Skip to Main Content

LRS European Union Privacy Policy

Introduction

This policy is effective 25 May 2018 to comply with the European Union's General Data Protection Regulation (“GDPR”) and the applicable national data protection acts of the relevant member states (including the United Kingdom after it leaves the EU).

Levi, Ray & Shoup, Inc (“LRS”) is committed to protecting your privacy. We publish this policy so that you can understand our privacy practices and how they help protect your privacy. This policy only addresses data governed by the GDPR. All Personal Data, including data governed by the GDPR, is also protected by provisions in LRS Privacy Policy. For data governed by the GDPR, any conflict between the LRS Privacy Policy and this policy will defer to this policy.

In this policy “Personal Data” means information relating to an identified or identifiable natural person, as defined in Art. 4 (1) GDPR. Examples include your name, telephone number and email address.

We will always protect your information, and we will never sell, lease or rent your Personal Data. We will never authorize another person or company to sell, lease or rent your Personal Data.

General Protections

Objection: You have the right to object to our processing of your Personal Data for direct marketing purposes. If you make such an objection, we will cease communicating with you for this purpose. You also have the right to object to any other processing. If you object, this may affect our ability to carry out tasks for your benefit or to conduct business and provide services to the customer/supplier for whom you are acting or to consider applications of employment candidates and/or hire you. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Access: You have the right to obtain confirmation that we process data related to you and you have a right to a copy of that data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.

Rectification: You have the right to have any inaccurate Personal Data about you be rectified.

Erasure: You have the right of erasure of your Personal Data when that data is no longer needed in relation to the purposes for which the data were collected or when you withdraw consent for consent-based processing. You do not have the right of erasure when processing is necessary for compliance with a legal obligation.

If you wish to contact LRS to exercise any of your rights, you may notify us at dataprotection@LRS.com. We will respond to your request within a reasonable time. If you disagree, you have a right to lodge a complaint with a competent supervisory authority.

Technical and Organisational Measures

To ensure an appropriate level of data security, LRS has implemented the following technical and organisational measures to protect the Personal Data we process.

Data controllers transferring data files to LRS that may contain Personal Data are requested to utilize one of our secure transfer options available via the LRS web site and the LRS EOM support site. Both options support a mechanism to encrypt the transmission of data files sent to LRS.

LRS has in place security controls which safeguard data behind its firewall including security measures such as encryption, multi-factor authentication and access control.

1. Measures to ensure confidentiality

  • At LRS headquarters where data is stored, LRS utilizes key cards to restrict physical access to employees who need physical access to the server rooms. Server rooms in our European branches are restricted against physical access.
  • LRS utilizes unique IDs for each person accessing our systems. LRS also uses multi-factor authentication where available. Access authorization is restricted for all personnel except where granted when needed based on job responsibilities. Procedures have been implemented to grant, review and remove access rights based on job duties and employment status.
  • LRS policies prohibit unauthorized access, copying, or removing data. LRS logs access and our Compliance Department audits the access logs.
  • All LRS employees in the European Union are contractually obligated to maintain confidentiality of data at LRS.

2. Measures to ensure availability and resilience

  • LRS has implemented a data backup plan. When necessary, LRS can recover data from the backup process. In the data centre at LRS’ headquarters, we utilize an uninterruptible power supply (UPS) including generators to increase data availability. We replicate important servers at remote office locations.

3. Encryption of Personal Data

  • Personal Data within the LRS network is encrypted in transit and while at rest.

4. Procedures for periodical review, assessment and evaluation

  • The LRS Compliance Department conducts periodic audits to ensure that policies, processes and procedures are followed by employees.
  • Internal systems at LRS are designed with data protection in mind. The LRS Compliance Department conducts an independent review to assess and advise on the appropriate level of data protection during the design stage.
  • Software licensed by LRS is designed to support the security of data. Instructions on how to utilize the data security features are made available to those who license our software.

5. Adherence to LRS polices

  • LRS' employee policy manual embodies our code of conduct. Employees are provided with training on the policies, procedures and privacy/security of data.

Transfer of Personal Data

LRS is a trans-national business headquartered in the United States. Our management structure and business processes cross borders. Some of our technological systems and databases are shared between our US, European and other branch offices as listed on our Website http://www.lrs.com/Offices/LRS-Offices. This means that our customer, prospect, supplier, employee and candidate Personal Data is transferred across borders.

LRS complies with both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, onward transfer, and retention of Personal Data from the European Union and Switzerland to the United States, respectively. LRS has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.

If there is any conflict between the terms in this policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view LRS' certification, please visit https://www.privacyshield.gov/.

Information for Customers and Prospects

General

This section describes how LRS uses Personal Data of our customers (including partners, resellers, distributors, agents and/or prospects), what categories of Personal Data we process and our legal basis for processing.

We collect Personal Data directly from individuals, such as when you ask us for information about our products or register with us for an event. We may also collect Personal Data from other sources such as from business contacts, partners and publicly-available sources.

Legal Basis: Consent

We may need your consent to use your Personal Data for a specific purpose such as direct email marketing.

Legal Basis: Contractual Performance

  • pre-contractual discussions and contract negotiation with the customer for whom you are acting
  • contract performance and billing administration of the contract with the customer for whom you are acting

Legal Basis: Legal obligation

We may be required to process Personal Data to comply with a governmental or judicial order, law or regulation.

Legal Basis: Legitimate interest

We process Personal Data for certain legitimate business purposes:

  • to protect and defend the rights or property of LRS
  • to enhance the security of our network and information systems
  • to share information about our products and services

Categories of Data

LRS processes the below listed Personal Data categories of an individual acting for our customers and/or prospects.

  • Gender, full name and preferred name
  • Business e-mail address
  • Function / role / job title / department
  • Business telephone number (mobile phone, landline and fax extension)

The recipients of Personal Data are the sales department and the technical department. The legal and administration department receives Personal Data to manage the contractual onboarding. The administration department will receive Personal Data for invoicing and payment purposes.

Data Retention

EU Customer Personal Data Purpose of Processing Retention Period
Customer
Full name and preferred name; e-mail address; Function / role / job title / department; Telephone number including fax number; Gender
contract management; accounting 11 years after end of contract for tax reasons; indefinitely if you receive a payment from LRS or your name appears on an invoice.
Prospective Customer
Full name and preferred name; e-mail address; Function / role / job title / department; Telephone number including fax number; Gender
marketing; contract negotiations 4 years after last contact, or six months after determining that the prospect no longer works for the customer. Your name and contact information will be kept indefinitely if you request that we not contact you in the future.

NOTE: If the Personal Data is involved in legal action or a tax carry-forward situation, the Personal Data may be retained until the related matter is resolved.

Information for Suppliers

General

This section describes how LRS uses Personal Data of our suppliers and prospective suppliers (including independent contractors and consultants), what categories of Personal Data we process and the legal basis for processing.

We collect Personal Data directly from individuals, such as when you contact LRS to offer your products or services or when LRS contacts you to obtain similar information. We may also collect Personal Data from other sources, such as from business contacts or publicly available sources.

Legal Basis: Legitimate interest

We process Personal Data for certain legitimate business purposes:

  • to enable us to communicate with you to assess whether the services, products or goods provided by you (or the company for whom you are acting) are of interest to LRS
  • to enable us to respond to a (potential) supplier's marketing communication

Legal Basis: Contract Performance

  • pre-contractual discussions and contract negotiation with the supplier company for whom you are acting
  • contract performance and billing administration of the contract with the supplier for whom you are acting

Legal Basis: Legal obligation

We may be required to process Personal Data to comply with a governmental or judicial order, law or regulation.

Categories of Data

LRS processes the below listed categories of Personal Data of individuals acting for a supplier or as an independent contractor / consultant

  • Full name, gender
  • Business e-mail address
  • Function / role / job title
  • Business telephone number (mobile phone, landline and fax extension)
  • Bank or other payment details of supplier

The recipients of Personal Data are the managers of the department in need of the supplier's service. The legal and administration department receives Personal Data to manage the contractual onboarding and the agreement signed with the supplier. The administration department will receive the bank account and other payment details.

If Personal Data is not provided, we may not be able to conduct any contract negotiation or perform a contract with a supplier and/or we may have to terminate an existing supplier contract.

Data Retention

EU Supplier Personal Data Purpose of Processing Retention Period
Supplier/independent contractor
Full name and preferred name; E-mail address; Function / role / job title / department; Telephone number / fax number, Gender
Independent contractor only
Bank Name and bank account details
contract management Years after end of Contract:
- Austria, France, Germany, Italy, Sweden 12 years
- Republic of Ireland, United Kingdom 8 years (12 years for deeds)
- Spain 15 years
- indefinitely if supplier received a payment from LRS
Supplier/independent contractor
Full name and preferred name; E-mail address; Function / role / job title / department; Telephone number / fax number, Gender
respond to Supplier marketing communication; contract negotiations 6 months after end of contract

NOTE: If the Personal Data is involved in legal action or a tax carry forward situation, the Personal Data may be retained until the related matter is resolved.

Information for Job Candidates

General

This section describes how LRS uses Personal Data of our job applicants, what categories of Personal Data we process and the legal basis for processing.

Personal Data of job candidates may be collected by an independent recruitment agency or received directly from the job candidate.

Legal Basis: Legitimate interest

We process Personal Data of job candidates for certain legitimate business purposes. As part of the LRS recruitment process we assess and record information about a candidate’s qualifications in order to decide to whom to offer the position.

Legal Obligation

LRS may be required to process certain Personal Data as part of a recruitment exercise, for example checking that a successful candidate has the right to reside and work in the country in which the candidate has applied.

Categories of Data

We process the following categories of data of job candidates:

  • Full name and preferred and maiden name
  • Private telephone (including. fax) number and private e-mail address
  • Employment history, references, certificates, documents
  • Work permit detail (if relevant)
  • • Date of birth and age

The recipients of Personal Data are the managers of the department initiating and conducting the recruitment process and the superiors of the manager. The legal and administration department receives Personal Data of candidates to manage the contractual onboarding of the candidate.

If Personal Data is not provided, we may not be able to consider your application for employment.

Data Retention

The retention period for Personal Data of unsuccessful candidates is 12 months after the successful candidate has signed an employment agreement. The retention period for Personal Data of successful candidates will be employee information.

NOTE: If the Personal Data is involved in legal action, the Personal Data may be retained until the related matter is resolved.

Information for Employees

Information about the data privacy and security of Personal Data of LRS employees in the European Union will be provided directly to those employees.

Additional Information

Data Protection Officer

In accordance with the German Data Protection Act, we have appointed a data protection officer to address the data protection issues of the German Branch. The contact details are:

Mr. Stefan Eisert
Phone: +49 (8123) 928639
Email: sedc1@web.de

Right to Change Policy

Changes will be made to this policy to address new or modified laws, changes to EU-US Privacy Shield, changes to Swiss-US Privacy Shield, or new or modified business procedures. Additionally, we reserve the right to amend, modify, or otherwise change this policy at any time.