This privacy notice (“Notice”) collectively with our terms of business (“TOB”) in the provision of legal services and any other relevant documents referenced in this Notice, sets out our responsibility and commitment to protecting the privacy and confidentiality of the personal data. We recognise and comply with the rules of professional conduct, which impose a duty to preserve and protect information that we process in relation to the services we provide.

This Notice is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can request a hard copy of this document by emailing GDPR@tlt.com

Please read this Notice carefully in conjunction with our primary Privacy Notice to understand why your data is being processed, and what we do with that data once it is in our possession.

TLT LLP is a law firm and limited liability partnership registered in England under number OC308658 and regulated by the Solicitors Regulation Authority under number 406297. Our registered office is 1 Redcliff Street, Bristol, BS1 6TP. We are registered with the Regulator, the Information Commissioner’s Office (“ICO”) under the registration number Z5378293.

TLT (NI) LLP is a law firm and limited liability partnership registered in Northern Ireland under number NC000856 and regulated by the Law Society of Northern Ireland. Its registered office is River House, 48-60 High St, Belfast, BT1 2BE. We are registered with the Regulator, the Information Commissioner’s Office (“ICO”) under the registration number Z3336501.

This Notice gives you information about how TLT LLP and TLT NI LLP (collectively referred to as ‘TLT’, ‘we’, ‘us’ or ‘our’ in this Notice)

Controller

Both TLT LLP and TLT NI LLP are data controllers pursuant to the UK General Data Protection Regulation and Data Protection Act 2018 and are responsible for your personal data.

In the process of carrying out work for our clients, we will in almost all instances act as a data controller. In very limited circumstances we may act as a data processor and where this is the case, will ensure that an appropriate contract is put in place with our client.

Data Protection Officer

We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this Notice. If you have any questions about this Notice, including any requests to exercise your legal rights, contact the DPO using the information set out in the contact details section.

Personal data means any information about an individual from which that person can be identified.

At TLT we take privacy seriously and will only use your personal information to assist our clients in administering the mortgage and/ or loan and/or other finance agreement and/or guarantee and/or other security document, carry out any obligations arising from the mortgage and/ or loan and/or other finance agreement and/or guarantee and/or other security document between you and our client, and provide related legal services to our client. 

In the majority of cases personal data will be restricted to basic information and information needed to complete certain checks. However, some of the work we do may require us to ask or obtain more sensitive data.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data includes first name, last name, any previous names, username or similar identifier, marital status, title, date of birth, gender, Photographic identification and proof of address documents.
  • Contact Data includes billing address, home address, email address and telephone numbers.
  • Financial Data includes bank/mortgage account and payment details, income and expenditure, mortgage payment history and balances.
  • Transaction Data includes details about your mortgage payments to our client, outstanding balances, and other details of products and services you have purchased from our client.
  • Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access this website.

We also collect, use and share aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals' Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users are interacting with our website to help improve the website and our service offering.

In certain circumstances, our collection of the different categories of data set out above may include the collection of Special Categories of Personal Data about you. We may ask for information about your health for the purpose of identifying and being considerate of any disabilities or identifying you as a vulnerable customer. We ensure that the personal information we hold is secured by appropriate technical and organisational security measures.

Audio/Voice Recordings

We do not routinely record all telephone calls with clients, customers or witnesses. We may record certain interactions with clients and customers when they relate to discussions around customer or client billing arrears or where required for regulatory, monitoring and compliance purposes. Any audio/voice recordings of telephone conversations will be retained in accordance with our regulatory requirements. For example, for FCA related activities, this is for a minimum period of 12 months after the call has taken place. Recordings relating to non FCA activities are retained in accordance with business need.

We may issue you with a telephone note summarising our discussion with you when you ask us for recordings of telephone calls. Please note it is not always possible to provide transcripts of calls.

We use different methods to collect personal data from and about you including:

  • From our client when they provide instructions to us.
  • When we communicate with you by post, email or other electronic correspondence or by telephone.
  • Through third parties or publicly available sources. We will receive personal data about you from various third parties and public sources.
  • Identity and Contact Data from publicly available sources such as Companies House and the Electoral Register based inside the UK.

Your personal data is being processed to enable us to provide legal advice to our client and may also be used in legal proceedings to establish, exercise or defend legal rights on behalf of our client following their instructions to seek the services of a professional law firm.

We are allowed to use your information because it is in the legitimate interests of our client under the terms and conditions of your mortgage and/ or loan and/or other finance agreement and/or guarantee and/or other security document to do so. We also have to use your personal data to comply with our own legal and regulatory obligations in accordance with Data Protection Legislation, whilst applying appropriate safeguards that protect your privacy and data rights.

Where processing of "special category data" is necessary in the context of legal claims or where another legal ground other than explicit consent is available to us under relevant data protection legislation.

Where our legal services require us to process "special category data" and where we have obtained your explicit consent to do so. If we seek and obtain your consent, you may withdraw it at any time.

We do not use your information for automated decision making. This means that no decisions will be made about the processing of your information solely by automatic means, where no humans are involved in the decision-making process.

There may be circumstances, in carrying out our legal services on behalf of our client, or where we are obliged by law to disclose some information to third parties in connection with the legal matter on which we are instructed.

Typically, these sources include financial institutions (e.g., our client), other parties involved in the legal proceedings (for example where you have instructed a solicitor) and government bodies (such as HM Land Registry).

We may also need to share your information with selected people or organisations when required to do so in the course of progressing the legal matter, or where we are obliged by law. This will include making disclosures to Court, other individuals that may be occupying your property, and legal counsel or other agents or professional experts we use to obtain advice or assistance in the matter.

If you or another party to the litigation is based outside of the UK, it may be necessary to make a cross-border transfer of personal data. We will always ensure that any information shared or disclosed is undertaken pursuant to the requirement for third parties to respect the security of personal data and to treat it in accordance with data Protection Legislation.

At the outset of your matter, we may not be aware of all the other parties involved as this will depend on the specific nature of the work.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

We do not generally store or transfer your personal data outside the UK. However, there may be occasions where we need to send your data outside the UK EU. This would cover situations where we need to deal with international aspects of our clients matter and instruct overseas organisations or counsel or experts to assist. For example, when you are residing in another country, and we need to serve you with Court papers. We will not need to seek your consent in these circumstances as there is a legal need to transfer the information.

Whenever we need to transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring that the following safeguards are in place:

  • We will only transfer your personal data to countries that have been deemed by the UK to provide an adequate level of protection for personal data;
  • We may use specific standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK, namely the International Data Transfer Agreement or The International Data Transfer Addendum to the European Commission’s standard contractual clauses for international data transfers. To obtain a copy of these contractual safeguards, please contact us at GDPR@tlt.com

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We will only retain your personal information for as long as necessary to carry out the legal work, establish or defend legal actions that could be made against us or our client, and to comply with obligations under the law.  For example, should the mortgage and/or loan and/or other finance agreement and/or guarantee and/or other security document payments be defaulted on in the future, and we are re-instructed by our client, we may use information that was passed to us at the start of our involvement.

The retention periods are based on the requirements of relevant data protection laws, the purpose for which the information is collected and used, legal and regulatory requirements to which we are required to retain personal data, limitation periods for taking legal action, good practice and our business purposes.

You have rights under data protection laws in relation to your personal data.

You have a right to request a copy of the personal information we hold about you, known as a data subject access request (DSAR). You also have the right to request that information we hold about you which may be incorrect, or which has been changed since you first told us, is updated or removed.

These requests are free of charge and can be sent to the Data Protection Officer, TLT LLP, 1 Redcliff Street, Bristol, BS1 6TP or to GDPR@tlt.com.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

If you contact us to exercise any of these rights, we will check your entitlement. We try to respond to all legitimate requests within one calendar month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you have any questions about this Notice or about the use of your personal data or you want to exercise your privacy rights, please contact our DPO in the following ways:

  • Email address: GDPR@tlt.com
  • Postal address: FAO Data Protection Officer, TLT LLP, One Redcliff Street, Bristol, BS1 6TP, United Kingdom

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. You can read our Complaints Policy here.

You may make a complaint by using the details above or via our Complaints e-Form at https://www.tlt.com/privacy/dpa-gdpr-complaints-form/

Due to the nature of the services that we provide in most cases we are likely to be able to continue to hold and process information for the limited purposes explained in the notice even when objections are raised.

We keep our privacy notice under regular review. This version was last updated in September 2024.