Skip to main content

Privacy Statement

1. Who we are

Claims Supermarket are a trading style of Rothley Law Limited who are authorised and regulated by the Solicitors Regulation Authority,SRA number 8001853, with its registered office address situated at Vantage Park, 22 High View Close, Hamilton, Leicester, LE4 9LJ (“RLL”).

RLL specialise in financial mis-selling claims and act for clients to obtain compensation for mis-sold financial products. We also act for clients in relation to obtaining stamp duty land tax rebates from HMRC.

RLL are registered with the Information Commissions Office (“ICO”) with the registration number ZB514864. RLL will be provided with, share, obtain and store personal data during the course of our business.

2. Purpose of this privacy statement

RLL are committed to protecting your personal data and privacy. This privacy statement will inform you how we process your personal data and who we may share your personal data with and relates to personal data you may provide us with over the telephone, via email, via third parties, via the Courts or via our website (“the Website”). This statement also sets out how the law protects you and your rights in relation to your personal data.

We process personal data in accordance with the Data Protection Act 2018 (“DPA”) and the Solicitors’ Code of Conduct.

We do not knowingly collect data relating to children.

RLL are majority owned by Rothley Holdings Limited, a SRA approved owner, a company registered in England and Wales under company registration number 11934639, with its registered office address situated at Vantage Park, 22 High View Close, Hamilton, Leicester, LE4 9LJ. We may on occasion share data with them for reporting purposes.

3. Data Controller

RLL are the Data Controller and become responsible for your personal data when it is provided to us by you or an introducer, which may be a financial services provider or another firm of solicitors.

We have appointed a Data Protection Officer (“DPO”) who is responsible for RLL’s compliance with the Data Protection Act 2018. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact the DPO via

You can also contact the DPO by writing to them at the address set out above.

The ICO, is the UK supervisory authority for data protection issues ( and youcan contact them regarding any concerns you may have regarding the processing of your personal data. RLL would request that if you have any concerns about our processing of your personal data you contact us with your concerns in the first instance.

4. The data we collect about you

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

RLL collect, process and retain personal information about you to enable us to provide legal advice and conduct legal proceedings and transactions on behalf of our clients.

RLL may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Personal Data such as your name, title, marital status, title, date of birth, gender and if you have any relationship to a member of our staff.
  • Contact Information such as your postal address, previous addresses, email address, and telephone numbers.
  • Financial Information such as your bank account details, salary details, mortgage details, national insurance number, pension details, income and expenditure and any other relevant information about your finances.
  • Identification information such as copies of your passport or driving licence and proof of address information.
  • Technical information such as your internet protocol (IP) address, usage data, or other information relating to your visits to our Website.
  • Communications Information such as your preferences in relation to how we communicate with you.

RLL do not generally collect any sensitive personal data (Special Categories of Personal Data) about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership.)

However, we may on occasion collect information about your health, which may affect your ability to manage your finances or communicate with us and genetic and biometric data. We will expressly ask for your permission before we hold this information.

5. Your duty to inform us of changes to your personal data

It is important that we hold up to date, accurate personal information about you, as it will help us to deal with your claim efficiently. Please inform us if your personal data changes during your relationship with us.

We may on occasion have to obtain up to date personal data via online tracing tools and/or third-party tracing agents if we are unable to contact you.

6. Change of purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

7. How is your personal data collected?

Initially we are provided with your personal data by you or by an introducer who introduces you to our firm for legal advice. The introducer is the Data Controller of your personal data and we also become a Data Controller of your personal data when they pass your details to us.

Directly from you – We may also receive some personal data from you via:

  • Our Website;
  • Any of our social media accounts;
  • In hard copy by post;
  • Over the telephone;
  • Via a telephone recording;
  • During the course of our dealings with you;
  • When you register with us for newsletters, email updates, or other services;
  • When you contact us with queries;
  • When you complete surveys for research or quality purposes; or
  • When you attend in person at one of our offices.

From Third Parties – We may also collect your personal data from other third parties, for

  • Selected data suppliers,
  • Other clients or their representatives;
  • Other parties relating to the claim;
  • Introducers or other law firms;
  • HMRC
  • Technical data from analytics providers such as Google.

Public Information – We may also collect publicly available information about you, including, directly or indirectly, through electronic data sources, in connection with anti-money laundering or for the preparation or filing of legal documents and forms.

8. How we use your personal data

We will only use your personal data when we have a legitimate reason to do so. Most commonly, we will use your personal data in the following circumstances:

  • For the purpose of providing legal services to you.
  • To carry out conflict checks to ensure we are able to provide legal services to you.
  • For fraud prevention, anti-money laundering and for the prevention or detection of crime.
  • To conduct identity checks.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory requirements and obligations.
  • To deal with queries and complaints.
  • To monitor quality of our services through audit of cases.

Promotional Communications

We may use your personal data to send you information via email, text or post, regarding other services we offer or legal developments that may interest you but only when you have provided us with permission to do so.

You have a right to opt out of receiving promotional communications at any time. Please email with your request.

Call Recording

Calls may be recorded for training and monitoring purposes and may be shared with our professional advisors and/or regulators.

9. Sharing Your Personal Data with Third Parties

We may have to share your personal data to enable us to provide the legal services to you. We shall only share your personal data with the following third parties, insofar as we are permitted to do so.

  • Third parties such as the Courts, barristers, defendant solicitors, financial experts.
  • Other third parties which may be involved in your matter, such as pension provider, HMRC.
  • The Financial Ombudsman Service, Financial Services Compensation Scheme, The Pension Ombudsman.
  • An insurance company which is involved in your claim, such as a provider of legal expenses insurance and other third-party funders.
  • The person or organisation which referred you to us, such as an introducer or claims management company.
  • A third-party company who we may use to outsource some of our administration tasks to; such as a third-party managed accounts, or an outsourced document collation/postal company, legal-costs draftsperson, typing services.
  • External auditors, such as the Solicitors Regulation Authority, the Law Society, Lexcel, financial auditors.
  • Online I.D. checking companies, who we may use to verify your identity for anti-money laundering purposes.
  • The Legal Aid Agency if you are publicly funded.
  • Third-parties you may authorise to act on your behalf.

We conduct due diligence on all third-party providers and will only work with them if we are satisfied that they take the appropriate measures to protect your personal data. We also have contractual obligations in place to ensure they only use your personal data to provide services to you and us.

10. International transfers

We do not transfer your personal data outside the European Economic Area (“EEA”).

11. Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and are required to only process your personal data on our instructions.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so or where we feel it is in your best interests to do so.

12. Data Retention – How long we keep your personal data for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

We must keep basic information about our Clients (including contact, identity, and financial information) for a period of six years after they cease being clients for legal and regulatory purposes.

In certain circumstances you can ask us to delete your data: see Request erasure below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further statement to you.

13. Your legal rights

Under certain circumstances, you have rights under the Data Protection Act 2018 in relation to your personal data as more particularly set out below.

  • Request access to your personal data – This enables you to receive a copy of the personal data we hold about you.
  • Request correction of your personal data – This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure of your personal data – This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note we may not always be able to comply with this request but if not, we shall inform you of the specific legal reasons at the time of request.
  • Object to processing of your personal data – Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
  • Request restriction of processing your personal data – This enables you to ask us to suspend the processing of your personal data.
  • Request transfer of your personal data to a third party We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
  • Right to withdraw marketing consent – You can do this at any time by emailing
  • Right to request a manual decision-making process where an automated decision-making process has been used.

If you wish to exercise any of the rights set out above, please contact us at

We may ask you to verify your identity if you make a request to exercise any of the rights set out above and ask you to complete a Data Subject Access Request Form. This is a security measure to ensure we do not disclose your personal data to any person who is not entitled to receive it. We may also contact you to request further information in relation to your request.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Time limit to respond

We try to respond to all legitimate requests within one month of receipt. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

14. Third-party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and we would encourage you if you leave our Website to read the privacy policy of any other websites you visit.


You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Website(s) may become inaccessible or not function properly. For more information about the cookies we use, please refer to our Cookie Policy.

Changes to the privacy statement

This privacy policy was created on the 21st March 2023 and is the first privacy policy of RLL.

We may change this privacy policy to reflect changes in how we process your personal data or how changes in the law. Please check this policy regularly for any updates. If there are any key updates, we will inform you.