Privacy
CAtuned proudly uses Lightspeed Commerce Inc., Lightspeed, for our commerce processing. Please read the Policies stated below for our Privacy Policy
Effective date: May 24, 2022
Welcome! At Lightspeed, we believe that protecting your Personal Data is very important. This privacy statement explains how Lightspeed Commerce Inc. and all its affiliates (collectively, “Lightspeed”, “we”, “us” or “our”) handle your Personal Data. It applies to the processing of Personal Data of Consumers who place an order on one of Lightspeed’s consumer-facing platforms, websites, applications or services (including but not limited to Lightspeed Order Anywhere and Chronogolf by Lightspeed – collectively, the “Services”) (referred to in this policy as “Consumers” or “you”).
Note: If you have entered into a Lightspeed Service Agreement (“Subscriber”) or are a visitor to Lightspeed’s website or the homepage of any Lightspeed affiliate (including but not limited to www.lightspeedhq.com) (“Visitor”), please see the Lightspeed Privacy Policy, which applies to your interactions with Lightspeed.
If you are located in the EEA, the UK or Switzerland, the data controllers for processing Personal Data you submit are Lightspeed Commerce Inc. and Lightspeed Netherlands B.V.
Definition of Personal Data
Personal Data means any information that relates to an identified or identifiable natural person. This includes data such as name, home address, email address and phone number, as well as IP-address and data specific to the physical, physiological, genetic, economic, cultural or social identity of natural persons. Information about a business, such as its name or physical address, is not Personal Data.
What Personal Data we collect
Lightspeed collects and uses your Personal Data to provide you with our Services. We use the following Personal Data for the following purposes:
Category of Personal Data Purpose of Collection
Information you provide about yourself, like your name, address, email address, phone number and language preference.
To provide you with and improve the Service you are trying to use (e.g. to identify you, to execute a transaction, to contact you in connection with your account or transaction)
If you so choose, to create a Lightspeed account to use the Services
To advertise and market Lightspeed services or features to you
To determine if you are eligible for specific offers or payment methods
To comply with legal requirements
Payment information you provide, such as your payment card number or bank account number
To process payment for a transaction
To pre-fill payment information using your Lightspeed account to pay for future transactions
To determine if you are eligible for specific offers or payment methods
To comply with legal requirements
If using a Lightspeed account: Purchase information and order history
To display your past orders and related information in your account
To personalize your experience (i.e. to recommend items that you may wish to re-order)
Information about how you access and use Lightspeed Services, including Lightspeed apps, websites, and other services, including information about the device and browser you use, your network connection, your IP address, submissions through the app, and details about how you browse through our apps and sites. We collect some of this information by using “cookies” or other similar technologies directly from your device.
To get a better understanding of how you browse our Services so that we can optimize your experience
To research and analyze your use of or interest in our Services and those products and services offered by others
To analyze the effectiveness of our Services
To improve the functionality of our Services
To help you find the most relevant information by customizing our Services to optimize your experience
Copies you provide of your government-issued identification.
To verify that we are speaking with you if you contact us
To comply with legal requirements
Lawful grounds for processing
Depending on the processing activity, we process your Personal Data on the following grounds:
In order to comply with our obligations under an agreement we concluded with you, such as to provide our Services or process a transaction;
Where you have freely given your explicit consent and this consent has not been revoked;
Where we are pursuing a legitimate interest, which is not outweighed by your fundamental rights or freedoms;
Pursuant to a legal obligation; or
In very exceptional cases to protect your vital interests.
Age
Our websites and Services are not directed to children under 16, and we do not knowingly collect or store any Personal Data about persons under the age of 16. If we learn that we have collected Personal Data of a child under 16, we will take steps to delete such information from our files as soon as practicable.
How long we store Personal Data
Lightspeed retains your Personal Data for as long as it is reasonably needed to deliver the Services. The retention terms can be longer if we are required to keep Personal Data longer on the basis of applicable law or to administer our business. Where you have the right to request deletion, we will delete your Personal Data in accordance with and upon receipt of written instructions from you to this effect, unless we are legally required to keep it. If deletion is not possible, we will de-identify it in a way that cannot be reversed. If de-identification is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from any further processing until deletion is possible.
Sharing your Personal Data with merchants
Lightspeed shares your Personal Data (name, address details and telephone number, order) with the merchant you selected (i.e. golf course, restaurant, retail shop, ecommerce shop) so that the merchant can fulfill your transaction. As you are a direct customer of the merchant, the merchant will have its own responsibility and obligations with respect to the processing of your Personal Data. If you have questions about how the merchant handles your Personal Data or would like the merchant to delete your Personal Data, please contact the merchant directly.
Sharing your Personal Data with others (not merchants)
Service providers: We engage third-party service providers (companies operating on our behalf) to help us administer, provide and improve the Services. We share Personal Data with these third-party service providers to enable them to provide these services for us. In such cases, we will enter into a written agreement to ensure a level of protection and confidentiality of your Personal Data that is at least equal to that provided by this privacy statement.
Non-Personally Identifiable Information: In order to provide and improve our Services, we may use and disclose to third parties (for example, our service providers and analytics partners) non-personally identifiable information which we collect, including cookie data and log data. This may include Personal Data which has been aggregated and de-identified in such a way that the data cannot be reidentified. We retain the right to use, at our discretion, any information, in any form, about more than one individual where the identity of the individuals is not known and cannot be inferred.
Protecting Ourselves and our Consumers: We may release Personal Data when we believe that doing so is appropriate to comply with applicable laws, regulations or legal requests; to enforce or apply our policies and guidelines; to initiate, render, bill, and collect amounts owed to us; to protect our rights or property; to protect the safety of our Consumers; to address fraud, security or technical issues; to prevent or stop activity that we consider to be illegal or unethical; or if we reasonably believe that an emergency involving immediate danger of death or serious physical injury to any person requires disclosure of communications or justifies disclosure of records without delay. Without limiting the generality of the foregoing, we may also be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Sale/Merger: Information about our Consumers is a business asset of Lightspeed. Consequently, information about our Consumers, including Personal Data, may be disclosed as part of any merger or acquisition involving Lightspeed, the creation of a separate business to provide some or all of the Services, the sale or pledge of Lightspeed’s assets, as well as in the event of an insolvency, bankruptcy or receivership.
We do not sell your Personal Data
Lightspeed does not sell Personal Data within the meaning of applicable laws. However, Lightspeed may sell non-personally identifiable information that has been derived from aggregated and de-identified Personal Data, provided such information cannot be used to re-identify individual Consumers.
Third-party websites
Our Services may include links to third-party websites. When accessing such third-party websites, bear in mind that each of these websites has its own privacy statement. Although Lightspeed takes great care in selecting websites to link to, we cannot assume responsibility for the way in which they handle your Personal Data.
How do we protect your personal data
Lightspeed takes Personal Data protection very seriously and we, therefore, implement appropriate safeguards to protect your Personal Data against misuse, loss, unauthorized access, unwanted disclosure, and unauthorized alteration. Please be aware, however, that no method of transmitting information over the Internet or of storing information is completely secure. Accordingly, we cannot absolutely guarantee the protection of any information shared with us. In the event of an unauthorized loss or disclosure of Personal Data, Consumers could be subject to a risk of harm resulting from such loss or disclosure. Depending on various factors, such as the type and amount of Personal Data disclosed, consequences for individuals could include changes to their credit bureau rating or financial situation or identity theft. Lightspeed will at all times comply with applicable laws concerning data breach notification requirements and will endeavor to mitigate any risks of residual harm to the affected individuals.
Location of Personal Data
Lightspeed is a Canadian company, but we have affiliate companies and use service providers located across the globe. As such, your Personal Data may be transferred to and stored on servers located in a country other than where you reside or do business. Personal Data may be subject to the local laws of the jurisdictions within which it is collected, used, disclosed and/or stored, and may be accessed by governmental authorities and law enforcement agencies in those jurisdictions. When the data concerns Personal Data of data subjects from the EEA, Switzerland or the UK, we transfer it outside of Europe in accordance with European laws.
Your rights in relation to your Personal Data
You have various rights with respect to the Personal Data we collect about you. Depending what Services you use, you may have the right to request access to, correct, amend, delete, port to another service provider, restrict or object to certain uses of your Personal Data. You may submit your data subject request to us using the form available here. We will respond to your request as soon as possible, and in any case no later than four weeks after receiving your request.
How to contact us
If you have any other questions or complaints about the processing of your Personal Data, we will be happy to address these. You can email us at privacy@lightspeedhq.com or send a letter to the attention of the Legal Department at either of the following addresses:
If you are located outside the European Economic Area, Switzerland or the United Kingdom
Lightspeed Commerce Inc.
700 Saint-Antoine St. E., Suite 300
Montréal (Québec)
H2Y 1A6, Canada
If you are located inside the European Economic Area, Switzerland or the United Kingdom
Lightspeed POS Belgium B.V.
Sint-Denijslaan 489
9000 Ghent
Belgium
We will respond to your request as soon as possible, and in any case no later than four weeks after receiving your request.
Data Protection Authority
Besides the option of lodging a complaint with us, you have the right to lodge a complaint with the relevant privacy commissioner or other supervisory authority for the protection of Personal Data. To do so, contact the relevant supervisory authority directly.