EFFECTIVE April 9, 2021
OUR COMMITMENT TO PRIVACY
Your privacy is important to us. In order to better protect your privacy Lighthouse provided this notice explaining Lighthouse’s online information practices and the choices you can make about the way your information is collected and used. To make this Privacy Notice easy to find, Lighthouse makes it available on Lighthouse’s homepage and at every point on Lighthouse’s site where personally identifiable information may be requested as described below.
This Privacy Notice discloses the privacy practices of Lighthouse’s websites, whether accessed through a computer, tablet, smartphone or other device (individually or collectively, “Device” or “Devices”), and Lighthouse Apps. Specifically, it outlines the types of information that Lighthouse gathers about you while you are using Lighthouse’s websites or applications (collectively, “Services”) or other websites, and the ways in which Lighthouse uses and shares this information. This Privacy Notice does not apply to any information you may provide to Lighthouse, or that Lighthouse may collect, offline and/or through other means. By using the Services, you agree that your use of Lighthouse’s Services, and any dispute over Lighthouse’s online privacy practices, is governed by this Privacy Notice.
Use and Disclosure of Your Personal Information
Lighthouse does not disclose personal information except in the following instances: With Lighthouse’s subsidiaries and affiliates, as needed; With your express consent; Where permitted and/or required by contract; With third party entities, vendors, consultants, agents and/or other service providers engaged to handle or manage some or all of the Personal Information on Lighthouse’s behalf, who shall be required to protect personal information from dissemination and/or use; When Lighthouse believes disclosure is appropriate to prevent physical harm or financial loss and/or when reasonably necessary to an investigation of suspected or actual illegal activities; In response to lawful requests by public authorities, including to meet national security or law enforcement requirements; When required and/or otherwise permitted by law.
All information Lighthouse gathers on Lighthouse’s Services is stored within databases to which only Lighthouse and service providers are provided access. However, as effective as the reasonable security measures implemented by Lighthouse may be, no physical or electronic security system is impenetrable. Lighthouse cannot guarantee the security of Lighthouse’s Services’ servers or databases, nor can Lighthouse guarantee that information you supply will not be intercepted while being transmitted to Lighthouse over the Internet.
The website is not intended for or targeted at children, and Lighthouse does not knowingly or intentionally collect personal data about children. If you believe that this website has collected data about a child, please contact Lighthouse, so that Lighthouse may delete the personal data.
Lighthouse uses third-party cookies to keep track of the pages you visit within the website, in order to determine what portion of the website is the most popular, or most used, and to provide you with a better experience.
A cookie is a small text file that is placed on your hard disk by a web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. For more information on cookies: http://www.whatarecookies.com
You have the ability to manage cookies including refusing them by modifying your browser settings.
As an international provider of electronic discovery and related services, Lighthouse places the highest value on ensuring the security of all data entrusted to Lighthouse by law firm clients and corporate clients. Lighthouse respects individual privacy rights and have established internal protocols to assure that Lighthouse’s security and privacy practices and procedures comply with both US and international law.
Privacy Shield Policy
On July 16, 2020, the European Union Court of Justice (CJEU) invalidated the EU-US Privacy Shield in its decision in Facebook Ireland v. Schrems (Schrems II). On September 8, 2020, the Swiss Data Protection Authority (the Federal Data Protection and Information Commissioner, “FDPIC”), announced in a position statement that it no longer considers the Swiss-U.S. Privacy Shield adequate for the purposes of transfers of personal data from Switzerland to the U.S. Despite these findings, Lighthouse continues to adhere to the requirements of the Privacy Shield in addition to establishing other lawful transfer mechanisms.
Lighthouse commits to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce for the collection, use and retention of personal information transferred from the European Union, UK, or Switzerland to the United States. Lighthouse has certified that it complies with each of the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. In the event of any conflict between the provisions of this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-US Privacy Shield program, and to view Lighthouse’s certification, please visit www.privacyshield.gov.
The European Union’s General Data Protection Regulation (“GDPR”) superseded the EU’s 1995 Data Protection Directive on May 25, 2018. Article 45 of the GDPR provides for the continuity of adequacy determinations made under the EU’s 1995 Data Protection Directive, one of which was the adequacy decision on the EU-U.S. Privacy Shield. GDPR limits the transfer of personal data to countries outside of the EU for processing to only those countries that can ensure an adequate level of protection for an individual’s personal data. Swiss data protection law imposes similar limits on the transfer of personal data outside of Switzerland. The United States Department of Commerce, in consultation with the European Union, UK, and separately with Switzerland, has developed the Privacy Shield framework regarding personal data privacy and security that, when followed, permit an organization to certify that it provides adequate protection for the transfer of EU personal data to the US for processing. Lighthouse fully commits to follow the Privacy Shield Principles with respect to all personal data received from any individual or entity in the EU, the EEA, UK, or Switzerland.
The Information Lighthouses Collect
This notice applies to all information collected or submitted on the Lighthouse website and online application portals. On some pages, you can make inquiry requests, and register to receive materials. The types of personal information collected at these pages include:
- Company Name
- Email address
- Phone number
The Way Lighthouse Uses Collected Information
Lighthouse uses the information you provide about yourself only to fulfil the request. Lighthouse does not share this information with outside parties except to the extent necessary to complete the request. Lighthouse uses return email addresses to answer the email Lighthouse receives. Such addresses are not used for any other purpose and are not shared with outside parties. Finally, Lighthouse never uses or shares the personally identifiable information provided to Lighthouse online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.
As an ediscovery company, the majority of the data Lighthouse collects and stores is provided to Lighthouse by Lighthouse’s clients. Any data received from Lighthouse’s clients is used solely for the business purpose defined in Lighthouse agreements with Lighthouse’s clients. It is not shared with third parties unless agreed upon with Lighthouse’s clients. Any individual who is attempting to access data provided to Lighthouse by Lighthouse’s client in order to correct, amend, or delete inaccurate data should contact Lighthouse’s client directly. Any individual who would like to request any limits on sharing or use of their data should contact Lighthouse’s client directly.
Who we Might Share Your Information With
We will not share your information with any third parties for the purposes of direct marketing. We may share your personal data with other organizations in the following circumstances:
- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk); or
- From time to time, employ the services of other parties for dealing with certain processes necessary for the operation of the website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it.
- We use data processors who are third parties who provide elements of services for us. We will have Data Processor Agreements in place with our data processors prior to disclosure of your personal data. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.
- We may share your information with our parent, affiliates, and subsidiaries for operational purposes (i.e. to ensure that we can fulfil our services to you accurately and efficiently), as well as for marketing purposes, notification about events, or recruiting purposes. We will have Intra-Company Data Processor Agreements, including “standard contracting clauses” in place between our parent, affiliates, and subsidiaries prior to disclosure of your personal data.
Our Commitment to Data Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, Lighthouse has implemented appropriate physical, electronic, and managerial procedures to safeguard and secure the information Lighthouse collects online. To protect your privacy and security, Lighthouse will take reasonable steps to verify your identity before granting access to any system.
Notice and Choice
When acting as a data processor within the meaning of GDPR, Lighthouse reserves the right to process personal information on behalf of and under the direction of Lighthouse’s clients without providing notice to individuals or data protection authorities to the extent permitted by the Privacy Shield Principles. When collecting data in the EU, UK, and/or Switzerland, Lighthouse acts on behalf of and under the direction of Lighthouse’s clients, to collect only data relevant to the litigation or other matter at hand. Individuals and business entities from which Lighthouse collects data are provided with information regarding the purpose for which data is being collected, how it will be used and the type of non-agent third parties, if any, to which Lighthouse discloses personal information. These individuals or entities are also provided with information about the choices and means offered by Lighthouse for limiting the use or disclosure of their personal data.
When Lighthouse is acting as a data controller within the meaning of GDPR, individuals have the choice to opt out of collection or to limit the use and disclosure of their information.
Limits on Disclosure and Transfer
Lighthouse limits access to personal data to those persons in Lighthouse’s organization, or Lighthouse’s agents, who have a specific business purpose for maintaining and processing such personal data. Individuals who have been granted access to personal data are aware of these responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so. Lighthouse takes appropriate measures to protect the security of personal data in order to ensure it is only accessed for its intended use.
As a processor, Lighthouse will not disclose an individual’s personal data to any third party without the consent of Lighthouse’s clients unless one or more of the following are true:
- The individual has consented, in writing, to the disclosure;
- The disclosure is required by law or other professional standards;
- The personal data is publicly available;
- The disclosure is reasonably necessary for the establishment or defense of legal claims;
- The transferee provides an adequate level of protection for the personal data within the meaning of GDPR or has agreed in writing to provide an adequate level of protection for the personal data consistent with the options provided in GDPR for transfers pursuant to written agreements;
- In the event of a sale or transfer of assets in connection with an acquisition, merger, reorganization, sale or bankruptcy, Lighthouse reserves the right to make such disclosure upon providing notice to the law firm and/or corporate clients for whom such data is being held.
As a data controller, Lighthouse does not provide an individual’s personal data to any third-parties.
Lighthouse limits disclosure of personal data to employees and other EU-US Privacy Shield and Swiss-US Privacy Shield participants that have a specific business purpose for collecting, maintaining and processing such personal data. Lighthouse may disclose personal data as required by law or regulation. Lighthouse may also disclose personal data to law enforcement officials in response to a lawful request made pursuant to national security interests or law enforcement requirements. Lighthouse acknowledges its potential liability in cases of its onward transfer of personal data to third parties that do not meet the criteria set forth in the above paragraph.
Lighthouse agrees to offer individual citizens of the EU, EEA, UK, or Switzerland with access to their personal data for purposes of correcting, amending or deleting inaccurate information unless the cost or burden of providing the access and changing or deleting the data proves unreasonable in view of the risk to the individual’s privacy. A reasonable fee compensating Lighthouse for resource use related to accessing, changing or deleting the personal information may be imposed. Lighthouse may determine the form of the disclosure. Lighthouse will only deny access requests as allowed by the EU-US Privacy Shield or the Swiss-US Privacy Shield.
Lighthouse takes reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Lighthouse’s security measures include physical, electronic, workflow and managerial protocols to safeguard and secure the personal data Lighthouse processes.
Lighthouse processes personal information only in ways that are compatible with the purpose for which the data was collected or subsequently authorized by the individual. Lighthouse will take reasonable steps to ensure information is relevant to its intended use and remains accurate, complete and current.
Lighthouse will follow any advice given by the Data Protection Authorities, including remedial or compensatory measures for individuals affected by non-compliance, and will provide the Data Protection Authorities with written confirmation that such corrective action has been taken, subject to the Company’s right to dispute the requested actions or remedial measures with the Federal Trade Commission.
In compliance with the Privacy Shield Principles, Lighthouse commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lighthouse at:
David Binder, COO
Phone (206) 535-6539
Lighthouse has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Lighthouse has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Lighthouse, please visit the BBB EU PRIVACY SHIELD web site at www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. There is no cost to you to utilize the BBB EU PRIVACY SHIELD complaint resolution process. In certain circumstances, there may be the possibility for you to be able to invoke binding arbitration.