Privacy Policy

Website Privacy Statement


This Privacy Notice (“Notice”) – together with any other privacy information we may provide on specific occasions – applies to the processing of personal data by us when you use our website and our products and services, visit us at our office and in the course of us providing clinical research and analysis and carrying out our business operations. The Notice sets out the types of personal data we collect, explains how we collect and process that data, who it shares it with and certain rights and options that you have in this respect.

We recognise that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies.

When we refer to “Acaster Lloyd” or “we” in this Notice we mean Acaster Lloyd Consulting Limited, a company incorporated in England & Wales with registered number 10532749 and registered address at 84 Theobalds Road, London, England, WC1X 8NL. We are registered with the Information Commissioner’s Office under registration number ZA686006.

How we collect and use (process) personal information

The people about whom we collect and process personal information:

  • Recruitment Candidates
  • Clients and Business Contacts
  • Research Participants
  • Suppliers and other Service Providers
  • Visitors to our Website and Social Media platforms
  • Visitors to our offices
  • Marketing data

1. Recruitment Candidates

We collect and process following information during our recruitment process to assess your suitability for the role you have expressed interest in:

  • Your name and contact details (email, phone, address)
  • Education and professional qualifications
  • Work history
  • Your willingness to relocate, current and/or desired salary and other terms relating to compensation and benefits packages
  • Your eligibility to work in the UK which may include your citizenship and/or nationality
  • Any sensitive and/or demographic information voluntarily disclosed during the application or recruitment process such as gender, medical or health information and/or your racial or ethnic origin. This information is only used to support our diversity and inclusion efforts and ensure your health and safety during recruitment process
  • Employment reference checks and background verification checks (where applicable) before you are offered a job. Any such checks are undertaken with your consent.

How we receive this information?

This information is received directly from you when you apply to a job or through a recruitment agent. This information may be available in your resume or CV, cover letters, interview notes, phone conversations with you, any publicly available information e.g. information posted by you on social media.

Purpose and data retention

All information gathered during the recruitment process is used solely for assessing your skills, qualifications and suitability against our career opportunities and is not shared with any third parties. If you are offered and accept employment with Acaster Lloyd, the information collected during the application and recruitment process will become part of your employment record and will be retained by us in accordance with our Privacy Notice for Employees and Workers. A copy of this notice will be provided to you.

If your application is unsuccessful (or you withdraw from the process or decline our offer), we will retain your information for 6 months from last contact with you. We retain this information for various reasons, including in case we face a legal challenge in respect of a recruitment decision, to consider you for other current or future jobs at Acaster Lloyd.

2. Clients and Business Contacts

We collect personal information about our clients to provide them or their clients with audit and consulting services. We hold the following information about customers:

  • Contact details- name, business address, business email address, business phone numbers including mobile numbers
  • Personal information contained in business communications.

Transaction data including details about services you have engaged us for or enquired about. We may receive personal information from our clients about other individuals, e.g. their employees, while providing our services. Any such information provided to us is used solely for providing our services.

3. Research Participants

We conduct health research either on our own accord or on behalf of our clients. This research may be undertaken by sub-contractors or our employees and may take the form of online surveys, telephone, online or face to face interviews or questionnaires,  face to face discussions, focus groups or secondary data analysis. We may take video or audio recordings. Our amalgamized study findings (which do not contain any personal information) may be  published in medical journals or other publications globally.

The personal data we may hold for the research subjects includes:

  • Name, sex, date and place of birth, nationality
  • Next of kin, family (children, parents, siblings, spouse)
  • Opinions
  • Financial (bank details, salary or employer)
  • Special category data (medical history, health data, ethnicity, religious belief, sex life, sexual orientation, disability)
  • Video or audio recordings

Apart from receiving personal data directly from you when you take part in a research activity, we may receive your personal data from our subcontractors working on our behalf. Only relevant information is collected for the study. This processing is based on written consent, with disclosure of the purpose for which such data is processed at the time of consent and shall comply with relevant privacy and regulatory requirements. Where a research subject is a minor, consent from their legal guardian is taken.

You will receive information on the study within the the consent form which you are able to review prior to signing.

With whom is your personal data shared?

The video and audio recordings, and transcript may be shared with subcontractors providing transcription and translation services to us.

4. Visitors to our Website and Social Media platforms


Like many other websites, our website uses cookies (including Google Analytics cookies to obtain an overall view of visitor habits and visitor volumes to our website).] ‘Cookies’ are small pieces of information sent to your computer or device and stored on its hard drive to allow our websites to recognise you when you visit. The information is only processed in a way which does not identify any individual.

Details about the cookies used by us is displayed when you visit our website for the first time at a banner display at the bottom of your browser. From here you can either accept all cookies, reject  or view more details by clicking on settings. It is possible to switch off cookies using our cookies banner or by setting your browser preferences, if you have accepted once.

When you email us using the links on our website, we will use the information provided by you only for the purpose of providing you with an appropriate response.

Social media platforms

We may also collect any personal information which you allow to be shared that is part of your public profile or third party social network, including type and version, time zone setting, browser plug-in types and versions, operating system and platform

5. Visitors to our office

We will retain information about your visit, for example, time of visit and exit. This may be collected by reception staff whether employed by us or otherwise. Our landlords may record CCTV images as well as physical access logs. These details may be shared with us from time to time.

6. Marketing Data

We hold name and contact details of individuals who have expressed interest in hearing from us about our services or have engaged with us for supply of our services in the past. All direct marketing activities to such individuals shall comply with relevant privacy and regulatory requirements.

How is your personal data collected?

You may give us your personal data by entering information via the website, filling in forms or by corresponding with us by post, phone, email or otherwise and is entirely voluntary. This includes personal data you provide when you:

  • engage us to provide services
  • subscribe to our publications
  • request marketing material to be sent to you
  • contact us via our social media sites (e.g., LinkedIn)
  • completing any surveys
  • complete one of our enquiry forms or
  • provide us with feedback

What personal information do we receive from other sources?

We obtain certain personal information about you from sources outside of our business which may include other third party companies. The personal information we receive from third party sources is limited to your contact information.

How we use your personal information

The purposes for which we use your information and the legal basis under data protection laws on which we rely to do this are explained below.

1. Where you have provided CONSENT

We may use and process your personal information where you have consented for us to do so for the following purposes:

  • to perform our research surveys;
  • to share your data with our third party partners for them to contact you to perform research surveys that you have agreed to take part in.

We will always request your explicit consent before using any sensitive information about you such as your health data.

You may withdraw your consent for us to use your information in any of these ways at any time. Please see Withdrawing your consent for further details.

2. Where it is in your VITAL INTEREST

We may use your personal information to contact you if there are any urgent safety notices to communicate to you or where we otherwise reasonably believe that the processing of your personal information will prevent or reduce any potential harm to you. It is in your vital interests for us to use your personal information in this way.

3. Where there is a LEGITIMATE INTEREST

We may use and process your personal information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes:

  • for marketing activities (other than where we rely on your consent to contact you by email or text with information about our products and services or share your details with third parties to do the same, as explained above);
  • for analysis to inform our marketing strategy, and to enhance and personalise your customer experience (including to improve the recommendations we make to you on our website);
  • to correspond or communicate with you;
  • to verify the accuracy of data that we hold about you and create a better understanding of you as a customer;
  • for network and information security in order for us to take steps to protect your information against loss or damage, theft or unauthorised access;
  • for prevention of fraud and other criminal activities;
  • to comply with a request from you in connection with the exercise of your rights (for example where you have asked us not to contact you for marketing purposes, we will keep a record of this on our suppression lists in order to be able to comply with your request);
  • to assess and improve our service to customers through recordings of any calls with our contact centres;
  • for the management of queries, complaints, or claims; and
  • for the establishment and defence of our legal rights.

4. Where there is a LEGAL REQUIREMENT

We will use your personal information to comply with our legal obligations: (i) to assist any regulator or other public authority or criminal investigation body; (ii) to identify you when you contact us; and/or (iii) to verify the accuracy of data we hold about you.

5. Where it is required to complete a CONTRACT

We may use and process your personal information where we have supplied you (or continue to supply you) with any services, where we have arranged for the supply of another company’s services to you, or where you are in discussions with us about any new service. We will use this information in connection with the contract for the supply of services when it is needed to carry out that contract with you or for you to enter into it.

When and how do we share your personal data

We may share your personal data:

  • internally with staff members who require your information to carry out their jobs and who have received training in data protection.
  • with our professional advisors, including our legal advisors, insurers, accountants, auditors or other consultants to the extent they require this information to provide their services to us.
  • with subcontractors who are asked by us to deliver all or some of the services e.g., cloud service providers, administration services, card payment processors, participant recruitment companies, interviewers, third party research companies for the purposes of customer satisfaction surveys, transcription and translation agencies.
  • with courts, law enforcement authorities, regulators or government officials where it is legally required
  • with third parties providing IT support and maintenance services, data storage services, and other financial institutions providing services to us
  • as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation
  • in order to comply with any legal obligation, to detect or report a crime, to enforce or apply the terms of our contracts or to protect the rights, property or safety of our visitors and customers
  • any third parties with whom you require or permit us to correspond.

We do not sell personal information to anyone and only share it with third parties who are facilitating the delivery of our services and we will always take steps with the aim of ensuring that your privacy rights continue to be protected.

Transfers of personal data outside the EEA

There may be occasions where we will need to share your data with entities in third countries, such as when we are using cloud software providers which enable us to provide you with the services. We verify that any data transfer outside of EEA is subject to EU adequacy requirements, Standard Contractual Clauses or other transfer tools which comply with data protection legislation along with appropriate security measures.

Automated decision-making

We do not use automated decision-making in relation to your personal data.

Security of your personal information

To help protect the privacy of data and personally identifiable information you provide to us, we maintain physical, technical and administrative safeguards. We update and test our security technology and controls on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.

Date storage and retention

Your personal data is stored on Acaster Lloyd’s servers, and on the servers of the cloud-based services and IT service providers we engage, as well as in physical forms in our office and at backup and archival facilities. We retain data as per our data retention policy and regulatory data retention requirements.

The length of time we retain your personal data s determined by a number of factors including the purpose for which we use that information and our obligations under other laws. We do not retain personal information in an identifiable format for longer than is necessary.

We may need your personal information to establish, bring or defend legal claims.  For this purpose, we will always retain your personal information for 7 years after the date it is no longer needed by us for any of the purposes listed under How we use your personal information above. The only exceptions to this are where:

  • the law requires us to hold your personal information for a longer period, or delete it sooner;
  • you exercise your right to have the information erased (where it applies) and we do not need to hold it in connection with any of the reasons permitted or required under the law (see further deleting your personal information or restricting its processing below); or
  • in limited cases, the law permits us to keep your personal information indefinitely provided we put certain protections in place.

Data Subject Rights

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within one month from either (i) the date that we have confirmed your identity or (ii) where we do not need to do this because we already have this information, from the date we received your request.

Accessing your personal information

You have the right to ask for a copy of the information that we hold about you by emailing or writing to us at the address at the end of this policy.  We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

Correcting and updating your personal information

The accuracy of your information is important to us and we are working on ways to make it easier for you to review and correct the information that we hold about you.

In the meantime, if you change your name or address/email address, or you discover that any of the other information we hold is inaccurate or out of date, please let us know by contacting us in any of the details described at the end of this policy [or by updating your details on our online portal][1].

Withdrawing your consent

Where we rely on your consent as the legal basis for processing your personal information, as set out under How we use your personal information, you may withdraw your consent at any time by contacting us using the details at the end of this policy.  If you would like to withdraw your consent to receiving any direct marketing to which you previously opted-in, you can do so using our unsubscribe tool. If you withdraw your consent, our use of your personal information before you withdraw is still lawful.

Objecting to our use of your personal information and automated decisions made about you

Where we rely on your legitimate business interests as the legal basis for processing your personal information for any purpose(s), as out under How we use your personal information, you may object to us using your personal information for these purposes by emailing or writing to us at the address at the end of this policy. Except for the purposes for which we are sure we can continue to process your personal information, we will temporarily stop processing your personal information in line with your objection until we have investigated the matter. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we need to continue using your data.

You may object to us using your personal information for direct marketing purposes and we will automatically comply with your request. If you would like to do so, please use our unsubscribe tool.

Erasing your personal information or restricting its processing

In certain circumstances, you may ask for your personal information to be removed from our systems by emailing or writing to us at the address at the end of this policy. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.

You may also ask us to restrict processing your personal information where you believe it is unlawful for us to do so, you have objected to its use and our investigation is pending or you require us to keep it in connection with legal proceedings.  In these situations we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.

Transferring your personal information in a structured data file (“data portability”)

Where we rely on your consent as the legal basis for processing your personal information or need to process it in connection with your contract, as set out under How we use your personal information, you may ask us to provide you with a copy of that information in a structured data file. We will provide this to you electronically in a structured, commonly used and machine readable form, such as a CSV file.

You can ask us to send your personal information directly to another service provider, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.

Complaining to the UK data protection regulator

You have the right to complain to the Information Commissioner’s Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.


Please direct any queries about this policy or about the way we process your personal information to our Privacy Team using our contact details below.

If you wish to write to us, please write to the address given at the start of this policy. Our email address for data protection queries is If you would prefer to speak to us by phone, please call +44 (0)20 3978 1680.

Policy Updates

We may review this policy from time to time and any changes will be notified to you by posting an updated version on our website with immediate effect. We recommend you regularly check for changes and review this policy whenever you visit our website. If you do not agree with any aspect of the updated policy you must immediately notify us and cease using our services.

[1] If applicable.