This privacy notice is provided on behalf of Lane Clark & Peacock LLP (“LCP”) of 95 Wigmore Street, London, W1U 1DQ, registered number OC301436.
LCP is listed on the register of data controllers held the Information Commissioner’s Office (“ICO”). Our data protection registration number is Z6661882.
Scope of this privacy notice
The personal data that we collect
We collect personal data about individuals in the course of running our business and providing our services to our clients. We may collect personal data from a variety of sources for example:
- from our clients;
- from prospective clients;
- from recruiters (for the purposes of recruitment);
- from third party websites used as business tools (including LinkedIn) (for the purposes of recruitment and building business relationships);
- from suppliers and service providers;
- directly from an individual; and
- from any other third party with whom we have business dealings.
The personal data provided will depend on the source of the information but may include an individual’s:
- contact details (telephone number, email address, address);
- national insurance number;
- date of birth;
- marital status;
- health information;
- salary; and
- pension amounts.
We do not collect sensitive personal data (“special category” data) which includes information about health, racial or ethnic origin, political opinions, religious or philosophical beliefs and sexual life) without your consent.
We will always try to keep the amount of personal data we collect to the minimum needed.
What is the lawful basis for processing?
Applicable data protection law means we must have a valid lawful basis for processing your personal data. There are six possible lawful bases for processing, which are set out in Article 6 of the UK General Data Protection Regulation (GDPR). In general, we do not require your consent to process your personal information because we rely on the following lawful bases:
- Contractual – to meet our obligations under the terms on which we are appointed to advise our clients.
- Legitimate Interests - where we need to process your personal data for our legitimate interests; which are to operate as a business.
- Legal Obligation – where we need it to comply with legislation or other legal requirements.
If we collect personal data for any other purpose we will seek your consent. For example we might seek consent to retain contact details for the purpose of providing you with information that we believe could be useful and relevant to you. In such cases, we will always provide you with a clear way of withdrawing consent.
How do we use personal data that we collect?
We collect personal data in two ways:
- directly (for example where you disclose them to anyone who works for LCP via telephone, email, on our website or via post)
- indirectly (for example from our clients or trustees where we are delivering a service, market research agencies, (paid for) external marketing lists and publicly available sources – for verification and anti-money laundering purposes)
We only use personal data for the purpose for which it has been provided to or collected by us.
For example we use your personal data:
- to provide and improve our services to our clients,
- to manage our relationships with clients, prospects and third parties, the receipt of services, and staff recruitment.
Data retention periods
We will retain an individual’s personal data for so long as the purpose the individual has provided it for still exists, unless a longer retention period is required or permitted by law. We will delete your data five years post your last interaction with us unless requested otherwise.
Transfer outside of the EEA
We will only transfer personal data outside of the UK or European Economic Area if:
- the individual has asked us to;
- the UK Secretary of State has determined that the country, territory and/or organisation that is receiving the data ensures an adequate level of protection; and/or
- there are appropriate safeguards in place for the data (ie individuals’ rights in respect of that data are still enforceable and effective remedies are still available).
We do not routinely transfer personal data that we process on behalf of clients outside the UK or EEA. Where we are acting on a client’s instructions to do so, the client will usually have put in place appropriate safeguards.
The processing of an individual’s personal data will be done in accordance with the UK General Data Protection Regulation and any other legislation which is relevant to data protection in the United Kingdom. Access to personal data will be limited to authorised individuals on a strictly need to know basis.
We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal data. We ensure that our staff receive regular training on information security and data protection.
We meet the ISO27001 standard for information security management systems.
Sharing personal data
To provide our services to clients and for legitimate business purposes we may share personal data:
- where we have permission to do so;
- to third party service providers eg website host, auditors, event organisers an individual has registered for;
- in order to give individuals and/or clients the service they have requested eg to use specialist companies to provide additional services or advice;
- for regulatory or legal purposes or to protect the rights of LCP, our clients or other parties; and
- to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
Rights of individuals
Where we are the data controller, individuals have the following rights in relation to their personal data:
- Right of access – the right to request a copy of their personal data that we hold.
- Right to rectification – the right to have their data corrected if it is inaccurate or incomplete.
- Right to erasure – the right to have their data deleted or removed if it is no longer necessary for the purpose for which it was obtained.
- Right to restrict processing – the right to request that the way in which we use their data is restricted to certain uses which they may specify.
- Right to data portability – the right, where applicable, to have their data transferred to another organisation.
- Right to object – the right to object to the processing of their personal data in certain circumstances eg for direct marketing purposes. In the event that an individual has not consented to our use of their personal data and we are not using their data in a way in which they would reasonably expect or they do not consider that we are using their data for their benefit, then an individual may object to us collecting and using their personal data. Individuals may withdraw any consent they have given in respect of their personal data at any time.
To exercise any of these rights please contact us using the contact details below. We will aim to respond to any request received within one month of receipt.
How to contact us?
If you would like further information about this privacy notice or how to request your personal data you can email us at firstname.lastname@example.org or write to:
The Data Protection Officer
Lane Clark & Peacock LLP
95 Wigmore Street
We aim to meet the highest standards when collecting and using your personal information. However, if you believe we are not meeting these standards and wish to make a complaint, please contact our Data Protection Officer.
If you are not satisfied with our response you have the right to complain to the Information Commissioner’s Office.
Changes to this privacy notice
We keep this privacy notice under regular review and place any updates on our website. This privacy notice was last updated on 31 May 2022.