Quality Policy

Lithos Consulting Ltd is committed to:

  • Meeting the needs of our clients by providing high quality commercial, pragmatic and robust advice in clear and concise technical reports.
  • Promoting an ethos of continual quality improvement, a culture of support and the philosophy of getting things “right first time”.
  • Enhancing the skills of all employees from Board level down, through review and on-going training.
  • Completing site work in accordance with the highest levels of health and safety.  Rigorously controlling and continuously monitoring our work to the agreed programme.
  • Operating the business in accordance with the systems required by ISO 9001: 2015.
  • Promoting quality management systems and ensuring implementation is achieved by internal auditing, management review and action.

Supplier Payment Policy

At Lithos we are committed to paying all suppliers promptly.  Please ensure invoices contain a PO reference and BACs details.  We will contact you if we have a query about your invoice.  We aim to pay all suppliers at the end of the month following the month of invoice.  You can use the quick enquiry form in Contact Us if you wish to complain about our payment process.

Privacy Policy

Lithos Consulting Ltd is committed to respecting and protecting your privacy.  This policy, as well as our Terms and Conditions, set out the basis on which we process any personal data we collect or you provide us with.  This policy may change from time to time so please check it before providing us with your personal information.

Visitors to our website

Our website is SSL secure.  When someone visits www.lithos.co.uk we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone.

Security and performance of our website

Lithos uses a third party, UKFast, to host and maintain the security and performance of our website. Our website is hosted in the UK and UKFast are IS0 27001 compliant.  Further details of their hosting privacy notice can be found  by clicking on the following link https://www.ukfast.co.uk/data-security.html

Completing the Contact Us form

When you complete our Contact Us form, you send Lithos your name, email address and details of your enquiry.  We will use this information solely to reply to your enquiry and not for any marketing purposes.


When you use this website we will collect basic information about the way you use the site during your visit. This information is used only for site navigation, systems administration and analytical purposes.  In certain situations we may use cookies in order to recognise you as a site user and to personalise your visit. A cookie is small file sent to a web browser by a web server.  We only use cookies for the purposes stated above and where necessary for the full operation of the website.  You can set your browser to reject cookies but if you do so you will be unable to enjoy full site functionality.  The table below explains what cookies we use and why. The table was last updated May 2018.




Google Analytics


This is used to collect information about how visitors use the site. The cookies collect information anonymously, including the number of visitors to the site, where visitors have come to the site from and the pages they have visited. We use this information to compile reports and to help us improve the site. Click here for Google Privacy

Content Management System


This cookie is set by our content management system on arrival to the Lithos Consulting Ltd website. It is not used by Lithos Consulting Ltd and is deleted when the user closes their browser.  This cookie is not removed when you turn cookies off via our cookie tool as doing so may cause the website to function incorrectly.

Job applicants

All of the information you provide during the recruitment process will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary.  We will not share any of the information you provide during the recruitment process with any third parties for marketing purposes. The information you provide will be held securely by us whether the information is in electronic or physical format.  Only our recruitment team have access to your personal data.

Shortlisting and interview

Our recruitment team uses your CV and any covering letter to shortlist applications for interview. If you are unsuccessful at the short list stage, information you have provided until that point will be retained for 6 months and then deleted.


Shortlisted applicants will be asked to attend an interview.  We will ask you about your previous experience, education, referees and for answers relevant to the role you have applied for.  Information will be generated by you and by us. For example, you might complete a written test or we might take interview notes. If you are unsuccessful following interview, all information you have provided and generated (eg interview notes) will be retained for 6 months and then deleted. We will ask you if you want us to keep your details any longer, in case another suitable vacancy arises. 

Conditional/final offer

If we make a conditional offer of employment, we will ask you for information so that we can carry out pre-employment checks. We are required to confirm the identity of our staff, their right to work in the UK and seek assurance as to their trustworthiness, integrity and reliability. You will therefore be required to provide proof of your identity and qualifications and we will contact your referees, using the details you provide in your application.

If we make a final offer, we will also ask you for the following information:

  • Bank details – to process salary payments
  • National Insurance number – to process employment tax deductions
  • Emergency contact details – so we know who to contact in case you have an emergency at work

If you are successful, the information you provide during the application process will be retained by us as part of your employee file for the duration of your employment plus 6 years following the end of your employment.


We use a third party provider, Campaign Monitor, to deliver our quarterly e-newsletters. We generate the distribution email list from our existing and potential clients, suppliers and other business contacts we have worked with.  Our e-newsletter always gives you, the recipient, the option to unsubscribe at any time.  For legitimate business interests (namely marketing) we will retain your contact details for this purpose for a period of 5 years from the date you last made contact with us.

Campaign Monitor allows us to gather statistics around email opening and clicks and this helps us monitor and improve our e-newsletter. For more information, please see Campaign Monitor’s privacy notice: https://www.campaignmonitor.com/trust/.

Clients and suppliers

For marketing purposes, if you have contacted us as a potential or existing client, your contact details will be held securely, electronically, and retained for a period of 5 years from the date you last made contact with us. In the meantime, your details may be used to send you our e-newsletter or other material we may think is useful.  We will not share your personal details with any other 3rd parties other than Campaign Monitor, as described above.

Due to the nature of our work, less than 5% of our client data is personal information.

Supplier contact details (including bank details) are retained for the period of the contract plus 6 years from the date on which a contract is completed.  We do this to fulfil the contract we have with you and to meet statutory, legal and regulatory requirements.  We will not share any supplier personal details with 3rd parties for marketing purposes.  Supplier contact details will be removed from our supplier database if we have not engaged with you for 5 years.

Sub-contractors and consultants

As part of our legal and statutory obligations and to meet internal quality and technical accreditations, we may ask sub contractors and sub consultants for information to support their competence, eligibility and fitness to work for us.  We will usually ask for this information to be updated annually.  Information we ask for may include personal information such as:

  • CPD certificates
  • Qualifications
  • Membership certificates

This information will be stored safely and retained for 6 years and we will only share it with regulators and auditors where necessary.

Data storage and security

All of our data is held electronically and stored on servers in UK data centres, all of which have IS0 27001 (Information Security Management) accreditation.  We have written agreements in place with these data centres which comply with the requirements of UK data protection legislation.  We do not transfer personal data outside of the UK unless requested by a client.

Rights available to individuals

The GDPR provides the following rights for individuals whose personal data is processed:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object to processing
  8. Rights in relation to automated decision making and profiling - we do not carry out automated decision making and profiling.

Right to lodge a complaint

If you have any concerns or complaints about how we use your personal data, we hope you will alert us to these directly by contacting our Data Controller, Tracy Perrin, at our Wetherby Office. You are entitled to complain to the Information Commissioners Office (ICO) which is the supervisory authority in the UK. Their contact details and the procedure can be found at https://ico.org.uk/

May 2018