top of page
  • Linkedin

Privacy Policy

Effective Date: November 2025


1. Introduction

LithoSight LTD and LithoSight SAS ("LithoSight", "we", "us") are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and safeguard your information in accordance with the UK General Data Protection Regulation (UK GDPR), the EU GDPR, and applicable national laws in the United Kingdom and France.


2. Who We Are

LithoSight LTD, a company registered in the UK

LithoSight SAS, a 100% owned subsidiary of LithoSight LTD, registered in France

Depending on your interaction, LithoSight entities may act as joint or separate data controllers under this policy.


3. Data We Collect

We may collect the following personal data:

  • Identity information (name, job title)

  • Contact details (email address, phone number)

  • Company and job function

  • Technical data (IP address, browser type, operating system)

  • Communication records (emails, messages)

  • Recruitment data (CVs, application information)

  • Marketing preferences (where consented)

  • Employment-related data for current employees, including but not limited to: payroll records, emergency contact details, performance reviews, employment contracts, tax identification numbers, working time records, leave requests, and training history.

  • Device or software usage information where employees use company systems or equipment.

  • Limited location or log-in data, where necessary for IT security, access control, or legal compliance (especially in remote work environments).

We do not intentionally collect sensitive personal data or information from children.

If sensitive data is required (e.g. for health or legal reasons), it will only be processed where strictly necessary and in accordance with applicable data protection laws.


4. How We Collect Your Data

We may collect data via:

  • Forms completed on our website

  • Direct communications (email, meetings, LinkedIn)

  • Recruitment processes

  • Cookies and similar technologies (see our Cookie Policy)

  • Analytics tools

  • Internal HR and operational systems (for employees)


5. Legal Basis For Processing

We only process your personal data where permitted by law:

  • Contractual necessity – to provide our services or enter into agreements

  • Legal obligations – to comply with tax, employment, or regulatory duties

  • Legitimate interests – to improve services, ensure security, or grow our business (only where not overridden by your rights)

  • Consent – for marketing communications and non-essential cookies

You can withdraw your consent at any time


6. How We Use Your Data

We use your data to:

  • Provide services and respond to enquiries

  • Manage our business relationships

  • Process job applications

  • Conduct analytics to improve our website

  • Send marketing communications (with consent)

  • To fulfil employment obligations, including HR administration, payroll, compliance with tax/employment laws, and performance monitoring.

  • To ensure workplace safety, cybersecurity, and legal compliance in remote work environments.

We do not engage in automated decision-making or profiling.


7. Sharing Your Data

We may share your data with:

  • Trusted service providers bound by GDPR-compliant agreements

  • Professional advisors (legal, financial)

  • Regulators or public authorities if required by law

In the case of employees, certain information may be shared with payroll providers, benefits administrators, accountants, government agencies (e.g. tax authorities), and internal auditors—always under strict confidentiality and only as required by law or contract. We never sell or rent your personal data.


8. International Data Transfers

Where personal data is transferred outside the UK or EU, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses (SCCs) approved by the European Commission

  • UK Addendum to the SCCs approved by the UK ICO

  • Transfer Impact Assessments (where required)

We only transfer data when lawful protections are guaranteed.


9. Data Retention

We retain data only as long as necessary for the purpose it was collected:

  • Client contact data: up to 3 years after last interaction

  • Recruitment data: up to 12 months, unless otherwise consented

  • Analytics data: 13 months (per CNIL guidelines)

  • Legal and financial data: 6 years (UK statutory requirement)

Data is then securely deleted or anonymised.


10. Your Rights

You have the following rights under UK and EU GDPR:

  • Access your personal data

  • Correct inaccurate or incomplete data

  • Request deletion ("right to be forgotten")

  • Restrict or object to processing

  • Receive your data in a portable format

  • Withdraw your consent at any time

You also have the right to lodge a complaint with:

We aim to respond to all valid requests within one month


11. Security Measures

We implement appropriate technical and organisational controls to protect your data, including:

  • Access restrictions based on role

  • Encrypted storage and secure backups

  • Secure communication channels

  • Staff training in data protection


12. Contact Information

If you have any questions or wish to exercise your rights, please contact:


13. Updates To This Policy

We may update this policy from time to time. Any changes will be posted on our website, with the effective date clearly stated. Significant changes will be communicated and highlighted prominently on our website.

bottom of page