Privacy Policy


"LORILLION", "we", "us" and "our" means LORILLION LIMITED, a UK-registered company with company registration number 15115079, an we are committed to respecting and protecting your personal data and privacy.

About this privacy notice

For the purposes of data protection law, we are a data controller in respect of your personal data. LORILLION is responsible for ensuring that it uses your personal data in compliance with data protection law. 

This privacy notice applies if you are our employees or prospective employees. The privacy notice sets out the basis on which any personal data about you that you provide to us, that we create, or that we obtain about you from other sources, will be processed by us. Please take the time to read and understand this privacy notice. 

Personal data that we collect about you

We will collect and process a range of personal data about you. This may include:

  • information provided by you such as your name, address and contact details, including email address and telephone number, date of birth and gender;
  • the terms and conditions of your employment;
  • details of your qualifications, skills, experience, and employment history, including start and end dates, with previous employers and with the organisation;
  • information about your pay and benefits;
  • details of your bank account and national insurance number;
  • information about your marital status, next of kin, dependants, and emergency contacts;
  • information about your nationality and entitlement to work in the UK;
  • information from references;
  • information on DBS checks including the outcome of the checks;
  • details of your work pattern (days of work and working hours);
  • details of periods of leave taken by you, including holiday, sickness and other absence, and the reasons for the leave;
  • details of any disciplinary or grievance procedures in which you have been involved, including any warnings issued to you and related correspondence;
  • performance management information, including appraisals, performance reviews and ratings, training you have participated in, performance improvement plans and related correspondence;
  • information about medical or health conditions, including whether or not you have a disability for which the organisation needs to make reasonable adjustments;
  • equal opportunities monitoring information, including information about your ethnic origin, sexual orientation, health and religion or belief;
  • other relevant information as applicable required by LORILLION to ensure we fulfil our obligations as an employer.

Uses of your personal data

Your personal data may be stored and processed by LORILLION in the following ways and for the following purposes:

  • determining eligibility for initial employment, including the verification of references and qualifications; 
  • administering pay and benefits; 
  • processing employee work-related claims (e.g. worker compensation, insurance claims, etc.);
  • establishing training and/or development requirements; 
  • conducting performance reviews and determining performance requirements; 
  • assessing qualifications for a particular job or task; 
  • gathering evidence for disciplinary action, or termination; 
  • establishing a contact point in the event of an emergency (such as next of kin); 
  • complying with applicable labour or employment statutes; 
  • compiling directories; 
  • ensuring the security of company-held information; and 
  • such other purposes as are reasonably required by LORILLION.

We are entitled to use your personal data in these ways because:

  • we have legal and regulatory obligations that we have to discharge; 
  • we may need to establish, exercise, or defend our legal rights, or for the purpose of legal proceedings; or 
  • the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of our parent or one or more of our subsidiaries or affiliates, collectively, “group companies”). 

Disclosure of your information to third parties 

We may disclose your personal data to our group companies if access to the data is necessary for performance of their businesses. We will take steps to ensure that the personal data is accessed only by employees of such group companies that have a need to do so for the purposes described in this notice. 

We may also share your personal data outside of LORILLION and our group companies:

  • if we sell any of our business or assets, in which case we may disclose your personal data to the prospective buyer for due diligence purposes; 
  • if we are acquired by a third party, in which case personal data held by us about you will be disclosed to the third party buyer; 
  • to third party agents or contractors (for example, the providers of our electronic data storage services) for the purposes of providing services to us. These third parties will be subject to confidentiality requirements and they will only use your personal data as described in this privacy notice; and 
  • to the extent required by law, for example if we are under a duty to disclose your personal data in order to comply with any legal obligation, establish, exercise or defend our legal rights. 

Transfers of personal data outside the European Economic Area

The personal data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside of the EEA who work for our group companies or for one of our suppliers. 

Where we transfer your personal data outside the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance:

  • the country that we send the data to might be approved by the European Commission; 
  • the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data; or 
  • where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme. 

In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law. 

You can obtain more details of the protection given to your personal data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your personal data) by contacting us in accordance with the “Contacting us” section below.

Retention of personal data 

How long we hold your personal data for will vary. The retention period will be determined by various criteria including:

  • the purpose for which we are using it – we will need to keep the data for as long as is necessary for that purpose; 
  • legal obligations – laws or regulation may set a minimum period for which we have to keep your personal data. 

Your rights 

You have legal rights in relation to the personal data that we hold about you. These rights include:

  • the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you; 
  • the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) for doing so; 
  • in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data which you have provided to us; 
  • the right to request that we rectify your personal data if it is inaccurate or incomplete; 
  • the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we are legally entitled to retain it; 
  • the right to object to, and the right to request that we restrict, our processing of your personal data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your personal data but we are legally entitled to continue processing your personal data and / or to refuse that request; 
  • the right to lodge a complaint with the data protection regulator (details of which are provided below) if you think that any of your rights have been infringed by us. 

You can exercise your rights by contacting us using the details set out in the “Contacting us” section below.

You can find out more information about your rights by contacting the Information Commissioner’s Office, or by searching their website at

Contacting us 

If you would like further information on the collection, use, disclosure, transfer or processing of your personal data or the exercise of any of the rights listed above, please address questions, comments and requests to:

LORILLION Data Protection Officer






LORILLION Limited is a UK-registered company with Company Number 15115079.

© Copyright. All rights reserved.

A GATTECHA Group Company

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.