Privacy Policy


We respect our client’s privacy and are dedicated to protecting their personal information, this policy sets out how we aim to do this when you visit our website and inform you of the law that protects you and your rights when it comes to privacy of your personal data.

The Claims Protection Agency herein in referred to as ‘the company’.

This policy aims to provide you with details of how the company will collect and process your personal data when you use our website, this includes any of your data you may input through our website when you complete our online forms which sign you up to any of our services.

Our website is intended for the use of adults and therefore we do not wish to knowingly collect any data in relation to children.

This policy aims to complement our other policies and notices, with no intention of overruling them. Therefore, it is key to read this policy along with any other notice that we may provide to you on specific matters where we collect/process your personal data, to ensure you are informed of the reasons why we require your personal data.

Version date: this policy was in effect from 1st February 2020, any historic versions can be provided upon request.

Data Controller

The company is the data controller and are responsible for protecting your personal data in line with this policy.

Our Data Controller is John Johnstone, they are responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy. They are also accountable for answering any queries in relation to this policy and should you wish to get in contact or exercise your legal rights as explained in this policy, then you are able to do so using the below contact details:

Address: Unit 8a, Ashbrook Business Park, Longstone Road, Heald Green, M22 5LB

Telephone: 01617685766

If you are dissatisfied at any time, please contact us and we will try our best to resolve your concerns. At any time, you also have the right to make a complaint by contacting the Information Commissioner’s Office (ICO), who is the UK supervisory authority for data protection issues (

It’s crucial that personal data we hold on our files about you is up to date and accurate, so please do keep us updated with any changes throughout your relationship with us.

Our Privacy Policy may be subject to changes, we aim to inform you of such changes.

Social Media

Any of our actions and engagements on external social media platforms that the company undertake are subject to that platforms terms and conditions along with their individual privacy policies.

We advise users to use such platforms with caution and be aware of supplying personal data on such sites.

Our website uses sharing buttons on social media sites in order to help share web content directly to the platform. We advise users to use such sharing tools at their own discretion and to be aware that the social media platform can monitor their usage. The platform may store users request to share a web page directly through their social media accounts.

Our website through social media accounts might on occasions share links to other relevant web pages. Despite our best efforts we cannot protect against spam or hacking on social media sites, so again we advise users to approach shortened URLs published on such sites with caution. The company therefore cannot be held liable when visiting any shortened URLs should any damages occur.


Our website may include links to other third-party websites, applications and plug-ins. If you click on a third-party link or enable such connections this may allow third- parties to collect or share data about you. We are not responsible for these third-party websites or their privacy policies, therefore when you leave our website, we urge you to be aware of other websites privacy notices.

Data we collect about you

Personal data

Personal data relates to information about an individual from which that person can be identified. Personal data does not include anonymous data where the identity of the individual has been removed.

The personal data we might collect, process, store and transmit are detailed as follows:

  1. Identity Data: title, first, maiden and last name. Marital status, gender, and date of birth.
  2. Contact Data: current and previous addresses, email address and contact phone numbers.
  3. Claims Related Data: information provided by yourself for the purposes of considering your financial mis selling claim.
  4. Transaction Data: products and services you have engaged us for.
  5. Technical Data: internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug- in types and versions, operating system and platform and other technology on the devices you use to access our website.
  6. Usage Data: information about how you use our website, products, and services.
  7. Marketing and Communications Data: your marketing/communication preferences in receiving marketing/communications from us and our third- parties.

Should you fail to provide personal data which we require by law, or under the terms of a contract we have with you, we may not be able to perform the contract agreed or are

trying to enter in to with you. In such a scenario, we may have to cancel a product or
service you have with us, but we will notify you at the time should this be the case.

Special Categories

Should we identify that you are a vulnerable customer, we may collect data relating to your health, this will ensure we can tailor our communication and service to meet your needs and circumstances. In this instance we would obtain your consent prior to storing this information for the sole purpose of delivering our service.

We do not collect any other Special Categories of Personal Data about you (including: your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your genetic and biometric data). We also do not collect any information about previous criminal offences or convictions.

Aggregated Data

We may collect, use and share aggregated data that derives from your personal data such as demographic data. Is not considered personal data in law as it doesn’t reveal your identity, however, should we combine such data with your personal information so that your identify could be recognised we will treat this as personal data and ensure it is used in accordance with this policy.

Profiling Data

We may collect, use and share your personal data solely within our group for the purpose of improving our customer experience, for example we may perform data analysis on your engagement with us to improve our service offering. 4.0 Collecting Personal Data

The company uses varies methods to collect data including:

Direct communications

Where you directly provide us with your personal data such as by completing one of our forms or by corresponding with us by telephone, post, email etc. This includes personal data you provide when you:

  1. Appoint our products or services;
  2. Request marketing information to be sent to you; or provide us with feedback.

Automated technologies/interactions

When you visit and interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. This personal data is collected by using cookies and other similar technologies. Please see our separate cookies policy to find out more.

Third parties/publicly available sources

At times we might get personal data about you from different third parties such as:

Technical Data: from analytics providers for example Google based outside the EU;

Identity and Contact Data: from various publicly availably sources such as the Electoral Register, Companies House and credit checks based inside the EU. Identity and Contact Data: from various data brokers based inside the EU, including marketing which directs consumers to our website.

Using your Personal Data

We only use personal data in line with the law normally in following scenarios: Where you have provided clear consent for us to process your personal data for a specific purpose.

Where we need your personal data to implement the contract we are about to enter or have entered into with you.

Where it is necessary for our legitimate interests (or those of a third-party) and your interests and fundamental rights do not override those interests.

Where we need to comply with a legal or regulatory obligation.

Below we have set out a full description of all the ways we intend to use your personal data. We only intend to use your data for the purpose we collected it for, if there is a requirement to use your data for another unrelated reason, we will notify you explaining the legal basis for this decision. There may be a situation where we process your personal data without your consent where it is required by law.

There may be a situation where we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please do not hesitate to get in touch with us if you want details about the specific legal ground, we are relying on to process your personal data.

Purpose/activity Type of data Lawful basis for processing including basis of legitimate interest

To register you as a new customer

(a) Identity

(b) Contact

(a) Performance of a contract with you with consent

To process and deliver your order including:

(a) Manage payments, fees and charges

(b) Collect and recover money owed to us

(a) Identity

(b) Contact

(c) Financial

(d) Transaction

(e) Marketing and Communications

(a) Performance of a contract with you

(b) Necessary for our legitimate interests (to recover debts due to us)

To manage our relationship with you which will include:

(a) Notifying you about changes to our terms or privacy policy

(a) Performance of a contract with you

(b) Necessary to comply with a legal obligation

(a) Notifying you about changes to our terms or privacy policy

(b) Asking you to leave a review or take a survey

(b) Asking you to leave a review or take a survey

(a) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)

To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

(a) Identity

(b) Contact

(c) Technical

(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)

(b) Necessary to comply with a legal obligation

To use data analytics to improve our website, products/services, marketing, customer relationships and experiences

(a) Technical

(b) Usage

(a) Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)

To make suggestions and recommendations to you about goods or services that may be of interest to you

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

Necessary for our legitimate interests (to develop our products/services and grow our business)

Marketing, advertising, and promotions

We are committed to providing you with clear choices around personal data and the way we use it. In line with your contact preferences, we may contact you regarding different products or service that we or other companies within our group can offer you. At times we may rely upon legitimate interest to make such recommendations to you about products or services that could be of interest to you. In this case we will consider and review any potential impact upon you (positive and negative) and your rights before we begin to process your personal data for our legitimate interests. For any activity where our interests are overruled by the impact on you, we will not use your personal data (unless we have your consent or are otherwise required to or permitted to legally).

At any time, you can update your marketing preferences by contacting us and you can opt out and stop all marketing messages should you require (this will not apply to personal data that you provided us using our services).

Identity, Contact, Technical, Usage and Profile Data may be used by us to make an assessment on what we think may be of interest or what you may need or want. This enables us to conduct future marketing by deciding which product/service offers could be applicable to you.

Before we share your personal data with any third-party companies outside of the company’s group for the intention of marketing purposes will we always get your consent through an opt-in.


A cookie is an element of data that websites can send to your browser, which might then be stored on your system. See our separate cookies policy for more information about how we use cookies. Should you set your browser settings to refuse any cookies some parts of our website may not work. 6.0 Sharing your Personal Data

To undertake our processes, maintain our relationships and improve the services we offer, we may also share your personal data with other third parties we work with, such as:

Company Name Company Details Processing Activity

Solicitors Regulation Authority

Solicitors Regulation Authority, The Cube, 199 Wharfside Street, Birmingham, B1 1RN

Under regulatory requirements, we may have to share data with the Solicitors regulation Authority

Connex One Limited

Company Registration Number: 08814633 Registered Office Address: Bow Chambers, 8 Tib Lane, Manchester, England, M2 4JB

Provide our dialler system and our responsible for maintaining/safeguarding our data security.

DPD Local UK Ltd

Company Registration Number: 01421773 Registered Office Address: Dd Local Uk Ltd Roebuck Lane Smethwick West Midlands United Kingdom B66 1BY

Provide secure pick-up and delivery services.

Shred-it Limited

Company Registration Number: 04047194 Registered Office Address: Ground Floor 177 Cross Street Sale Manchester M33 7JQ

Provider of a secure documentation destruction service.

Shredall (East Midlands) Limited

Company Registration Number: 03317730 Registered Office Address: Joy House Bestwood Business Park Park Road Bestwood Village Nottingham Nottinghamshire NG6 8TQ

Provide secure data storage facilities.

Wisemann Law trading as Bee Legal

Company number: 09411174 Registered trading address: 18-22Lloyd House Lloyd Street, M2 5WA

(b) Usage

Provide legal services to our clients

Royal Mail Group Limited

Company Registration Number: 04138203 Registered Office Address: 100 Victoria Embankment London EC4Y 0HQ

Provide postal services for the business.

There may be times when we are required to disclose your personal information, these include with:

Solicitors’ Regulation Authority (SRA), Financial Conduct Authority (FCA), Claims Management Regulator, HM Revenue & Customs, other authorities, and regulators acting as processors based in the UK who may require reporting of processing activities in certain circumstances. Professional bodies such as solicitors, accountants, consultants, and any similar bodies acting as processors, based in the UK who may require reporting of processing activities under certain legal or compliance circumstances. Third parties which we may choose to sell, transfer, or merge parts of our business/assets. We may also seek to acquire another business or merge with them. If this were to happen to our business, then the subsequent new owners may choose to use your personal data in the same way as detailed in this policy.

We will only ever share your personal data in line with current UK data protection laws. Requiring all third parties to treat your personal data in line with the law and use for the intended purpose in line with our guidelines.

International Transfers

The Company may from time to time transfer personal data to countries outside of the European Economic Area (EEA). The transfer of personal data to a country outside of the EEA shall take place only if one or more of the following applies:

  1. The transfer is to a country, territory, or one or more specific sectors in that country (or an international organisation), that the European Commission has determined ensures an adequate level of protection for personal data;
  2. The transfer is to a country (or international organisation) which provides appropriate safeguards in the form of a legally binding agreement between public authorities or bodies; binding corporate rules; standard data protection clauses adopted by the European Commission; compliance with an approved code of conduct approved by a supervisory authority (e.g., the Information
    Commissioner’s Office); certification under an approved certification mechanism (as provided for in the GDPR); contractual clauses agreed and authorised by the competent supervisory authority; or provisions inserted into administrative arrangements between public authorities or bodies authorised by the competent supervisory authority;
  3. The transfer is made with the informed consent of the relevant data subject(s);
  4. The transfer is necessary for the performance of a contract between the data subject and the Company (or for pre-contractual steps taken at the request of the data subject);
  5. The transfer is necessary for important public interest reasons; The transfer is necessary for the conduct of legal claims;
  6. The transfer is necessary to protect the vital interests of the data subject or other individuals where the data subject is physically or legally unable to give their consent; or
  7. The transfer is made from a register that, under UK or EU law, is intended to provide information to the public and which is open for access by the public in general or otherwise to those who are able to show a legitimate interest in accessing the register.

Data Security

The company aim to maintain a high standard of security and privacy when it comes to protecting our customers personal information. We want to give our customers confidence in our processes and have robust measures in place to ensure we protect your information from any loss, unauthorised access or misuse. We constantly review our data security processes to ensure they remain fit for purpose.

We also limit access to customers personal data to those colleagues, agents, third- parties or contractors who absolutely need to have access.

All personal data breaches must be reported immediately to the Company’s DPO. We have an appropriate procedure in place to deal with any data breaches and will notify the persons affected and any regulator which legally require us to report the breach.

The company shall not keep personal data for any longer than is necessary in light of the purpose or purposes for which that personal data was originally collected, held, and processed. We have to keep some specific information about our customers by law, where this is the case we will keep securely and hold solely for the legal purpose required.

When personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of securely without delay.

For full details of the company’s approach to data retention, including retention periods for specific personal data types held by the company, please refer to our Data Retention Policy which you can request by contacting us.

Data Protection Rights

Under UK data protection law, you have several rights in relation to your personal data and the processing of it, including:

  1. Right of Access – entitles you to request a copy of all of the information we hold about you, commonly referred to as a ‘Data Subject Access Request (DSAR)’
  2. Right to be Informed – entitles you to request to be provided with details of how we collect and process your personal data, which is covered by this Privacy Notice
  3. Right to Rectification – entitles you to have inaccurate personal data rectified, or completed if it is incomplete
  4. Right of Erasure (to be forgotten) - entitles you to request for the deletion/removal of your personal data where there is no reason for its continued processing
  5. Right to Restrict Processing – entitles you to request no further processing of your personal data that we have collected previously in certain circumstances.
  6. Right to Object – entitles you to request that your personal data is not processed in certain circumstances for example for marketing purposes or to challenge the basis of the processing of your data
  7. Right to data portability – you have a right to request for your personal data we hold on you to be sent to another Data Controller for their own purposes
  8. Right to withdraw consent – you have the right to withdraw consent at any time.

However, this will not have affected our legal ability to do this before you withdraw your consent, and if you do withdraw consent to process your personal data, we may not be able to offer you certain services.

Should you wish to exercise your rights please contact us, there could be occasions when we aren’t able to complete your request, however we will inform you of this and the reasoning.

There is no fee when requesting a copy of your personal data, although there may be occasions where we charge a reasonable amount should we find your request recurring or unwarranted or if you require further copies of such information that we have previously provided.

In order to process any of your requests we may need to confirm your identify through a process of security checks.

We aim to respond to all relevant requests as soon as possible and usually within one month of receiving. Sometimes it may however take us longer to process, but we will always keep you informed if this is the case.

The Claims Protection Agency Limited is registered in England and Wales. Registration Number: 08467014 Authorised and Regulated by the Financial Conduct Authority: FCA No: 836470

The Claims Protection Agency, Unit 8a Ashbrook Business Park, Longstone Road, Heald Green, Manchester, M22 5LB