Skip content

Privacy notice

LRQA takes the security of your personal information very seriously and is committed to ensuring that your personal information is protected at all times.

Contact us

What is the Purpose of this Privacy Notice?

The purpose of this Privacy Notice is to provide you with a clear explanation about how your personal information is collected and used by us during your interaction with us, as well as your rights in relation to your personal information.

We, meaning LRQA and all associated group companies, who can be contacted at 1 Trinity Park, Bickenhill Lane, Solihull, B37 7ES United Kingdom, are committed to respecting your privacy and complying with applicable data protection laws.

1. What personal information may we collect about you and how will we use it?

We collect personal information about you directly when you visit one of our websites, such as or when you otherwise communicate with us, for example by phone, email, social media channels, or by post.

We may also collect information we observe about you, for example CCTV footage if you visit one of our offices, or via cookies when you visit our website. For more details about our use of cookies see our Cookie Policy.

We may also receive information from other LRQA Group companies, joint venture partners, third parties, or service providers contracted to carry out work on our behalf. We may be required by law to collect certain information; require it to perform a contract, or prior to entering into a contact with you; or use it for our legitimate business interests where these do not override your rights or interest; and where appropriate, with your consent.

The following sections explain the personal information we may collect and the different ways we may use it .

BOPAS: Information that you yourself provide through the BOPAS website, and the application forms required for this service.

Client Training Services: we collect personal information about you (such as name, email address, contact details (private or work-related), choice of course, attendance, completion level attained and any other information that you yourself provide through our designated course portal.

Marketing and Client Relationship Purposes: we use our legitimate business interests in processing your personal details in order to maintain and enhance existing and ongoing client relationships we have with you and your organisation. This may include approaching you for real-time feedback on our services, research, and surveys on our current offering.

Unless you have provided your indication to accept and receive marketing materials from us, we will not send out electronic-based marketing to you. Our marketing system allows you to configure your preferences and opt-out of receiving marketing materials at any time.

Personal Details for Specific Business Activities: When you engage with various services provided through LRQA businesses, you may be required to supply further personal information about you in line with the requirements of that service, accreditation scheme regulator, national regulator provisions under which LRQA operates.

Visitors to LRQA offices: When you visit one of our offices, we may collect only basic personal information about you (as set out above in this Privacy Notice) and only for the purposes of maintaining site security and safety. You may be asked to sign-in and sign-out when you visit one of our offices, and you may be provided with a visitor’s pass to wear during your visit. Where Closed Circuit Television (CCTV) is operated at any of our offices, this is used for site security purposes.

2. Why does LRQA collect personal information?

LRQA needs to know basic personal information about you in order to respond to requests you make to us (such as through our websites and social media platforms) and to provide you with information relating to our services (such as newsletters, industry updates, information about our products and services, event invitations, surveys, market research, etc.) which either you have consented to receive (by indicating in the appropriate tick box) or which relate to LRQA products or services which we believe may be of interest to you and/or you currently receive under our legitimate interest to conduct business.

Data collected via your interaction with us through telephone, email and digital media platforms, (e.g. LinkedIn, Go-To Webinar platforms) can be used for lead generation, relationship management and handling general enquiries of services/products. In addition, we use Google and LinkedIn cookies to improve our website and how we do business. These types of cookies are used to: inform us, and our sales colleagues of information submitted in forms (LinkedIn), where advertisements have been clicked and converted into actual sales (Google Ads) or allows us to monitor how users navigate our website (Google Analytics). The information gathered by these cookies allows us to optimise and assess our marketing strategies and advertising campaigns.

We will not use your personal information for any other purpose, not outlined in this Privacy Notice.

3. How is your personal information protected?

LRQA will hold your personal information securely using appropriate technical and organisational measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we do not disclose your personal information to anyone outside our own group, or to any person or entity outside the United Kingdom and/or the European Union, except and to the extent both are: (i) necessary for the purposes stated in this Privacy Notice; and (ii) where it has first satisfied itself that appropriate safeguards are in place to ensure such information will continue to be held and used in accordance with this notice.

We use service providers to operate our websites, such as website hosting and enquiry functionality, and a client relationship management database (Salesforce and Pardot, where Pardot is now known as 'Marketing Cloud Account Engagement') on whose system LRQA stores data. Some of these service providers will process your personal information as part of the services they provide to LRQA, such for Client Training Services through the iLearning environment provided by Seertech. We will ensure that those service providers also comply with this Privacy Notice. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

4. How long does LRQA keep personal information?

Your personal information will be kept by LRQA for no longer than reasonably necessary for the purposes set out in this Privacy Notice, unless required to be kept longer by law. This retention period will be determined by the nature of your interaction with LRQA, your request and ongoing provision of services through our business. You can at any time indicate your wish for LRQA not to process your data through your options in a Preference Centre, a link on marketing communications or directly to our Data Protection Officer ("DPO") at .

5. What are your legal rights?

You have a number of legal rights surrounding your personal information, including:

  • the right to access a copy of your personal data;
  • the right to obtain correction of any inaccurate or incomplete personal information;
  • the right to have your personal information deleted;
  • the right to restrict or object to LRQA's processing of your personal information;
  • the right to request a transfer of your personal data; and
  • the right to withdraw your consent to our processing at any time (i.e. including the right to opt-out of or unsubscribe from communications at any time, either by contacting us at the details provided in this Privacy Notice or clicking the unsubscribe link in the emails that you receive from us).
6. How to contact LRQA?

If you have any questions regarding this Privacy Notice or our use of your personal information, or if you wish to exercise your legal rights regarding your personal data, please contact our Data Protection Officer by:

  • email:
  • post: Data Protection Officer, LRQA, 1 Trinity Park, Bickenhill Lane, Solihull, B37 7ES United Kingdom

7. How do you lodge a complaint?

If you have a complaint regarding how your personal information has been handled by LRQA, please contact our Data Protection Officer, using the details provided above.

You have a legal right to lodge a complaint with a supervisory authority. The relevant regulator in the UK is the Information Commissioner’s Office (“ICO”). To lodge a complaint or report a concern, please visit the ICO’s website.

8. Does LRQA update the Privacy Notice?

We may change the content of this Privacy Notice from time to time without notice to you. You should check this Privacy Notice occasionally to ensure that you are aware of the most recent version. This Privacy Notice was last updated April 2023.

9. LRQA Legal Entities

For more information on the LRQA legal entities please visit : www/lrqa/com/en/legal-entities.

LRQA Speak Up Privacy Notice

LRQA Speak Up is a confidential reporting system operated by People Intouch B.V. (People InTouch) and provided by LRQA Group Limited for reporting suspected breaches of LRQA’s Code of Ethics.
We do not require you to disclose any of your basic personal information. You can decide to share your identity with us or remain anonymous
If you decide to use LRQA Speak Up, People InTouch, on behalf of LRQA, will collect and process the information you choose to provide, which may include personal data.

The information you provide and why we need it

We capture the information you choose to provide. This could include: your name (if you decide not to report anonymously), the name of all individuals you mention in your report and the details of the concern which you raise.

You should not include any sensitive personal data in your report unless it is it integral to the concern you are raising and it is essential for us to properly investigate your concern. Sensitive personal data includes:

  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs
  • trade-union membership
  • genetic data, biometric data processed solely to identify a human being
  • health-related data
  • data concerning a person’s sex life or sexual orientation

The information you supply about yourself, your colleagues, or any aspect of the company’s operations may result in decisions that affect others. Therefore, we ask that you only provide information that, to the best of your knowledge, is correct and factual. Knowingly providing false or misleading information will not be tolerated.

In order for your concerns to be fully investigated so that appropriate action can be taken to remedy any harm or to prevent it from happening again, we do require that you provide us with as much relevant information about the concern as possible. We deem this to be a legitimate business interest which forms the legal basis for the processing of any personal data provided.

What we do with your information

The information that you provide will be hosted by People InTouch. utilising Amazon Web Services, with servers located in Frankfurt (primary) and Paris (secondary). People Intouch is based in the Netherlands and is committed to the EU GDPR (General Data Protection Regulation). People Intouch has a Privacy Information Security Management System (PISMS) in place. This risk & control framework is based on ISO27001, ISO27002, ISO27701 and the Dutch IT Auditing Privacy Standards.

LRQA will take appropriate technical, organizational, and legal steps to secure the information you provide. LRQA also requires People InTouch to adequately secure your personal data and not use it for any unauthorized purposes. (see People InTouch’s Privacy Statement).

The information provided will be reviewed and accessed by members of LRQA’s Legal, Risk & Compliance team and will be treated confidentially, unless otherwise required by law. In order for your concerns to be fully investigated, LRQA’s Legal, Risk & Compliance team may share or grant access to the information provided with members of the following teams, on a strictly need to know basis: HR, Finance, management functions or other colleagues within LRQA, external advisers of LRQA or technical staff at People InTouch, globally.

Please note that individuals you identify may be informed about the fact that a report has been made. However, the information you provide will not reveal your name or identity (although your identity may be revealed by the nature or circumstances of report).

How long will we keep your information?

Any information you submit that is not needed will archived, as permitted by local law and in line with our internal procedures. In addition, once we have responded to your concern or completed any investigation, all information you submitted will be anonymised, deleted and/or archived, as appropriate and permitted by local law and our internal procedures.

What are your rights?

LRQA acknowledges that your personal data is important to you and will process any personal data submitted fairly and in accordance with Data Privacy legislation within the regions we operate. To support this we have a Data Privacy regime in place to oversee the effective and secure processing of personal data.

If at any point you believe the information we process on you is incorrect, you can request to see this information and have it corrected or deleted. If you have any concerns or wish to raise a complaint on how we have handled your personal data you can contact us to have the matter investigated at  

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can complain to your national data privacy regulator.