DOWNLOAD NOW: The LCS App Click here

LCS Privacy Policy & Data Protection



Key Details

This privacy policy (Policy) describes how Lean Competency Services Ltd (“LCS”, “we”, “us” or “our”) protects and makes use of your personal data when you use our services and this website, including when you become a practitioner member, an accredited organisation, a certified practitioner or register for Continuing Professional Development.

It is important that you read this privacy policy so that you are fully aware of how and why we are using your data. If you are asked to provide information when using this website, it will only be used in the ways described in this privacy policy.

This policy is updated from time to time and the latest version is published on this page. You are responsible for ensuring that you are aware of the most recent version of this policy as it will apply each time you access this website or our services. This website privacy policy was updated on 19th April 2019.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

If you have any questions about this policy, please email or write to Lean Competency Services Ltd, 5 Clive Crescent, Penarth, CF64 1AT, UK.


We gather and use certain information about individuals and organisations in order to provide products and services and to enable certain functions on this website.

We also collect information to better understand how you use this website and to present timely, relevant information to you.


What Data We Gather & Hold About You

1. All LCS customers and website users

Personal data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

The personal data we collect about you will depend on how you use this website or purchase one of our services, we may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity data. This may include first and last name, title and date of birth;
  • Contact data. This may include email address, postal address and phone number;
  • Transaction data. This may include details about payments to and from you and other details of products and services you have purchased from us;
  • Technical data. This may include IP address, operating system, browser type and related information regarding the device you used to visit the website;
  • Usage Data. Details of any enquiries made by you through the website or to LCS, together with details relating to subsequent correspondence (if applicable);
  • Marketing and communications data. This may include your preferences in receiving marketing from us and our third parties and your communication preferences.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal data but is not considered personal data as this data will not directly or indirectly reveal your identity. For example, we may aggregate Usage Data to produce marketing reports.

Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have entered into or are trying to enter into with you (for example to provide you with our goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

2. Practitioner Membership

In addition to the personal data we collect and process about all LCS customers and website users as set out above, practitioner members are free to add further personal data in their LCS profile as they see fit. Practitioner members control what information is publicly viewable, for instructions, visit the practitioner member welcome page and click the Privacy tab. This information allows you to provide the LCS community with information about expertise, career history and qualifications. If you add further personal data, to your LCS profile it will be processed in accordance with this Policy.

Individuals with an LCS Certificate of Lean Competency can become members of the LCS practitioner community by registering on the website free of charge. Members can engage in a variety of communication and collaboration activities and have access to resources that assist with their roles, learning and personal development.

Practitioner members can opt to receive the LCS newsletter that is issued periodically and can unsubscribe from it any point by following the instructions at the foot of every newsletter.

Practitioner members will also receive periodic messages about the latest articles published on the website and can unsubscribe from these messages at any point by following the instructions at the foot of every newsletter.

3. Accreditation Applicants

An organisation applying for LCS accreditation is required to provide information about it and the training system that it wants to be accredited. The information is captured in a Submission Form, which is normally completed digitally, online, though a downloadable MS Word version is available if an online form cannot be completed.

In addition to the personal data we collect and process about all LCS customers and website users as set out above, LCS will collect personal data about Accreditation Applicant employees that will deliver the training, including the employees first and last name and the employees career history which is relevant to the LCS accreditation.

4. Applicants for Certification via Approved Prior Learning & Experience

In addition to the personal data we collect and process about all LCS customers and website users as set out above, LCS will collect personal data about individuals who apply for an LCS certification through the Approved Prior Learning and Experience (APLE) route. The information is captured in an application form, which is normally completed digitally, online, though a downloadable MS Word version is available in an online form cannot be completed.

5. Those Registering for Continuing Professional Development (CPD)

In addition to the personal data we collect and process about all LCS customers and website users, an individual registering for LCS CPD is also required to provide career information, captured in an online application form. The CPD process involves recording information about individuals’ personal development aims and professional development activities. This information is stored in a Google Drive LCS G-Suite document system and in the Insightly CRM system (described below). The Google Drive LCS G-Suite can only be accessed by the registered individual or LCS assessment staff.

6. Research Data

We occasionally gather data for research purposes through online questionnaires, using either Google Forms or via Jisc. Survey data is collected anonymously and individuals or organisations are not identified when the resultant research findings are published.

7. Cookies

We also gather website usage data (see Cookies below).


How We Use This Data

We will only use your personal data when the law allows us to. We collect your personal data to help us understand what you are looking for from LCS, which enables us to deliver improved products and services.

Specifically, we may use your personal data in the following circumstances:

  • where we need to perform the contract, we are about to enter into or have entered into with you;
  • where we need to comply with a legal obligation;
  • where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

Generally, we do not rely on consent as a legal basis for processing your personal data however in certain circumstances it may be the only legal basis which we can rely upon. Where we do need to rely on your consent it will be very clear at the point at which we collect the data from you that we are relying on your consent. Where we have obtained your consent to process certain personal data you have the right to withdraw your consent to the processing at any time by contacting us. We will get your consent before sending third party direct marketing communications to you via email or text message.

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose/Activity Type of data Lawful basis for processing including basis of legitimate interest
To register you as a new customer of LCS and contact you in response to a specific enquiry Identity data

Contact data

This is necessary for the performance of our contract with you.
To operate, administer, correspond and provide the services to you Contact data

Identity data

Usage data

Transaction data

This is necessary for the performance of the contract between us and your personal data is processed to enable us to provide the services to you.
To process and deliver your order of any LCS products Identity data

Contact data

This is necessary for the performance of our contract with you.
To manage our relationship with you which will include:

(a) notifying you about changes to our terms or privacy policy

(b) to contact you in response to any enquiry you make to LCS

(c) notifying you of any changes to the services.

Identity data

Contact data

Usage data

This is necessary for the performance of our contract with you and is necessary to comply with a legal obligation, including obligations relating to the protection of personal data and to inform you of any changes to our terms and conditions.

Outside of such, this processing is necessary for our legitimate interests specifically for us to keep records up to date and to analyse how users use our services.

To make suggestions and recommendations to you about our services which may be of interest to you.

To inform you about the annual European Lean Educator Conference (when the LCS is assisting the organisers in promoting the event).

Identity data

Contact data

Usage data

Technical data

Marketing & communications

This is necessary for our legitimate interests of providing a professional services business, developing our products and services and keeping people informed about the services we offer.
Where required by (but not limited to) any request or order from law enforcement agencies and/or regulatory bodies such as HMRC or ICO. Identity data

Contact data

This is necessary to comply with our legal obligations, including obligations relating to the protection of personal data.
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. Marketing & communications

Technical data

Usage data

This is necessary for our legitimate interests to keep our website updated and relevant, to develop our business and to inform our marketing strategy.

Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purpose of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there to be a prospect of litigation in respect to our relationship with you.

If required, we will be entitled to hold personal data for longer periods in order to comply with our legal or regulatory obligations.

We are required to keep the information we collect as set out in Policy for a period of [NUMBER] years.

In some circumstances you can ask us to delete your personal data, see ‘Your Legal Rights’ below for further information.

Where we anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.


Cookies & How We Use Them

What is a cookie?

A cookie is a small file placed on your device. It enables our website to identify your device as you view different pages on our website.

Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit. The information allows us to provide you with a good experience when you access the website, allows us to improve our website and allows us to compile statistical reports on website visitors and activity.

How we use cookies

Our website may use cookies to:

  • analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions;
  • identify whether you are signed in to our website and collect standard Internet log information. A cookie allows us to check whether you are signed in to the site;
  • test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content;
  • store information about your preferences. The website can then present you with information you will find more relevant and interesting;
  • to recognise when you return to our website. We may show your relevant content or provide functionality you used previously.

Cookies do not provide us with access to your computer or any information about you.

Controlling cookies

You can use your web browser’s cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies.

However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.

Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it.

To learn more about cookies and how they are used, visit All About Cookies.

Controlling Information About You

When you fill in a form or provide your details on our website, you will see one or more tick boxes allowing you to opt-in to receive marketing communications from us by email.

If we have collected your contact data when we sign you up as a customer we will send you emails about our other products and services provided that you did not opt out of receiving such emails at the time we signed you up as a customer.

If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:

  • sign in to our website and change your opt-in settings.
  • send an email to
  • write to us at: Lean Competency Services Ltd. 5 Clive Crescent, Penarth, CF64 1AT, UK
  • click on the unsubscribe link at the foot of the LCS e-newsletter or practitioner member messages.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for any other reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

We may process your personal data without your knowledge or consent, in compliance with this privacy policy, where this is required or permitted by law.


Disclosures of your personal data

We may share your personal data with the parties set out below for the purposes set out in the table in ‘How We Use This Data’ set out above:

  • MailChimp, to deliver our regular e-newsletters and practitioner membership updates. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletters.
  • Insightly, who provide a customer relationship management system to store customer information and manage its sales processes, customer relationships and specific customer projects. Access is password controlled and restricted to authorised LCS staff and associates.
  • ClassMarker, to provide an online testing platform for accreditation purposes.
  • EventBrite, to organise and market conferences which we participate in hosting.
  • Newwave Design, who manage and maintain our website.
  • We may share your personal data with third parties to whom we may choose to sell, transfer or merge parts of our business or assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
  • We may share your personal data with professional advisers including lawyers, bankers, auditors and insurers and HM Revenue & Customers, regulators and other authorities who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

We may transfer your personal data to external third parties that are based outside the European Economic Area (EEA), their processing of your personal data will involve a transfer of data outside the EEA.

Wherever we transfer your personal data outside of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe;
  • where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.



We will always hold your information securely.

To prevent unauthorised disclosure or access to your information, we have implemented strong physical and electronic security safeguards. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

The site uses the following plugins for security and performance: Sucuri Security – a security plugin that monitors live traffic and protects login areas Wordfence – a security plugin that monitors live traffic, secures website files and scans files for any malicious changes WP Optimise – a speed and performance plugin that automatically clears up un-necessary database entries such as ‘spam comments on posts’ and ‘excessive change histories / revisions’ WP Super Cache – currently turned off. When on, it stores optimised versions of pages to display to visitors. This improves page load times.


Your Legal Rights

In certain circumstances individuals who are the subject of personal data held by LCS have rights under data protection laws in relation to the personal data processed by LCS. If you wish to exercise any of your legal rights, you should put your request in writing to us (using our contact details provided in this privacy policy) giving us enough information to identify you and respond to your request.

You have the right to:

  • Request access to personal data (commonly known as a “data subject access request”) including asking what information the company holds about you and why and how to gain access to it.
  • Request correction of the personal data we hold about you. If any of the information you have provided changes, or if you become aware of any inaccuracies in such information, please let us know in writing giving us enough information to deal with the change or correction. We may need to verify the accuracy of the new data you provide to us.
  • Request erasure of personal data we hold about you (the ‘right of erasure’) in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. This right of erasure is not available in all circumstances, for example where we need to retain the personal data for legal compliance purposes. If this is the case, we will let you know.
  • Object to processing of personal data, in certain circumstance, where we are relying on legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. If you make this request, we shall stop processing your personal data unless we can demonstrate sufficient and compelling legitimate grounds for continuing the processing which override your own interests. If, as a result of your circumstances, you do not have the right to object to such processing then we will let you know.
  • Request restriction of processing of personal data, for example where the personal data is inaccurate or where you have objected to the processing (as detailed above).
  • Right to withdraw consent where you have given consent (if applicable).

We may need to request specific information from you to help us to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who does not have the right to receive it. We may also contact you to ask for further information in relation to your request to speed up your response.

We ask that requests from individuals should be made by email, addressed to the data controller at or via the Subject Access Request Form. You can however make a subject access request in other formats by submitting this subject access request to the email address or postal address noted above.

We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.  You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ( We would however appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


Links from Our Site

Our website may contain links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you.

We have no control of websites outside the and domains.

If you provide information to a website to which we link, we are not responsible for its protection and privacy. Always be wary when submitting data to websites and read the data protection and privacy policies of every website you visit fully.


Information Commissioner’s Office Registration

Lean Competency Services Ltd is registered with the UK’s Information Commissioner’s Office under registration reference: ZA282892.

Its registration expiry date is 28 September 2024. Registration Certificate 2023 to 2024

Website and SEO by Newwave Design. Lean Competency System © 2021. The LCS is a licenced service of Cardiff University.

Site Management

Our website is managed and maintained under an agreement by Newwave Design, which has full access to information stored on this website, Google Analytics and MailChimp