Effective February 1, 2017
Our Commitment To Privacy
Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.
As an international provider of electronic discovery and related services, Lighthouse places the highest value on ensuring the security of all data entrusted to us by our law firm and corporate clients. We respect individual privacy rights and have established internal protocols to assure that our security and privacy practices and procedures comply with both US and international law.
Lighthouse commits to comply with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce for the collection, use and retention of personal information transferred from the European Union or Switzerland to the United States. Lighthouse has certified that it complies with each of the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. In the event of any conflict between the provisions of this Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the EU-US Privacy Shield program, and to view our certification, please visit www.privacyshield.gov.
The European Parliament and the Council of the European Union adopted Directive 95/46/EC on Data Protection to set standards for the security and transfer of personal data. The Data Directive limits the transfer of personal data to countries outside of the EU for processing to only those countries that can ensure an adequate level of protection for an individual’s personal data. Swiss data protection law imposes similar limits on the transfer of personal data outside of Switzerland. The United States Department of Commerce, in consultation with the European Union, and separately with Switzerland, has developed the Privacy Shield framework regarding personal data privacy and security that, when followed, permit an organization to certify that it provides adequate protection for the transfer of EU personal data to the US for processing. Lighthouse fully commits to follow the Privacy Shield Principles with respect to all personal data received from any individual or entity in the EU, the EEA or Switzerland.
Directive – The Directive is the European Union’s Directive on Data Protection which took effect in October 1998.
- Privacy Shield Privacy Principles – These are the principles developed by the EU and the United States Department of Commerce to ensure that entities not covered by the Directive adhere to privacy principles after receiving personal data and personal information from the EU.
- Personal data – Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.
- Processor – A natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
- Controller – The natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by national or Community laws or regulations, the controller or the specific criteria for his nomination may be designated by national or Community law.
The Information We Collect
This notice applies to all information collected or submitted on the Lighthouse website and online application portals. On some pages, you can make inquiry requests, and register to receive materials. The types of personal information collected at these pages include:
- Company Name
- Email address
- Phone number
The Way We Use Collected Information
We use the information you provide about yourself only to fulfill the request. We do not share this information with outside parties except to the extent necessary to complete the request. We use return email addresses to answer the email we receive. Such addresses are not used for any other purpose and are not shared with outside parties. Finally, we never use or share the personally identifiable information provided to us online in ways unrelated to the ones described above without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.
As an ediscovery company, the majority of the data we collect and store is provided to us by our clients. Any data received from our clients is used solely for the business purpose defined in our agreements with our clients. It is not shared with third parties unless agreed upon with our clients. Any individual who is attempting to access data provided to Lighthouse by a client in order to correct, amend, or delete inaccurate data should contact the client directly. Any individual who would like to request any limits on sharing or use of their data should contact the client directly.
Our Commitment To Data Security
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online. To protect your privacy and security, we will take reasonable steps to verify your identity before granting access to any system.
Notice and Choice
When acting as a data processor within the meaning of the Data Directive, Lighthouse reserves the right to process personal information on behalf of and under the direction of our law firm and corporate clients without providing notice to individuals or Data Protection Authorities to the extent permitted by the Privacy Shield Principles. When collecting data in the EU and/or Switzerland, Lighthouse acts on behalf of and under the direction of our law firm and/or corporate clients, to collect only data relevant to the litigation or other matter at hand. Individuals and business entities from which we collect data are provided with information regarding the purpose for which data is being collected, how it will be used and the type of non-agent third parties, if any, to which we disclose personal information. These individuals or entities are also provided with information about the choices and means offered by Lighthouse for limiting the use or disclosure of their personal data.
Limits on Disclosure and Transfer
Lighthouse limits access to personal data to those persons in Lighthouse’s organization, or agents of Lighthouse, who have a specific business purpose for maintaining and processing such personal data. Individuals who have been granted access to personal data are aware of these responsibilities to protect the security, confidentiality and integrity of that information and have been provided training and instruction on how to do so. Lighthouse takes appropriate measures to protect the security of personal data in order to ensure it is only accessed for its intended use.
Lighthouse will not disclose an individual’s personal data to any third party without the consent of our law firm or corporate clients unless one or more of the following are true:
- The individual has consented, in writing, to the disclosure;
- The disclosure is required by law or other professional standards;
- The personal data is publicly available;
- The disclosure is reasonably necessary for the establishment or defense of legal claims;
- The transferee provides an adequate level of protection for the personal data within the meaning of the Data Directive or has agreed in writing to provide an adequate level of protection for the personal data consistent with the options provided in the Data Directive for transfers pursuant to written agreements;
- In the event of a sale or transfer of assets in connection with an acquisition, merger, reorganization, sale or bankruptcy, Lighthouse reserves the right to make such disclosure upon providing notice to the law firm and/or corporate clients for whom such data is being held.
Lighthouse limits disclosure of personal data to employees and other EU-US Privacy Shield and Swiss-US Privacy Shield participants that have a specific business purpose for collecting, maintaining and processing such personal data. Lighthouse may disclose personal data as required by law or regulation. Lighthouse may also disclose personal data to law enforcement officials in response to a lawful request made pursuant to national security interests or law enforcement requirements. Lighthouse acknowledges its potential liability in cases of its onward transfer of personal data to third parties that do not meet the criteria set forth in the above paragraph.
Lighthouse agrees to offer individual citizens of the EU, EEA or Switzerland with access to their personal data for purposes of correcting, amending or deleting inaccurate information unless the cost or burden of providing the access and changing or deleting the data proves unreasonable in view of the risk to the individual’s privacy. A reasonable fee compensating Lighthouse for resource use related to accessing, changing or deleting the personal information may be imposed. Lighthouse may determine the form of the disclosure. Lighthouse will only deny access requests as allowed by the EU-US Privacy Shield.
Lighthouse takes reasonable precautions to protect personal information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Our security measures include physical, electronic, workflow and managerial protocols to safeguard and secure the personal data we process.
Lighthouse processes personal information only in ways that are compatible with the purpose for which the data was collected or subsequently authorized by the individual. Lighthouse will take reasonable steps to ensure information is relevant to its intended use and remains accurate, complete and current.
Lighthouse will follow any advice given by the Data Protection Authorities, including remedial or compensatory measures for individuals affected by non-compliance, and will provide the Data Protection Authorities with written confirmation that such corrective action has been taken, subject to the Company’s right to dispute the requested actions or remedial measures with the Federal Trade Commission.
Maggie Anthoney, Esq.
Lighthouse has further committed to refer unresolved privacy complaints under the EU-US and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed by Lighthouse, please visit the BBB EU PRIVACY SHIELD web site at www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint. There is no cost to you to utilize the BBB EU PRIVACY SHIELD complaint resolution process. In certain circumstances, there may be the possibility for you to be able to invoke binding arbitration.