Lightfoot Solutions Group Ltd Privacy Notice

Lightfoot are committed to safeguarding and preserving the privacy of our visitors, staff and clients. We never give your details to third parties to use for marketing or sales activity.

This notice explains Lightfoot’s privacy policy and what happens to any personal data provided to us, or that we collect from you whilst you visit our site and how we use cookies on this website.

This policy was last updated on 29th July 2022. Lightfoot update this Policy from time to time so please do review this Policy regularly.


This privacy notice covers the operations of

Lightfoot Solutions Group Ltd

and the following wholly owned subsidiaries

  • Lightfoot Solutions UK Ltd
  • Lightfoot Solutions New Zealand Ltd
  • Lightfoot Solutions Australia PTY Limited

Henceforth known as Lightfoot.


Lightfoot Solutions Group Ltd and Lightfoot Solutions UK Ltd are registered with the Information Commissioners Office in England. The registration certificates are below –

Registration certificate Lightfoot solutions Group Ltd

Registration certificate Lightfoot solutions UK Ltd

Internal Sharing of Data

Lightfoot shares data between its subsidiaries named above as required for operational purposes.

Disclosing Your Information

Lightfoot will not disclose your personal information to any other party other than in accordance with this Privacy Policy and in the circumstances detailed below:

  • In the event that we sell any or all of our business to a buyer.
  • Where we are required by law to disclose your personal information.
  • To further fraud protection and reduce the risk of fraud.

Lightfoot Data Processing Operations

Lightfoot acts as a data processor processing data following instructions as specified by Lightfoot’s clients who are the data controller. For concerns regarding data processed by Lightfoot on behalf of other organisations please contact the relevant organisation directly. Please note Lightfoot cannot deal directly with subject access requests and freedom of information requests related to data they process on behalf of other data controllers.

NHS Health Data

Lightfoot hold a database of personal data in the form of pseudonymised Health Episode Statistics. This is provided by NHS Digital who in turn obtain the data from NHS hospital trusts. This is in a form where identifiable data has been removed – and individuals cannot be readily or easily identified. This is retained under a data sharing agreement with NHS Digital – and will be destroyed on termination of this agreement.

This data is used to provide NHS bodies and Academic Health Science Networks with analytics to assist with improving health systems and patient outcomes. This includes modelling the COVID-19 pandemic to ensure appropriate treatment resources are available.

The data is processed on the basis of legitimate interest as patients would reasonably expect information about hospital treatment to be used to improve care provided. The risks of using pseudonymised data are considered to be proportionate to the benefits – ultimately saving lives and reducing harm.

Lightfoot hold pseudonymised special category data for the purpose of statistical processing under Article 9 of the GDPR.

As we do not hold data which allows for the identification of the data subject we are not able to – and have exemption under Article 11 from processing subject access requests.

NHS health data held by Lightfoot is not used for automated decision making (a decision made solely by automated means without any human involvement).

Please refer to the following information provided by the Information Commissioners Office for more details on your rights under the GDPR –

Internal use of data

Lightfoot Web Site

In running and maintaining our website we may collect and process the following data about you:

  • Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
  • Information provided voluntarily by you. For example, when you register for information.
  • Information that you provide when you communicate with us by any means

Use of Cookies

Cookies provide information regarding the computer used by a visitor – and are used to remember preferences and settings. Lightfoot may also use cookies where appropriate to gather information about your computer in order to assist us in improving our website.

You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at

Employee records

Lightfoot holds employee records as required for the correct and legal operation of the business. These are not shared with other organisations unless consent is given – or there is a statutory requirement.

Business Records

Lightfoot holds data about its clients as required to perform normal business operations. These include records of business letters and other communications. These records are not shared with other organizations unless

  • Consent is provided
  • or there is a statutory requirement for sharing the data
  • or sharing is required to fulfill Lightfoot’s obligation to the client

Lightfoot also hold details of organisations and contacts with which they have entered into meaningful discussions or negotiations. These are not shared with other organisations.

Security, Management and Storage of Information

Lightfoot information security management system complies with ISO/IEC 27001:2013. This system covers all four subsidiary companies in the Lightfoot group. The management of information security is externally audited by CQS Ltd on an annual basis.

Data Protection Officer

Lightfoot have appointed a data protection officer:-

Name: Andrew Garside CEng CITP