Table of Contents
1. Important information and who we are
2. The data we collect about you
3. Methods of Acquiring Personal Information
4. Use and Disclosure of Personal Information
Introduction – Global Contacts, Primary Research, and L.E.K. Expert Platform Privacy Notice
This Privacy Notice describes how L.E.K. Consulting (“we” or “us”) Processes Personal Information that we collect from or about you and use when you participate in market research activities supporting our consulting business and join our L.E.K. Expert Platform market research platform.
We depend on your trust to successfully conduct our research. We respect your privacy and are committed to protecting your personal information. This Privacy Notice explains how we protect personal information we Process in the context of our market research activities. It also identifies the rights you have over your personal information and how to exercise them.
You can navigate this Privacy Notice using the table of contents below. Please review the glossary at the end of this Privacy Notice for definitions of important terms.
1. Important information and who we are
Purpose of this privacy notice
This Privacy Notice aims to give you information on how L.E.K. Consulting collects and processes your personal information. This Privacy Notice supplements our general Website Privacy Notice, which describes how our websites, including the L.E.K. Expert Platform process your personal information.
We do not typically collect data relating to persons under the age of 16. Occasionally we may wish to survey minors to gather their opinions on topics we are researching. We will not survey minors without the consent of their parent(s) or guardian(s). If you become aware that we have acquired personal information on any person under 16 years of age through any other method please inform us immediately via the contact details set out below.
Who we are
L.E.K. Consulting is made up of different legal entities which operate in various regions around the world. Our website describes where our offices are. L.E.K. Consulting’s legal entities include all those legal entities authorized to operate under the “L.E.K. Consulting” brand through our global network in the Americas, Europe and the Asia Pacific regions (the “L.E.K. Consulting Group”). When we mention "L.E.K. Consulting" or “L.E.K.”, "we", "us" or "our" in this Privacy Notice, we are referring to the relevant company in the L.E.K. Consulting Group responsible for deciding the nature and scope of our processing of your personal information. We operate and share between the L.E.K. Consulting Group entities a global database of primary research sources as well as of other professionals, experts and information providers but will let you know which entity or entities are processing your data in our communications with you. Please note that you may be contacted by more than one L.E.K. Consulting Group entity.
All questions in relation to this Privacy Notice, including any requests to exercise your rights, should be directed to the data privacy manager using the details set out below.
Contact details
If you wish to ask questions, make requests, or file complaints about how we process your personal information, you can contact our privacy office at:
L.E.K. Consulting
Attn: Legal
75 State Street, 19th Floor
Boston, MA 02109
Tel: 1-833-535-0732
Email: dataprivacymanager@lek.com
Depending on where you live, you may have the right to make a complaint to regulators with jurisdiction over local L.E.K. Consulting’s Group entities if you are not satisfied with our privacy office’s response.
Changes to the Privacy Notice and your duty to inform us of changes
It is important that the personal information we hold about you is accurate. Please keep us informed if your personal information changes during your relationship with us.
Third-party links
Our communications with you and our website may include links to third-party websites, plug-ins and applications. This may include surveys sent by L.E.K. Consulting’s Group entities or on their behalf by survey provider firms or other respondent information gathering software or tools. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Notice of every website you visit.
2. The data we collect about you
Personal information means any information that we can use to identify or describe you, whether directly or when combined with other data we could reasonably access. We may acquire (through direct collection, by creating it, or from a third party), use, store and transfer within L.E.K. Consulting different kinds of personal information about you which we have grouped together as follows:
- Identity Data includes title, first name, maiden name, last name, employer, job title, qualifications and experience. When responding to surveys, we may also collect demographic information like your age range and gender to ensure that our respondent pool is appropriately as well as information about your experiences with products or services that we are researching
- Contact Data includes postal addresses, email address and telephone numbers (fixed line and mobile numbers) both of a corporate or personal nature.
- Financial Data includes bank account and other payment method details.
- Transaction Data includes details about payments to and from you (as the case may be) and other details of honorarium payments we have agreed.
- Profile Data includes your name and those interviews or surveys you may have participated in with us, your responses, preferences, and feedback.
- Usage Data includes information about how you use our surveys or responds to interviews.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences. Details of how we process this data are set out on our https://www.lek.com/marketing-privacy-notice
We also process your personal information to create, use, and share Aggregated Data derived from your personal information but that can no longer identify or describe you either directly or in combination with other information that we reasonably have access to.
Because Aggregated Data is no longer considered personal information, we may process it for any legitimate business purpose. For example, we may aggregate your Usage Data with others to calculate the percentage of data subjects responding to surveys. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy Notice.
Processing Sensitive Personal Information
We process financial and contact information that we need to pay honoraria when you participate in paid market research activities.
When we conduct surveys, demographic information may include sensitive personal information to screen respondents for eligibility to participate in the survey and to develop aggregated data about the demographics of our survey respondents. This information includes Identity Data (age range, gender, family status), and Financial Data (property ownership, household income). When processing sensitive personal information to determine whether you are eligible to participate in a survey, we (or our service providers if we engage a third party to conduct the survey on our behalf) will use that information solely for that purpose. When processing sensitive personal information for demographic purposes, we will provide you with an option not to answer. We do not knowingly collect any information about criminal convictions and offences.
If you fail to provide personal information
Where we need to collect personal information by law, or under the terms of a contract we may have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with payment for honoraria).
3. Methods of Acquiring Personal Information
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you:
- Join our L.E.K. Expert Platform expert network;
- Participate in interviews or surveys;
- Give us feedback about our market research activities or the L.E.K. Expert Platform expert network;
- give us some feedback.
- Third parties or publicly available sources. We may receive or collect personal information about you from various third parties and public sources (including the internet) including but not limited to those set out below. Information received or collected may be Contact, Identity, Financial, Transaction or Technical Data:
- Survey platform and sample providers who help recruit survey respondents, distribute surveys on our behalf, analyze your participation in our surveys, and report to us on results (a list of such providers is available as Annex B to this Privacy Notice);
- LinkedIn, which we use to search for relevant experts to invite to participate in our market research activities;
- Payment service providers:
- Onbe
- Trolley
- L.E.K. Consulting Pte Ltd.
- L.E.K. Consulting India Private Limited
- From data brokers like:
- Expert Network firms Adcery, AlphaSights, Arbolus, Atheneum Partners, BetaExper, BCC, Candour Energy, CapVision, Coleman Research, Corevestor, Dialectica, Guidepoint Global, Lynk, M3, Magellan, Nexus, proSapient, Silverlight, Six Defrees, Techspert, Third Bridge, Xperts Council, and Xucen
- List Publishers Exactdata, InfoGroup, InfoUSA, Information Refinery, IQVIA OneKey and NextMark;
- Business Directories Data.com Connect, EMIS, WIND, Chinaventure, Factiva, Tianyancha,Orbis, Infogrette, Bureau Van Dijk, Clarksons, D&B Hoovers, LinkedIn, Leadership Directories, and Manta
- From public records like as Companies House in the UK and the Electoral Register based inside the EU or equivalent in other jurisdictions
- Searches we carry out on the Internet.
4. Use and Disclosure of Personal Information
We use personal information processed under this Privacy Notice and disclose it to third parties as described in the table below. If you live in a country that provides multiple legal bases for processing, we will identify that legal basis in the table.
We will disclose your personal information to: (a) third party service providers identified in the table below; (b) government agencies where required to do so by law; (c) our legal representatives and courts or other tribunals to establish, exercise or defend legal claims or threatened legal claims; (d) prospective purchasers of our business or assets; or (e) prospective acquisition or merger targets.
We do not sell your personal information.
| Category of Personal Information | Purpose for Processing | Third-Party Recipients | Legal Basis Where Applicable |
|---|---|---|---|
| Identity | Determining your eligibility for participation in interviews or surveys | proSapient (L.E.K. Expert Platform operations where available) L.E.K. Consulting Group Members (conducting market research activities) | Performance of contractual obligations and exercise of contractual rights |
| Contact | Inviting you to join the L.E.K. Expert Platform where available, participate in market research activities, and receive follow-up correspondence | iDiaoyan, Intage, CIMI, Potloc, CIC, Medlive, Gooddr, Dynata, SHG, Toluna, M3, Dialectica, Sermo, SCR, Grape Data, Colemand, Ivy Exec, ROI Rocket, Jasper Colin, proSapient, Full Circle, Insights Workshop, Intellisurvey, Owl, IncQuery, and Qualtrics (distributing and conducting surveys) Zoom Inc., NoNotes.com (conducting recorded interviews) Mailgun (sending invitations to experts) L.E.K. Consulting Group Members (conducting market research activities) | Legitimate interest in operating L.E.K. Expert Platform and recruiting subject matter experts in their field to join it Legitimate interest in conducting market research activities Performance of contractual obligations and exercise of contractual rights under the L.E.K. Expert Platform terms and conditions |
| Financial | Paying honoraria | Onbe (Global) Trolley (Global) L.E.K. Consulting India Private Limited L.E.K. Consulting Pte Ltd. | Performance of contractual obligations and exercise of contractual rights |
| Profile | Determining whether you have relevant expertise for market research activities we are recruiting for | Amazon Web Services proSapient (hosting and managing expert profiles) | Legitimate interest in conducting market research activities |
| Transactional | Paying honoraria and maintaining records of paid engagements | proSapient (hosting and managing expert profiles) Trolley (collecting payment information and distributing honoraria) | Performance of contractual obligations and exercise of contractual rights |
| Usage | Performing quality control on survey responses to identify valid responses | LEK Clients | Legitimate interest in obtaining high quality survey responses |
If laws where you live do not recognize legal bases other than consent, we process personal information based on your consent to the L.E.K. Expert Platform terms and conditions and this Privacy Notice.
We require all third parties to respect the security of your personal information and to treat it in accordance with this policy and applicable law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
5. International transfers
We share your personal information within the L.E.K. Consulting Group on a global basis and your personal information may also be shared globally with third parties who provide services to any L.E.K. Consulting company. Where local law restricts international transfer of personal information, we perform risk assessments to determine the appropriate scope of transfers and use data sharing agreements to ensure that all L.E.K. Consulting Group companies protect your personal information appropriately no matter where they are located. We also ensure each L.E.K. Consulting Group office complies with our internal information security and enterprise privacy policies.
Please contact us if you want further information on the specific mechanisms we use to support international transfers of your personal information.
6. Data security
We use administrative, physical, and technical safeguards to: (a) limit availability of your personal information to persons with a legitimate business need to know and who are subject to duties of confidentiality; and (b) detect, prevent, and respond to incidents involving potential unauthorized processing of your personal information. These measures consider the state of the art; the cost of implementation; and the nature, scope, contexts and purpose of our processing activities, as well as the likelihood and severity of risks to your rights. We also engage independent, external auditors to assess our safeguards to verify their ongoing effectiveness and implement remediation plans to address any concerns that our auditors may find. We also engage independent, external auditors to assess the effectiveness of our safeguards against widely known, generally accepted standards for information security management systems and continuously improve our security capabilities by addressing findings that the assessments may uncover.
However, as with any information transmitted via the internet or even in protected environments, there is always some risk of unauthorized processing. Known risks include data corruption, hacking, interception, unauthorized amendment and other tampering and, in some cases, use of email may compromise confidentiality we cannot therefore be responsible for the confidentiality of your data in these instances.
We have put in place procedures to deal with personal information breaches and will notify you and any applicable regulator of a breach where we are legally required to do so.
7. Data retention
We will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
After you cease being an L.E.K. Expert Platform member or otherwise cease participating in our market research activities, we retain Contact, Identity, Financial and Transaction Data for up to six years in order to comply with applicable legal requirements. In Germany or where otherwise required by law, we may retain this information for up to ten years. Where any statute of limitation requires longer periods we will retain your personal information for such longer periods. Where we have a legitimate business interest in doing so, we may anonymize your personal information for research or statistical purposes in which case we may retain this information indefinitely without further notice to you.
8. Your legal rights
Laws applicable where you live as well as our enterprise privacy policy give you rights over how we process your personal information. These rights include the right to:
- Know what categories of personal information we process; the specific types of personal information we have acquired from or about you; where we acquired it from; what we do with it and who we disclose it to; how to contact us; and where applicable the legal basis for our processing. This Privacy Notice provides the relevant information.
- Receive copies of your personal information that we retain in commonly used human and machine-readable formats.
- Object to or opt out of processing your personal information for purposes unrelated to L.E.K. Expert Platform and our market research activities.
- Give prior informed consent to any processing of your personal information not previously disclosed to you in this Privacy Notice.
- Correct any personal information that we hold that is no longer accurate.
- Ask us to restrict our use of your personal information to:
- The operation of L.E.K. Expert Platform and our market research activities and to suspend our processing of your personal information to establish your data’s accuracy;
- Securely storing your personal information where you believe that we have violated applicable law but do not want us to delete it;
- Where you need us to retain data to exercise legal claims you may have or defend against claims that may be brought against you; and
- Where you have chosen to object to our processing of your personal information and we are evaluating the extent to which we will fulfill your request.
- Ask us to transfer your personal information to you or a third party of your choice information in a structured, commonly used, machine-readable format.
- Withdraw your consent to any processing activities that we have engaged in with your informed consent.
- Not face discrimination for choosing to exercise your rights.
- Request deletion of your personal information.
- Authorize a third-party representative such as but not limited to your legal counsel to exercise your rights on your behalf.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will respond to a legitimate request in the timeframe allotted under applicable law.
9. Glossary
INFORMED CONSENT
Any freely given, specific, and active indication that you agree to processing of your personal information after receiving information about: who we are; our intended use cases; how long we will retain your personal information; any third parties who will process your personal information as part of our use cases; and how to withdraw your consent at any time.
PERSONAL INFORMATION
Any data that identifies or describes you, your communications with others, your movements and surroundings, and your behaviors online and in the real world. Data are personal information if identifies you directly, such as your name or contact information, or indirectly when combined with other information that we have or can reasonably access, such as the answers you provide to survey or interview questions. Where applicable law defines personal information (also known as “personal data” or “personally identifiable information”), any data that meets such a definition is also personal information.
SENSITIVE PERSONAL INFORMATION
Personal Information which, if misused or lost, may expose you to increased risk of harm due to their nature or require us to notify affected individuals, regulators, or the public. Examples of sensitive personal information includes certain identifiers like government ID numbers and bank account credentials information about your finances; criminal history; racial or ethnic origin; political opinions; religious, philosophical and other deeply held personal beliefs; trade union membership; genetic data; biometric identifiers like your fingerprints; and data concerning your health, sex life, sexual orientation, or gender identity.
PROCESSING
Any action we take that affects your personal information whether manual or automated. For the purposes of this Privacy Notice, processing includes acquisition of your personal information; inviting you to join L.E.K. Expert Platform; creating and maintaining your L.E.K. Expert Platform profile; inviting you to participate in our market research activities; sending you surveys or setting up interviews; conducting interviews and collecting survey responses; analyzing your responses to our research questions to create work product; handling your privacy requests such as to correct or delete your personal information; and disclosing your identity to our clients if they request it and you give your informed consent to the disclosure.
LEGAL BASIS
The steps we have taken under applicable law to ensure that we are processing your personal information lawfully. In most places, our legal basis is your acknowledgment of this Privacy Notice and, where relevant, the L.E.K. Expert Platform terms and conditions. Where applicable law where you live provides for them, we rely on these legal bases instead:
- Exercising our contractual rights and performing our contractual obligations where you have agreed to join or are considering whether to join L.E.K. Expert Platform and participate in our market research activities.
- Our legitimate business interest in identifying individuals who have expertise that is relevant to our market research needs, inviting them to join L.E.K. Expert Platform and participate in surveys and interviews, and conducting market research activities for the benefit of L.E.K. Consulting and our clients. When processing your personal information under this basis, we conduct risk assessments to ensure that our interest is legitimate; that we need to process your personal information to achieve it; and that we have appropriately considered and where necessary mitigated the impact to your interests, rights, and freedoms.
- Where we are required to process your personal information by applicable law.
THIRD PARTIES
Internal Third Parties
Other companies in the L.E.K. Consulting Group acting as joint controllers or processors and who are based in those offices specified in our website and provide IT and system administration services and undertake leadership reporting.
External Third Parties
- Market research companies, whether as suppliers or programmers used for the hosting and administration of the database including the collection of data on our behalf and including the administering of surveys or other research and interview tools or information collection methods.
- Banking and payment and clearing service providers may be required by us to process honoraria payments to you where these apply.
- Service providers acting as processors based in any jurisdiction who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide services to us and, in certain instances, our clients.
- Tax authorities, regulators and other authorities who require reporting of processing activities in certain circumstances.
10. ANNEX A
L.E.K. Consulting Group entities who may process your personal information include:
- L.E.K. Consulting LLC
- L.E.K. Consulting LLP
- L.E.K. Consulting GmbH
- L.E.K. Consulting S.A.R.L.
- L.E.K. Consulting Australia Pty Ltd
- L.E.K. Consulting India Private Limited
- L.E.K. Consulting Limited
- L.E.K. (Brasil) Participações S.A
Please note that this list is subject to change from time to time and that there may be instances in which we share personal information as described in this Privacy Notice with associated entities of the entities listed.
11. ANNEX B
Third party survey platform and sample providers we work with include:
| US | EU/UK | APAC | AUS | ||
|---|---|---|---|---|---|
Survey Platform providers | |||||
| IncQuery | x | x | |||
| IntelliSurvey | x | ||||
| Owl | x | x | |||
| Qualtrics | x | x | x | ||
| Centiment | x | ||||
| OnePulse | x | ||||
| PureProfile | x | ||||
| Dynata | x | x | |||
| The Clever Stuff | x | ||||
| YellowSquares | x | ||||
| EKAS | x | ||||
| Pot Loc | x | x | |||
Survey sample providers | |||||
| 91Question | x | ||||
| BioInformatics | |||||
| CIC | |||||
| CIMI | |||||
| DashMR | x | ||||
| Dialectica | x | x | |||
| Dynata | x | x | x | x | |
| EKAS | x | ||||
| Full Circle | x | x | |||
| Glow | x | ||||
| Gooddr | |||||
| Grape Data | x | x | |||
| Guidepoint Global | |||||
| Hemispheres | |||||
| iDiaoyan | x | ||||
| Infocus Mekong | x | ||||
| InnovateMR | x | ||||
| Insights Workshop | x | ||||
| Intage | x | ||||
| iResearch | x | ||||
| Ivy Exec | x | ||||
| Jasper Colin | x | x | |||
| Kantar | x | ||||
| Kudos | x | ||||
| Liberating Research | x | ||||
| M3 | x | x | x | ||
| Medical Mile | x | ||||
| Medlive | |||||
| NewtonX | x | ||||
| Potloc | x | x | x | x | |
| Precision Research | x | ||||
| Prodedge | x | ||||
| proSapient | x | x | |||
| PureProfile | x | ||||
| Rare Patient Voice | x | ||||
| Rep Data | x | ||||
| ROI Rocket | x | x | |||
| Sago | x | ||||
| SCR | x | ||||
| Sermo | x | ||||
| SHG | x | ||||
| Toluna | x | x | |||
| Veridata | x | ||||
| Yellow Squares | x | ||||