Trust

630-679-1300

Facebook Twitter Youtube Linkedin Instagram Search

630-679-1300

Facebook Twitter Youtube Linkedin Instagram Search

General Data Protection Regulation​

Overview

At Laser Products industries (LPI), nothing is more important to us than our customers’ success and the protection of their data. With customers throughout the world, we go to great lengths so ensure our compliance with local privacy and data protection laws.

As an organization offering services to, and processing the personal data of, individuals in the EU, LPI has developed a robust privacy program in line with the requirements of European data protection laws, including the General Data Protection Regulation (GDPR).

Following Brexit, the GDPR was incorporated into local UK law, creating what is known as the “UK GDPR”. Currently, the UK GDPR contains very similar requirements to the EU GDPR. When we refer to “the GDPR” we are referring both to the EU GDPR and to the UK GDPR.

Roles and Responsibilities

The GDPR distinguishes between two roles as relating to the processing of personal data. Under the GDPR, such roles are defined as the “Data Controller” and “Data Processor”. A Data Controller determines the purposes and means for the processing of personal data, while a Data Processor processes the personal data on behalf, and under the instruction, of the Controller.

Customers who are using LPI’s services to process personal data for their own purposes and means will typically be considered the “Data Controller”, and are primarily responsible for meeting all applicable GDPR requirements. LPI serves as its customers’ “Data Processor”, for the processing of personal data submitted onto LPI’s platform (for example, via lpicloud.com jobs). The extent of our roles and responsibilities with respect to each of our Data Subjects and customers is further detailed in our Terms of ServicePrivacy Policy and Data Processing Addendum.

How does LPI comply with the GDPR?

At LPI, we regularly monitor and review our practices to ensure ongoing compliance with the GDPR, including by:

  • Embedding a robust privacy program and regularly reviewing and updating policies and procedures to ensure the program remains appropriately targeted and fit for purpose.
  • Maintaining a vendor onboarding process requiring all vendors to comply with relevant data protection obligations.
  • Reviewing and strengthening our security infrastructure and processes, data encryption in transit and at rest, backup, logs, and security alerts.
  • Conducting periodical risk assessments and data mapping processes to ensure proper management of personal data in accordance with the GDPR’s requirements.
  • Regularly monitoring guidance around GDPR compliance and ensuring ongoing compliance with the GDPR through our internal procedures, processes and controls and recurring internal training sessions.
  • Engaging external auditors to audit, on an annual basis, our various compliance certificates, including our SOC 2 Type II security certification from the American Institute of Certified Public Accountants (AICPA), ISO 27001 ISMS (information security management system) and ISO 27018 (for protecting personal data in the cloud).
  • Ensuring transparency around collection, use and disclosure of personal data, including via our Privacy Policy.
  • Notifying customers and Data Subjects when any substantive changes are made to public-facing policies to align with updated data handling practices and regulatory requirements.
  • Having a robust Data Processing Addendum (DPA) in place to ensure the protection of personal data, according to customary industry standards, and such appropriate lawful mechanisms and contractual terms in compliance with the GDPR. Such DPAs allow us to perform our role as a data Processor for our customers, and similar DPAs allow the same when we act as the Controller and engage with our data processing vendors, in compliance with the GDPR.
  • Regularly performing security and privacy assessments of our sub-processors to ensure their adherence to GDPR principles.
  • Entering the Standard Contractual Clauses (SCCs) with customers and vendors for the international transfers of personal data.
  • Enabling our customers to respond to data subject requests to exercise their privacy rights, and having a process in place to respond to data subject requests where we act as the Controller of such data.
  • Designating a representative in the EU and UK, and appointing a Data Protection Officer (DPO) for monitoring and advising on LPI’s ongoing privacy and data protection compliance and serving as a point of contact in relation to data protection and privacy matters for individuals and supervisory authorities.
  • Having procedures for handling suspected breaches concerning personal data, limiting use, disclosure and retention of personal data, and regularly conducting privacy training for all relevant members of our staff.

If you have any questions concerning LPI’s privacy program and our compliance with the Privacy Act, please feel free to contact our Data Protection Officer & Privacy Team at [email protected]

About Us

LPI celebrates more than 30 years of innovative digital measuring solutions for companies in stone and various other industries. LPI has sold more than 8,000 digital measuring systems throughout the world that have helped thousands of companies increase their productivity.

Read More >

Quick Links

LT-2D3D Laser Templator

LT3Raptor

Customer Projects

LPI Care

Store

Get In Touch

1344 Enterprise Drive
Romeoville, Illinois USA 60446

Facebook Twitter Youtube Linkedin Instagram Search

Subscribe to Newsletter

Copyright © 2024 Laser Products Industries, All Rights Reserved.