Effective from: June 02, 2023, for New Customers
Effective from June 16, 2023, for Existing Customers
Current Version: 2.0
This policy applies in both the capacities – where we are acting as a Data processor – for the continuous quality testing cloud platform and services that we deliver to our existing and potential customers and also where we are acting as a Data controller with respect to the personal information of our website visitors, email recipients and personal information collected from public sources; in other words, where we determine the purposes and means of the processing of that personal information.
1. Information we collect or maintain
LambdaTest collects and processes your personal information to meet our legal, statutory, and contractual obligations and to provide you with our continuous quality testing cloud platform and services. We will never collect any unnecessary personal information from you and do not process your information in any way, other than as specified in this policy. Reference to a data subject means a natural person whose personal information is processed by a data controller or a data processor.
All the personal information mentioned below is collected ‘directly’ (for example – when you provide information to sign up for a newsletter, whitepaper, web resource, or register to comment on a forum website) and ‘indirectly’ (for example – through our website’s technology or cookies) including third-parties such as public authorities, websites and social media and networking platforms, suppliers/vendors proving or selling legitimate personal information. It is completely up to you to decide before providing any personal information.
We collect personal information of our customers, vendors/suppliers, prospects, website users, visitors (website and physical site), business contacts, and shareholders. For any other specific data collection requirement not listed here and arising out of business requirements or required by law, we will issue the concerned individuals appropriate notice of the data to be collected and the purpose for the same. We collect both personal information and anonymized information. We may use both personal information and anonymized information to create aggregated information such as statistical or analytical data, which we may use for any purpose.
LambdaTest processes and stores two categories of data from its Customers while providing LambdaTest Services.
- LambdaTest Account data
- Test execution data
The first category of data is any personal information other than 'Test execution data' provided by the Customer during the Services and includes personal information of any employee, user, or customer personnel. We refer to this data as 'LambdaTest Account data.' Personal information contains names, email addresses, and Phone numbers.
The second category of data is any information, including personal information, which is stored and processed in or transmitted via the LambdaTest platform by, or on behalf of, our Customer. We refer to this data as ‘Test execution data’. The second category of data consists of the data that our Customers uploaded to our Platform, or our Platform otherwise accesses that in the course of testing applications, reports, tests, networks, browsers process logs, other artifacts, authentication, licensing, and test execution metadata (e.g., test status, duration, name, browsing sessions, search history) and other information that Customers may provide during testing. In general, ‘Test execution data' means data stored or processes for delivery of Services we provide as a data processor and includes data stored for backup as well.
'Test execution data' need not contain any identifiable personal information or sensitive personal information regarding customer personnel, customers, end-users, or other third parties.
Please note that LambdaTest does not collect, nor does it require, any identifiable personal information or sensitive data by default for its functioning. From a privacy perspective, the Customer is the controller of Test execution data, and LambdaTest is a processor. This means that throughout the time that a customer subscribes to services with LambdaTest, the Customer retains ownership of and control over Test execution data in its account.
Additionally, the types of personal information we collect include:
- Transaction and Payment Information: information that may relate to transactions you may carry out with us, including bank account details and other relevant payment information.
- Location Information: location information, either provided by a mobile device interacting with one of our Websites or applications or associated with your IP address when you visit our Websites or use our Products and Services.
- Public/Third Party Information: information from third-party or public sources or that we receive from companies that partner with us to provide our Products and Services.
- Consents and Preferences Information: details of permissions, consents and preferences that you give us.
- Marketing, Lead Generation/Inside Sales, and related information: First name and Surname, Email address, Phone number, and Company name.
- Social media identifiers including the posts on social media by individual or company, publicly available information and identifiers including any analytics and profiles of the individual available, details from the third-party owned/sold personal information.
- Data coming through online and offline marketing events including seminars, marketing campaigns (including ads), webinars, guest speakers, testimonials, workshops, business calls and meetups, trade fairs, and similar events.
- IP address, web history data, including operating system and browser type, page tracking data, traffic data, location data, blogs, and other communication data coming in through chatbots.
- Professional details, employment details including title/designation/role, company name, location, and contact details coming through social networking sites, customer referrals, publicly available sources, and purchased contact lists.
- The technologies we use for automatic data collection may include:
- Web Beacons: Pages of LambdaTest Services and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
- We may also collect personal information about you from third-party sources such as marketers, partners, researchers, affiliates, service providers, vendors, and others where they are legally allowed to share your personal information with us. For example, if you register for LambdaTest Services on another website, the website may provide your personal information to us.
2. Legal basis for information processing
The legal basis upon which we rely depends on which of our Products and Services you use and the reasons for which you contact us. We collect and use your personal information where:
- Contractual – performing any contract we have with you or to take steps at your request prior to entering into a contract with you.
- Legitimate Interests - this is necessary for our legitimate interests as a business and is not overridden by your legitimate privacy interests. These legitimate interests include our interest in the following:
- Operating and providing our Websites and our Products and Services, including providing customer support and processing your orders, requests, questions, and concerns;
- Collecting product usage, analytics, and performance data relating to our Websites and our Products and Services, in order to maintain, analyze, develop, update, and improve them;
- Maintaining records of bugs, customer support requests and similar requests you file, and our response to these requests;
- Using information to personalize content and features on our Websites and our Products and Services;
- Detecting, investigating and preventing activities that may breach or violate our policies or applicable laws (such as fraud detection and prevention);
- Managing our business in an efficient and proper way, which includes managing financial administration, business capability, planning, communications, corporate governance and audit;
- Maintaining corporate or business records consistent with our retention policies and applicable laws;
- Protecting against activities that may threaten the security, integrity, or availability of our or another party’s products, systems, and services;
- Protecting our legal rights and defending claims; and
- For marketing and selling our Products and Services consistent with applicable laws.
- To better understand your needs and interests, and personalize your experience with the service
- To manage and communicate with you regarding your service account if you have one, including by sending you service announcements, technical notices, updates, security alerts, and support and administrative messages
- To send you updates about LambdaTest Services and blogs, or to otherwise contact you about our services we think may interest you, by email.
- To better understand how you and others use LambdaTest Services so that we can improve LambdaTest Services and for other research and analytical purposes.
- If you request information from us, use the Service or participate in our surveys, promotions or events, we may send you LambdaTest-related marketing communications as permitted by law but will provide You with the ability to opt-out.
- Consent - you give us consent to process your personal information.
- In some cases, we may ask for your consent to collect, use or share your personal information, such as when you let us post your testimonials or endorsements in the Service
Processing is based on your consent. Where we rely on your consent you have the right to withdraw it anytime by sending a request to firstname.lastname@example.org with the word “Opt-out” or “UNSUBSCRIBE” in the subject field of the email.
Note: Even after you opt out from receiving promotional messages from us, if you have any account for LambdaTest Services, we will still send you non-promotional communications, like service-related emails.
- Legal Obligations - We need to process your personal obligation to comply with a legal obligation, such as a lawful subpoena or law-enforcement request or to fulfill the lawful instructions of our customers (when they are acting as the controller).
- For compliance with the law: We may use your personal information as we believe appropriate to
- (a) comply with applicable laws, lawful requests, and legal processes, such as to respond to subpoenas or requests from government authorities;
- (b) where permitted by law in connection with a legal investigation; and
- (c) to prosecute or defend legal claims.
- Other - We have another lawful basis for processing your personal information in accordance with applicable law.
When we rely upon our legitimate interests for processing your information, we will balance those interests against your privacy rights and will not use your personal information where the impact on you would override your rights, unless we are otherwise permitted by law to process your personal information, e.g., where you consent.
3. How we use the information we collect
LambdaTest requires this information to better understand the needs that you may have in terms of the services we offer and provide you with a better experience and services. We may also use this information for:
- Providing you with LambdaTest Services.
- Internal records for correspondence.
- Providing you with information you request, process requests or resources, and for other purposes.
- Improve our service offerings and personalize your experience.
- Periodically sending promotional emails about new service offerings, webinars, technology events, or any other information which we think you may find interesting using the email address you have provided.
- Send information to you, including marketing communications relating to our business, which we think may be of interest to you by post, email, or other means.
- To send commercial e-mails to individuals or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws.
- Contacting you for collection of feedback/surveys.
- Collected information is used to update, maintain and track the marketing/lead generation efforts in a Customer Relationship Management (CRM) tool/database.
- Any postings, comments, or other content that you may post on our website or social media platforms.
- We may transfer personal information to our contracted service providers and advisors who may be located in other countries. Adequate data protection is provided before any such data transfers are made.
- Disclosing your personal information to third parties in the event that we sell or liquidate any part of our business or assets.
- We may share your personal information with third parties for a specific purpose (for example – prospecting, or insurance). Any personal information processing conducted by an external agent or entity (third-party service provider) on our behalf shall be evidenced by a valid written contract between the involved parties. Such a contract shall specifically set out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal information and categories of data subjects, and the obligations and rights of the company.
- LambdaTest’s formal compliance with ISO 27001 (Information Security Management Systems), ISO 27701 (Privacy Information Management System), and System and Organization Controls (SOC) ensure the adequacy of appropriate technical and organizational safeguards.
- LambdaTest uses and complies with the UK and European Commission-approved standard contractual clauses (“SCCs”) for the transfer of Personal Data from the EU/EEA to the United States or other countries that do not have equivalent privacy and data protection laws. We are responsible for processing such Personal Data we receive under the SCCs and for any subsequent onward transfer to a third-party who provides services to us and is acting as a representative on our behalf.
4. Information Retention
- We will retain your LambdaTest Account data and personal information only for as long as it is necessary. Personal Information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. If you have an association with us, we will only keep the data while your association is active or for as long as needed to provide services to you and, as further needed for us to comply with our legal and contractual obligations.
- All the Test execution data from executed VM or Real Device gets deleted as soon as the test is completed, which means if you run any test twice, you will get a new clean, and sanitized machine or device. This means the VM where the test gets executed gets deleted as soon as the test ends. While real devices will only be put into the public pool after the clean-up process is complete.
LambdaTest stores the encrypted Test execution data, such as logs, videos, and screenshots that are actually generated while running the test at LambdaTest for 60 days by default.
Any customer at any moment can explicitly request to delete all the data corresponding to a person via email, which generally takes 48 hours turnaround time.
- If you have elected to receive marketing communications from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest or received our content or services. We would also retain information derived from cookies and other tracking technologies for a reasonable period from the date such information was created/received. When the personal information that has been collected is no longer required, LambdaTest shall destroy or delete it in a secure manner in accordance with our information security policies and/or as per the official contract made with the other party.
- Non-personally identifiable and aggregated information may be stored for a longer duration.
- Compelled Disclosure: LambdaTest reserves the right to use or disclose the Personal Information we collect if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, employees, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
5. Information Sharing or Disclosure
Data sharing within LambdaTest
- We may share personal information within LambdaTest to deliver Products and Services to our customers.
- LambdaTest has employees and offices globally. This means that we may transfer information globally. Outside of the EU, LambdaTest employees may access information from other countries, subject to any controls that may have been put in place to restrict access to personal information in the form of geofencing controls.
Data sharing with those who support our Products and Services
- In order to deliver our Products and Services, we rely on a number of different systems, platforms, and services, some of which are provided by LambdaTest and some of which are provided by third party vendors and service providers. This covers everything from the software we use in our finance department to the infrastructure we use to run our Products and Services, including when you participate in a free trial. Where we use vendors and service providers, they act as processors on our behalf. These vendors are under a data processing agreement with us, act on our instructions, and adhere to the policies described in this document.
- List of third party vendors we use in order to provide support for our services are provided in this link as the list of LambdaTest’s Sub-processors.
Data sharing with other third parties
- If you are an individual based in the EEA and have given us your express permission, we may share your personal information with select partners that you decide. If you are an individual not based in the EEA, we may share your personal information with select partners that are clearly labeled when you sign up. We always make clear when we share that information – as an example when we provide an event or an asset in collaboration with a partner of ours.
- LambdaTest, with its partnership and commitment to Security and Privacy with Microsoft, also provides a link to their Privacy Statement
- LambdaTest app complies with Google API Services User Data Policy, including the Limited Use requirements, which use and transfer information received from Google APIs to any other app.
6. Protection of information
We follow security & privacy by design baked into our services to protect your information
We back ourselves up with robust data security and privacy practices that form an integral part of our product engineering and service delivery principles. Security and Privacy are at the heart of how we build our products and process your data to provide high resiliency. We have top-down governance and security in our DNA that lets us constantly wade through our threat vectors and calibrate to strengthen our security posture. That way, we align with the changing business and technology landscape.
We have implemented appropriate organizational, technical, administrative, and physical safeguards to protect the security, confidentiality, integrity, and privacy of Personal Information and Customer Account Data within our organization.
7. Your choices and rights
How you can opt out of LambdaTest marketing
- You can choose to opt out of marketing communications from us at any time.
- If you don’t want to receive marketing communications from us, you can at any time use the “Unsubscribe” link present in all marketing emails from us.
How you can opt-out of third-party marketing such as from our customers
- Our customers are solely responsible for their own marketing emails and other communications and we cannot unsubscribe you from their communications.
- You can unsubscribe from our customers' marketing communications by clicking on the "unsubscribe" link located on the bottom of their emails, or by contacting them directly.
8. Cookies Management
9. Children’s Privacy
Protecting the privacy of young children is especially important. For that reason, LambdaTest does not knowingly collect or solicit personal information from anyone under the age of 13. In the event that we learn that we have collected personal information from a child under age 13, we will delete the information we have stored as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us as indicated in the contact section below.
10. Data Protection Officer
We have appointed a data protection officer for you to contact if you have any questions or concerns about our personal data or information policies or practices. Our Data Protection Officer can be contacted at email@example.com.
11. Contact Us
If you wish to make a request regarding your personal information, please visit our Privacy Center at https://www.lambdatest.com/trust/privacy
1390 Market Street
Suite 200 San Francisco
LambdaTest Service: Contact Us
Section A - UK and EEA Data Subjects
If you are an individual in the United Kingdom (UK) and/or European Economic Area (EEA), we collect and process information about you only where we have a legal basis for doing so under applicable laws (applicable law), which include (but are not limited to) the UK and EU data protection and privacy laws.
LambdaTest is the data controller of Personal Data provided to, or collected by or for, our Services, but we may act as data processor on behalf of our customers for Personal Data that we process on their behalf when providing the Services.
Legal basis for processing Personal Data (EU/EEA visitors only): If you are a visitor to our website(s) and are located in the European Union (“EU”)/European Economic Area (“EEA”), LambdaTest’s legal basis for collecting and using the Personal Data described in this policy will depend on the Personal Data concerned and the specific context in which we collect it. However, we will normally collect Personal Data from you only where we have your consent to do so (for example – contact us form on the website), where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
International Transfer of Personal Data: LambdaTest complies with the European Commission-approved standard contractual clauses (“SCCs”) for the transfer of Personal Data from the EU/EEA to the United States or other countries that do not have equivalent privacy and data protection laws. We are responsible for processing such Personal Data we receive under the SCCs and for any subsequent onward transfer to a third-party who provides services to us and is acting as a representative on our behalf. Refer to DPA with SCC.
Your personal information may be transferred to LambdaTest and its service providers in countries other than the country in which you are resident, including in the United States, and other locations where we have offices or employees. These countries may have data protection laws that are different from the laws of your country and may not provide the same level of protection as your country.
If you are located in the European Economic Area, the UK or Switzerland, we will protect your personal information when it is transferred outside of your jurisdiction by (a) processing it in a territory that provides an adequate level of protection based on its data protection laws; or (b) implementing appropriate safeguards to protect your personal information, such as relying on the European standard contractual clauses. LambdaTest currently relies on these European standard contractual clauses (“Model Clauses”) for data transfers.
Some vendors and service providers are based outside the EEA and UK, including the United States. Whenever we transfer your personal information outside the EEA and/or UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal information to countries that have been deemed to provide an adequate level of protection for personal data under applicable law.
- Where we use certain service providers, we may use specific contracts approved for use in the UK and/or EEA that give personal information the same protection it has in the UK and/or EEA.
- In the case of specific service providers, we may implement supplemental safeguard measures, which may be technical, contractual, and/or organizational in nature.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK and/or EU.
Updates to your Personal Data: You can request access, correction, updates, or deletion of your Personal Data. You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your Personal data. If we have collected and processed your Personal Data with consent, then you may withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.
- Contact us (firstname.lastname@example.org) if you wish to update your personal information.
- In case you have previously subscribed or agreed to us for sharing your personal information for direct marketing purposes, you may opt-out the same anytime by writing an email to email@example.com.
- To exercise any rights, for questions, concerns, or complaints or if you wish to contact our Data Protection Officer (DPO), you may also write to firstname.lastname@example.org.
Your Rights: Subject to applicable law, you have the following rights in relation to your Personal Data:
- Right of access: If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data along with certain other details. If you require additional copies of the data, we may need to charge a reasonable fee.
- Right to rectification: If your Personal Data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we share your Personal Data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to erasure: You may ask us to delete or remove your Personal Data, such as where you withdraw your consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your Personal Data in certain circumstances, such as where you contest the accuracy of the data or object to us processing it. We will tell you before we lift any restriction on processing. If we share your Personal Data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your Personal Data so you can contact them directly.
- Right to data portability: Effective 25 May 2018, you have the right to obtain your Personal Data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will give you your Personal Data in a structured, commonly used, and machine-readable format. You may reuse it elsewhere.
- Right to object: You may ask us at any time to stop processing your Personal Data, and we will do so if we are processing your Personal Data for direct marketing and otherwise. However, if we are relying on a legitimate interest to process your Personal Data and we demonstrate compelling legitimate grounds for the processing we may continue.
- Rights in relation to automated decision-making and profiling: You have the right to be free from decisions based solely on automated processing of your Personal Data, including profiling, that produce a significant legal effect on you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us or you provide your explicit consent.
- Right to withdraw consent: If we rely on your consent to process your Personal Data, you have the right to withdraw that consent at any time. Withdrawal of consent will not affect any processing of your data before we received notice that you wished to unsubscribe.
- Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your Personal Data, you can report it to the data protection authority that is authorized to hear those concerns.
You may exercise your rights by writing an email at email@example.com where you request your specific rights.
Section B - California Resident Notices
California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively, the "CCPA")
We are not directly in the business of selling personal information, but there may be limited circumstances where we share personal information in a manner that may be a “sale” as defined under California law. The following definition are referred to as per CCPA 1798.140:
- (o) (1) “Personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Personal information includes but is not limited to, the following if it identifies, relates to, describes, is reasonably capable of being associated with, or could be reasonably linked, directly or indirectly, with a particular consumer or household.
- (o) (2) “Personal information” does not include publicly available information. For purposes of this paragraph, “publicly available” means information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge.
- (o) (3) “Personal information” does not include consumer information that is deidentified or aggregate consumer information.
- (t) (1) “Sell,” “selling,” “sale,” or “sold,” means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third-party for monetary or other valuable consideration.
This privacy notice enables you to request us to refrain from selling your personal information in accordance with California law. As a California resident, you have specific privacy rights under the California Consumer Privacy Act (CCPA). You may opt-out of any selling (as defined in “CCPA”) of your personal information by contacting us for ‘Do Not Sell My Personal Information (CCPA)’ via an email to firstname.lastname@example.org. Please note that this right is limited to only California residents and is not absolute. We reserve the necessary rights to question, ask to prove the identity and deny the request in the event of any suspicious or fraudulent opt-out requests.
Note about the California Privacy Rights Act (CPRA) – In November 2020, California voters approved Proposition 24, the California Privacy Rights Act (CPRA), which sought to amend the CCPA. Some of the Attorney General’s responsibilities under the CCPA will transition over to the California Privacy Protection Agency created under CPRA. However, the Attorney General will retain the authority to go to court to enforce CPRA. Enforcement of CPRA will begin in 2023.
CCPA allows consumers who are California residents, upon a verifiable consumer request, to request from a business:
- Delete any personal information about the consumer that the business has collected from the consumer;
- Disclose to the consumer certain information about the personal information that the business collects from the consumer; and
- Direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information.
To submit a data access or data deletion request, by writing an email at email@example.com where you request your specific rights or contact us at firstname.lastname@example.org.
Please note that these requests apply only to information that LambdaTest holds as a “controller.” If your request relates to the personal data collected through a customer’s websites or digital products, you should direct your request to the owner of that website or product.
Please note that you must verify your identity and request before LambdaTest will process your request. You may be required to provide email confirmation or other information in order for us to verify your identity. Consistent with California law, if you choose to exercise your rights, you will not receive discriminatory treatment by LambdaTest.
Under certain circumstances, you may designate an authorized agent to make a request on your behalf. In order to designate an authorized agent to make a request on your behalf, you must provide a valid power of attorney, your valid government-issued identification, and the authorized agent’s valid government-issued identification to allow LambdaTest to verify that the agent is authorized to make the request on your behalf.
If you have any questions about LambdaTest's privacy policies and practices, please contact us at email@example.com.