How We Comply With the GDPR and Other Data Protection Law

Privacy Shield

Lakeside is certified under the EC- and Swiss-approved Privacy Shield program administered by the U.S. Department of Commerce and enforced by the U.S. Federal Trade Commission. The Privacy Shield certification covers Business Personal Data, the core information necessary for Lakeside to license, support, and maintain its software and services, as well as provide credentialing and use authorization.

“Business Personal Data” is personal data that enables identification of, authentication of, coordination of, and/or communication to, from, between, and/or among people who work for or with us, and/or for whom we provide goods or services. These people include, but aren’t limed to, employees, agents, contractors, customers, suppliers, users of our goods and services and others with or through whom we do business or might do business, or for whose benefit we do business. Business Personal Data includes, but is not limited to, contact information, identification information, information about whereabouts, information about travel plans, information about goods and/or services to be provided by (or to) us, applications used, manner and extent of the use of applications, and directory information such as name, mobile and/or land telephone number, fax number, e-mail address, physical address, user ID, IP address, picture, language(s) spoken, title, organizational role, and systems or processes that such persons are authorized to utilize.

Privacy Shield provides a safe and compliant landing place in the United States for personal data from the European Economic Area and Switzerland. The full Privacy Shield Privacy Statement is available at https://www.lakesidesoftware.com/sites/default/files/Privacy_Shield_Privacy_Statement.pdf and Lakeside’s certification with the US Department of Commerce is available at https://www.privacyshield.gov/list.

Systems and Processes

Internal Policies and Processes

Lakeside maintains technical and organizational security measures reasonably necessary to protect the personal data from unauthorized access, use, alteration, or deletion.

Microsoft Azure Hosted Solutions

Lakeside uses Microsoft Corporation’s Azure hosting services for hosted applications. Microsoft’s comprehensive GDPR-compliant hosting, contractual, and security program is explained at https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx.

Personnel and Other Resources

Lakeside trains, and monitors compliance by, its personnel in accordance with industry practices.

Lakeside uses counsel who is certified in European privacy (CIPP/E) by the International Association of Privacy Professionals (IAPP), as well as US private-sector privacy (CIPP/US), and is a Certified Information Privacy Technologist (CIPA) and a Fellow of Information Privacy (FIP).

Data Protection Officer

Lakeside’s data protection officer is:

Kelly Peters
40950 Woodward Ave, Ste 200, Bloomfield Hills, MI 48304 USA
+1 248 686 1700
privacy@lakesidesoftware.com

Contracts

Where required in order to comply with the GDPR or similar regulation, Lakeside will enter into contractual arrangements with customers. Lakeside typically agrees to the following things.

Obligations that GDPR Article 28 requires controllers to impose upon processors;

Assistance with Controller obligations under GDPR Chapter 3;

Standard Contractional Clauses (Controller-to-Processor);

Subprocessor obligations under Standard Contractional Clauses (Controller-to-Processor) Clause 11; and/or

Flowdowns required by Privacy Principle 3 (Onward Transfer) under the Privacy Shield.