Privacy Policy
Last Updated: May 26, 2026
Applies to: www.lbmc.com
1. About This Policy
This Privacy Policy explains how LBMC and its family of companies with its principal place of business at 201 Franklin Road, Brentwood, TN 37027 (‘LBMC’, ‘we’, ‘us’, or ‘our’), collects, uses, stores, and shares your personal data when you visit or interact with our website at www.lbmc.com (the ‘Website’).
We are committed to protecting your privacy and handling your personal data in an open and transparent manner. This Policy applies to all visitors to our Website, including those located in the United Kingdom (‘UK’) and European Economic Area (‘EEA’), and complies with:
- The UK General Data Protection Regulation (UK GDPR) as retained in UK law by the European Union (Withdrawal) Act 2018
- The Data Protection Act 2018 (UK)
- The Privacy and Electronic Communications Regulations 2003 (PECR), as amended
- Where applicable, the EU General Data Protection Regulation (EU GDPR)
NOTE FOR UK & EU VISITORS
If you are located in the UK or EU/EEA, additional rights and protections apply to you. These are highlighted throughout this Policy and summarized in Section 9.
2. Who We Are - Data Controller
For the purposes of applicable data protection law, the data controller in respect of personal data processed through this Website is:
| Company Name | LBMC |
| Registered Address | 201 Franklin Road, Brentwood, TN 37027 US |
| Website | www.lbmc.com |
| Privacy Contact Email | info@lbmc.com |
| Postal Privacy Contact | 201 Franklin Road, Brentwood, TN 37027 US, Attn: Privacy/ Data Protection |
3. What Personal Data We Collect
3.1 Data You Provide Directly
When you interact with our Website — for example, by submitting a contact form, signing up for our newsletter, registering for an event, or submitting a job application — we may collect:
- Contact details: name, email address, phone number, job title, and company name
- Enquiry or message content: details of your query, service interest, or request
- Career information: resume/CV, work history, and qualifications (for job applicants)
- Event registration details: attendance preferences and dietary requirements (where applicable)
3.2 Data Collected Automatically
When you visit our Website, we and our third-party service providers automatically collect certain technical and usage data, including:
- IP address and approximate geographic location (derived from IP)
- Browser type and version, operating system, and device type
- Pages visited, time spent on pages, links clicked, and referring URLs
- Website usage patterns and navigation behaviour
This data is collected using cookies and similar tracking technologies. Please see Section 6 for full details.
3.3 Data We Do Not Collect
We do not knowingly collect sensitive personal data (health data, racial or ethnic origin, religious beliefs, biometric data, etc.) through this Website, unless voluntarily provided. We do not knowingly collect personal data from individuals under the age of 13. If you believe we have inadvertently collected such data, please contact us immediately at info@lbmc.com.
4. How and Why We Use Your Personal Data
We only use your personal data where we have a valid legal basis to do so. The table below sets out our processing activities and the legal basis we rely on under UK GDPR Article 6.
Processing Activity | Data Used | Purpose | Legal Basis (UK GDPR Art. 6) |
Responding to contact form enquiries | Name, email, message content | To deal with your query or request | Legitimate interests (Art. 6(1)(f)) |
Newsletter subscription | Name, email address | To send insights and updates you have subscribed to | Consent (Art. 6(1)(a)) — withdraw any time |
Event registration | Name, email, employer, preferences | To manage event attendance and communicate details | Contract / Consent (Art. 6(1)(b)/(a)) |
Job applications | Name, CV, contact details, work history | To assess your application for employment | Pre-contract steps (Art. 6(1)(b)) |
Website analytics | IP address, usage data, device info | To understand how visitors use our Website and improve performance | Consent (Art. 6(1)(a)) via cookie consent |
Marketing communications | Name, email, engagement history | To send relevant service updates to existing contacts | Legitimate interests (Art. 6(1)(f)) — object any time |
Legal & regulatory compliance | As required by applicable law | To comply with our legal obligations | Legal obligation (Art. 6(1)(c)) |
Fraud prevention & security | IP address, usage logs | To detect and prevent fraud or security incidents | Legitimate interests (Art. 6(1)(f)) |
5. Who We Share Your Personal Data With
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We may share your personal data in the following circumstances:
5.1 Third-Party Service Providers (Data Processors)
We share data with trusted third-party companies that process data on our behalf to help us operate our Website and business. Categories of processors include:
- Website hosting and infrastructure providers
- Email marketing and newsletter platforms (e.g. [HubSpot / Marketo / Mailchimp — confirm])
- Customer Relationship Management (CRM) systems
- Website analytics providers (e.g. Google Analytics — subject to your cookie consent)
- Event management platforms
- IT support and cybersecurity providers
5.2 Legal and Regulatory Disclosure
We may disclose personal data if required to do so by law, court order, regulatory body, or government authority, or where necessary to protect our legal rights or prevent fraud.
5.3 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of our business, personal data may be transferred to the acquiring entity. We will notify you of any such change via a prominent notice on our Website or direct communication.
6. Cookies and Tracking Technologies
6.1 What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device and remember information about your visit.
6.2 Categories of Cookies We Use
Category | Purpose | Examples | Consent Required? |
Strictly Necessary | Essential for the Website to function. Cannot be disabled. | Session cookies, CSRF protection, load balancing | No — fire automatically |
Preferences / Functional | Remember your choices and preferences (e.g. language settings) | Display preferences, video player settings | Yes — requires your consent |
Statistics / Analytics | Help us understand how visitors use the Website by collecting anonymized usage data | Google Analytics, Azure Application Insights | Yes — requires your consent |
Marketing / Advertising | Deliver relevant advertisements and track campaign effectiveness | Google Ads, LinkedIn Insight Tag | Yes — requires your consent |
6.3 Your Cookie Choices
When you first visit our Website, you will be presented with a cookie consent banner. You may accept all cookies, reject all non-essential cookies, or customize your preferences by category. You can change or withdraw your cookie consent at any time by clicking the ‘Cookie Settings’ link in the footer of our Website.
6.4 Full Cookie Declaration
A full list of all cookies used on our Website — including cookie name, provider, purpose, duration, and type — is available in our Cookie Policy at www.lbmc.com/cookie-policy. This declaration is updated automatically by our consent management platform.
7. International Data Transfers
LBMC is a US-based organization. Some of our third-party service providers are also based in, or transfer data to, countries outside the UK — including the United States — which may not provide an equivalent level of data protection to UK standards.
Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place in accordance with UK GDPR Chapter V. These safeguards may include:
- UK Adequacy Regulations — transfers to countries recognized by the UK as providing adequate protection
- UK International Data Transfer Agreements (IDTAs) — for transfers to non-adequate countries including the US
- UK Addendum to EU Standard Contractual Clauses — where applicable
For more information about the safeguards in place for international transfers, or to request a copy of the relevant transfer mechanism, please contact us at info@lbmc.com.
8. How Long We Keep Your Data
Data Category | Retention Period | Reason |
Website contact form enquiries | 3 years from date of enquiry | Legitimate interests / potential legal claims |
Newsletter subscribers | Until unsubscribe + 1 year | Consent-based — deleted promptly on withdrawal |
Event registrations | 2 years from event date | Business records / follow-up communications |
Job applications (unsuccessful) | 12 months from application | Equal opportunity monitoring; potential re-approach |
Job applications (successful) | Duration of employment + [6 years] | Employment records and legal obligations |
Website analytics data | Up to 26 months | Aggregate usage analysis |
Cookie consent records | 3 years | Evidence of valid consent — legal requirement |
Financial / client records | 7 years | Regulatory retention requirements |
9. Your Data Protection Rights
If you are located in the UK or EU/EEA, you have the following rights under UK GDPR and EU GDPR respectively:
Right | What It Means | How to Exercise |
Right of Access | Request a copy of the personal data we hold about you (Subject Access Request). We will respond within one calendar month. | Email [info@lbmc.com] |
Right to Rectification | Request correction of inaccurate or incomplete personal data. | Email [info@lbmc.com] |
Right to Erasure | Request deletion of your personal data in certain circumstances. Some exceptions apply (e.g. legal obligations). | Email [info@lbmc.com] |
Right to Restrict Processing | Request that we pause or limit our processing of your data in certain circumstances. | Email [info@lbmc.com] |
Right to Data Portability | Receive your data in a structured, machine-readable format where processing is based on consent or contract. | Email [info@lbmc.com] |
Right to Object | Object to processing based on legitimate interests or for direct marketing. Objections to direct marketing must always be honored. | Email [info@lbmc.com] or use unsubscribe link |
Automated Decision-Making | Not to be subject to solely automated decisions with legal or similarly significant effects. | Email [info@lbmc.com] |
Right to Withdraw Consent | Withdraw consent at any time for consent-based processing. This does not affect the lawfulness of prior processing. | Email [info@lbmc.com] or use relevant opt-out mechanism |
RIGHT TO COMPLAIN – UK RESIDENTS
If you are located in the UK and are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) — the UK supervisory authority. Contact the ICO at: www.ico.org.uk | 0303 123 1113 | Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. We would appreciate the opportunity to address your concerns first — please contact us at [info@lbmc.com] in the first instance.
EU/EEA RESIDENTS
If you are located in the EU or EEA, you also have the right to complain to your local data protection supervisory authority. A list of EU supervisory authorities is available at: edpb.europa.eu/about-edpb/board/members_en
10. How We Protect Your Data
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or damage. These include:
- Encryption of data in transit using TLS/SSL
- Access controls and role-based permissions for staff accessing personal data
- Regular security assessments of our systems
- Staff training on data protection and information security
- Contractual security requirements imposed on all third-party processors
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority (and, where required, affected individuals) in accordance with applicable law.
11. Third-Party Links and Embedded Content
Our Website may contain links to third-party websites, and may include embedded content from other platforms (such as videos or social media widgets). Those third-party sites have their own privacy policies. We are not responsible for the privacy practices of those third parties, and this Policy does not apply to their processing of your personal data.