• Home
  • Privacy notice

This privacy notice (“Notice”) collectively with our terms of business (“TOB”) in the provision of legal services and any other relevant documents referenced in this Notice, sets out our responsibility and commitment to protecting the privacy and confidentiality of the personal data. We recognise and comply with the rules of professional conduct, which impose a duty to preserve and protect information that we process in relation to the services we provide.

TLT LLP is a law firm and limited liability partnership registered in England under number OC308658 and regulated by the Solicitors Regulation Authority under number 406297. Our registered office is 1 Redcliff Street, Bristol, BS1 6TP. We are registered with the Regulator, the Information Commissioner’s Office (“ICO”) under the registration number Z5378293.

TLT (NI) LLP is a law firm and limited liability partnership registered in Northern Ireland under number NC000856 and regulated by the Law Society of Northern Ireland. Its registered office is River House, 48-60 High St, Belfast, BT1 2BE. We are registered with the Regulator, the Information Commissioner’s Office (“ICO”) under the registration number Z3336501.

Both TLT LLP and TLT NI LLP are data controllers pursuant to the UK General Data Protection Regulation and Data Protection Act 2018 and operate under the TLT brand and are collectively known as ("TLT") and may share data between themselves when providing services.

Please read this Notice carefully to understand why data is being collected, the types of personal data we collect and process, who we may share it with, what security standards apply, our lawful basis and what we do with the personal data once it is in our possession.

We use cookies on our website. This Notice must be read in conjunction with our Cookie Policy.

Further information about processing of your personal data may be found in our engagement letter with you. Please ensure that you read all the clauses carefully.

We reserve the right to change and update this Notice or TOB from time to time in order to reflect any changes to the way in which we process personal data or changes to business, regulatory or legal requirements by amending this page. Review this page regularly to ensure that you are abreast of any updates to our Notice.

Contact details of our DPO

TLT has appointed a Data Protection Officer (“DPO”) under the UK General Data Protection Regulation (“GDPR”) and the Data Protection Act (“DPA”) 2018. You can contact our DPO by writing ‘For the attention’ of Data Protection Officer, TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP and you can email at GDPR@tlt.com

If you wish to speak directly with the DPO, you can telephone on 0333 006 0778.

Quick links: 

What type of data do we collect from you?

The personal data we collect will depend on the nature of the services we are providing and what we are contracted to do for you or on your behalf. Typically, this might include the following:

  • Contact details (including your name, address, date of birth, and email address) to contact you (unless you tell us that you prefer us not to) regarding legal or law firm developments that may be of interest to you. If you do not want to receive publications or details of events or seminars that we consider may be of interest to you, you may do so by contacting us. 
  • Photographic identification and proof of address documents (to carry out due diligence)
  • A recorded digital video showing your face to compare it your photographic identification (to carry out due diligence)
  • Professional information (such as job title, previous positions, and professional experience) to conduct our recruiting, vetting and selection process
  • Banking and financial details (to establish the source of funds where a transaction is involved)
  • Details of visits to our website (which enable our website to remember information about you and your preferences). Please read our 'Cookies Policy’ for further details.

Where necessary to act in your best interests, and for the establishment, exercise, or defence of your legal matter, we may need to process information which is very sensitive in nature (special categories of personal data) such as racial or ethnic origin, religion or belief, sexual orientation, political opinions, health data, trade union membership, philosophical views, biometric and genetic data related details. In some circumstances we may need to share this information with third parties, for example a court or tribunal. If you volunteer sensitive personal data, you will be allowing us to process it as part of engaging our services.

In the majority of cases personal data will be restricted to basic information and information needed to complete certain checks. However, some of the work we do may require us to ask or obtain more sensitive data.

Voice recordings

We voice record certain customer interactions when they relate to discussions around customer or client or customer billing arrears. Any voice recording of telephone conversations will be held, for regulatory and monitoring purposes, for a period of three years after the call has taken place.

We may issue you with a telephone note summarising our discussion with you when you ask us for recordings of telephone calls.

Information collected from you about other people

In commercial matters, in the course of providing our legal, financial and other professional services to you we will hold and use personal data about you, your officers and/or your employees. When you provide personal data to us relating to your officers or employees, you confirm that you are allowed to do so. You should ensure that those individuals understand how their data will be used by us.

In personal matters you may be providing other third party data to us, for example details about your family members, in which case we will use such data as a data controller in our own right and will comply with data protection legislation in relation to use of that data. You must have the authority to disclose personal data if it relates to someone else and all data disclosed should be complete, accurate and up to date.

Information we collect about you from others

Information may be passed to us by third parties in the course of providing our legal services. The processing of this information will be necessary for the progression of your legal matter and to enable us to act in your best interest as your legal representative.

As a law firm, we have an obligation to make you aware of anything that is relevant to your matter. When we obtain information about you from a third party rather than from you directly, we will notify you of any relevant information within a reasonable period, and provide you with details including the type of data and source it came from. Typically, these sources may include:

  • Other parties involved in the legal proceedings (such as the solicitor acting on the other side).
  • Financial institutions (such as banks involved in financing the transaction).
  • Other professional services firms (such as accountants and tax specialists).
  • Government bodies (such as HM Land Registry for details of your property).
  • Public sources where this relates to you or your organisation (for example Companies House).

Children’s data

Our services are not aimed at children as children are generally represented by their parent(s), or guardian(s) or litigation friend.  Where we act for you in private matters involving children, we shall explain to you why we need the information and how it will be used, both when we initially collect the data and as your matter progresses.

If you are a child and need further legal advice or explanation about your personal data, subject to safeguards, limits or exemptions your parents or guardian(s) or litigation friend can contact us using details in ‘Contact us’ section below.

On what basis can we process your information?

The legal grounds for processing your personal data are as follows:

  • It is necessary for the performance of a contract to which you are a party, or to take steps prior to entering into a contract with you. The retainer between you and TLT, which is made up of our terms of business and engagement letter, sets out the terms of the contract and the services we will provide.
  • It is necessary for the purposes of our legitimate interests, as we provide a wide range of legal, claims handling and other professional legal services and share personal data between our group entities such as TLT NI LLP. Where controllers are part of the TLT brand, collectively known as ("TLT") there is a legitimate interest in transmitting personal data within the TLT brand for internal communications, management and administrative purposes, including the processing of clients’ or employees’ personal data. We will ensure that we have the appropriate security controls in place. We will only rely on those legitimate interests to process personal data where those legitimate interests are not overridden by your interests or fundamental rights and freedoms. To determine this, we shall consider several factors, such as what you were told at the time you provided your data, what your expectations are about the processing of the data, the nature of the data, and the impact of the processing on you.
  • It is necessary in order to comply with mandatory legal obligations to which we are subject under UK law or applicable laws.
  • It is necessary in the establishment, exercise or defence of legal claims.
  • It is necessary in order to comply with laws or requirements under counter-terrorist financing or anti-money laundering obligation of the prevention, detection or prosecution of any crime.


There may be some uses of personal data that may require your specific consent. If this is the case, we will contact you separately to ask for your consent. This may be necessary in certain circumstances where you have provided your consent for us to do so. If consent is the basis for which your personal data is processed, you have the right to withdraw such consent. However, if you do so this may limit how we progress your legal matter and where we have another lawful basis to process that data, your consent or withdrawal will not be required. We respect your right to exercise the use of your consent, but it is important that you are aware that the use of consent is limited in relation to the right to withdraw your consent. Where we are required or permitted by law to continue processing your personal data to defend our legal rights, meet our legal and regulatory obligations, adhere with contractual arrangements your consent or withdrawal will not be required.

What are we going to do with your information?

We will hold and use personal information about you in the following ways:

  • Provide you with information about our seminars, events and legal topics that might be of interest to you. If you are an existing client or a business contact, we will do this on the basis that we are pursuing legitimate interests in trying to provide you with information and updates. If you are not an existing client or a corporate contact and have requested this information from us, we will do this in order to fulfil your request.
  • To carry out, monitor and analyse our business or website operations.
  • Verify your identity and establish the source of funding in any transaction.
  • Carry out appropriate anti-fraud checks (by conducting online searches using a third party identity provider).  Please note that this will not affect your credit rating.
  • Communicate with you during the course of providing our services, for example providing you with advice, dealing with your enquiries and requests.
  • To personalise your visit and help your use of our internet services and to assist you while you use those services.
  • Prepare documentation to complete transactions and commence legal proceedings on your behalf.
  • Carry out obligations arising from any contract entered into between you and third parties as part of your legal matter.
  • Refer you to another department within TLT about additional legal services which may benefit you.
  • Statistical purposes so we can analyse figures to help us manage our business and plan strategically for the future.
  • Seek advice from third parties in connection with your matter, such as legal Counsel.
  • Respond to any complaint or allegation of negligence against us.
  • To prevent or comply with applicable laws, regulations, guidance or professional obligations that we may be subject to, including anti-money laundering requirements and terrorist financing in accordance with financial crime regulations. Where personal data is necessary for the firm to carry out its anti-money laundering checks failure to provide such information may result in the firm not being able to provide the representation.

Who your information will be shared with

We have a data protection regime in place to oversee the effective and secure processing of your personal data. Based upon the services you need, we may pass your details to selected people within the ‘TLT brand’ such as TLT NI LLP or organisations (data processors) to carry out certain activities on our behalf. For example, personal information you provide may be disclosed to our agents, who may keep a record of that information.

There may be circumstances, in carrying out our legal services, or where we are obliged by law to disclose some information to third parties in connection with your legal matter; some third parties will be considered our suppliers or service providers and others will have a legitimate reason to have access to your personal data.

Our suppliers and service providers will use your information for the purposes of providing services to us or directly to you on our behalf. Such third parties may include for example insurers, payment processing, software providers and mailing services.

Our third parties can be classified as independent or joint controllers when they have a legitimate right to your information; whilst processors in relation to the provision of legal services will only have access to any personal data that is necessary for them to provide their services. We undertake the appropriate due diligence and have an agreement in place that requires them to keep your data strictly secure, confidential and not to use it other than in accordance with our specific instructions or agreements concerning the processing they are undertaking on our behalf.

This will include, but is not limited to:

  • A court or tribunal where we are acting for you in a dispute or litigation.
  • Government bodies (such as HM Land Registry or HM Revenue and Customs for property related work).
  • The solicitors acting on the other side of your matter.
  • Legal counsel, counsel’s chambers or other experts to obtain advice or assistance on your matter.
  • Other professionals and service providers (such as insurance brokers, where you wish to take out an insurance policy as part of a transaction).
  • Non legal experts to obtain advice or assistance (such as translation agencies, insurance companies).
  • Organisations involved in any merger or business reorganisation we are dealing with.
  • Panel providers who allocate legal work to us as a law firm.
  • Any disclosures to law enforcement agencies where required by law (in particular the prevention of financial crime and terrorism).
  • Our regulators including the Information Commissioner’s Office (ICO), Financial Conduct Authority (FCA), Solicitors Regulation Authority (SRA), (Law Society of Scotland, and Law Society of Northern Ireland in connection with any ongoing regulatory investigation.
  • Our professional indemnity insurer in the event a claim is made against us in order to defend ourselves.
  • The bank or building society or other lender providing finance in the transaction.
  • Medical institutions who may provide your personal records or information.
  • External auditors who may carry out independent checks of your file as part of our accreditations.
  • If there is an emergency and we think you or others are at risk.
  • A marketing service provider to enable us to send you legal insights and event information by email.

At the outset of your matter, we may not be aware of all the other parties involved as this will depend on the specific nature of the work.

We will not disclose (or sell) your personal information to any other third parties for marketing purposes.

If you are not our client

If you are not our client your personal data may be processed to enable us to provide legal advice to our client and may also be used in legal proceedings on behalf of our client. We are allowed to use your information because it is in the legitimate interests of our client (for example under the terms and conditions of a loan agreement) to do so. We may also have to use your personal data to comply with our own legal and regulatory obligations. If you have any questions about how your personal data is being used, please contact, Data Protection Officer at TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP, or email GDPR@tlt.com.

Where we are joint controllers or processors of your information

In certain circumstances, we may share personal data with third parties who may be independent or joint controllers relating to the processing of personal data we hold about you. We may also be classified as data processor in line with certain processing (in expectational circumstances). However, we will always take steps to ensure that your privacy rights continue to be protected by ensuring that roles and responsibilities are explicitly defined.

Use of electronic signatures

We have introduced electronic signatures to facilitate a smoother and faster contractual completion process. Processing personal data is necessary for the purposes of our legitimate interests. However, we process this personal data in order to arrange for the valid electronic execution of legal or other documents, such as contractual agreements, as required during the course of the provision of legal services.

We may also process this personal data in order to comply with our legal and regulatory requirements as well as for the prevention, detection and investigation of fraud. We may also require your consent to execute or complete electronic signature of documents. If you decide not to provide personal data that we have requested, then you will be unable to execute the relevant document(s) with an electronic signature through use of an e-signature platform such as DocuSign or Collaborate HQ. We reserve the right to change our electronic signature platform and where this occurs you will be notified accordingly.

Use of video conferencing facilities

In some circumstances, we may use video conferencing facilities, where face-to-face interaction is not permitted or possible. For this purpose, we may use the services of external providers including, but not limited to, Microsoft Teams or Zoom, and other providers as deemed appropriate.

The use of external providers for video conferencing services, is considered under strict internal guidelines.

The internet

TLT website may, from time to time, contain links to other websites which are outside of our control and are not covered by this Notice. We do not accept any responsibility or liability for other sites’ privacy notices or statements. If you access other websites using the links provided, please ensure that you check their privacy notices and policies before submitting any personal information.

How long we keep your data for

We will only retain your information, usually in computer or manual files, for as long as is necessary to fulfil the purposes for which the information was collected; or as required by law; or as long as is set out in any relevant contract you may hold with us. For example:

  • Carry out the legal work.
  • Establish or defend legal claims (for example negligence claims) that could be made against us.
  • Comply with legal obligations under EU/UK law (anti-money laundering regulations say your identification and source of funds information must be kept for a minimum period from conclusion of the matter).
  • Typically, for a minimum of 7 years from the date of your final bill and/ or the conclusion or closure of your legal work; in case you, or we, need to re-open your case for the purpose of defending complaints or claims against us.
  • Some information or matters may be kept for longer – such as commercial transactions, sales of leasehold purchases, matrimonial matters (financial orders or maintenance agreements etc.).
  • Wills and related documents, deeds related to unregistered property as evidence of ownership and personal injury matters which involve lifetime awards or PI Trusts may be kept indefinitely.

Security of your data

We recognise that your data is valuable, and we take all reasonable measures to protect it whilst it is in our care. We have put in place appropriate measures, including technical and organisational measures in order to protect personal data from loss, misuse, alteration or destruction. Similarly, we adopt a high threshold when it comes to confidentiality obligations such as secure servers, computer safeguards like firewalls, data encryption, annual penetration testing; and we enforce where possible, physical access controls to our buildings and files to keep data safe.

We also have appropriate measures in place, including technical and organisational measures concerning external parties in order to further protect confidentiality of all data; to ensure all personal data is handled and processed in line with our data protection, confidentiality and information security policies.

If we have given you a username and password which enables you to access certain parts of your matter on our systems, you are responsible for keeping it confidential and secure at all times. Please do not share it with anyone.

Measures when transferring personal data outside of the UK

Personal data is processed and stored in the UK. However, there may be occasions where we need to send your data outside the UK. This would cover situations where we need to deal with international aspects of your matter and instruct overseas organisations or counsel to assist.

As some organisations may be in countries outside of the UK, we will ensure that any transfers of personal data outside the UK, is undertaken following an assessment of the level of protection considering the nature and sensitivity of the personal data in question. surrounding the transfer.

We will make sure that any transfers are not repetitive and only limited to the minimum amount of information possible. We will put in place the international data transfer agreement (“IDTA”) and UK addendum to the new EU Standard Contractual Clauses (“UK Addendum”) to ensure that your data is protected with the appropriate technical and organisational controls. 

In certain circumstances we may need to seek your consent unless there is an overriding legal need to transfer the information under our one of our other lawful bases.

Your rights

  • You have certain rights under data protection laws and are able to exercise these rights in most instances, subject to applicable legal exemptions.
  • You have the right to be informed about how your personal data is being used or if we have any personal data about you.
  • You have the right to request a copy of the personal data we hold about you, known as a data subject access request (“DSAR”), and often referred to as a Subject access Request (“SAR”).
  • You have the right to request that we correct the data we hold about you.
  • You have the right to ask us to remove or delete the data we hold about you.
  • You have the right to data portability, by requesting that we send a copy of the personal data we hold about you to another organisation for your own purposes, for example when you are dealing with a different service provider. If you would like us to move, copy, or transfer your information to another organisation please let us know. We will respond to you within one calendar month after assessing whether or not this is possible, taking into account the technical and organisational compatibility of the other organisation in question.
  • You have the right to object to the processing of your data such as for direct marketing purposes. 
  • You have a right to request that we restrict the processing of your personal data. 
  • We do not use your information for automated decision making.

Where you have requested us to restrict or stop processing your data, this may impact on our ability to provide our services. Depending on the extent of your request we may be unable to continue acting for you and be forced to immediately cease acting. In these circumstances, you would remain liable for the fees and disbursements incurred to date.

If processing is restricted, we can continue to store your data in accordance with our retention practices, however, we will be unable to use it. We will do our best to comply with your request unless we have to use the data for legitimate business or legal purposes.

We respect the right of individuals to exercise these rights, but it is important that you are aware that these rights are subject to legal exemptions in certain cases, such as the prevention or detection of crime, our interests or to ensure legal professional privilege is protected. Other rights may also be limited in relation to the right to withdraw your consent or where we are required or permitted by law to continue processing your personal data to defend our legal rights, meet our legal and regulatory obligations, or adhere to contractual obligations.

If you contact us to exercise any of these rights, we will check your entitlement and respond in most cases within a calendar month.

If you have any queries or concerns about the way in which your personal data is being used, you can contact our Data Protection Officer at GDPR@tlt.com.

Your duty to inform us of changes

It is important that you take reasonable steps to ensure that your personal data remains accurate, by ensuring that the information we process about you is updated when changes such as to your full name, email address or postal address (contact details) occur.

Let us know of any changes to the personal data that you have provided to us by contacting the relevant member of staff dealing with your legal matter or if we are instructed by our client, you may contact them using the relevant mode of communication like an email, telephone or by post.

Complaints about the use of your personal data

You have the right to make a complaint to us where you consider there has been an infringement of the relevant Data Protection Laws in connection with your personal data by us.

If you wish to raise a complaint or query you can contact us to have the matter investigated by writing to Data Protection Officer, TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP, or emailing GDPR@tlt.com.

We will aim to respond to you within the statutory time frame of a month, however, there may be instances where our investigations take longer and we more time to understand your concerns. Should more time be required we will notify you and detail when you can expect to hear from us with a full response pertaining to the matter you have raised.

If you are not satisfied with our response, or believe we are not processing your personal data in accordance with the relevant Data Protection Laws, you have the right to lodge a complaint about the processing of your personal data to the UK Data Protection Regulator, the Information Commissioner’s Office (“ICO”).  Further details can be found at www.ico.org.uk or you can contact them by telephone on 0303 123 1113. 

Please note that the ICO will require you to have exhausted our internal GDPR Complaints Process before you are able to lodge a complaint directly with them. We are happy to review any concerns and seek to resolve issues and disputes you have raised in line with our obligations.

Contact us

We are committed to continually developing and promoting our compliance with Data Protection Laws and standards. You may contact us if you have any questions about this Notice or how we process your personal data in relation to your rights under the relevant data protection laws. Please contact the Data Protection Officer by email at GDPR@tlt.com or by writing to ‘Attention of the Data Protection Officer’ at TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP.


We reserve the right to update and change this notice from time to time in order to reflect any changes regulatory, legal or business practices to the way in which we process your personal data. Any changes we may make will be posted on this page.

Please review this Notice to see any updates or changes. This Notice was updated and published in June 2023 and will be reviewed annually.