This privacy notice is provided on behalf of both Lane Clark & Peacock LLP (“LCP”) of 95 Wigmore Street, London, W1U 1DQ, registered number OC301436 and its subsidiary Delta Energy & Environment Limited (“Delta-EE”).
LCP is listed on the register of data controllers held the Information Commissioner’s Office (“ICO”). Our data protection registration number is Z6661882.
Delta-EE is listed on the register of data controllers held the Information Commissioner’s Office (“ICO”). Our data protection registration number is ZA695530.
References to “we”, “use” or “our” are to LCP and/or Delta-EE. References to “LCP Delta” are to services provided under the “LCP Delta” brand by either LCP or Delta-EE.
In circumstances where an LCP partner or staff member acts as scheme actuary for a pension scheme (the “Scheme Actuary”), he or she will usually be a data controller in carrying out his or her statutory functions as scheme actuary and will carry out those functions in accordance with data protection laws. Each Scheme Actuary at LCP (with a current Scheme Actuary appointment) is listed on the register of data controllers held by the ICO.
Scope of this privacy notice
The personal data that we collect
We collect personal data about individuals in the course of running our business and providing our services to our clients. We may collect personal data from a variety of sources for example:
- from our clients;
- from prospective clients;
- from our subscribers;
- from recruiters (for the purposes of recruitment);
- from third party websites used as business tools (including LinkedIn) (for the purposes of recruitment and building business relationships);
- from suppliers and service providers;
- directly from an individual; and
- from any other third party with whom we have business dealings.
The personal data provided will depend on the source of the information but may include an individual’s:
- job title
- contact details (telephone number, email address, address);
- national insurance number;
- date of birth;
- marital status;
- health information;
- salary; and
- pension amounts
We will always try to keep the amount of personal data we collect to the minimum needed.
What is the lawful basis for processing?
Applicable data protection law means we must have a valid lawful basis for processing your personal data. There are six possible lawful bases for processing, which are set out in Article 6 of the UK General Data Protection Regulation (GDPR). In general, we do not require your consent to process your personal information because we rely on the following lawful bases:
- Contractual – to meet our obligations under the terms on which we are appointed to advise our clients.
- Legitimate Interests - where we need to process your personal data for our legitimate interests; which are to operate as a business.
- Legal Obligation – where we need it to comply with legislation or other legal requirements.
If we collect personal data for any other purpose we will seek your consent. For example we might seek consent to retain contact details for the purpose of providing you with information that we believe could be useful and relevant to you. In such cases, we will always provide you with a clear way of withdrawing consent.
How do we use personal data that we collect?
We collect personal data in two ways:
- directly (for example where you disclose them to anyone who works for LCP/Delta-EE via telephone, email, on our website or via post)
- indirectly (for example from our clients or trustees where we are delivering a service, collaborating partner organisations, market research agencies, (paid for) external marketing lists and publicly available sources - for verification and anti-money laundering purposes and to make contact with industry peers.
We only use personal data for the purpose for which it has been provided to or collected by us.
For example we use your personal data:
- to respond to requests and enquiries
- to provide and improve our products and services to our clients,
- to manage our relationships with clients, prospects and third parties, the receipt of services, and staff recruitment.
- to perform market research
Data retention periods
We will retain an individual’s personal data for so long as the purpose the individual has provided it for still exists, unless a longer retention period is required or permitted by law.
LCP Delta - consulting project data
Personal data collected in relation to LCP Delta consultancy projects (including but not limited to conducting interviews, producing case studies, or inviting to an event or workshop) will be stored for no more than 6 years.
LCP Delta - subscriber database
Your information is stored in our LCP Delta subscriber website database if you have access to our LCP Delta subscription services.
Every 6 months we delete inactive user accounts.
Transfer outside of the EEA
We will only transfer personal data outside of the UK or European Economic Area if:
- the individual has asked us to;
- the UK Secretary of State has determined that the country, territory and/or organisation that is receiving the data ensures an adequate level of protection; and/or
- there are appropriate safeguards in place for the data (ie individuals’ rights in respect of that data are still enforceable and effective remedies are still available).
We do not routinely transfer personal data that we process on behalf of clients outside the UK or EEA. Where we are acting on a client’s instructions to do so, the client will usually have put in place appropriate safeguards.
The processing of an individual’s personal data will be done in accordance with the UK General Data Protection Regulation and any other legislation which is relevant to data protection in the United Kingdom. Access to personal data will be limited to authorised individuals on a strictly need to know basis.
We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal data. We ensure that our staff receive regular training on information security and data protection.
We meet the ISO27001 standard for information security management systems and Cyber Essentials Plus. For further information on our information security please click here.
Sharing personal data
To provide our services to clients and for legitimate business purposes we may share personal data:
- where we have permission to do so;
- to third party service providers eg website host, auditors, event organisers an individual has registered for;
- with partners working alongside us on research and consulting projects;
- in order to give individuals and/or clients the service they have requested eg to use specialist companies to provide additional services or advice;
- for regulatory or legal purposes or to protect the rights of LCP/Delta-EE, our clients or other parties; and
- to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
Rights of individuals
Where we are the data controller, individuals have the following rights in relation to their personal data:
- Right of access – the right to request a copy of their personal data that we hold.
- Right to rectification – the right to have their data corrected if it is inaccurate or incomplete.
- Right to erasure – the right to have their data deleted or removed if it is no longer necessary for the purpose for which it was obtained.
- Right to restrict processing – the right to request that the way in which we use their data is restricted to certain uses which they may specify.
- Right to data portability – the right, where applicable, to have their data transferred to another organisation.
- Right to object – the right to object to the processing of their personal data in certain circumstances eg for direct marketing purposes. In the event that an individual has not consented to our use of their personal data and we are not using their data in a way in which they would reasonably expect or they do not consider that we are using their data for their benefit, then an individual may object to us collecting and using their personal data. Individuals may withdraw any consent they have given in respect of their personal data at any time.
To exercise any of these rights please contact us using the contact details below. We will aim to respond to any request received within one month of receipt.
How to contact us?
If you would like further information about this privacy notice or how to request your personal data you can email us at firstname.lastname@example.org or write to:
The Data Protection Officer
Lane Clark & Peacock LLP
95 Wigmore Street
We aim to meet the highest standards when collecting and using your personal information. However, if you believe we are not meeting these standards and wish to make a complaint, please contact our Data Protection Officer.
If you are not satisfied with our response you have the right to complain to the Information Commissioner’s Office. You can find out more about how to contact the ICO on its website.
Changes to this privacy notice
We keep this privacy notice under regular review and place any updates on our website. This privacy notice was last updated on 1 March 2023.