Press enter to search, esc to close
This privacy notice (“Notice”) collectively with our terms of business (“TOB”) in the provision of legal services and any other relevant documents referenced in this Notice, sets out our responsibility and commitment to protecting the privacy and confidentiality of the personal data. We recognise and comply with the rules of professional conduct, which impose a duty to preserve and protect information that we process in relation to the services we provide.
TLT LLP is a law firm and limited liability partnership registered in England under number OC308658 and regulated by the Solicitors Regulation Authority under number 406297. Our registered office is 1 Redcliff Street, Bristol, BS1 6TP. We are registered with the Regulator, the Information Commissioner’s Officer (“ICO”) under the registration number Z5378293.
TLT (NI) LLP is a law firm and limited liability partnership registered in Northern Ireland under number NC000856 and regulated by the Law Society of Northern Ireland. Its registered office is River House, 48-60 High St, Belfast, BT1 2BE. We are registered with the Regulator, the Information Commissioner’s Officer (“ICO”) under the registration number Z3336501.
Both TLT LLP and TLT NI LLP are data controllers pursuant to the UK General Data Protection Regulation and Data Protection Act 2018 and operate under the TLT brand and are collectively known as ("TLT") and may share data between themselves when providing services.
Please read this Notice carefully to understand why data is being collected, the types of personal data we collect and process, who we may share it with, what security standards apply, our lawful basis and what we do with the personal data once it is in our possession.
Further information about processing of your personal data may be found in our engagement letter with you. Please ensure that you read all the clauses carefully.
We reserve the right to change and update this Notice or TOB from time to time in order to reflect any changes to the way in which we process personal data or changes to business, regulatory or legal requirements by amending this page. Review this page regularly to ensure that you are abreast of any updates to our Notice.
TLT has appointed a Data Protection Officer (“DPO”) under the UK General Data Protection Regulation (“GDPR”) and the Data Protection Act (“DPA”) 2018. You can contact our DPO by writing ‘For the attention’ of Gladys Ombu, Data Protection Officer, TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP and you can email her directly at Gladys.Ombu@tlt.com.
If you wish to speak directly with the DPO, you can telephone on 0333 006 0778.
Where we are joint controllers or processors of your information
The personal data we collect will depend on the nature of the services we are providing and what we are contracted to do for you or on your behalf. Typically, this might include the following:
Where necessary to act in your best interests, and for the establishment, exercise, or defence of your legal matter, we may need to process information which is very sensitive in nature (special category of personal data) such as racial or ethnic origin, religion, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data related details. In some circumstances we may need to share this information with third parties, for example a court or tribunal. If you volunteer sensitive personal data, you will be allowing us to process it as part of engaging our services.
In the majority of cases personal data will be restricted to basic information and information needed to complete certain checks. However, some of the work we do may require us to ask or obtain more sensitive data.
We voice record certain customer interactions when they relate to discussions around customer or client or customer billing arrears. Any voice recording of telephone conversations will be held, for regulatory and monitoring purposes, for a period of three years after the call has taken place.
We may issue you with a telephone note summarising our discussion with you when you ask us for recordings of telephone calls.
In commercial matters, in the course of providing our legal, financial and other professional services to you we will hold and use personal data about you, your officers and/or your employees. When you provide personal data to us relating to your officers or employees, you confirm that you are allowed to do so. You should ensure that those individuals understand how their data will be used by us.
In personal matters you may be providing other third party data to us, for example details about your family members, in which case we will use such data as a data controller in our own right and will comply with data protection legislation in relation to use of that data. You must have the authority to disclose personal data if it relates to someone else and all data disclosed should be complete, accurate and up to date.
Information may be passed to us by third parties in the course of providing our legal services. The processing of this information will be necessary for the progression of your legal matter and to enable us to act in your best interest as your legal representative.
As a law firm we have an obligation to make you aware of anything that is relevant to your matter. When we obtain information about you from a third party rather than from you directly, we will notify you of any relevant information within a reasonable period, and provide you with details including the type of data and source it came from. Typically, these sources may include:
Our services are not aimed at children as children are generally represented by their parent(s), or guardian(s) or litigation friend. Where we act for you in private matters involving children, we shall explain to you why we need the information and how it will be used, both when we initially collect the data and as your matter progresses.
If you are a child and need further legal advice or explanation about your personal data, subject to safeguards, limits or exemptions your parents or guardian(s) or litigation friend can contact us using details in ‘Contacting us’ section below.
The legal grounds for processing your personal data are as follows:
We will only rely on those legitimate interests to process personal data where those legitimate interests are not overridden by your interests or fundamental rights and freedoms. To determine this, we shall consider several factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you.
There may be some uses of personal data that may require your specific consent. If this is the case, we will contact you separately to ask for your consent. This may be necessary in certain circumstances where you have provided your consent for us to do so. If consent is the basis for which your personal data is processed, you have the right to withdraw such consent. However, if you do so this may limit how we progress your legal matter and where we have another lawful basis to process that data, your consent or withdrawal will not be required. We respect your right to exercise the use of your consent, but it is important that you are aware that the use of consent is limited in relation to the right to withdraw your consent. Where we are required or permitted by law to continue processing your personal data to defend our legal rights, meet our legal and regulatory obligations, adhere with contractual arrangements your consent or withdrawal will not be required.
We will hold and use personal information about you in the following ways:
We have a data protection regime in place to oversee the effective and secure processing of your personal data. Based upon the services you need we may pass your details to selected people within the ‘TLT brand’ such as TLT NI LLP or organisations (data processors) to carry out certain activities on our behalf. For example, personal information you provide may be disclosed to our agents, who may keep a record of that information.
There may be circumstances, in carrying out our legal services, or where we are obliged by law to disclose some information to third parties in connection with your legal matter; some third parties will be considered our suppliers or service providers and others will have a legitimate reason to have access to your personal data.
Our suppliers and service providers will use your information for the purposes of providing services to us or directly to you on our behalf. Such third parties may include for example insurers, payment processing, software providers and mailing services.
Our third parties can be classified as independent or joint controllers when they have a legitimate right to your information; whilst processors in relation to the provision of legal services will only have access to any personal data that is necessary for them to provide their services. We undertake the appropriate due diligence and have an agreement in place that requires them to keep your data strictly secure, confidential and not to use it other than in accordance with our specific instructions or agreements concerning the processing they are undertaking on our behalf.
This will include, but is not limited to:
At the outset of your matter, we may not be aware of all the other parties involved as this will depend on the specific nature of the work.
We will not disclose (or sell) your personal information to any other third parties for marketing purposes.
If you are not our client your personal data may be processed to enable us to provide legal advice to our client and may also be used in legal proceedings on behalf of our client. We are allowed to use your information because it is in the legitimate interests of our client (for example under the terms and conditions of a loan agreement) to do so. We may also have to use your personal data to comply with our own legal and regulatory obligations. If you have any questions about how your personal data is being used, please contact, Gladys Ombu, Data Protection at TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP, or email GDPR@tlt.com.
In certain circumstances, we may share personal data with third parties who may be independent or joint controllers relating to the processing of personal data we hold about you. We may also be classified as data processor in line with certain processing (in expectational circumstances). However, we will always take steps to ensure that your privacy rights continue to be protected by ensuring that roles and responsibilities are explicitly defined.
We have introduced electronic signatures to facilitate a smoother and faster contractual completion process. Processing personal data is necessary for the purposes of our legitimate interests. However, we process this personal data in order to arrange for the valid electronic execution of legal or other documents, such as contractual agreements, as required during the course of the provision of legal services.
We may also process this personal data in order to comply with our legal and regulatory requirements as well as for the prevention, detection and investigation of fraud. We may also require your consent to execute or complete electronic signature of documents. If you decide not to provide personal data that we have requested, then you will be unable to execute the relevant document(s) with an electronic signature through use of an e-signature platform such as DocuSign or Collaborate HQ. We reserve the right to change our electronic signature platform and where this occurs you will be notified accordingly.
In some circumstances, we may use video conferencing facilities, where face-to-face interaction is not permitted or possible. For this purpose, we may use the services of external providers including, but not limited to, Microsoft Teams or Zoom, and other providers as deemed appropriate.
The use of external providers for video conferencing services, is considered under strict internal guidelines.
TLT website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Notice. We do not accept any responsibility or liability for other sites’ privacy notices or statements. If you access other websites using the links provided, please ensure that you check their privacy notices and policies before submitting any personal information.
We will only retain your information, usually in computer or manual files, for as long as is necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:
We recognise that your data is valuable, and we take all reasonable measures to protect it whilst it is in our care. We have put in place reasonable standards of technology and operational security in order to protect personal data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations such as secure servers, computer safeguards like firewalls, data encryption, annual penetration testing; and we enforce where possible, physical access controls to our buildings and files to keep data safe.
We also have reasonable measures in place concerning external parties in order to further protect confidentiality of all data; to ensure all personal data is handled and processed in line with our data protection, confidentiality and information security policies.
If we have given you a username and password which enables you to access certain parts of your matter on our systems, you are responsible for keeping it confidential and secure at all times. Please do not share it with anyone.
Personal data is processed and stored in the UK. However, there may be occasions where we need to send your data outside the UK. This would cover situations where we need to deal with international aspects of your matter and instruct overseas organisations or counsel to assist.
As some organisations may be in countries outside of the UK, we will ensure that any transfers of personal data outside the UK, is undertaken following an assessment of the level of protection considering the nature and sensitivity of the personal data in question. surrounding the transfer.
We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible. We will put in place the international data transfer agreement (“IDTA”) and UK addendum to the new EU Standard Contractual Clauses (“UK Addendum”) to ensure that your data is protected with the appropriate technical and organisational controls.
In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information under our one of our other lawful bases.
Where you have requested us to restrict or stop processing your data this may impact on our ability to provide our services. Depending on the extent of your request we may be unable to continue acting for you and be forced to immediately cease acting. In these circumstances, you would remain liable for the fees and disbursements incurred to date.
By asking us to limit the way in which we are using your data or object to certain types of processing. We will do our best to comply with your request unless we have to use the data for legitimate business or legal purposes.
We respect the rights of individuals to exercise these rights, but it is important that you are aware that these rights are subject to certain legal exemptions such as the prevention or detection of crime, our interests to ensure of legal professional privilege is protected. Other rights may also be limited in relation to the right to withdraw your consent. Where we are required or permitted by law to continue processing your personal data to defend our legal rights, meet our legal and regulatory obligations, adhere to contractual.
If you contact us to exercise any of these rights, we will check your entitlement and respond in most cases within a calendar month.
Any queries or concerns about the way in which your data is being used can be sent to our Data Protection Officer, Gladys Ombu at GDPR@tlt.com.
It is important that you take reasonable steps to ensure that your personal data remains accurate, by ensuring that the information we process about you is updated when changes such as to your full name, email address or postal address occurs.
Let us know of any changes to the personal data that you have provided to us by contacting the relevant member of staff dealing with your legal matter or if we are instructed by our client you may contact them using the relevant mode of communication like an email, telephone or by post.
If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated by writing to Gladys Ombu, Data Protection Officer, TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP, or emailing GDPR@tlt.com.
We will aim to respond to you within the statutory time frame of a month, however, there may be instances where our investigations take longer and we more time to understand your concerns. Should more time be required we will notify you and detail when you can expect to hear from us with a full response pertaining to the matter you have raised.
If you are not satisfied with our response or believe we are processing your personal data not in accordance with the relevant data protection laws; you have the right to lodge a complaint about the processing of your personal data to the UK Regulator, the Information Commissioner’s Office. Further details can be found at www.ico.org.uk or you can contact them by telephone on 0303 123 1113.
Please note that the ICO will require you to have exhausted our internal GDPR Complaints Process before you are able to lodge a complaint directly with them. We are happy to review any concerns and seek to resolve issues and disputes you have raised in line with our obligations.
We are committed to continually developing and promoting our compliance with GDPR and data protection standards. You may contact us if you have any questions about this Notice or how we process your personal data in relation to your rights under the relevant data protection laws. Please contact the Data Protection Officer, Gladys Ombu by email at GDPR@tlt.com or by writing to ‘Attention of the Data Protection Officer - Gladys Ombu’ at TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP.
We reserve the right to update and change this notice from time to time in order to reflect any changes regulatory, legal or business practices to the way in which we process your personal data. Any changes we may make will be posted on this page.
Please review this Notice to see any updates or changes. This Notice was updated and published on March 4, 2022 and will be reviewed annually.