Last updated:
December 12, 2025
Tomlin and Partners
Updated on 12.12.25
This Privacy Notice explains how Tomlin and Partners(“we”, “our”, or “us”) collects, uses, stores, and protects personal information in accordance with the UK General Data Protection Regulation (GDPR)and the Data Protection Act 2018. It outlines your rights regarding the personal data we hold and how you can exercise them. By using our services or interacting with us, you acknowledge the practices described in this notice.
Tomlin and Partners are a law firm authorised and regulated by the Solicitors RegulationAuthority (SRA). We act as a data controller for the personal information we collect and process in the course of providing legal services.
We collect personal data to assist with legal action and provide related legal services. The types of personal data we collect may include:
· Personal Identifiers: Name, address, contact information (email, phone number), date of birth, and national insurance number
· Financial Information: Bank details, payment records, and financial history
· Case-Related Data: Information related to your legal matter, including employment history, medical records, contracts, witness statements, or other sensitive data relevant to your case
· Special Category Data: In some instances, we may need to collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health information, or data related to criminal convictions, where necessary for legal purposes
· Usage Data: Information about how you use our website and services, including IP addresses, browser type, and browsing behaviour
· Technical Data: Device information, operating system, and other technical details
We may collect personal data in the following ways:
· Directly from you: When you communicate with us via phone, email, or through our website
· From third parties: Such as other legal professionals, witnesses, courts, regulatory bodies as part of your case, payment processors or analytics providers
· From publicly available sources: Which are relevant to your legal matter
· Automatically: Through cookies and similar technologies when you interact with our website
We use your personal data only for the purposes of providing legal services and assisting with legal action. This includes:
· Advising and representing you in legal matters
· Fulfilling our contractual obligations to you
· Complying with legal and regulatory requirements
· Communicating with you regarding your case or legal matter
· Billing and administration purposes
We will only use your data for the purpose it was collected unless we reasonably consider it necessary for another compatible purpose.
The legal bases for processing your personal data include:
· Contractual Obligation: We process your data as it is necessary to fulfil our contractual obligations to provide you with legal services
· Legal Obligation: We process personal data to comply with legal obligations, such as requirements set out by regulatory bodies
· Legitimate Interest: In some instances, we process your data based on our legitimate interests in providing and improving our legal services, ensuring the proper functioning of our business, and defending legal claims
· Consent: Where applicable, we may request your explicit consent to process sensitive data or for certain other activities
We will not share your personal data with third parties unless it is necessary for the legal services we provide or required by law. We may share your information with:
· Courts, tribunals, and regulatory authorities as part of your case
· Other legal professionals, barristers, and expert witnesses involved in your matter
· Service providers and agents who assist in the administration of your case (e.g., IT providers or document storage providers)
· Law enforcement agencies if required to do so by law
We ensure that any third party we engage follows the same stringent data protection standards.
We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected, including to meet legal, accounting, or regulatory requirements. Once your legal matter is resolved, we may retain your data for a period defined by law or regulation (typically 6 years or as required by theLimitation Act 1980).
When the retention period expires, your personal data will be securely deleted or anonymised.
Under the UKGDPR, you have certain rights concerning your personal data. These include:
· Access: The right to request a copy of the personal data we hold about you
· Rectification: The right to request corrections to any inaccurate or incomplete data
· Erasure: The right to request that we delete your personal data where there is no lawful basis for its continued processing
· Restriction: The right to request that we restrict the processing of your data in certain circumstances
· Objection: The right to object to the processing of your data where we are relying on legitimate interests
· Data Portability: The right to request the transfer of your personal data to another party
To exercise any of these rights, please contact us at the details provided below. We will respond within one month as required by law.
We are committed to ensuring that your personal data is secure. We have implemented appropriate technical and organisational measures to prevent unauthorised access, alteration, or disclosure of your data. All data is stored securely, and access is restricted to authorised personnel only.
We do not routinely transfer personal data outside the UK. If, in exceptional cases, such transfers are necessary (e.g., for international legal cases), we will ensure appropriate safeguards are in place to protect your data in compliance with theUK GDPR.
If you are concerned about how we are handling your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection matters. Further information can be found on their website: https://ico.org.uk.
We may update this Privacy Notice from time to time. Any changes will be posted on this page, and where appropriate, we will notify you via email. We encourage you to review this page periodically to stay informed about how we protect your personal data.
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us at:
Tomlin andPartners Limited - dpo@tomlinandpartners.com
This DataPrivacy Notice is designed to ensure transparency and compliance with data protection regulations, ensuring your personal data is processed securely and lawfully while using our legal services.
