This policy was amended on August 5, 2016, to comply with EU-US Privacy Shield.
LRS is a trans-national business headquartered in the United States. Our management structure and business processes cross borders. Some of our technological systems and databases are shared between our US, European and other branch offices as listed on our website http://www.lrs.com/Offices/LRS-Offices. This means that our customer and employee data is transferred across borders.
LRS complies with both the EU-US Privacy Shield Framework and the US-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, onward transfer and retention of personal information from European Union member countries and Switzerland. LRS has certified that it adheres to the EU-US Privacy Shield Principles of:
- Accountability for onward transfer
- Data integrity and purpose limitation
- Recourse, enforcement and liability
Our adherence to each of these principles is detailed in this policy.
To learn more about the EU – US Privacy Shield program, and to view LRS’ certification, please visit https://www.privacyshield.gov. To learn more about the US-Swiss Safe Harbor program, visit http://2016.export.gov/safeharbor/swiss/index.asp.
LRS is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission for purposes of the EU-U Privacy Shield Framework and the US-Swiss Safe Harbor framework.
This Policy applies to all information collected by LRS from which an individual can be identified (“Personal Information”). Additionally, in our section on Online Information, we also discuss how we gather and use all information gathered online even if it is not Personal Information. LRS will not deviate from this Policy even if applicable national laws are less stringent than this Policy.
Excluding our Employee Information which is discussed below, we process and use your Personal Information only as a part of our business relationship with you and your company, including contract and billing administration; fulfilling our business obligations to you and your company; communicating with you about marketing and technical information concerning our software, products, and services; and other related business activities of which you are informed of at the time your Personal Information is collected or as soon thereafter as practical. We may need to disclose Personal Information to our agents, distributors, and business partners or to protect and defend the rights or property of LRS. LRS must reply to lawful requests from law enforcement authorities for disclosure of Personal Information.
LRS does not sell, lease, or rent Personal Information to third parties.
In general, you may visit our Website without providing any Personal Information. However, you may choose to provide us with Personal Information by completing online forms. At the point of collection, we will inform you of how your Personal Information will be used; apart from these uses, LRS will only use your Personal Information in accordance with the terms of this Policy.
LRS sometimes uses “session cookies” on our Website. Session cookies are text strings that a browser and web server exchange. At LRS, session cookies are stored in memory only until the browser session is closed. We use this information from visits to our Website to help us maintain user status between web pages and to enhance the effectiveness of our Website and Customer service.
LRS also collects and analyzes the number of visits to our Website and the various web pages. However, this information is not personal and we only analyze it to attempt to discern usage trends and the effectiveness of our Website.
We collect Employee information from prospective and present Employees only for legitimate business purposes, including the administration of health insurance benefits. Our European Union Employees at the time of their employment are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive Employee matters, whether it is stored manually or electronically, is accessible by other LRS Employees only if necessary with respect to legitimate human resource functions or issues; however, an Employee’s picture and any information the Employee chooses to provide may be placed on the LRS intranet. Likewise, from time to time, an Employee’s picture along with Personal Information may be published in the LRS NewsLine. LRS will obtain affirmative consent for such publication from all new Employees before publishing the Employee’s Personal Information. New Employees may decline to provide this consent, and all Employees may withdraw their consent to such publications at any time.
For legitimate human resources purposes, Employees may choose to voluntarily disclose Personal Information about family members. If our Employees choose to do this, their family member’s Personal Information shall be treated, for the purposes of this Policy, the same as an Employee’s Personal Information. Unless otherwise noted or excluded by context, “Employee information” is included within the definition of “Personal Information” for the purposes of this Policy. Employee information is never sold, leased, or rented to any third party. Employee information will never be disclosed to third parties except as follows: 1) to those retained by LRS for processing only for the purposes set forth above, 2) where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of LRS, 3) where authorized in writing by the Employee, 4) where the Employee voluntarily provides Personal Information and the context makes it clear that Employee information will be provided to a third party (ex. LRS Travel Request System profile), 5) US Employee résumés may be provided to Customers or prospective Customers as set forth above, and/or 6) in rare cases, US Employee information will be provided to LRS Consulting Services Customers to use as a personal identifier for legitimate business purposes only and only if LRS has a contractual relationship with the Customer that requires the Customer to protect the information as confidential.
LRS may require certain US Employees and applicants to maintain a résumé, including name, title, education, experience, and areas of expertise. These résumés may be provided to Customers or prospective Customers of LRS in support of the Company’s efforts to secure new and/or continuing business.
Where personal data is transferred from the EU to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU Authorities.
We will always give you an opportunity to choose (opt-in or opt-out) whether your Personal Information is 1) disclosed to a third party (other than an LRS agent doing work at our direction), or 2) to be used for a purpose that is materially different than that for which it was collected or subsequently authorized by you. Although we do not ever anticipate providing sensitive Personal Information, such as Employee health information, to a non-agent third party or using it for a purpose other than that for which it was collected, we will never do so without first allowing the individual involved to affirmatively and explicitly consent (opt-in) to such transfer or use. The only exception to this choice for both sensitive and non-sensitive Personal Information would be where we are required to disclose your Personal Information pursuant to governmental or judicial order, law or regulation.
At a minimum, you will always be able to opt-out from receiving marketing materials from LRS. If we determine that applicable national law requires that more stringent requirements (opt-in) be applied before you receive marketing material or other communications from us, we will implement the same.
Accountability for Onward Transfer
We will not transfer Personal Information originating in the EU to our agent unless the agent has entered into an agreement with us requiring the agent to protect your Personal Information in accordance with the Principles of the EU-US Privacy Shield Framework or the US-Swiss Safe Harbor Framework. We will only transfer data for limited and specified purposes. We acknowledge our liability for such data transfers to third parties.
Transfer of Personal Information originating in countries outside the EU will be conducted according to the laws of the countries from which the information is being transferred.
To protect Personal Information collected and stored by LRS, we have in place reasonable technical and operational security measures to prevent Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Data Integrity and Purpose Limitation
We will only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by you. We will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We may occasionally contact you to determine that your data is still accurate and current.
If you wish to access, amend, or confirm that LRS has personal data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify us at LRSLegal@LRS.com or call us at 217-793-3800, ext. 1709 (US) or at 44-1242-537-500 (UK); ask for Data Protection Compliance Officer. We will respond to your request within a reasonable time.
Employees may review their personnel files and any Personal Information concerning them upon request.
Recourse, Enforcement and Liability
Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy or your Personal Information, we encourage you to contact us at LRSLegal@LRS.com or call us at 217-793-3800, ext. 1709 (US) or at 44-1242-537-500 (UK); ask for the Data Protection Compliance Officer. We will investigate your complaint, take appropriate action and report back to you within 45 days.
If the Personal Information in question was transferred from the EU to the United States, and you are not satisfied with our response, we have agreed to participate in the dispute resolution procedures of the EU Data Protection Authorities. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. LRS will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints brought under Privacy Shield.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Under certain conditions, if you are not satisfied with the above recourse mechanism, you may be able to invoke binding arbitration.
LRS will conduct annual compliance audits to verify adherence to this Policy and the EU-US Privacy Shield Principles. Any LRS Employee who violates this Policy will be subject to disciplinary action up to and including termination of employment.
Right to Change Policy
In general, changes will be made to this Policy to address new or modified laws, changes to EU-US Privacy Shield, changes to EU-US Swiss Safe Harbor, or new or modified business procedures. However, we reserve the right to amend, modify, or otherwise change this Policy at any time.
This Policy was last updated on August 5, 2016, and notice will be posted on our home page and at the beginning of this Policy for 30 days whenever this Policy is changed in a material way.