Privacy Notices
PRIVACY NOTICE FOR CUSTOMERS
27 February, 2026
About us
Science for a Safer World
LGC is a global leader in life sciences, diagnostics and analytical solutions. We work with partners around the world to address some of society’s most important challenges, from diagnosing disease and enabling new treatments to supporting food security and protecting public health. Our science underpins discovery, enables better health outcomes and helps safeguard the integrity of food, water, medicines and the environment. Every day, we provide the components, standards and services that laboratories, manufacturers and regulators rely on to make confident, evidence-based decisions. As part of our business operations and serving you as one of our customers, we will process personal data. The purpose of this Privacy Notice is to give you information about this data processing and your data rights.
1. Introduction
This Privacy Notice explains how LGC group entities (collectively referred to as “LGC”, “we”, “us”, “our”) collect and use personal data. This Privacy Notice applies to LGC’s customers. Our customers include registered companies and organisations, sole traders and partnerships.
For the purpose of the Data Protection Act 2018, the UK General Data Protection Regulation (the “UK GDPR”) and the EU General Data Protection Regulation 2016/679 “EU GDPR”, we are the data controller of the personal data we process about you.
ICO Registration Number: Z7494404
LGC Registered Address: The Priestley Centre, 10 Priestley Road, Guildford GU2 7XY
Data Protection Officer: TLT LLP, 20 Gresham Street, London EC2V 7JE
2. Categories of personal data we process
We may collect and process the following categories of personal data about you:
- Contact and account data, which may include: Name, job title, work email, work telephone, work address, company name, customer identification data, industry sector, role, login credentials, IP addresses, access logs, account activity.
- Engagement and marketing data, which may include: Written, communication preferences, consent records, interaction history, engagement data, purchase and order history, downloaded documents, survey responses, interests, customer segments, order values and frequency, product preferences, website visits.
- Contract and financial data, which may include: Signature, role in contract, purchase order information, invoice details, payment information, credit check results, payment history.
- Feedback and complaints data, which may include: Survey responses, satisfaction ratings, feedback comments, complaint details, correspondence, investigation records, resolution details.
- Event data, which may include: Registration details, attendance records, participation data, feedback responses.
- Website analytics data, which may include: IP addresses, cookie identifiers, browser type and version, device type, operating system, pages visited, time on pages, referral sources, search terms, form submissions, downloads, geolocation (country/region), user journey data.
- Special category data (context-dependent), which may include: Certain engagement and marketing data (video-audio call recording and sentiment analysis), dietary requirements (revealing religious beliefs or health) and accessibility requirements (revealing disability) for events, audio and video data (biometric data), and health data when provided.
3. How we collect your personal data
We collect personal data about you in the following ways:
- Directly from you through web forms, account registration, event registrations, consent forms, communications, survey responses, complaint submissions, feedback forms, webinar registrations, and preference centres.
- From your employer or organisation where your company provides your contact details to LGC in order to set up an account on the customer management platform for you.
- From business sources which may include business directories, professional networks and conferences.
- Through cookies and tracking technologies (when deployed) when you visit our websites. Please see our Cookies Policy for more information on how we use cookies.
Where we obtain your personal data from third parties (such as your employer, organisation or from business sources), those parties are responsible for providing you with appropriate privacy information about their own processing activities. We recommend that you review their privacy notices to understand how they handle your data before sharing it with us.
4. Purposes of processing and lawful bases
We may process your personal data for the following purposes and on the following lawful bases:
| Purpose | Lawful Basis (Article 6 UK GDPR / Article 6 EU GDPR) | Special Category Basis (Article 9 UK GDPR / Article 9 EU GDPR / DPA 2018) |
|---|---|---|
| Customer relationship management | Article 6(1)(b) - Performance of contract (existing customers) Article 6(1)(f) - Legitimate interests (prospective customers) |
N/A |
| Direct marketing | Article 6(1)(a) - Consent Article 6(1)(f) - Legitimate interests |
N/A |
| Sales and contract management | Article 6(1)(b) - Performance of contract Article 6(1)(f) - Legitimate interests |
N/A |
| Payments and finance | Article 6(1)(b) - Performance of contract Article 6(1)(c) - Legal obligation Article 6(1)(f) - Legitimate interests |
N/A |
| Online account access | Article 6(1)(b) - Performance of contract | N/A |
| Customer feedback and complaints | Article 6(1)(a) - Consent Article 6(1)(f) - Legitimate interests |
Article 9(2)(f) Legal claims Article 9(2)(f) - Necessary for establishment, exercise or defence of legal claims |
| Events, webinars and training | Article 6(1)(a) - Consent Article 6(1)(f) - Legitimate interests |
Article 9(2)(a) Explicit consent DPA 2018 Schedule 1, Part 1, para. 1 |
| Customer analytics and business development | Article 6(1)(f) - Legitimate interests | N/A |
| Website analytics (UX improvement, performance tracking, journey insight, fraud/abuse prevention) | Article 6(1)(a) - Consent Article 6(1)(f) - Legitimate interests |
N/A |
| Improving sales effectiveness/customer service/business relationships | Article 6(1)(f) - Legitimate interests | Article 9(2)(a) Explicit consent (where biometric voice/video data processed) |
Our legitimate interests include: developing business relationships and providing customer service; promoting products and services; maintaining contract records and protecting legal rights; assessing creditworthiness and debt recovery; fraud prevention; quality improvement and complaint resolution; providing technical and educational content; understanding customer needs to enhance our offerings; supporting business planning; optimising website functionality, security and user experience; improving marketing and sales effectiveness; and employee training and operational efficiency.
5. How we protect and secure your personal data
We have put in place technical and organisational measures, including appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, other third parties who act on our behalf and have a business need to process your data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
6. Who we share your personal data with
We only share your personal data with third parties where it is necessary for us to do so to fulfil our obligations to you under our contract, or where we are required to comply with a regulatory or legal provision. We will never sell your personal data for direct marketing.
7. International transfers
If we need to transfer your personal data outside the UK or European Economic Area, we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place to protect your personal data.
8. How long we keep your personal data
We will retain your personal data for as long as necessary and in accordance with LGC’s retention schedule, which is available on request from the Data Protection Officer.
9. Your rights
Your personal data is protected under data protection laws, and you have several data rights (explained below). Please contact us using the details provided below if you have any queries in relation to your rights.
If you seek to exercise your rights, we will assess whether the right applies to your circumstances.
- Right of access: You have a right to access the personal data we hold about you upon request. This is known as a “Data Subject Access Request”. You can exercise this right by making a request in writing, by email or by telephone using the contact details in the contact and complaints section below.
- Right of rectification: You can ask us to correct or update your personal data to ensure it is accurate and complete.
- Right to erasure and right to restrict processing: You can ask us to stop processing and/or to delete your personal data in certain circumstances (for example, where it is processed with your consent, or it is no longer necessary for us to process it).
- Right to data portability: You have a right to ask us to provide you with your personal data in a form that suits you, and/or to provide your information to a third party.
- Right to object: You have a right to object to our processing of your personal data.
- Profiling and automated decisions: You have a right not to be subject to automated decisions which have a legal effect and to be protected by safeguards in respect of any profiling. We do not undertake any automated decision making or profiling.
- Right to object to direct marketing: Where you have consented to receive direct marketing, you can change your mind at any time by contacting us or following the link to “unsubscribe” provided in each email we send to you. Please allow a few days for us to action your request.
10. How to contact us
If you have any questions or wish to exercise your rights, please contact our Data Protection Officer at LGC.DPO@TLT.com.
If you have any queries or concerns, we invite you to raise them with us at the above address so that we may discuss them with you for resolution.
You also have the right to lodge a complaint with a supervisory authority, in particular:
In the UK, with the Information Commissioner’s Office (“ICO”) by writing to Information Commissioner’s Office, Water Lane, Wilmslow, SK9 5AF or calling 0303 123 1113. Further information about how to do this can be found at: www.ico.org.uk.
In the EU Member State of your habitual residence, place of work, or place of the alleged infringement. A full list of EU data protection supervisory authorities and their contact details is available at: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
11. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. We encourage you to periodically review this Privacy Notice for the latest information on our privacy practices.
PRIVACY NOTICE FOR SUPPLIERS AND THIRD PARTIES
27 February, 2026
About us
Science for a Safer World
LGC is a global leader in life sciences, diagnostics and analytical solutions. We work with partners around the world to address some of society’s most important challenges, from diagnosing disease and enabling new treatments to supporting food security and protecting public health.
Our science underpins discovery, enables better health outcomes and helps safeguard the integrity of food, water, medicines and the environment. Every day, we provide the components, standards and services that laboratories, manufacturers and regulators rely on to make confident, evidence-based decisions.
As part of our business operations and collaborating with you as part of our supply chain or other third party, we will process personal data. The purpose of this Privacy Notice is to give you information about this data processing and your data rights.
1. Introduction
This Privacy Notice explains how LGC group entities (collectively referred to as “LGC“, “we“, “us“, “our”) collects and uses personal data of LGC suppliers and third parties. This Privacy Notice applies to our suppliers and service providers who are individuals and the representatives, employees or contact persons of our supplier and service providers who are legal entities.
For the purpose of the Data Protection Act 2018, the UK General Data Protection Regulation (the “UK GDPR”) and the EU General Data Protection Regulation 2016/679 “EU GDPR”, we are the data controller of the personal data we process about you.
ICO Registration Number: Z7494404
LGC Registered Address: The Priestley Centre, 10 Priestley Road, Guildford GU2 7XY
Data Protection Officer: TLT LLP, 20 Gresham Street, London EC2V 7JE
2. Categories of personal data we process
We may collect and process the following categories of personal data:
- Your personal data which may include your first name, last name, email address, address, phone number, identification document, video recording.
- Information about your employer which may include your company name, your title, your position.
- Any other information necessary for the purposes of managing our relationship.
- For suppliers and service providers who are individuals (such as self-employed persons), we may collect certain financial information, such as your bank account details.
3. How we collect your personal data
We collect personal data about you in the following ways:
- Directly from you or your employer.
- From Companies House and public registers.
- From credit reference agencies and anti-money laundering (AML) providers.
Where we obtain your personal data from third parties, those parties are responsible for providing you with appropriate privacy information about their own processing activities. We recommend that you review their privacy notices to understand how they handle your data before sharing it with us.
4. Purposes of processing and lawful bases
Where applicable to the scope of our engagement with you, we may process your personal data for the following purposes and on the following legal bases:
| Purpose | Lawful Basis (Article 6 UK GDPR / Article 6 EU GDPR) | Special Category Basis (Article 9 UK GDPR / Article 9 EU GDPR / DPA 2018) |
|---|---|---|
| Supplier registration, onboarding and supplier and service provider management | Article (6)(1)(b) Performance of contract Article 6(1)(f) Legitimate interests |
N/A |
| Supplier due diligence | Article (6)(1)(b) Performance of contract Article 6(1)(c) Legal obligation Article 6(1)(f) Legitimate interests |
DPA 2018 Schedule 1, Part 2, para. 10 Article 9(2)(g) Substantial public interest |
| Tendering (manage bids, selection, performance evaluation) | Article (6)(1)(b) Performance of contract Article 6(1)(f) Legitimate interests |
N/A |
| Engagement of individual consultants/temporary workers on purchase order terms (including IR35 assessment) | Article (6)(1)(b) Performance of contract Article 6(1)(f) Legitimate interests |
N/A |
| Engagement of individual consultants/temporary workers on purchase order terms (including IR35 assessment) | Article (6)(1)(b) Performance of contract Article 6(1)(f) Legitimate interests |
N/A |
| Contract lifecycle management | Article (6)(1)(b) Performance of contract Article 6(1)(f) Legitimate interests |
N/A |
| Billing, purchase orders, invoicing, payments, expenses, tax compliance, account queries | Article (6)(1)(b) Performance of contract Article 6(1)(c) Legal obligation Article 6(1)(f) Legitimate interests |
N/A |
| Supplier communications and relationship management | Article (6)(1)(b) Performance of contract Article 6(1)(f) Legitimate interests |
N/A |
| Supplier events | Article (6)(1)(b) Performance of contract Article 6(1)(a) Consent (event registration) Article 6(1)(f) Legitimate interests |
Article 9(2)(a) Explicit consent |
| Travel arrangements and logistics (Navan) | Article (6)(1)(b) Performance of contract Article 6(1)(f) Legitimate interests |
N/A |
Our legitimate interests include: ensuring supplier suitability and reliability, managing procurement processes fairly and efficiently, preventing fraud and corruption, protecting our reputation, managing supplier relationships effectively and ensuring duty of care for business travel.
5. How we protect and secure your personal data
We have put in place technical and organisational measures including appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, other third parties who act on our behalf and have a business need to process your data. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
6. Who we share your personal data with
We only share your personal data with third parties where it is necessary for us to do so to fulfil our obligations to you under our contract, or where we are required to comply with a regulatory or legal provision. We will never sell your personal data for direct marketing.
7. International transfers
If we need to transfer your personal data outside the UK or European Economic Area, we will take all steps reasonably necessary to ensure that any such transfer is made securely and that there is adequate protection in place to protect your personal data.
8. How long we keep your personal data
We will retain your personal data for as long as necessary and in accordance with LGC’s retention schedule, which is available on request from the Data Protection Officer.
9. Your rights
Your personal data is protected under data protection laws and you have several data rights (explained below). Please contact us using the details provided below if you have any queries in relation to your rights.
If you seek to exercise your rights we will explain to you whether or not the right applies to you; these rights do not apply in all circumstances.
- Right of access: You have a right to access the personal data we hold about you upon request. This is known as a “Data Subject Access Request”. You can exercise this right by making a request in writing, by email or by telephone using the contact details in the contact and complaints section below.
- Right of rectification: You can ask us to correct or update your personal data to ensure it is accurate and complete.
- Right to erasure and right to restrict processing: You can ask us to stop processing and/or to delete your personal data in certain circumstances (for example, where it is processed with your consent, or it is no longer necessary for us to process it).
- Right to data portability: You have a right to ask us to provide you with your personal data in a form that suits you, and/or to provide your information to a third party.
- Right to object: You have a right to object to our processing of your personal data.
- Profiling and automated decisions: You have a right not to be subject to automated decisions which have a legal effect and to be protected by safeguards in respect of any profiling. We do not undertake any automated decision making or profiling.
- Right to object to direct marketing: Where you have consented to receive direct marketing, you can change your mind at any time by contacting us or following the link to “unsubscribe” provided in each email we send to you. Please allow a few days for us to action your request.
10. How to contact us
If you have any questions or wish to exercise your rights, please contact our Data Protection Officer at LGC.DPO@TLT.com.
If you have any queries or concerns, we invite you to raise them with us at the above address so that we may discuss them with you for resolution.
You also have the right to lodge a complaint with a supervisory authority, in particular:
- In the UK, with the Information Commissioner’s Office (“ICO”) by writing to Information Commissioner’s Office, Water Lane, Wilmslow, SK9 5AF or calling 0303 123 1113. Further information about how to do this can be found at: www.ico.org.uk.
- In the EU Member State of your habitual residence, place of work, or place of the alleged infringement. A full list of EU data protection supervisory authorities and their contact details is available at: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en.
11. Changes to this Privacy Notice
We may change this Privacy Notice from time to time. We encourage you to periodically review this Privacy Notice for the latest information on our privacy practices.