Hi there!

Yes. We look a bit different. Welcome to our new brand: TSA Riley.

Our new brand unites 1,000 project consultants around the world. Together, we're helping clients and communities realise the transformative power of their built assets.

Girl Image
LinkedIn UK LinkedIn APAC

Privacy Policy

Last updated: 23 May 2024

Introduction At TSA Riley, we are committed to protecting your privacy. This Privacy Notice explains what Personal Information we collect about you, what we use it for, who we share it with, and how we protect it. It also outlines your rights and who you can contact for more information or queries.

When used in this Privacy Notice, “we”, “us”, and “our” refer to TSA Riley. In some jurisdictions, information about you may be referred to as personal data, is referred to as “Personal Information”. Personal Information refers to information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual.

We may also sometimes collectively refer to handling, collecting, protecting, and storing your Personal Information as “processing” such Personal Information.

Contact Information

TSA Riley UK and Ireland

Henry Riley, floor 6,
3 Dorset rise, London,

P: +44 (0)20 7871 1869

Contact the London team

Sydney HQ
Level 15, 207 Kent Street
Sydney NSW 2000

P: +61 2 9276 1400

Contact the APAC HQ team

What Personal Information We Collect

We may collect and process your data because:

  • You give it to us (e.g., through the webpages of this website or any other website or application of TSA Riley that links to this Privacy Notice or through any other mode of interacting with you relating to TSA Riley communications, such as online or offline newsletters and magazines, that reference this Privacy Notice or link thereto).
  • Other people give it to us (e.g., other entities of TSA Riley or third-party service providers we use to help operate our business).
  • It is publicly available. (eg, your IP address)

When other entities of TSA Riley or other third parties give us personal information about you, we ensure they comply with the relevant privacy laws and regulations. This may include, for example, informing you of the processing and obtaining any applicable and necessary permission for us to process that information as described in this Privacy Notice.

Log information, cookies, and web beacons: We may process Personal Information from you when you interact with our website or communications. For example, our service provider(s) or we may use cookies (small text files stored in a user’s browser) or web beacons (electronic images that allow us to count users who have accessed particular content and access certain cookies) to collect aggregate data. Additional information on how we may use cookies and other tracking technologies and how you can control these can be found in the Cookie Notice when you first visit our website.

Information Use

We may use your Personal Information for, or in connection with:

  • Verifying your identity when you log in to our website;
  • Managing and/or improving our website, for instance pages that you visit frequently are more likely to get updated;
  • Managing and promoting collaboration and communication, for instance we track where you are located, and that data may be used to promote specific services in that juristiction;
  • Providing and documenting training and qualifications;
  • Tailoring the content of our website to provide you with a more personalized experience;
  • Managing our relationship with you and responding to any request you submit through our website;
  • Drawing your attention to information about products and services that may be of interest to you;
  • Conducting data analysis, including usage and demographic analyses of website users;
  • Preventing fraud or criminal activity and safeguarding our technology systems and data security;
  • Monitoring and enforcing compliance with applicable terms of use and ensuring that only authorized parties are accessing the website;
  • Complying with applicable legal or regulatory requirements;
  • Responding to requests and communications from competent authorities;
  • Managing our relationship with you, which may involve sending you thought leadership or details of products and services provided by entities within TSA Riley that may be of interest to you, contacting you to receive feedback on these services, or contacting you for other market or research purposes;
  • Inviting you to attend events, seminars, participate in forums, etc.;
  • Conducting surveys on business or societal-related topics;
  • Recruitment and business development;
  • Investigating or preventing security incidents;
  • Conducting and analyzing our marketing activities;
  • Protecting our rights and/or those of other entities of TSA Riley.

Legal Basis for Processing Information

We are required by law to set out in this Privacy Notice the legal grounds on which we rely to process your Personal Information. We rely on one or more of the following lawful grounds when we use your Personal Information for the purposes outlined above:

  • Compliance with a legal obligation, such as keeping records or providing information to a public body or law enforcement agency.
  • Necessary for a legitimate interest pursued by us or a third party (and not outweighed by your privacy interests), such as the effective delivery of our website and related services offered to you; the effective and lawful operation of our website or communications; preventing fraud or criminal activity or safeguarding our technology systems and data security; supporting or protecting our business interests; ensuring that complaints are investigated; evaluating, developing, or improving our services or products.
  • Consent to us processing your information for a specific reason, which you can always withdraw.

To the extent that we process any sensitive Personal Information relating to you for any of the purposes outlined above, we will do so because either:

  • You have given us your explicit consent to process that data;
  • We are required by law to process that data;
  • The processing is necessary for the establishment, exercise, or defense of legal claims;
  • You have made the data manifestly public.

Sending You Marketing Information

We and other members of TSA Riley may use your information from time to time to inform you by letter, telephone, email, and/or other electronic methods about products and services (including those of third parties) that may interest you. Where we are legally required to obtain your consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such consent from you.

You may, at any time, ask us not to send you marketing information by following the unsubscribe instructions in our communications or contacting us using the “Contact Information” above.

Disclosure of Information to Third Parties

In connection with one or more of the purposes outlined in the “Information Use” section above, we may disclose details about you to:

  • Other parts of TSA Riley for legitimate business-related purposes;
  • Third parties that provide services to us and/or TSA Riley;
  • As part of a corporate transaction (such as a sale, divestiture, reorganization, merger, or acquisition);
  • Competent authorities (including courts and authorities regulating us or another member of TSA Riley);
  • Other third parties that reasonably require access to your Personal Information for one or more of the purposes outlined in the “Information Use” section above.

We may also need to disclose your Personal Information if required to do so by law, by a regulator, or during legal proceedings.

Please note that some of the recipients of your Personal Information referenced above may be based in countries without data protection laws similar to those in your area of residence. In such cases, we will ensure that you consented to the transfer or that adequate safeguards are in place to protect your Personal Information that comply with our legal obligations. For example, an adequate safeguard might be a data transfer agreement with the recipient based on standard contractual clauses approved for personal information transfers to third countries.

We can provide further details of the transfers described above and the adequate safeguards we used in respect of them. Please use the “Contact Information” section above for such information.

We may share non-personal, de-identified, and aggregated information with third parties for several purposes, including data analytics, research, submissions, thought leadership, and promotional purposes.

Selling of Information

We do not sell your Personal Information.

Blogs, Forums, Wikis, and Other Social Media

Our website may host various blogs, forums, wikis, and other social media applications or services that allow you to share content with other users (collectively called “Social Media Applications”). Any Personal Information or other information that you contribute to any Social Media Application can be read, collected, and used by other users of that Social Media Application over whom we have little or no control. Therefore, we are not responsible for any other user’s use, misuse, or misappropriation of any Personal Information or other information you contribute to any Social Media Application.

Privacy Practices of Third Parties

This Privacy Notice addresses only the use and disclosure of information we collect through your interaction with our website or communications. Other websites or applications that may be accessible through links from our website and communications have their own privacy notices and Personal Information collection, use, and disclosure practices. We encourage you to familiarize yourself with the privacy notices provided by these other parties prior to providing them with information.

Do Not Track

“Do Not Track” is a preference you can set in your web browser to let websites and applications you visit know that you do not want them collecting information about you. Our website responds to “do not track”. You will not see any consent information because we will not register cookies on your device.

Information Security

We use various physical, electronic, and managerial measures to keep your Personal Information secure, accurate, and up-to-date. These measures include:

  • Education and training to relevant staff so they are aware of our privacy obligations when handling Personal Information;
  • Administrative and technical controls to restrict access to Personal Information on a ‘need to know’ basis;
  • Technological security measures, including firewalls, encryption, and anti-virus software;
  • Physical security measures, such as staff security passes to access our premises.

Although we use appropriate security measures once we have received your Personal Information, the transmission of data over the internet (including by email) is never completely secure. We endeavor to protect Personal Information, but we cannot guarantee the security of data transmitted to us or by us over the internet.

Information Retention

We will hold your Personal Information on our systems for the longest of the following periods:

  • As long as is necessary for the relevant activity or services;
  • Any retention period that is required by law;
  • The end of the period in which litigation or investigations might arise in respect of the services.

Your Rights

You have various rights to your Personal Information. In particular, you have a right to:

  • Obtain confirmation that we are processing your Personal Information and request a copy of the Personal Information we hold about you;
  • Ask that we update the Personal Information we hold about you, or ask that we correct such Personal Information that you think is incorrect or incomplete;
  • Ask that we delete Personal Information that we hold about you, or restrict how we use such Personal Information;
  • Withdraw consent to our processing of your Personal Information (to the extent such processing is solely based on previously obtained consent);
  • Receive a copy of the Personal Information concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit such Personal Information to another party (to the extent the processing is based on consent or a contract);
  • Object to our processing of your Personal Information.

To help us maintain the accuracy of your Personal Information, please contact us by using the “Contact Information” section above if any of your personal details have changed.

If you are unsatisfied with the way in which we have handled your Personal Information or any privacy query or request that you have raised with us, you have a right to complain to the data protection authority in your jurisdiction. For such information, please contact us by using the “Contact Information” section above.

Verification of Personal Information Requests

For specific Personal Information requests, we must first verify your identity before processing your request. To do so, we may ask you to provide us your full name, contact information, and relationship to TSA Riley. Depending on your request, we may ask you to provide additional information. Once we receive this information, we will then review it and determine whether we can match it to the information TSA Riley maintains about you to verify your identity.

Third-Party Requests

If you are submitting a Personal Information request on behalf of someone other than yourself, please get in touch with us by using the “Contact Information” section above and include proof that you are authorized to make the request. This may be in the form of a written authorization signed by the person whom you are acting on behalf of or a valid power of attorney.

Changes to This Privacy Notice

We may modify or amend this Privacy Notice from time to time.

We will amend the date at the top of this page to let you know when we make changes to this Privacy Notice. The new, modified, or amended Privacy Notice will apply from that revision date. Therefore, we encourage you to periodically review this Privacy Notice to stay informed about how we are protecting your information.

This Privacy Notice was written in English. To the extent any translated version conflicts with the English version, the English version controls.