Privacy Policy
Here at TMT Legal Services, we take your privacy very seriously. Please read this privacy policy carefully as it will inform you how we collect and use any personal information that we obtain about you and tell you about your privacy rights and how the law protects you.
When we use your personal data we are regulated under the General Data Protection Regulation (GDPR) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal data for the purposes of the GDPR. Our use of your personal data is subject to your instructions, the GDPR, other relevant UK legislation and our professional duty of confidentiality.
KEY TERMS USED IN THIS POLICY
We, use, our TMT Legal Services LLP
Our protection officer The person designated by us as such from time to time.
Contact details – enquiry@tmtlegalservices.co.uk 023 8254 7600
Personal data Any information relating to an identified or identifiable individual. It does not include data where the identity has been removed (anonymous data).
Special category personal data Personal data revealing racial or ethnic origin, political opinions, religious beliefs,
philosophical beliefs or trade union membership. Genetic and biometric data.
Data concerning health, sex life or sexual orientation.
Your Personal Data
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
-
Identity data includes first name/s, maiden name, last name, user name, photographic identification, client matter number or similar identifier, marital status, title, date of birth and gender. Identity data also includes information about your Professional identity such as your job title, email address, phone number and addresses, your professional experience and previous job roles and responsibilities.
-
Contact data includes billing address, delivery address, email address and telephone/ mobile numbers.
-
Financial data includes bank account and payment card details.
-
Transaction data includes details about payments, invoices and bills to and from you and other details of matters you have engaged us to deal with or goods or services we have purchased from you.
-
Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
-
Profile data includes your username and password, your interests, preferences, feedback and survey responses.
-
Usage data includes information about how you use our website, our local area networking facilities (including WiFi) and other services.
-
Marketing and communications data includes your preferences in receiving marketing communications and information from us and our third parties and your communication preferences. We also record when you receive and read marketing communications from us and we use this information to improve the quality of our marketing services and provide you with information that is more relevant to you.
-
Special categories of personal data includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership or information about your health and genetic and biometric data. We only use this data where we are required to do so for legal or regulatory purposes or where it is necessary for a specific service we are providing to you.
We may collect information about your criminal convictions and offences. This happens where we are required to do so for legal or regulatory purposes (for example, where required to comply with anti-money laundering laws), or where we need this information so that we can provide legal advice to you.
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.
Our services are not usually aimed at or intended for children. However, we may process children’s personal data when we act for them, they are beneficiaries or under an estate or trust or for you in relation to certain private matters (such as when we are advising you regarding your will, a family matter or in connection with an injury suffered by you or other members of your family). We process such personal data only where necessary for the specific client services we are providing. If it is unclear why we need children’s personal data on a specific client service, please contact the Managing Partner on the above email address who will be able to provide further information.
How Your Personal Data Is Collected
We collect most of this information from you. However, we may also collect information:
-
from publicly accessible sources, eg Companies House, HM Land Registry or publicly available posts in social media;
-
directly from a third party, eg: sanctions screening providers and client due diligence providers and from a third party with your consent, eg:
-
your bank or building society or another financial institution or advisor;
-
consultants and other professionals we may engage in relation to your matter;
-
your employer and / or trade union, professional body or pension administrators; and
-
your medical and occupational health professionals.
-
-
via our website – we use cookies on our website (for more information on cookies, please see our on our website);
-
via our information technology (IT) systems, eg:
-
case management, document management and time recording systems; and
-
monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems and email.
-
Third-party links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Changes to the privacy policy and your duty to inform us of changes
The data protection law in the UK changed on 25 May 2018 as a result of the General Data Protection Regulation (GDPR). We will continue to ensure we comply with changes to UK data protection laws.
We reserve the right to amend this policy and will notify you by updating this policy, so please check it from time to time, especially if you have ongoing dealings with us.
This privacy policy was published and last updated on 1 December 2019.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. If you would like to update your personal data, please contact the person handling your matter.
If you fail to provide personal data
Where we need to collect personal data by law (this would include, for example, where we need to carry out anti-money laundering checks), or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with our services on a matter). In this case, we may have to cancel the engagement you have with us, but we will notify you if this is the case at the time.
How we use your personal data
Under data protection law, we can only use your personal data if we have a proper reason for doing so, eg:
-
to comply with our legal and regulatory obligations;
-
for the performance of our contract with you or to take steps at your request before entering into a contract;
-
for our legitimate interests or those of a third party; or
-
where you have given consent.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
Purposes for which we will use your personal data
We have set out below, in a list format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
What we use your personal data for
Our reasons
-
To provide legal services to you.
-
For the performance of our contract with you or to take steps at your request before entering into a contract.
-
Conducting checks to identify our clients and verify their identity. Screening for financial and other sanctions or embargoes. Other processing necessary to comply with professional, legal and regulatory obligations that apply to our business, eg under health and safety regulation or rules issued by our professional regulator.
-
To comply with our legal and regulatory obligations.
-
Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies.
-
To comply with our legal and regulatory obligations.
-
Ensuring business policies are adhered to, eg policies covering security and internet use.
-
For our legitimate interests or those of a third party, ie to make sure we are following our own internal procedures so we can provide a high level of service to you.
-
Operational reasons, such as improving efficiency, training and quality control.
-
For our legitimate interests or those of a third party, ie to be as efficient as we can so we can provide a high level of service to you.
-
Ensuring the confidentiality of commercially sensitive information.
-
For our legitimate interests or those of a third party, ie to protect our intellectual property and other commercially valuable information. To comply with our legal and regulatory obligations.
-
Statistical analysis to help us manage our practice, eg in relation to financial performance, client base, work type or other efficiency measures.
-
For our legitimate interests or those of a third party, ie to be as efficient as we can so we can provide a high level of service to you.
-
Preventing unauthorised access and modifications to systems.
-
For our legitimate interests or those of a third party, ie to prevent and detect criminal activity that could be damaging for us and for you. To comply with our legal and regulatory obligations.
-
Updating and enhancing client records.
-
For the performance of our contract with you or to take steps at your request before entering into a contract. To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, e.g. making sure that we can keep in touch with our clients about existing and new services.
-
Statutory returns.
-
To comply with our legal and regulatory obligations.
-
Ensuring safe working practices, staff administration and assessments.
-
To comply with our legal and regulatory obligations. For our legitimate interests or those of a third party, eg to make sure we are following our own internal procedures and working efficiently so we can deliver the best service to you.
-
Marketing our services to: • existing and former clients; • third parties who have previously expressed an interest in our services; and • third parties with whom we have had no previous dealings.
-
For our legitimate interests or those of a third party, e.g. to promote our business to existing and former clients.
-
Credit reference checks via external credit reference agencies.
-
For our legitimate interests or a those of a third party, e.g. for credit control.
-
External audits and quality checks, e.g. for Lexcel or ISO accreditation and the audit of our accounts.
-
For our legitimate interests or a those of a third party, ie to maintain our accreditations so we can demonstrate we operate at the highest standards. To comply with our legal and regulatory obligations.
The above list does not apply to special category personal data, which we will only process with your explicit consent.
Promotional Communications
We may use your personal data to send you updates (by email or post) about legal developments that might be of interest to you and / or information about our services, including promotions or new services.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect and never sell or share it with other organisations for marketing purposes.
You have the right to opt out of receiving promotional communications at any time by:
-
contacting us by emailing enquiry@tmtlegalservices.co.uk
-
using the ‘unsubscribe’ link in emails; and
-
updating your marketing preferences using the ‘manage my subscription’ link at the bottom of our marketing emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
Who We Share Your Personal Data With
We routinely share personal data with:
-
professional advisers who we instruct on your behalf or refer you to, eg barristers, medical professionals, accountants, tax advisors or other experts;
-
other third parties where necessary to carry out your instructions, eg your mortgage provider or HM Land Registry in the case of a property transaction or Companies House;
-
our insurers and brokers;
-
external auditors, eg in relation to ISO or Lexcel accreditation and the audit of our accounts;
-
our banks; and
-
external service suppliers and agents that we use to make our business more efficient, eg typing and copying services, marketing agencies, document collation or analysis suppliers.
We only allow our service providers to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on service providers to ensure they can only use your personal data to provide services to us and to you.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
We may also need to share some personal data with other parties, such as potential buyers of some or all of our business or during a re-structuring. Usually, information will be anonymised but this may not always be possible. The recipient of the information will be bound by confidentiality obligations.
Where Your Personal Data Is Held
Information may be held at our offices and those of third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).
Some of these third parties may be based outside the European Economic Area. For more information, including on how we safeguard your personal data when this occurs, see below ‘Transferring your personal data out of the EEA’.
How Long Your Personal Data Will Be Kept
We will keep your personal data after we have finished advising or acting for you. We will do so for one of these reasons:
-
to respond to any questions, complaints or claims made by you or on your behalf;
-
to show that we treated you fairly; or
-
to keep records required by law and regulatory requirements.
We will not retain your data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of data. Further details of this are available on request from the partner dealing with your matter.
When it is no longer necessary to retain your personal data, we will delete or anonymise it.
Your Rights
You have the following rights, which you can exercise free of charge:
-
Access: The right to be provided with a copy of your personal data.
-
Rectification: The right to require us to correct any mistakes in your personal data.
-
To be forgotten: The right to require us to delete your personal data – in certain situations.
-
Restriction of processing: The right to require us to restrict processing of your personal data – in certain circumstances, eg if you contest the accuracy of the data.
-
Data portability: The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and / or transmit that data to a third party – in certain situations.
-
To object: The right to object: at any time to your personal data being processed for direct marketing (including profiling); and in certain other situations to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
Keeping Your Personal Data Secure
We have appropriate security measures to prevent personal data from being accidentally lost, or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How To Complain
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance using the email address or telephone number above.