Hi. How can we help?

Complying with privacy laws

Privacy laws are designed to protect and empower the privacy of citizens and to reshape the way organizations across the region approach data privacy. As a Lightspeed restaurateur, it's imperative to respect and follow these privacy laws according to your region to ensure compliance with any stored personal info. The main privacy laws include:

  • Europe's General Data Protection Regulation (GDPR), in effect since May 25, 2018
  • The California Consumer Privacy Act (CCPA), in effect since Jan 01, 2020

Understanding your data processing agreement (DPA)

Restauranteurs must sign a DPA to be in compliance with privacy laws. By default, all restauranteurs enter into a DPA in their contract with Lightspeed. This agreement holds you and Lightspeed to certain privacy protocols. To learn more, you can read your contract with Lightspeed or view Lightspeed's privacy policy.

Requesting a data processing request (DPR)

A DPR represents all the information Lightspeed has on a merchant. We are obligated to release this information to our merchants upon request. If you would like to request a DPR: 

  1. On the top right-hand side of the screen on any page in this Restaurant Help Center, select Submit a request.
  2. From the drop-down, select Privacy request.
  3. Complete the form, making sure to indicate the right you would like to exercise under privacy laws is: DPA request.
  4. Select Submit.

Privacy FAQs

What are privacy laws?

Privacy laws aim to give citizens more control over personal data by regulating how businesses use this data. These regulations govern the viewing, storing, changing, transferring and even deleting of personal data. Personal data is defined as any information related to a natural person (or "data subject") that can be used to directly or indirectly identify them. This includes information such as names, addresses, email addresses and phone numbers.

For more information on privacy laws and Lightspeed's efforts to comply with them, please view Lightspeed's privacy policy.

GDPR related: FAQs about GDPR (English only)

CCPA related: What does CCPA mean for merchants? (English only)


Who is affected by privacy laws?

There are currently two privacy laws:

    • GDPR - Merchants that process or control personal data for residents of the European Union (EU).
    • CCPA - Merchants that do business in California who meet at least one of these minimum thresholds:
      • Exceed a gross revenue of $25 million, 
      • Collect or sell personal information of 50,000 consumers
      • Receive 50% or more of annual revenue from selling personal information.

What are Data Processing Agreements (DPAs)?

Since Lightspeed products help restaurateurs process personal data, we are required by law to enter into a Data Processing Agreement (DPA) with restauranteurs affected by privacy laws. If you're a restaurant established in the European Union, you should have received the DPA by email. 

By being in a contract with Lightspeed, you automatically enter into a DPA with Lightspeed. This is fully to your benefit as it creates specific rights for you in relation to Lightspeed’s processing activities. 

It's also important to note that Lightspeed shares its personal data with many integration partners. This allows partners to pull the data they need to build their integrations and Lightspeed to offer the best business solution to its merchants. Because of the data-sharing nature of our partner integrations, restaurants that are impacted by privacy laws and have integrations on their accounts should enter into a DPA with our partners.  

To request a DPA and for more information, please contact our integration partners directly.

Was this article helpful?

0 out of 0 found this helpful