This policy was amended on February 22, 2018 to comply with EU cookie law.
LRS is a trans-national business headquartered in the United States. Our management structure and business processes cross borders. Some of our technological systems and databases are shared between our US, European and other branch offices as listed on our Website http://www.lrs.com/Offices/LRS-Offices. This means that our customer and employee data is transferred across borders.
LRS complies with both the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, onward transfer, and retention of personal information from the European Union and Switzerland to the United States, respectively. LRS has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of:
- Accountability for onward transfer
- Data integrity and purpose limitation
- Recourse, enforcement, and liability
LRS is under the jurisdiction as well as the investigatory and enforcement powers of the US Federal Trade Commission for purposes of the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework.
This Policy applies to all information collected by LRS from which an individual can be identified (\“Personal Information\”). Additionally, in our section on Online Information, we also discuss how we gather and use all information gathered online even if it is not Personal Information and collection of Personal Information where third party cookies are used. LRS will not deviate from this Policy if applicable national laws are less stringent than this Policy.
Excluding our Employee Information and third party cookies which are discussed below, we process and use your Personal Information only as a part of our business relationship with you and your company, including contract and billing administration; fulfilling our business obligations to you and your company; communicating with you about marketing and technical information concerning our software, products, and services; and other related business activities of which you are informed of at the time your Personal Information is collected or as soon thereafter as practical. We may need to disclose Personal Information to our agents, distributors, and business partners or to protect and defend the rights or property of LRS. LRS must reply to lawful requests from law enforcement authorities for disclosure of Personal Information.
LRS does not sell, lease, or rent Personal Information to third parties.
Online Information. In general, you may visit our Website without providing any Personal Information. However, you may choose to provide us with Personal Information by completing on-line forms. At the point of collection, we will inform you of how your Personal Information will be used; apart from these uses, LRS will only use your Personal Information in accordance with the terms of this Policy.
LRS sometimes uses \“session cookies\” on our Website. Session cookies are text strings that a browser and web server exchange. At LRS, session cookies are stored in memory only until the browser session is closed. We use this information from visits to our Website to help us maintain user status between web pages and to enhance the effectiveness of our Website and Customer service.
LRS also collects and analyzes the number of visits to our Website and the various web pages. However, this information is not personal and we only analyze it to attempt to discern usage trends and the effectiveness of our Website.
For web pages where we ask you to accept cookies, LRS uses third party tracking cookies to track visitor activities on these web pages. The information is collected and stored by ClickDimensions and LRS has access to this information. To understand what cookies are placed on your browser and their use and expiration, please visit http://help.clickdimensions.com/clickdimensions-cookies-for-web-analytics
The information may include information that identifies you as an individual or relates to an identifiable individual, including: name, title, company name, job function, expertise, postal address, telephone number, or email address. It may also include other information that does not reveal your specific identity or does not directly relate to an identifiable individual such as browser and device information, information collected through cookies, pixel tags, and other technologies, and demographic information. If you do not want these web pages to place a cookie on your browser and track your activity, you may refuse to accept cookies and leave the web page or you may browse the web pages using privacy mode in your web browser. To learn how to use privacy mode, please refer to the website of the browser you use.
If you fill out a web form on these web pages, your information will be stored in our CRM system and some amount of your past browsing on these web pages may be available to our personnel to determine your interests so we may more effectively engage with you and improve our Website. However, if you use private browsing as described above, you may provide us your information without making your past browsing activity available to us. If you do not wish for us to have your Personal Information, please do not fill out any of the web forms on the web page.
If you opt-in to our newsletter or any of our other marketing emails, clicking on a link in any of these emails may cause you to be personally identified on our site and may cause some part of your past browsing history on our site to be available to our personnel to determine your interests so we may more effectively engage with you and so we may improve our site. If you do not wish for this tracking to occur, you can unsubscribe from our mailings or use private browsing mode to avoid tracking.
Employee Information. We collect Employee information from prospective and present Employees only for legitimate business purposes, including the administration of health insurance benefits. Our European Union and Swiss Employees at the time of their employment are notified in detail how their Personal Information will be used. Employee information on health, performance evaluations, and disciplinary actions and other sensitive Employee matters, whether it is stored manually or electronically, is accessible by other LRS Employees only if necessary with respect to legitimate human resource functions or issues; however, an Employee’s picture and any information the Employee chooses to provide may be placed on the LRS intranet. Likewise, from time to time, an Employee’s picture along with Personal Information may be published in the LRS NewsLine. LRS will obtain affirmative consent for such publication from all new Employees before publishing the Employee’s Personal Information. New Employees may decline to provide this consent, and all Employees may withdraw their consent to such publications at any time.
For legitimate human resources purposes, Employees may choose to voluntarily disclose Personal Information about family members. If our Employees choose to do this, their family member’s Personal Information shall be treated, for the purposes of this Policy, the same as an Employee’s Personal Information. Unless otherwise noted or excluded by context, “Employee information” is included within the definition of “Personal Information” for the purposes of this Policy. Employee information is never sold, leased, or rented to any third party. Employee information will never be disclosed to third parties except as follows: 1) to those retained by LRS for processing only for the purposes set forth above, 2) where required pursuant to an applicable law, governmental or judicial order, law or regulation, or to protect the rights or property of LRS, 3) where authorized in writing by the Employee, 4) where the Employee voluntarily provides Personal Information and the context makes it clear that Employee information will be provided to a third party (ex. LRS Travel Request System profile), 5) US Employee résumés may be provided to Customers or prospective Customers as set forth above, and/or 6) in rare cases, US Employee information will be provided to LRS Consulting Services Customers to use as a personal identifier for legitimate business purposes only and only if LRS has a contractual relationship with the Customer that requires the Customer to protect the information as confidential.
LRS may require certain US Employees and applicants to maintain a résumé, including name, title, education, experience, and areas of expertise. These résumés may be provided to Customers or prospective Customers of LRS in support of the Company’s efforts to secure new and/or continuing business.
Where personal data is transferred from the EU or Switzerland to the US in the context of the employment relationship, we will cooperate in investigations by and comply with the advice of the competent Authorities in the EU or the Swiss Federal Data Protection and Information Commissioner.
We will always give you an opportunity to choose (opt-in or opt-out) whether your Personal Information is 1) disclosed to a third party (other than an LRS agent doing work at our direction), or 2) to be used for a purpose that is materially different than that for which it was collected or subsequently authorized by you. Although we do not ever anticipate providing sensitive Personal Information, such as Employee health information, to a non-agent third party or using it for a purpose other than that for which it was collected, we will never do so without first allowing the individual involved to affirmatively and explicitly consent (opt-in) to such transfer or use. The only exception to this choice for both sensitive and non-sensitive Personal Information would be where we are required to disclose your Personal Information pursuant to governmental or judicial order, law, or regulation.
At a minimum, you will always be able to opt-out from receiving marketing materials from LRS. If we determine that applicable national law requires that more stringent requirements (opt-in) be applied before you receive marketing material or other communications from us, we will implement the same.
Accountability for Onward Transfer
We will not transfer Personal Information originating in the EU or Switzerland to our agent unless the agent has entered into an agreement with us requiring the agent to protect your Personal Information in accordance with the Principles of the EU-US Privacy Shield Framework or the Swiss-US Privacy Shield Framework. We will only transfer data for limited and specified purposes. We acknowledge our liability for such data transfers to third parties.
Transfer of Personal Information originating in countries outside the EU will be conducted according to the laws of the countries from which the information is being transferred.
To protect Personal Information collected and stored by LRS, we have in place reasonable technical and operational security measures to prevent Personal Information from loss, misuse, unauthorized access, disclosure, alteration, and destruction.
Data Integrity and Purpose Limitation
We will only collect and retain Personal Information which is relevant to the purposes for which the information is collected, and we will not use it in a way that is incompatible with such purposes unless such use has been subsequently authorized by you. We will take reasonable steps to ensure that Personal Information is reliable for its intended use, accurate, complete, and current. We may occasionally contact you to determine that your data is still accurate and current.
If you wish to access, amend, or confirm that LRS has personal data relating to you, or if you wish to correct or delete your Personal Information if it is inaccurate, please notify us at LRSLegal@LRS.com or call us at 217-793-3800, ext. 1709 (US) or at 44-1242-537-500 (UK); ask for Data Protection Compliance Officer. We will respond to your request within a reasonable time.
Employees may review their personnel files and any Personal Information concerning them upon request.
Recourse, Enforcement and Liability
Since we are committed to protecting your privacy as set forth in this Policy, if you think we are not in compliance with our Policy, or if you have any question or if you wish to take any other action concerning this Policy or your Personal Information, we encourage you to contact us at LRSLegal@LRS.com or call us at 217-793-3800, ext. 1709 (US) or at 44-1242-537-500 (UK); ask for the Data Protection Compliance Officer. We will investigate your complaint, take appropriate action, and report back to you within 45 days.
If the Personal Information in question was transferred from the EU or Switzerland to the United States, and you are not satisfied with our response, we have agreed to participate in the dispute resolution procedures of the EU Data Protection Authorities or the Swiss Federal Data Protection and Information Commissioner as applicable. Contact details for the EU data protection authorities can be found at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm LRS will cooperate with the appropriate Data Protection Authorities in the EU or the Swiss Federal Data Protection and Information Commissioner during investigation and resolution of complaints brought under Privacy Shield.
These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Under certain conditions, if you are not satisfied with the above recourse mechanism, you may be able to invoke binding arbitration.
LRS will conduct annual compliance audits to verify adherence to this Policy and the Privacy Shield Principles. Any LRS Employee who violates this Policy will be subject to disciplinary action up to and including termination of employment.
Right to Change Policy
In general, changes will be made to this Policy to address new or modified laws, changes to EU-US Privacy Shield, changes to Swiss-US Privacy Shield, or new or modified business procedures. However, we reserve the right to amend, modify, or otherwise change this Policy at any time.
This Policy was last updated on February 22, 2018, and notice will be posted on our home page and at the beginning of this Policy for 30 days whenever this Policy is changed in a material way.