Privacy notice

Last updated:

August 23, 2024

This Privacy Notice explains how Tomlin and Partners ("we", "our", or "us") collects, uses, stores, and protects personal information in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. It outlines your rights regarding the personal data we hold and how you can exercise them. By using our services or interacting with us, you acknowledge the practices described in this notice.

1. Who We Are

We are a law firm authorised and regulated by the Solicitors Regulation Authority (SRA). We act as a data controller for the personal information we collect and process in the course of providing legal services.

2. What Personal Data We Collect

We collect personal data to assist with legal action and provide related legal services. The types of personal data we collect may include:

  • Personal Identifiers: Name, address, contact information (email, phone number), date of birth, and national insurance number.
  • Financial Information: Bank details, payment records, and financial history.
  • Case-Related Data: Information related to your legal matter, including employment history, medical records, contracts, witness statements, or other sensitive data relevant to your case.
  • Special Category Data: In some instances, we may need to collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or data related to criminal convictions, where necessary for legal purposes.

3. How We Collect Personal Data

We may collect personal data in the following ways:

  • Directly from you when you communicate with us via phone, email, or through our website.
  • From third parties, including other legal professionals, witnesses, courts, or regulatory bodies as part of your case.
  • From publicly available sources relevant to your legal matter.

4. How We Use Your Personal Data

We use your personal data only for the purposes of providing legal services and assisting with legal action. This includes:

  • Advising and representing you in legal matters.
  • Fulfilling our contractual obligations to you.
  • Complying with legal and regulatory requirements.
  • Communicating with you regarding your case or legal matter.
  • Billing and administration purposes.

We will only use your data for the purpose it was collected unless we reasonably consider it necessary for another compatible purpose.

5. Lawful Basis for Processing Personal Data

The legal bases for processing your personal data include:

  • Contractual Obligation: We process your data as it is necessary to fulfill our contractual obligations to provide you with legal services.
  • Legal Obligation: We process personal data to comply with legal obligations, such as requirements set out by regulatory bodies.
  • Legitimate Interest: In some instances, we process your data based on our legitimate interests in providing and improving our legal services, ensuring the proper functioning of our business, and defending legal claims.
  • Consent: Where applicable, we may request your explicit consent to process sensitive data or for certain other activities.

6. Sharing Your Personal Data

We will not share your personal data with third parties unless it is necessary for the legal services we provide or required by law. We may share your information with:

  • Courts, tribunals, and regulatory authorities as part of your case.
  • Other legal professionals, barristers, and expert witnesses involved in your matter.
  • Service providers and agents who assist in the administration of your case (e.g., IT providers or document storage providers).
  • Law enforcement agencies if required to do so by law.

We ensure that any third party we engage follows the same stringent data protection standards.

7. How Long We Keep Your Data

We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or regulatory requirements. Once your legal matter is resolved, we may retain your data for a period defined by law or regulation (typically 6 years or as required by the Limitation Act 1980).

When the retention period expires, your personal data will be securely deleted or anonymised.

8. Your Rights

Under the UK GDPR, you have certain rights concerning your personal data. These include:

  • Access: You have the right to request a copy of the personal data we hold about you.
  • Rectification: You can request corrections to any inaccurate or incomplete data.
  • Erasure: You may request that we delete your personal data where there is no lawful basis for its continued processing.
  • Restriction: You can ask us to restrict the processing of your data in certain circumstances.
  • Objection: You can object to the processing of your data where we are relying on legitimate interest.
  • Data Portability: You can request the transfer of your personal data to another party.

To exercise any of these rights, please contact us at the details provided below. We will respond within one month as required by law.

9. Security of Your Data

We are committed to ensuring that your personal data is secure. We have implemented appropriate technical and organisational measures to prevent unauthorised access, alteration, or disclosure of your data. All data is stored securely, and access is restricted to authorised personnel only.

10. International Transfers

We do not routinely transfer personal data outside the UK. If, in exceptional cases, such transfers are necessary (e.g., for international legal cases), we will ensure appropriate safeguards are in place to protect your data in compliance with the UK GDPR.

11. Complaints

If you are concerned about how we are handling your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK's supervisory authority for data protection matters. Further information can be found on their website: https://ico.org.uk.

12. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. Any changes will be posted on this page, and where appropriate, we will notify you via email. We encourage you to review this page periodically to stay informed about how we protect your personal data.

13. Contact Us

If you have any questions about this Privacy Notice or wish to exercise your data protection rights, please contact us using the contact link at the top of this page.

This Data Privacy Notice is designed to ensure transparency and compliance with data protection regulations, ensuring your personal data is processed securely and lawfully while using our legal services.

Connect 38 office building, Ashford
Contact us

We are here for you

Located 38 minutes from Central London in Ashford’s growing commercial district, we're proud to serve clients across the UK. If you have suffered harm as a result of poor clinical care and need assistance, or you just have a simple question, feel free to get in touch.

Contact us
info@tomlinandpartners.com
0203 744 5555

Tomlin & Partners

Tomlin and Partners is a trading name of Maulin Law, which is authorised and regulated by the Solicitors Regulation Authority SRA No. 8001484
HomeAbout UsFAQNews
Contact us
Trustpilot
Legal and Regulatory NoticesPrivacy NoticeComplaints ProcessCookie Policy & Settings
© Copyright 2024 Tomlin and Partners, a trading name of Maulin Law Limited. All rights reserved.