Lithos Consulting Ltd is committed to respecting and protecting your privacy. This policy, as well as our Terms and Conditions, set out the basis on which we process any personal data we collect or you provide us with. This policy may change from time to time so please check it before providing us with your personal information.
Visitors to our website
Our website is SSL secure. When someone visits www.lithos.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.
Security and performance of our website
Lithos uses a third party, UKFast, to host and maintain the security and performance of our website. Our website is hosted in the UK and UKFast are IS0 27001 compliant. Further details of their hosting privacy notice can be found by clicking on the following link https://www.ukfast.co.uk/data-security.html
Completing the Contact Us form
When you complete our Contact Us form, you send Lithos your name, email address and details of your enquiry. We will use this information solely to reply to your enquiry and not for any marketing purposes.
This is used to collect information about how visitors use the site. The cookies collect information anonymously, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited. We use this information to compile reports and to help us improve the site. Click here for Google Privacy
Content Management System
This cookie is set by our content management system on arrival to the Lithos Consulting Ltd website. It is not used by Lithos Consulting Ltd and is deleted when the user closes their browser. This cookie is not removed when you turn cookies off via our cookie tool as doing so may cause the website to function incorrectly.
All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us whether the information is in electronic or physical format. Only our recruitment team have access to your personal data.
Shortlisting and interview
Our recruitment team uses your CV and any covering letter to shortlist applications for interview. If you are unsuccessful at the short list stage, information you have provided until that point will be retained for 6 months and then deleted.
Shortlisted applicants will be asked to attend an interview. We will ask you about your previous experience, education, referees and for answers relevant to the role you have applied for. Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. If you are unsuccessful following interview, all information you have provided and generated (eg interview notes) will be retained for 6 months and then deleted.
If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. We are required to confirm the identity of our staff, their right to work in the UK and seek assurance as to their trustworthiness, integrity and reliability. You will therefore be required to provide proof of your identity and qualifications and we will contact your referees, using the details you provide in your application.
If we make a final offer, we will also ask you for the following information:
- Bank details – to process salary payments
- National Insurance number – to process employment tax deductions
- Emergency contact details – so we know who to contact in case you have an emergency at work
If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment.
We use a third party provider, Campaign Monitor, to deliver our quarterly e-newsletters. We generate the distribution email list from our existing and potential clients, suppliers and other business contacts we have worked with. Our e-newsletter always gives you, the recipient, the option to unsubscribe at any time. For legitimate business interests (namely marketing) we will retain your contact details for this purpose for a period of 5 years from the date you last made contact with us.
Campaign Monitor allows us to gather statistics around email opening and clicks and this helps us monitor and improve our e-newsletter. For more information, please see Campaign Monitor’s privacy notice: https://www.campaignmonitor.com/trust/.
Clients and suppliers
For marketing purposes, if you have contacted us as a potential or existing client, your contact details will be held securely, electronically, and retained for a period of 5 years from the date you last made contact with us. In the meantime, your details may be used to send you our e-newsletter or other material we may think is useful. We will not share your personal details with any other 3rd parties other than Campaign Monitor, as described above.
Due to the nature of our work, less than 5% of our client data is personal information.
Supplier contact details (including bank details) are retained for the period of the contract plus 6 years from the date on which a contract is completed. We do this to fulfil the contract we have with you and to meet statutory, legal and regulatory requirements. We will not share any supplier personal details with 3rd parties for marketing purposes. Supplier contact details will be removed from our supplier database if we have not engaged with you for 5 years.
Sub-contractors and contractors
As part of our legal and statutory obligations and to meet internal quality and technical accreditations, we may ask sub contractors and contractors for information to support their competence, eligibility and fitness to work for us. We will usually ask for this information to be updated annually. Information we ask for may include personal information such as:
- CPD certificates
- Membership certificates
This information will be stored safely and retained for 6 years and we will only share it with regulators and auditors where necessary.
Data storage and security
All of our data is held electronically and stored on servers in UK data centres, all of which have IS0 27001 (Information Security Management) accreditation. We have written agreements in place with these data centres which comply with the requirements of UK data protection legislation. We do not transfer personal data outside of the UK unless requested by a client.
Rights available to individuals
The GDPR provides the following rights for individuals whose personal data is processed:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object to processing
- Rights in relation to automated decision making and profiling - we do not carry out automated decision making and profiling.
Right to lodge a complaint
If you have any concerns or complaints about how we use your personal data, we hope you will alert us to these directly by contacting our Data Controller, Tracy Perrin, at our Wetherby Office. You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at https://ico.org.uk/