Third party privacy notice
About us
This privacy notice is provided by Lane Clark & Peacock LLP on behalf of itself and its relevant subsidiaries. For further information about Lane Clark & Peacock LLP and its subsidiaries, please click here. References to “LCP”, “we”, “us” or “our” may be to Lane Clark & Peacock LLP and/or its subsidiaries (or any one or more of them), as the context requires.
Lane Clark & Peacock LLP is listed on the register of data controllers held the Information Commissioner’s Office with registration number Z6661882.
Delta Energy & Environment Limited is listed on the register of data controllers held by the Information Commissioner’s Office with registration number is ZA695530.
In circumstances where an LCP partner or staff member in the UK acts as scheme actuary for a pension scheme (the “Scheme Actuary”), they will usually be a data controller in carrying out their statutory functions as scheme actuary and will carry out those functions in accordance with data protection laws. Each Scheme Actuary at LCP (with a current Scheme Actuary appointment) is listed on the register of data controllers held by the Information Commissioner’s Office.
Scope of this privacy notice
This privacy notice applies where we process personal data about clients, pension scheme members, subscribers to our products or services, suppliers and other third parties with whom we have business dealings in circumstances where a privacy notice specific to the circumstances has not already been issued. For processing of your personal data in connection with use of this website, please see our Website and Marketing Privacy Notice.
What personal data do we collect and how?
We collect personal data about individuals in the course of running our business and providing our services to our clients. We may collect personal data from a variety of sources for example:
- from our clients
- from prospective clients
- from our subscribers
- from recruiters (for the purposes of recruitment)
- from third party websites used as business tools (including LinkedIn) (for the purposes of recruitment and building business relationships)
- from suppliers and service providers
- from cookies (for information regarding cookies, please see our Cookie Policy)
- directly from an individual
- from any other third party with whom we have business dealings.
The personal data provided will depend on the source of the information but may include an individual’s:
- name
- job title
- age
- contact details (telephone number, email address, address)
- national insurance number (UK) and personal public service number (Ireland)
- copies of identification and similar documents (e.g. birth, marriage, civil partnership and death certificates, passport identity pages, decree absolute, Pension Adjustment Orders)
- date of birth
- marital status
- health information
- salary
- pension amounts
We will always try to keep the amount of personal data we collect to the minimum needed.
We collect personal data in two ways:
- directly (for example where you disclose them to anyone who works for us via telephone, email, on our website or via post)
- indirectly (for example from our clients or trustees where we are delivering a service, collaborating partner organisations, market research agencies, (paid for) external marketing lists and publicly available sources)
What is the lawful basis for processing?
Applicable data protection law means we must have a valid lawful basis for processing your personal data. There are six possible lawful bases for processing, which are set out in Article 6 of the UK General Data Protection Regulation (GDPR). In general, we do not require your consent to process your personal information because we rely on the following lawful bases:
- Contractual – to meet our obligations under the terms on which we are appointed to advise our clients.
- Legitimate Interests - where we need to process your personal data for our legitimate interests; which are to operate as a business.
- Legal Obligation – where we need it to comply with legislation or other legal requirements.
If we collect personal data for any other purpose we will seek your consent. For example, we might seek consent to retain contact details for the purpose of providing you with information that we believe could be useful and relevant to you. In such cases, we will always provide you with a clear way of withdrawing consent.
How do we use personal data we collect?
We only use personal data for the purpose for which it has been provided to or collected by us.
For example, we may use your personal data:
- to respond to requests and enquiries
- to provide and improve our products and services to our clients
- to market our services (in accordance with our Website and Marketing Privacy Notice)
- to manage our relationships with clients, prospects and third parties, the receipt of services, and staff recruitment
- to perform market research
- for verification and anti-money laundering purposes
- to make contact with industry peers
How do we keep personal data secure?
The processing of an individual’s personal data will be done in accordance with the UK or EU (as applicable) General Data Protection Regulation and any other legislation which is relevant to data protection in the United Kingdom or Ireland. Access to personal data will be limited to authorised individuals on a strictly need to know basis.
We regularly review all our systems, policies and technologies to ensure that these continue to work effectively to protect your personal data. We ensure that our staff receive regular training on information security and data protection.
For further information on our information security, please click here.
When is personal data shared?
To provide our services to clients and for legitimate business purposes we may share personal data:
- where we have permission to do so;
- to third party service providers eg website host, auditors, event organisers an individual has registered for;
with partners working alongside us on research and consulting projects; - in order to give individuals and/or clients the service they have requested eg to use specialist companies to provide additional services or advice;
- for regulatory or legal purposes or to protect our rights and the rights of our clients or other parties; and
- to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities.
Transfers outside of the UK or EEA
We will only transfer personal data outside of the UK or European Economic Area in circumstances where:
- the individual has asked us to;
- the EU Commission or the UK Secretary of State (as applicable) has determined that the country, territory and/or organisation that is receiving the data ensures an adequate level of protection; and/or
- there are appropriate safeguards in place for the data (ie individuals’ rights in respect of that data are still enforceable and effective remedies are still available).
We do not routinely transfer personal data that we process on behalf of clients outside the UK or EEA. Where we are acting on a client’s instructions to do so, the client will usually have put in place appropriate safeguards.
How long will personal data be kept for?
We will retain your personal data for so long as the purpose the individual has provided it for still exists, unless a longer retention period is required or permitted by law.
LCP retains client personal data to allow it to meet its regulatory requirement to retain data and to enable it to defend against any future legal claims and to meet good practice in managing its business.
LCP + LCP Ireland – member data held in client files
Personal data held on Members in our capacity as Data Processor (such as when we are providing Pensions Administration Services) is held for the duration of the appointment and 15 years after termination.
LCP Delta - consulting project data
Personal data collected in relation to LCP Delta consultancy projects (including but not limited to conducting interviews, producing case studies, or inviting to an event or workshop) will be stored for no more than 6 years.
LCP Delta - subscriber database
Your information is stored in our LCP Delta subscriber website database if you have access to our LCP Delta subscription services.
Every 6 months we delete inactive user accounts.
Automated decision making
We do not use any form of automated decision making which could have a negative impact on you.
We use marketing automation and scoring to help us provide you with information that is relevant to you. For more information, please see our Cookie Policy.
What rights do individuals have?
Where we are the data controller, individuals have the following rights in relation to their personal data:
- Right of access – the right to request a copy of their personal data that we hold.
- Right to rectification – the right to have their data corrected if it is inaccurate or incomplete.
- Right to erasure – the right to have their data deleted or removed if it is no longer necessary for the purpose for which it was obtained.
- Right to restrict processing – the right to request that the way in which we use their data is restricted to certain uses which they may specify.
- Right to data portability – the right, where applicable, to have their data transferred to another organisation.
- Right to object – the right to object to the processing of their personal data in certain circumstances eg for direct marketing purposes. In the event that an individual has not consented to our use of their personal data and we are not using their data in a way in which they would reasonably expect or they do not consider that we are using their data for their benefit, then an individual may object to us collecting and using their personal data. Individuals may withdraw any consent they have given in respect of their personal data at any time.
To exercise any of these rights, please contact us using the contact details below. We aim to respond to any request received within one month of receipt.
How to contact us
If you would like further information about this privacy notice or how to request your personal data, you can contact us.
LCP or LCP Delta:
The Data Protection Officer
Lane Clark & Peacock LLP
95 Wigmore Street
London
W1U 1DQ
data.protection@lcp.uk.com
LCP Ireland:
GDPR
Lane Clark & Peacock Ireland Ltd
Office 2, Grand Canal Wharf
South Dock Road
Dublin 4
eoin.mullen@lcpireland.com
Complaints
We aim to meet the highest standards when collecting and using your personal data. However, if you believe we are not meeting these standards and wish to make a complaint, please contact us using the contact details provided above.
If you are not satisfied with our response, you have the right to complain to the appropriate regulator:
UK: https://ico.org.uk/make-a-complaint/
Ireland: https://www.dataprotection.ie/contact
Changes to this privacy notice
We keep this privacy notice under regular review and place any updates on our website. This privacy notice was last updated on 1 May 2024.