L.E.K. Consulting Cookies and Tracking Notice

L.E.K. Consulting (including all L.E.K. Consulting affiliates and global associated offices, collectively, “L.E.K. Consulting”, “we”, “us” or “our”) respects your privacy and is committed to protecting the personal information of yours that we may hold. This privacy notice applies to pages hosted on the www.lek.com website (the “Website”) and describes the types of personal information we may automatically collect via tracking technologies that we place on your device when you visit the Website and our practices for collecting, using, maintaining, disclosing and transferring that information.  It also informs you of your privacy rights and how to exercise them.

This privacy notice is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can download a pdf version of the notice.

1. Important information and contact details

2. The data we collect about you

3. How we automatically collect information and use Cookies

4. How we use your personal information

5. Disclosures of your personal information and international transfers

6. Links to third-party sites

7. Social networking

8. Data security

9. Data retention

10. Your rights under this Privacy Notice and applicable law

1. Important information and contact details

L.E.K. Consulting respects your privacy and is committed to protecting your personal information that we may hold.

L.E.K. Consulting reserves the right to modify this Privacy Notice at any time, including to disclose new use cases for personal information that we collect automatically when you visit the Website. If our practices change at some time in the future, we will post the policy changes to our Website to notify you of these changes and give you the opportunity to consent to these new use cases before we engage in them. We will not use personal information collected under a prior version of this Privacy Notice for newly disclosed purposes without your consent. If you are concerned about how we use personal information collected automatically when you visit the Website, please review this Privacy Notice periodically.

This Website is not directed at minors 18 years of age or younger. L.E.K. Consulting, therefore, will not intentionally collect information about any user under the age of 18 and our website or communications are not extended to such persons. If we obtain actual knowledge that we have collected a minor’s personal information, we will delete it promptly.

Contact:
If you have questions about how we collect, store, use, share, retain, and delete personal information collected under this Privacy Notice or wish to exercise one of the rights described in this Privacy Notice or under applicable law, you can contact our privacy office at dataprivacymanager@lek.com or, by phone at +1 (617) 951-9500, or by mail at: 

L.E.K. Consulting
Attn: Legal Department
75 State Street, 19th Floor
Boston
MA 02109

2. The data we collect about you

Personal information is any information that, directly or in combination with other information that we reasonably have access to, identifies or describes you. It does not include Aggregated Data (defined below), which we create by combining personal information collected from all visitors to the Website so we can measure trends without identifying you or any particular individual.

Automatic collection of information upon visiting L.E.K. Consulting’s site

When you access our Website, L.E.K. Consulting will collect and store certain information, such as: the provider you use to access the Internet, the operating system, browser, and Internet Protocol (IP) Address of the device you use to visit the Website, the pages you visit and the content you access or interact with, the Internet address of any sites you visited immediately before visiting the Website, and your browser’s country setting. If you leave our Website via an external link to another site, we will not collect any information that you share on the external site.

You may choose to provide additional personal information by filling out certain forms on the Website, creating an account on the Website, contacting us by email, or otherwise voluntarily supplying information to L.E.K. Consulting. If you do so, we will collect the name and e-mail address you provide us and the IP Address of the device you use to access the Website. You can learn more about how we handle voluntarily provided personal information on our Marketing, Business Development, and Alumni Privacy Notice or, if you are applying for a job, our Recruitment Privacy Notice.

We also use your personal information to create “Aggregated Data” that we reserve the right to use, store, and share with third parties for any purpose. Aggregated Data is not personal information because we cannot reasonably identify any specific individual in the data set. For example, we may aggregate your use of this Website data to calculate the percentage of users accessing a specific Website feature or particular content.

If we Aggregated Data with or connect it to other information that we have in our possession or can reasonably access so that it can identify or describe you, we do, we will treat the combined data as personal information governed by this Privacy Notice.

Other than in the context of our recruitment activities for monitoring and equality purposes as described in our Recruitment Privacy Notice, we do not collect any sensitive personal information about you via Cookies placed on the Website.

3. How we automatically collect information and use Cookies

Our Website uses “Cookies,” which are text files placed on your computer or mobile device when you visit the Website, and other types of trackers like tags and pixels to store certain preferences and information. We will refer to all types of trackers as “Cookies” in this privacy notice. Your browser includes instructions to allow you to establish certain settings on your computer to warn you before a Cookie is stored, block all Cookies or erase Cookies from your device’s internal storage if you wish to do so. If you do decide to disable Cookies, you may not be able to access some areas of our website. You can also choose whether to accept all Cookies, reject all Cookies, decide which categories of Cookies you want to allow, and opt out of the sale of your Personal Information via Cookies that transfer it to third parties with our consent management tool. To access your cookie preferences, please click the “Cookie Settings” link at the bottom of any page on our website.

Our Website uses both session Cookies and persistent Cookies to improve the functionality of our Website and your experience when using it and to market our services to prospective clients. Session Cookies enable you to move from page to page within our website and to save information you enter for later use. Session Cookies expire when you close your browser or after a short time. Persistent Cookies allow our Website to remember your preferences and settings when you visit our Website in the future. Persistent Cookies expire after a set period of time.

Our Website uses Cookies in the following ways: 

Functional Cookies

  • Drupal – Drupal is our content management system. It uses persistent Cookies and session Cookies to manage our web pages and enable you to control the collection of data via Cookies through our consent management tool.
  • Oleeo – Oleeo is our recruiting system. It uses session Cookies to help you search and apply for open positions at L.E.K. 
  • Salesforce - Salesforce is our Customer Relationship Management system that stores information about employees of current and prospective clients, their titles, and contact information. We use Pardot, a Salesforce application, to manage our contact forms and our email subscriptions service. Pardot uses a session cookie to allow you to contact us via forms published on the Website and subscribe to our mailing lists. Tableau is a Salesforce application that we use to see and understand data we have collected via the Cookies that Salesforce provides us.
  • Wordpress – Wordpress manages our the L.E.K. Alumni Network, a social network that we make available to former L.E.K. personnel when they depart the firm. Wordpress uses persistent and session Cookies to help alumni access the L.E.K. Alumni Network and remember their preferences and settings. For further details about the processing of personal information in the context of the L.E.K. Alumni Network please contact us by emailing dataprivacymanager@lek.com or see our Marketing, Business Development and Alumni Privacy Notice.

Performance Cookies

  • New Relic – New Relic is a systems monitoring tool that uses session and persistent Cookies to measure how well the Website is performing, collect and log information about events that occur during the operation of the Website, and trace the sequence of events so we can learn about how the Website works over time.
  • Wistia – Wistia is an online video software provider we use to host and play our video content. Wistia tracks how you interact with media embedded on our Website: how much of a video you play, at what points you pause or rewind, etc. We may pause playback of certain media and ask for your email address or name to continue watching. You are under no obligation to provide this information, but we reserve the right to limit access to certain media to identified users. Wistia aggregates the data collected through its trackers, including names and email addresses, and provides it to us. Other than providing this data to us, Wistia does not sell or provide the data it collects from our embedded media to third parties. This information helps Wistia to monitor use of its software and helps us to monitor how Website visitors view our videos.

Advertising / Targeting Cookies

  • Demandbase – Demandbase is an account-based tool that we use for business-to-business marketing, advertising, and personalization. When you visit our website, if you consent in your cookie choices, Demandbase-associated trackers are placed on your device to collect personal information about you including the pages you view, the objects you interact with on our website, your IP address, and unique identifiers. These trackers send Demandbase this data to help us identify your employer’s industry, size, location, and revenue based on the information Demandbase provides us.

    Demandbase also uses the personal information that it collects with its trackers to advertise its own products and services. Demandbase may also share this personal information with its third-party partners, including data management platforms and other advertising technology providers that it uses to build profiles of individuals and improve the performance of ad campaigns. These partners may also place trackers on your device that persist for up to 400 days.

    You can learn more about Demandbase’s privacy practices by accessing their privacy policy. You can opt out of Demandbase’s tracking, among others, through the Digital Advertising Alliance’s WebChoices tool.

    Additionally, if you select “Reject All” on our cookie consent tool or disable advertising Cookies, we will not place Demandbase’s tracker on your device.

  • Google Analytics - We use Google Analytics to gather information about how you and other visitors use our Website. Google Analytics uses Cookies as part of this process to collect anonymous information, including the number of visitors to the Website, where they have come to the Website from, the pages they visit, the length of time they have spent on the Website, the terms they search for, the videos they watch, and the files they download. It also collects personal information in the form of measurements that track what content you click on, what you did while browsing the Website, the browser and device you use to access the Website, your location to the city level, when you fill out and submit online forms, and when you share a page from the Website to one of your social media accounts. We use this information to improve our Website and the content we make available through it. You can learn more about how Google uses the information that Google Analytics collects from our site here.

    You can prevent Google Analytics from collecting data from your device via the Google Analytics Opt-Out Browser Add-on. If you just want to prevent Google Analytics from collecting data on your use of our website, you can do so by selecting “Reject All” on our cookie consent tool or disabling advertising Cookies.

  • LinkedIn – We use the Linkedin Insight Tag to collect information about Linkedin users who visit the Website. It collects information about the page you are viewing, where you linked to the Website from, information about your device and its browser and IP address, and when you visited the Website. Linkedin does not share personal information with us. It only provides reports and alerts about our Website audience and the performance of our ads outside the Website. Linkedin members can control the use of their personal information through their account settings.
  • ShareThis – ShareThis makes it easy for you to share content you find on the Website to your social media accounts. ShareThis uses session and persistent Cookies to track your browsing activity to enable you to use the tool to share information to your social networks and to help us advertise our services. ShareThis also uses information that its Cookies collect in its own advertising business. You can opt out of ShareThis’s use of your personal information to serve targeted advertisements using tools available through their privacy policy

Please see our Cookie Settings for comprehensive information on all the Cookies our Website uses and their purposes. You can also learn more about Cookies at www.allaboutcookies.org.

We only collect personal information via Cookies when you have given your consent. We will typically ask for your prior informed consent before placing Cookies used to collect personal information on your device. Where the law allows, we may rely on implied consent. In such cases, giving you access to this Privacy Notice and an opportunity to opt out via our cookie controls constitutes your consent to the settings you select. You can change what you have agreed to or revoke your consent by using our cookie controls. You can also use third party tools to object to interest-based advertising that relies on Cookies to function. Some of these include:

We may also collect personal information via Cookies where we need to comply with a legal or regulatory obligation or in relation to legal claims or to exercise rights and perform obligations under any contract we might have with you or that we are negotiating with you.

4. How we use your personal information

We use personal information that we collect through Cookies to improve the content and performance of our Website, provide a personalized and region-appropriate experience, and advertise our services to you. We may transfer personal information we collect when you visit our Website to third parties in order to do so.

5. Disclosures of your personal information and international transfers

L.E.K. Consulting transfers personal information collected through Cookies to third parties who help us market our services. These transfers may constitute sales of personal information or sharing for advertising purposes under applicable law. We may disclose the information collected with third-party marketing service companies which may process your data on our behalf and under our instruction. These third-party service providers include Demandbase; Salesforce, Pardot, and Tableau; LinkedIn; Google Analytics; Wistia; New Relic; and ShareThis, who assist us in maintaining our Website, analyzing our Website traffic, providing information to users of our Website, and promoting our services to potential clients. We require all third parties to respect the security of your personal information and to treat it in accordance with applicable law. Some of these third-party service providers will use personal information we collect through the use of their Cookies for their own purposes, subject to their own privacy policies and controls.

With respect to Ad Servers: we do not partner with or have special relationships with any ad server companies.

L.E.K. Consulting reserves the right to disclose your information where required by law or to comply with valid legal or regulatory processes to protect L.E.K. Consulting’s rights.

In addition, we may also disclose your personal information to third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets, or alternatively, if we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners, or combined group, may use your personal information in the same way as set out in this Privacy Notice, otherwise you will be notified of any change by an updated privacy notice on this Website.

The information collected may also be shared within L.E.K. Consulting on a global basis and globally with third parties who may be providing services to any L.E.K. Consulting company. Those countries may not provide the same level of legal protection for your personal information as your home country does, but where required by law, we have put in place legal mechanisms designed to ensure adequate data protection. Such mechanisms include, but may not be limited to, model contracts like the EU Model Clauses. For transfers within L.E.K. Consulting, we ensure each office complies with our internal policies on personal information.

If you agree to let us collect personal information as described in this Privacy Notice, you also agree to the transfer and hosting of your personal information anywhere in the world within L.E.K. Consulting.

Please contact us if you want further information on transferring your personal information.

6. Links to third-party sites

The lek.com website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

7. Social networking

The Website may allow you to sign in with your social media accounts like LinkedIn, X (Twitter), Facebook and YouTube (Google). If you choose to do so, you are allowing us to access the personal information that you have made publicly available on the social media platform, which could include, but may not be limited to, your email address, your profile name and picture, and location. We will process this information in accordance with this Privacy Notice, but we are not responsible in any way for the terms of use of the social network, their privacy notice or how they process your data. Using a social media account to log into the Website will also give the platform information about how you use the Website. To manage the information that is shared through your account with L.E.K. Consulting and other third-party applications, or to disconnect a social media account from the Website, please refer to the privacy notice of your social network account.

8. Data security

L.E.K. Consulting has put in place reasonable and appropriate administrative, physical, and technical safeguards to protect personal information against unauthorized access, alteration, destruction, disclosure, or use. In the event of a breach of your personal information, we will notify you and any applicable regulator of a breach as required by applicable law.

We also limit access to your personal information to those employees, agents, contractors and third parties who have a business need to know and who have agreed to appropriate confidentiality and security obligations and engage independent, external auditors to assess the effectiveness of our information security management practices against widely known and generally accepted standards.

Despite these precautions, L.E.K. Consulting cannot guarantee the security of the information collected from third parties or transmitted through our Website or guarantee the security of emails. Therefore, we assume no liability for any disclosure of information collected arising from the acts of third parties or other events, acts or omissions outside of our control, including, but not limited to, interruption of service or any issues related to the use of the internet. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

9. Data retention

By default, we retain personal information collected through use of Cookies for three years. We may keep it for up to 10 years where required to comply with anti-money laundering and other laws. We may delete personal information earlier in response to erasure requests or hold it longer where required by law, such as in preparation for litigation.

We reserve the right to retain Aggregated Data indefinitely for our internal business uses.

10. Your rights under this Privacy Notice and applicable law

We recognize a number of privacy rights that you have under privacy laws in force where you live, where we do business, and under our own internal policies. These rights include the right to:

  • Get information about the types of personal information we collect, where we get it from, how we use it, and who we share it with. In most cases, this Privacy Notice meets this right but you can also contact us to request further information.
  • Request access to your personal information (commonly known as a "data subject access request" or “data portability request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure or deletion of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. The right to object includes the right to opt out of the sale of your personal information and from its sharing with third parties for targeted advertising purposes as well as the right to refuse to permit us to use your personal information to market our services to you.
  • Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where you believe that our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. 
  • Request the transfer of your personal information to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
  • Engage an authorized agent to submit privacy rights requests on your behalf and to communicate your privacy preferences to us automatically. In order to verify requests submitted on your behalf, we will ask your authorized agent to provide proof of your authorization including your: legal name; contact information (including, as applicable, mailing address, telephone number and email address); and proof of identity (including, as applicable photo identification). In addition, your authorized agent will be required to provide the following information: legal name of authorized agent; contact information of authorized agent (including, as applicable, mailing address, telephone number and email address); proof of identity of authorized agent (including, as applicable, photo identification), and proof of authorization to act as authorized agent (including, as applicable, written consent signed by you, or a certified copy of a Power of Attorney).

We will not discriminate against you for exercising the rights described in this notice or afforded to you by applicable law. In some cases, applicable exemptions to these rights may prevent us from fulfilling your requests in full. For example, we will not disclose personal information to you in response to an access request if doing so would violate another person’s rights or disclose confidential information that we cannot lawfully share. Where we decline to fulfill a request entirely or in part, we will identify the applicable exemption and explain our reasoning.

You will not have to pay a fee to access your personal information or to exercise any of the other rights, where these rights apply in our processing of your personal information. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We will respond to a legitimate request in the timeframe allotted under applicable law. 

In addition, where granted by local law, you may also have the right to make a complaint at any time to the relevant data protection authority. We would, however, appreciate the chance to deal with your concerns before you approach any authority so please contact us in the first instance.

Updated March 2024