware of their obligations under the ethical standards for educators in their state and to be conscious of their role as a model for students while interacting with students using Services provided by Lightspeed Systems.

See “Student Safety” below for further explanation of our commitment to online student safety.

Non-Personally Identifiable Information: We may collect certain non-personally identifiable information from visitors to our sites and users of our Services, such as the date and time of their visit, the type of browser used (e.g., Chrome, Firefox, Internet Explorer), the type of operating system used (e.g., Windows 7 or Mac OS), the internet service provider from which the visitor receives internet access, and aggregate information regarding what pages users of the site access or
visit. We may collect data for Schools to monitor and generate reports of their users’ online search queries, websites visited or blocked from visiting recorded web activity, and device geolocation for purpose of asset recovery. In addition, we may monitor Schools’ onboarding tasks completed, search queries on our sites, number of users’ sessions on our websites, city and state/province where last accessing our Services, responses to our survey questions, and content provided on managed devices via customizable fields.

We may also match non-personally identifiable information from registered members with personally identifiable information (such as the member’s name, title) in our database to track deployment progress, troubleshoot Services issues, analyze usage, and otherwise monitor Services to make improvements. Lightspeed Systems and its third-party service providers use cookies (both session and persistent cookies) and other tracking mechanisms to automatically collect information including IP
addresses, session sources, and other data which tracks End Users’ access to the Services. We may combine this information with other personal information we collect from you (and our third-party service providers may do so on our behalf).

Other Data: We obtain contact and business information used to communicate with you about the Services from conferences, events and webinars, sales partners, and public records.

Employee & Employment Applications: Please see our Applicant & Employee Privacy Policy

Cookies and Other Technologies

Clear GIFs, pixel tags, and other technologies: Clear GIFs (also known as web beacons, web bugs or pixel tags) are tiny graphics with a unique identifier, similar
in function to cookies. In contrast to cookies, which are stored on your computer’s hard drive, clear GIFs are embedded invisibly on web pages. We may use clear GIFs, in connection with Services provided by Lightspeed Systems to, among other things, track the activities of visitors, help us manage content, and compile statistics about site usage. We and our third-party service providers also use clear GIFs in HTML emails to our customers to help us track e-mail response rates, identify when our e-mails are viewed, and track whether our e-mails are forwarded.We use or may use the data collected through cookies, log files, device identifiers, and clear GIFs to (a) remember information so in subsequent visits a user will not have to re-enter it; (b) provide custom, personalized content, and information; (c) monitor the effectiveness of our Services; (d) monitor aggregate metrics such as total number of visitors, traffic, and usage on our website and our Services; (e) diagnose or fix technology problems; and (f) help users efficiently access information after signing in.
Third-Party Analytics: We use automated devices, applications, and other means, such as Google Analytics, to evaluate usage of our Lightspeed Systems web sites and Services. We use these tools to help us improve our Services, performance and user experiences. We do NOT use these for remarketing. These entities may use cookies and other tracking technologies to perform their services. We do not control these third parties’ tracking technologies or how they may be used. Our Cookie Banner has been automatically set to a default ‘opt in’ setting for Targeting cookies, to provide users with more control of their data.
Do-Not-Track: Currently, our systems do not recognize browser “do-not-track” requests. You may, however, disable certain tracking as discussed in this section (e.g., by disabling cookies).
Data Controller: By providing Lightspeed Systems information via our website, tradeshow, Lightspeed Systems event, Partner event, e-mail, phone, chat or support case, you authorize Lightspeed Systems to serve as the Data Controller.
Data Processor: By licensing to use Lightspeed Systems services, you authorize Lightspeed Systems to serve as the Data Processor for the licensed services.Please review our Cookie Notice for additional details on how we handle cookies on our websites.

Student Safety

COPPA and Children Under 13
Lightspeed Systems complies with the Children’s Online Privacy Protection Act (COPPA, see FTC complying with COPPA FAQs). Students are not allowed to sign up for any Lightspeed Systems solutions. Student accounts are provided only through a verified educator, school, or educational organization. Schools agree to obtain and maintain all necessary rights and consents, including consents required by COPPA, either from an End User or, where necessary, the End User’s parent or legal guardian, to allow Lightspeed to provide and improve the Lightspeed Systems’ solutions and collect and receive user data in order to provide the Services. Please read
Lightspeed’s COPPA Notice here.
We meet the following guidelines listed below and agree to:

  • NOT collect online contact information without the consent of either a parent or a qualified educator or educational institution.
  • NOT collect personally identifiable offline contact information.
  • NOT distribute to third parties, other than Government Officials (as defined below) in the manner described below, any personally identifiable information without prior parental consent.
  • NOT entice by the prospect of a special game, prize, or other activity or to divulge more information than is needed to participate in the activity.
  • NOT use or disclose student information for behavioral targeting of advertisements to students.
  • NOT build a personal profile of a student other than for supporting authorized educational/school purposes.

Student Privacy Pledge & Student Data Privacy Consortium

We are a Student Data Privacy Consortium signatory, and have signed the Student Privacy Pledge.

Third Parties: How We May Share Your Data

We may share personal information with:

  • Affiliates: Businesses or third parties Lightspeed Systems is affiliated with in order to facilitate a transaction or service that the School has initiated or requested;
  • Third Parties Supporting Our Offerings: Agents and service providers (sub-processors) that act on our behalf to support our services, such as technology services (e.g. web hosting and analytics services), subject to confidentiality obligations set out in the executed contracts with the service providers. We contractually prohibit our service providers from retaining, using, or disclosing information about you for any purpose other than performing the services for us. Please note that these providers have no access to sensitive student data – strict access controls are in place. Additional information about the sub-processors we use to support our service delivery can be found on our Trust Page;
  • Authorized School Personnel: such as parents, teachers, administrators, or other School personnel at the direction of the School or in order to facilitate the service that the School has initiated or requested (depending on a School’s currently selected Services);
  • Your consent: or the consent of (or at the direction of) a parent, guardian, or eligible student;
  • Business Transfers: A third party entity in connection with or during negotiations of a business transfer, in which case the recipient will be subject to the same commitments; and
  • Legal Requirements: such as law enforcement, first responders, state or federal reporting agencies, such as the National Center for Missing and Exploited Children, or other officials (“Government Officials”) when required by law or when doing so is mandated by our internal escalation policy, which is subject to change in our sole discretion, or when we believe in good faith that it is necessary to comply with any legal, law enforcement, or regulatory process, such as
    to respond to a warrant, subpoena, court order, or other applicable laws and regulations, including to meet national security requirements; take action in connection with a health or safety emergency; enforce or apply our agreements, including our Terms of Use; or protect Lightspeed Systems, our users, customers, or others.
  • Aggregated/ De-identified Information: We may aggregate and/or de-identify any information collected through the Services so that such information can no longer be linked to you or your device (“Aggregate/De-Identified Information”). Aggregate/De-Identified Information may be used to determine the demographic composition of our user base and to distribute statistics and general marketplace information about Lightspeed Systems. We may use, transfer, or disclose Aggregate/De-Identified Information for any purpose, including to describe the Services to prospective partners and other third parties and for other lawful purposes.

We do not use personal information for any other commercial purpose.

Further, Lightspeed Systems recognizes its potential liability when onward transferring EU and UK individuals’ data received pursuant to the EU-US Data Privacy Framework (DPF) and UK Extension to the EU-U.S. DPF.  An individual has the ability, under certain conditions, to invoke binding arbitration for complaints regarding Data Privacy Framework compliance not resolved by any of the other Data Privacy Framework mechanisms.  Please refer to Annex I of the DPF
Principles
for additional information.

In certain areas of the Services, Lightspeed Systems makes announcements, email, chat, polls, forums, discussions, and/or news groups available. Please remember that any information that is disclosed in these areas becomes public information, and you should exercise caution when deciding to disclose any of your personal or other information in these or any other publicly available site. And if you see inappropriate content posted by any other user, please report that information to us so we can review the post and respond accordingly.

Your Rights Regarding Your Data

For Data That We Collect Via Our Products
Adult End Users of Services provided by Lightspeed Systems should contact their educational institution or other organization providing the Services about their right to access their data collected and used by Lightspeed Systems and requests to be forgotten, electronic copies of data, requests for data deletion, data depersonalization and/or data not available through your account login. Schools may access and update account information and modify Services by signing into an administrator account. Adult End Users may be able to access and change their information collected during account creation by choosing the “edit account information” option or other similar functionality offered in the Services. To access or change your personal information, log into your account through the Services.. End Users and visitors may opt out of receiving future promotional electronic communications from Lightspeed Systems by following the unsubscribe procedures indicated in the mailing.
Student Data: Student End Users of Services provided by Lightspeed Systems and their parents should contact their educational institution or other organization providing the Services about access to the personal information collected by that institution including requests to be forgotten, requests for data, requests for data deletion, and/or data depersonalization.
Deleting or Disabling Cookies: Most web browsers automatically accept cookies, but if you prefer, you can edit your browser options to block them in the future. The Help portion of the toolbar on most browsers will tell you how to prevent your computer from accepting new cookies, how to have the browser notify you when you receive a new cookie, or how to disable cookies altogether. End Users of Services provided by Lightspeed Systems who disable cookies will be able to browse certain areas of our sites, but some features may not function.
Data Portability: License holders of Lightspeed Systems products may request in writing that the data they provided be returned to them in electronic format. Within a reasonable time Lightspeed Systems will return the data provided by the license holder for the products they have licensed.Individuals who provided information via our websites, Tradeshow, Lightspeed Systems event, Partner event, e-mail or phone call may request in writing that the data they provided be returned to them in electronic format. Within a reasonable time Lightspeed Systems will return the data provided.

For Data That We Collect From Visitors Of Our WebsitesAccount Information and Settings: Adult End Users and visitors of the Lightspeed Systems websites have a right to access the data collected and used by Lightspeed Systems To make requests to access or change account information, be forgotten, electronic copies of data, data deletion, and/or data depersonalization, please contact us via the contact information below. End Users and visitors may opt out of receiving future promotional electronic mailings from Lightspeed Systems by following the unsubscribe procedures indicated in the mailing.

Children’s Data: Lightspeed Systems does not knowingly solicit or attempt to collect information from children via its websites. We ask that anyone under the age of 13 not use our websites or submit information to us. Please contact us via the contact information below if you have any questions, concerns, need to access, change, or delete the Personal Information that has been submitted by a child. Please contact us at the address below if you have any other questions or concerns about the information you receive from us or the information that we collect from you.

California Privacy Rights

Privacy Information for California Residents – CCPA & CPRA California Consumer Privacy Act (CCPA)

California law requires us to provide some additional information regarding your rights with respect to your “personal information” (as defined in the California Consumer Privacy Act (CCPA)).In many cases, if you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, unless certain exceptions apply, the CCPA allows you to request us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.
  • Provide access to and/or a copy of certain personal information we hold about you.
  • Delete certain personal information we have about you.
  • Provide you with information about certain financial incentives that we offer to you, if any.

You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.

We reserve the right to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information. You are also permitted to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you or to comply with legal obligations, so we would need to either reject your request to delete the information or, if we are legally permitted to delete
it, we would need to terminate our provision of the Services to you after deleting it. If you would like further information regarding your legal rights under California law or would like to exercise any of them, please contact us at [email protected] or write to us using the contact details provided in the “How to Contact Lightspeed Systems” section below.

California Privacy Act (CPRA)

The California Privacy Rights Act (CPRA) is a data privacy law that amends and expands upon the California Consumer Privacy Act (CCPA). The law takes effect on January 1, 2023, and includes additional privacy protections for consumers.

Expanded Rights under CPRA

  • Right to Access Information: Building upon the CCPA right to request access to the personal information a business has collected about a person in the preceding 12-month period, the California Privacy Rights Act expands this to include any information collected—regardless of when it was collected—unless doing so proves impossible or would involve a disproportionate effort.
  • Right to Opt-Out of Sharing Information with Third Parties: The California Privacy Rights Act clarifies that people can opt out of both the sale and sharing of their personal information to third parties. This was a point of contention under the CCPA where the definition of sell does not explicitly include sharing.
  • Right to Sue Businesses When They Expose Usernames and Passwords: The CCPA gave people the right to sue a business directly when it exposes their personal information through a data breach resulting from a failure to use reasonable security measures. The California Privacy Rights Act expands this to cover data breaches where the personal information that was exposed includes a username and password.
  • More information about CPRA can be found here: https://thecpra.org/
  • Visit our Trust Page to find out how
    Lightspeed Systems complies with CPRA

Data Subject Access Request – How and when we are expected to handle your request

We will confirm receipt of your verifiable request within 10 days and provide information about how we will process your request.

We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. Should we deny your request, we will explain you the reasons behind our denial.

We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.

With regard to School Data, consumers should direct requests to exercise applicable rights to the School on whose behalf we handle the data. If we receive a request from a consumer directly in relation to School Data, we will either alert you to redirect your request to the applicable School or refer that request to the appropriate School and await each School’s instructions on how to handle it.

Collection, Use, and Disclosure of Californians’ Personal Information

During the 12 months leading up to the effective date of this Privacy Policy, we collected (and continue to collect) all of the categories of personal information described in the “Your Data: How We Collect and Use Information” section of our Privacy Policy and listed in the chart below. The sources from which we collect information about you, include, for example, you, Schools, service providers, other users, third party applications, analytics providers, cookies and tracking technologies, survey
partners, related entities and affiliates, developer partners, your interaction with us on our social media channels, and marketing partners.

The “Your Data: How We Collect and Use Information” section of this Privacy Policy also explains how and why we use your personal information. Generally speaking, we use your information to provide our Services and related services such as user group membership and event registration, send communications, engage in transactions, personalize the Services, analyze, research, develop, and improve the Services, enforce legal terms and defend our rights, investigate and prevent security issues, fraud, and abuse, comply with laws, and as described when collecting your information.

We share certain personal information as set forth in “Third Parties: How We May Share Your Information” section and in the chart below, and we allow third parties to collect certain information about your activity, for example through cookies, as explained in the “Your Data: How We Collect and Use Information” section.

California residents may opt out of the “sale” of their personal information. We do not “sell” California residents’ personal information under the CCPA, based on our current understanding of the definition of sell. We do share certain information as set forth in “Your Data: How We Collect and Use Information” section and in the chart below, and as also explained in that section, we allow third parties to collect certain information about your activity, for example through cookies.

During the 12 months leading up to the effective date of this Privacy Policy, we made the following disclosures of personal information about California residents:

Category of personal information collected by Lightspeed Categories of third parties to which the information was disclosed for a business
purpose
Identifiers, such as real name, username, unique user ID, or other similar
identifiers.
  • Service providers who perform functions on our behalf, such as data storage and
    hosting providers, email and notification providers, network and system management
    providers, communication tools, IT support providers, CRM providers, payment
    providers, and resellers of our Services (“Service Providers”)
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Contact and account registration information, such as telephone number,
email address, job title, or other contact information.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Customer service information, such as questions and other messages you
address to us and summaries or voice recordings of your interactions with customer care.
  • Service Providers
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Business and commercial information, such as position, title, business
address, business email address, phone, size, location, and needs of your School, records of
products or services purchased or considered, or other purchasing or consuming histories.
  • Service Providers
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Financial information, such as credit card or bank account information.
  • Service Providers
Device information and identifiers, such as IP address, browser type and
language, operating system, platform type, device type, and software and hardware attribute.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Connection and usage data, such as landing pages, browsing activity,
content or ads viewed and clicked, dates and times of access, pages viewed, time spent on
each page, search terms, information about network web traffic (including traffic from a
specific user), information about files you download, domain names, forms you complete or
partially complete, uploads or downloads, whether you open an email and your interaction
with email content, access times, error logs, and other similar information, and sensory and
telemetry data.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Geolocation data, if enabled by the School, such as city, state, country,
and ZIP code associated with your IP address or derived through Wi-Fi triangulation, and
with your permission in accordance with your mobile device settings, and precise geolocation
information from GPS-based functionality on your mobile devices. Please note that some
location-based services may require your personal information for the feature to work as
intended.
  • Service Providers
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Other information, such as any other information you choose to directly
provide to us in connection with your use of the Services.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes

California “Shine the Light” Disclosure

The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the sharing of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes within the meaning of that law.

Supplemental Notice for Nevada Residents

Under Nevada law, certain Nevada residents may opt out of the “sale” of “covered information” (as such term is defined under Nevada law) for monetary consideration to a person for that person to license or sell such information to additional persons. “Covered information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in such activity as of the effective date of this Privacy Policy; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of the sale of your covered information under Nevada law by emailing us at [email protected]. Please note we may take reasonable steps to verify your identity and the authenticity of the request.

Supplemental Notice for Virginia Data Subjects

The Virginia Consumer Data Protection Act (“VCDPA”) provides additional rights to Virginia residents. This section addresses those rights and applies only to Virginia residents.

You have the following rights under the VCDPA:

  • To confirm whether or not we are processing your personal data
  • To access your personal data
  • To correct inaccuracies in your personal data
  • To delete your personal data
  • To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format
  • To opt out of the processing of personal data for purposes of targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects concerning you

To exercise any of these rights, please contact us as set out in the “How to Contact Lightspeed Systems” section below and specify which right you are seeking to exercise. We will respond to your request within 45 days.

Security: How We Store and Protect Your Information

Privacy Information for California Residents – CCPA & CPRA California Consumer Privacy Act (CCPA)California law requires us to provide some additional information regarding your rights with respect to your “personal information” (as defined in the California Consumer Privacy Act (CCPA)).In many cases, if you are a California resident, the CCPA allows you to make certain requests about your personal information. Specifically, unless certain exceptions apply, the CCPA allows you to request us to:

  • Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.
  • Provide access to and/or a copy of certain personal information we hold about you.
  • Delete certain personal information we have about you.
  • Provide you with information about certain financial incentives that we offer to you, if any.

You also have certain rights under the CCPA not to be subject to certain negative consequences for exercising CCPA rights.

We reserve the right to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information. You are also permitted to designate an authorized agent to submit certain requests on your behalf. In order for an authorized agent to be verified, you must provide the authorized agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorized agent’s request.

Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Services to you or to comply with legal obligations, so we would need to either reject your request to delete the information or, if we are legally permitted to delete
it, we would need to terminate our provision of the Services to you after deleting it. If you would like further information regarding your legal rights under California law or would like to exercise any of them, please contact us at [email protected] or write to us using the contact details provided in the “How to Contact Lightspeed Systems” section below.

California Privacy Act (CPRA)

The California Privacy Rights Act
(CPRA)
is a data privacy law that amends and expands upon the California Consumer Privacy Act (CCPA). The law takes effect on January 1, 2023, and includes additional privacy protections for consumers.

Expanded Rights under CPRA

  • Right to Access Information: Building upon the CCPA right to request access to the personal information a business has collected about a person in the preceding 12-month period, the California Privacy Rights Act expands this to include any information collected—regardless of when it was collected—unless doing so proves impossible or would involve a disproportionate effort.
  • Right to Opt-Out of Sharing Information with Third Parties: The California Privacy Rights Act clarifies that people can opt out of both the sale and sharing of their personal information to third parties. This was a point of contention under the CCPA where the definition of sell does not explicitly include sharing.
  • Right to Sue Businesses When They Expose Usernames and Passwords: The CCPA gave people the right to sue a business directly when it exposes their personal information through a data breach resulting from a failure to use reasonable security measures. The California Privacy Rights Act expands this to cover data breaches where the personal information that was exposed includes a username and password.
  • More information about CPRA can be found here: https://thecpra.org/
  • Visit our Trust Page to find out how Lightspeed Systems complies with CPRA

Data Subject Access Request – How and when we are expected to handle your request

We will confirm receipt of your verifiable request within 10 days and provide information about how we will process your request.

We will respond to your request within 45 days of its receipt. Should we need more time, we will explain to you the reasons why, and how much more time we need. Should we deny your request, we will explain you the reasons behind our denial.

We do not charge a fee to process or respond to your verifiable request unless such request is manifestly unfounded or excessive. In such cases, we may charge a reasonable fee, or refuse to act on the request. In either case, we will communicate our choices and explain the reasons behind it.

With regard to School Data, consumers should direct requests to exercise applicable rights to the School on whose behalf we handle the data. If we receive a request from a consumer directly in relation to School Data, we will either alert you to redirect your request to the applicable School or refer that request to the appropriate School and await each School’s instructions on how to handle it.

Collection, Use, and Disclosure of Californians’ Personal Information

During the 12 months leading up to the effective date of this Privacy Policy, we collected (and continue to collect) all of the categories of personal information described in the “Your Data: How We Collect and Use Information” section of our Privacy Policy and listed in the chart below. The sources from which we collect information about you, include, for example, you, Schools, service providers, other users, third party applications, analytics providers, cookies and tracking technologies, survey
partners, related entities and affiliates, developer partners, your interaction with us on our social media channels, and marketing partners.

The “Your Data: How We Collect and Use Information” section of this Privacy Policy also explains how and why we use your personal information. Generally speaking, we use your information to provide our Services and related services such as user group membership and event registration, send communications, engage in transactions, personalize the Services, analyze, research, develop, and improve the Services, enforce legal terms and defend our rights, investigate and prevent security issues, fraud, and abuse, comply with laws, and as described when collecting your information.

We share certain personal information as set forth in “Third Parties: How We May Share Your Information” section and in the chart below, and we allow third parties to collect certain information about your activity, for example through cookies, as explained in the “Your Data: How We Collect and Use Information” section.

California residents may opt out of the “sale” of their personal information. We do not “sell” California residents’ personal information under the CCPA, based on our current understanding of the definition of sell. We do share certain information as set forth in “Your Data: How We Collect and Use Information” section and in the chart below, and as also explained in that section, we allow third parties to collect certain information about your activity, for example through cookies.

During the 12 months leading up to the effective date of this Privacy Policy, we made the following disclosures of personal information about California residents:

Category of personal information collected by Lightspeed Categories of third parties to which the information was disclosed for a business
purpose
Identifiers, such as real name, username, unique user ID, or other similar
identifiers.
  • Service providers who perform functions on our behalf, such as data storage and
    hosting providers, email and notification providers, network and system management
    providers, communication tools, IT support providers, CRM providers, payment
    providers, and resellers of our Services (“Service Providers”)
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Contact and account registration information, such as telephone number,
email address, job title, or other contact information.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Customer service information, such as questions and other messages you
address to us and summaries or voice recordings of your interactions with customer care.
  • Service Providers
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Business and commercial information, such as position, title, business
address, business email address, phone, size, location, and needs of your School, records of
products or services purchased or considered, or other purchasing or consuming histories.
  • Service Providers
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Financial information, such as credit card or bank account information.
  • Service Providers
Device information and identifiers, such as IP address, browser type and
language, operating system, platform type, device type, and software and hardware attribute.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Connection and usage data, such as landing pages, browsing activity,
content or ads viewed and clicked, dates and times of access, pages viewed, time spent on
each page, search terms, information about network web traffic (including traffic from a
specific user), information about files you download, domain names, forms you complete or
partially complete, uploads or downloads, whether you open an email and your interaction
with email content, access times, error logs, and other similar information, and sensory and
telemetry data.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Geolocation data, if enabled by the School, such as city, state, country,
and ZIP code associated with your IP address or derived through Wi-Fi triangulation, and
with your permission in accordance with your mobile device settings, and precise geolocation
information from GPS-based functionality on your mobile devices. Please note that some
location-based services may require your personal information for the feature to work as
intended.
  • Service Providers
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes
Other information, such as any other information you choose to directly
provide to us in connection with your use of the Services.
  • Service Providers
  • School personnel
  • Data analytics providers
  • Other individuals, services, and partners at your request or with your consent
  • Entities involved in actual or potential significant corporate transactions
  • Third parties for legal purposes

California “Shine the Light” Disclosure

The California “Shine the Light” law gives residents of California the right under certain circumstances to opt out of the sharing of certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third
parties for their own direct marketing purposes within the meaning of that law.

Supplemental Notice for Nevada Residents

Under Nevada law, certain Nevada residents may opt out of the “sale” of “covered information” (as such term is defined under Nevada law) for monetary consideration to a person for that person to license or sell such information to additional persons. “Covered information” includes first and last name, address, email address, phone number, Social Security Number, or an identifier that allows a specific person to be contacted either physically or online. We do not engage in such activity as of the effective date of this Privacy Policy; however, if you are a Nevada resident who has purchased or leased goods or services from us, you may submit a request to opt out of the sale of your covered information under Nevada law by emailing us at [email protected]. Please note we may take reasonable steps to verify your identity and the authenticity of the request.

Supplemental Notice for Virginia Data Subjects

The Virginia Consumer Data Protection Act (“VCDPA”) provides additional rights to Virginia residents. This section addresses those rights and applies only to Virginia residents.

You have the following rights under the VCDPA:

  • To confirm whether or not we are processing your personal data
  • To access your personal data
  • To correct inaccuracies in your personal data
  • To delete your personal data
  • To obtain a copy of your personal data that you previously provided to us in a portable and readily
    usable format
  • To opt out of the processing of personal data for purposes of targeted advertising, the sale of
    personal data, or profiling in furtherance of decisions that produce legal or similarly significant
    effects concerning you

To exercise any of these rights, please contact us as set out in the “How to Contact Lightspeed Systems” section below and specify which right you are seeking to exercise. We will respond to your request within 45 days.

Data Retention: How Long We Retain Your Information

We retain data for as long as necessary to fulfill the purposes for which it was collected for. Following termination or deactivation of a School account, Lightspeed Systems may retain profile information and content for a commercially reasonable time for backup, archival, or audit purposes, but all Student Data associated with the School will be deleted in accordance with Lightspeed Systems Data Deletion policy, or in accordance with active DPA, DSA or SLA. We may maintain Aggregated/De-Identified Information, including usage data, for analytics purposes.If you have any questions about data retention or deletion, please contact us via the contact information below.

International Data Transfers

On July 10, 2023, the European Commission’s adequacy decision for the EU-U.S. Data Privacy Framework (EU-U.S. DPF) entered into force. The EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), were respectively developed in furtherance of transatlantic commerce by the U.S. Department of Commerce, the European Commission and the UK Government to provide U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union/ European Economic Area and the United Kingdom, while ensuring data protection that is consistent with EU and UK laws.
Framework Compliance: Lightspeed Systems complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Lightspeed Systems has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Dispute Resolution: In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, Lightspeed Systems commits to resolve complaints about your privacy and our collection or use of your personal information. European Union and UK individuals with inquiries or complaints regarding this privacy policy should first contact Lightspeed Systems at:
Lightspeed Systems Privacy Department
12013 Fitzhugh Rd.,
Austin, TX 78736

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, Lightspeed Systems commits to refer unresolved privacy complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF BBB National Programs Dispute Resolution Process, an alternative dispute resolution provider located in the United States, BBB helps idividual consumers resolve privacy complaints under the Data Privacy Framework Program and has committed to respond to complaints and to provide appropriate recourse at no cost to you. If you do not receive timely acknowledgement of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and or to file a complaint.Lightspeed Systems is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Under certain conditions, an individual may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted, provided that the individual has invoked binding arbitration by delivering notice to Lightspeed Systems, and following the procedures and subject to conditions set forth in Annex I of the DPF Principles.

Accountability for Onward Transfer
In the event Lightspeed Systems transfers personal data covered by this Policy to a third party acting as a controller, we will do so consistent with any notice provided to Data Subjects, any consent they have given, and only if the third party has given us contractual assurances that it will (i) process the Personal Data for limited and specified purposes consistent with any consent provided by the Data Subjects, (ii) provide at least the same level of protection as is required by the Data Privacy Framework Principles, and notify us if it makes a determination that it cannot do so; and (iii) cease processing of the Personal Data or take other reasonable and appropriate steps to remediate if it makes such a determination. If Lightspeed Systems has knowledge that a third party acting as a controller is processing Personal Data covered by this Policy in a way that is contrary to the Data Privacy Framework Principles, Lightspeed Systems will take reasonable steps to prevent or stop such processing. Lightspeed Systems remains liable under the Data Privacy Framework Principles if an agent processes Personal Data covered by this Policy in a manner inconsistent with the Principles, except where Lightspeed Systems is not responsible for the event giving rise to the damage.

Cross-Border Data Protection

European Union and United Kingdom Data Protection
Residents in the European Union and the United Kingdom are entitled to certain rights with respect to personal information that we hold about them. Subject to any exemptions provided by the law, their rights are as follows:

  • Right of access and portability: The right to obtain access to your personal information, along with certain related information, and to receive that information in a commonly used format and to have it transferred to another data controller;
  • Right to rectification: The right to obtain rectification of your personal information where that personal information is inaccurate or incomplete;
  • Right to erasure: The right to obtain the erasure of your personal information, such as where the personal information is no longer necessary in relation to the purposes for which it was collected or processed;
  • Right to restriction: The right to obtain the restriction of the processing undertaken by us on your personal information in certain circumstances, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information;
  • Right to object: The right to object, on grounds relating to your particular situation, to the processing of your personal information, and to object to processing of your personal information for direct marketing purposes, to the extent it is related to such direct marketing; and Right to lodge a complaint with the supervisory data protection authority in your jurisdiction.

EU & UK consumers may make a request pursuant to their rights under the GDPR by contacting us at [email protected]

General Data Protection Regulation (GDPR) – European Representative

Pursuant to Article 27 of the General Data Protection Regulation (GDPR), Lightspeed Systems has appointed European Data Protection Office (EDPO) as its GDPR Representative in the EU. You can contact EDPO regarding matters pertaining to the GDPR:

UK General Data Protection Regulation (GDPR) – UK Representative

Pursuant to Article 27 of the UK GDPR, Lightspeed Systems has appointed EDPO UK Ltd as its UK GDPR representative in the UK. You can contact EDPO UK regarding matters pertaining to the UK GDPR:

Australian Privacy Act

The Australian Privacy Act 1988 regulates the handling of personal information in Australia. This legislation serves as the foundation of data collection and management policies across the country The Act outlines 13 Australian Privacy Principles (APPs) for managing the use personal and sensitive information.

This comprehensive framework establishes crucial standards for safeguarding individuals’ personal data, promoting transparency, and ensuring accountability.

Australian residents are entitled to certain rights with respect to personal information that we hold about them. Subject to any exemptions provided by the law, their rights are as follows:

  • Right to information: Individuals have the right to know why their personal information is being collected, how it will be used, and who it will be disclosed to.
  • Right to anonymity: Individuals have the option of not identifying themselves or using a pseudonym in certain circumstances.
  • Right to access: Individuals can ask for access to their personal information, including health information.
  • Right to opt-out: Individuals have the right to stop receiving unwanted direct marketing.
  • Right to correction: Individuals can ask for their incorrect personal information to be corrected.
  • Right to complain: Individuals have the right to make a complaint about an organization or agency covered by the Privacy Act if they believe their personal information has been mishandled.

Australian consumers may make a request pursuant to their rights under the Australian Privacy Act by contacting us at [email protected]

Legal Basis for Processing Information

We rely on several legal bases to process data:

  • Consent to process data in any enquiry you submit to us to supply relevant, requested services to you, as our customer/potential customer. You may withdraw your consent as outlined in the “How To Contact Lightspeed Systems” section at which time we will verify your request.
  • Legitimate interest for the proper administration and monitoring of our products and website.
  • To fulfill a contract with our customers to provide them with the services they have subscribed to for a specified period of time.

Changes to our Privacy Policy

We may update this Privacy Policy periodically to account for changes in our collection and/or processing of personal data, and will post the updated Privacy Policy on our website, with a “Last Modified” date at the bottom of the page. If we make material changes to this Privacy Statement, we will notify you and provide you an opportunity to review before you choose to continue using our Products.
Please visit our Privacy Policy Updates page for details on previous updates to our Privacy Policy.

How to Contact Lightspeed Systems

If you have any questions about this privacy statement, the information that we collect from you, or the Services, please contact us at [email protected] or write to:
Data Protection Officer: John Genter
Lightspeed Systems Privacy Department
12013 Fitzhugh Rd.
Austin, TX 78736, USA
In the event that you are concerned about how data you have provided Lightspeed Systems through the Services has been used, please contact us at the address listed above. Lightspeed Systems takes all concerns about privacy and use of data very seriously and shall endeavor to reply to you within two business days to commence its investigation of your concerns.

 

This privacy policy was last modified on February 21,2024. Effective Date: February 21,2024.