Privacy Statement
-
Who we are
Rothley Law Limited is authorised and regulated by the Solicitors Regulation Authority,
SRA number 8001853, with its registered office address situated at 22 High View Close, Vantage Park, Leicester, LE4 9LJ (“RLL”).
RLL are a private client law firm.
As a regulated practice, we process personal information in accordance with the Data Protection Act 2018 (“DPA”) and in line with obligations imposed on us under Solicitors Regulation Authority (SRA) Standards and Regulations 2019 (Stars).
RLL is registered with the Information Commissions Office (“ICO”) with the registration number ZB514864. RLL will be provided with, share, obtain and store personal data during the course of our business.
RLL is wholly owned by Rothley Holdings Limited (RHL), an SRA approved owner, a company registered in England and Wales under company registration number 11934639, with its registered office address situated at 22 High View Close, Vantage Park, Leicester, LE4 9LJ. We may on occasion share data with RHL for reporting purposes.
-
Purpose of this privacy statement
RLL is committed to protecting your personal data and privacy. This privacy statement will inform you how we process your personal data and who we may share your personal data with and relates to personal data you may provide us with over the telephone, via video meetings, via email, via third parties, via the Courts or via our website www.rothleylaw.com (“the website”). This statement also sets out how the law protects you and your rights in relation to your personal data.
-
Data Controller
RLL is the Data Controller and becomes responsible for your personal data when it is provided to us by you, or any other party.
We take our responsibilities for data protection seriously. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact our COLP (Compliance Officer for Legal Practice), on colp@rothleylaw.com.
You can also contact the COLP by writing to them at the address set out above.
The ICO, is the UK supervisory authority for data protection issues (www.ico.org.uk) and you can contact them regarding any concerns you may have regarding the processing of your personal data. RLL would request that if you have any concerns about our processing of your personal data you contact us with your concerns in the first instance.
-
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
RLL collect, process and retain personal information about you to enable us to provide legal advice and conduct legal proceedings and transactions on behalf of our clients.
RLL may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Personal Data such as your name, title, marital status, title, date of birth, gender, family information, and if you have any relationship to a member of our staff.
- Contact Information such as your postal address, previous addresses, email address, and telephone numbers.
- Financial Information such as your bank account details, salary details, mortgage details, national insurance number, pension details, income and expenditure, capital assets, net worth, tax status and payments, and any other relevant information about your finances.
- Identification information such as copies of your passport or driving licence and proof of address information.
- Technical information such as your internet protocol (IP) address, usage data, or other information relating to your visits to our website.
- Communications Information such as your preferences in relation to how we communicate with you.
Where necessary and legally permitted, we may also collect special category personal data, such as diversity and health data and details of offences and related proceedings.
-
Your duty to inform us of changes to your personal data
It is important that we hold up to date, accurate personal information about you as it will help us to deal with your affairs efficiently. Please inform us if your personal information changes during your relationship with us.
We may on occasion have to obtain up to date personal data via online tracing tools and/or third-party tracing agents if we are unable to contact you.
-
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
-
How is your personal data collected?
Our approach is to handle the minimum personal information necessary in a reasonable and proportionate way in order to preserve the rights and freedoms of data subjects, whilst acting in the best interests of our clients.
We collect, retain and process personal information to enable us to give legal advice, provide legal and related business services and conduct legal proceedings and transactions on behalf of our clients.
Initially we are provided with your personal data by you or by an introducer who introduces you to our firm for legal advice.
Introducers who we may receive data from, include but not limited to, your other professional advisors, the courts, an introducer, another firm which may be a financial services provider or another firm of solicitors.
The introducer is the Data Controller of your personal data, and we also become a Data Controller of your personal data when they pass your details to us.
Directly from you – We may also receive some personal data from you via:
- Our website;
- Any of our social media accounts;
- In hard copy by post;
- Over the telephone;
- Via a telephone recording;
- Via video conference meetings;
- Via recordings of video conference meetings;
- During the course of our dealings with you;
- When you register with us for newsletters, email updates, or other services;
- When you contact us with queries;
- When you complete surveys for research or quality purposes; or
- When you attend in person at one of our offices.
From Third Parties – We may also collect your personal data from other third parties, for example:
- Selected data suppliers;
- Other clients or their representatives;
- Other parties relating to the claim;
- Introducers or other law firms;
- HMRC; or
- Technical data from analytics providers such as Google.
Public Information – We may also collect publicly available information about you, including, directly or indirectly, through electronic data sources, in connection with anti-money laundering or for the preparation or filing of legal documents and forms.
-
How we use your personal data
- We will only use the data collected from you for the specific purposes listed in the table below.
- We may share your personal information with trusted third parties from time to time. These third parties are our processors who will only process your personal information in accordance with our instructions. If we do this, we will put in place a contract with them which controls how your personal information may be used, and which requires that your personal information is treated in accordance with data protection laws.
- We will not share your personal information with a third party for marketing purposes unless we have your consent to do this.
- We may record our telephone conversation and or video conference calls with you and therefore any information captured via these mediums will automatically be processed for managing and developing our contract with you, regulatory, training and monitoring purposes.
| What we use your personal data for | Our reasons / Legal Basis for Processing |
|---|---|
| Servicing and Internal Processing | |
| Creating and managing your legal matter | To perform our contract with you or to take steps at your request before entering into a contract |
| Providing services to you | To perform our contract with you or to take steps at your request before entering into a contract |
| Conducting checks to identify you and verify your identity | To comply with our legal and regulatory obligations for prevention of money laundering |
| Conducting bankruptcy checks | To comply with our legal and regulatory obligations |
| Enforcing legal rights or defend or undertake legal proceedings | Depending on the circumstances: — to comply with our legal and regulatory obligations —in other cases, for our legitimate interests, i.e. to protect our business, interests and rights |
| Managing our Relationship | |
| Responding to queries or complaints that you raise | To comply with our legal and regulatory obligations |
| Marketing our services to existing and former customers – with your consent | For our legitimate interests, i.e. to promote our business to existing and former customers |
| To inform you about improvements to our website | For our legitimate interests, i.e. to optimise clients experience with us and develop our products and services |
| Customising our website and its content to your particular preferences based on a record of your selected preferences or on your use of our website And Retaining and evaluating information on your recent visits to our website and how you move around different sections of our website for analytics purposes to understand how people use our website so that we can make it more intuitive or to check our website is working as intended |
Depending on the circumstances: —your consent as gathered by the separate cookies tool on our website —see ‘our Cookies Policy for more details. —where we are not required to obtain your consent and do not do so, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price If you have provided such a consent, you may withdraw it at any time. Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to date information about blocking and deleting cookies via www.allaboutcookies.org/managecookies/clear-cookies-installed.html Blocking all cookies will have a negative impact upon the usability of many (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn) |
| Updating and enhancing customer records | Depending on the circumstances: —to perform our contract with you or to take steps at your request before entering into a contract —to comply with our legal and regulatory obligations —where neither of the above apply, for our legitimate interests, e.g. making sure that we can keep in touch with our customers about existing services |
| Communications with you not related to marketing, including about changes to our terms or policies or changes to the services or other important notices | Depending on the circumstances: —to comply with our legal and regulatory obligations —in other cases, for our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price |
| Other | |
| Protecting the security of systems and data used to provide the services | To comply with our legal and regulatory obligations We may also use your personal data to ensure the security of systems and data to a standard that goes beyond our legal obligations, and in those cases our reasons are for our legitimate interests, i.e. to protect systems and data and to prevent and detect criminal activity that could be damaging for you and/or us |
| Statistical analysis to help us understand our customer base | For our legitimate interests, i.e. to be as efficient as we can so we can deliver the best service to you at the best price |
| Disclosures and other activities necessary to comply with legal and regulatory obligations that apply to our business, e.g. to record and demonstrate evidence of your consents where relevant and to process and respond to complaints and data subject access requests. | To comply with our legal and regulatory obligations |
| To share your personal data with members of our group and third parties in connection with mergers and acquisitions of all or part of our business, restructuring, financing, asset sale or in the event of our insolvency In such cases information will only be shared where necessary |
Depending on the circumstances: —to comply with our legal and regulatory obligations —in other cases, for our legitimate interests, i.e. to protect, realise or grow the value in our business and assets |
| For any other purpose to which you agree | With your consent |
How and why we use your personal data — Special category personal data
Certain personal data we collect is treated as a special category to which additional protections apply under data protection law:
- personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership
- genetic data
- biometric data (when used to uniquely identify an individual)
- data concerning health, sex life or sexual orientation
Promotional Communications
We may use your personal data to send you information via email, text or post, regarding other services we offer or legal developments that may interest you but only when you have provided us with permission to do so.
You have a right to opt out of receiving promotional communications at any time. Please email COLP@rothleylaw.com with your request.
Call Recording
Calls & video calls may be recorded for training and monitoring purposes and may be shared with our professional advisors and/or regulators.
-
Sharing Your Personal Data with Third Parties
We may have to share your personal data to enable us to provide the legal services to you. We shall only share your personal data with the following third parties, insofar as we are permitted to do so;
- Third parties such as the Courts, barristers, defendant solicitors, financial experts.
- Other third parties which may be involved in your matter, such as pension provider, HMRC.
- The Financial Ombudsman Service, Financial Services Compensation Scheme, The Pension Ombudsman or other regulatory body for the purposes of complying with our regulatory obligations.
- An insurance company which is involved in your claim, such as a provider of legal expenses insurance and other third-party funders.
- The person or organisation which referred you to us, such as an introducer or claims management company.
- A third-party company who we may use to outsource some of our administration tasks to, including but not limited to; third-party managed accounts, outsourced document collation/postal company, legal-costs draftsperson, typing services, outsourced complaints handling provider, archive storage facility and IT providers.
- External auditors, such as the Solicitors Regulation Authority, the Law Society, Lexcel accreditation bodies, financial auditors, or other professional oversight bodies.
- In the event of a proposed or actual merger, acquisition, restructuring, financing, sale of assets, or other corporate transaction involving all or part of our business, your personal data may be disclosed to advisers, counterparties, and other relevant parties.
- In the unlikely event of insolvency, receivership, or administration, your data may be transferred to insolvency practitioners, administrators, or other appointed parties as part of the management or sale of assets, in accordance with applicable laws and regulations.
- Online I.D. checking companies, who we may use to verify your identity for anti-money laundering purposes.
- Third parties you may authorise to act on your behalf.
We conduct due diligence on all third-party providers and will only work with them if we are satisfied that they take the appropriate measures to protect your personal data. We also have contractual obligations in place to ensure they only use your personal data to provide services to you and us.
Information collected from you concerning other people
Where you provide personal information to us about other people, we accept it on the understanding that you have made the other person aware about how we will use and disclose their information.
Children
In matters involving children they will be represented by parents or legal guardians/agents. Where we are acting in matters involving children, we will explain why their personal data is needed and how it will be used.
-
Where will your personal information be processed
There may be occasions where we need to transfer your personal information to countries outside the European Economic Area, (EEA) which do not provide the same level of data protections as in the UK. For example, in relation to legal claims or transactions with an international element, or where we need to instruct overseas agents to assist us in performing our services. In these circumstances, we will take steps to ensure that your personal information is adequately protected by methods offering sufficient assurances and guarantees that the information is given the necessary safeguards to prevent it from accidental or unlawful, disclosure, access alteration or destruction.
-
Data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know and are required to only process your personal data on our instructions.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so or where we feel it is in your best interests to do so.
-
Data Retention – How long we keep your personal data for
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements. By way of example, in relation to anti money laundering regulations and counter terrorist financing where we are required to keep information for minimum periods. It could also include conducting legal work as instructed or establishing or defending claims which could be made against us, for example for negligence in the performance of our obligations.
In certain circumstances you can ask us to delete your data: see Request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further statement to you.
-
Your legal rights
Under certain circumstances, you have rights under the Data Protection Act 2018 in relation to your personal data as more particularly set out below:
- Request access to your personal data – this enables you to receive a copy of the personal data we hold about you;
- Request correction of your personal data – this enables you to have any incomplete or inaccurate data we hold about you corrected;
- Request erasure of your personal data – this enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. Please note we may not always be able to comply with this request but if not, we shall inform you of the specific legal reasons at the time of request;
- Object to processing of your personal data – where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes;
- Request restriction of processing your personal data – this enables you to ask us to suspend the processing of your personal data;
- Request transfer of your personal data to a third party – we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format;
- Right to withdraw marketing consent – you can do this at any time by emailing COLP@rothleylaw.com;
- Right to request a manual decision-making process where an automated decision-making process has been used.
If you wish to exercise any of the rights set out above, please contact us at COLP@rothleylaw.com.
We may ask you to verify your identity if you make a request to exercise any of the rights set out above and ask you to complete a Data Subject Access Request Form. This is a security measure to ensure we do not disclose your personal data to any person who is not entitled to receive it. We may also contact you to request further information in relation to your request.
Depending on the nature and extent of your request, we may be unable to continue acting for you. In this event, you will remain liable for our fees and disbursements incurred before the request was made.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
Time limit to respond
We try to respond to all legitimate requests within one month of receipt. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
-
Third-party links
The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, and we would encourage you, if you leave our website, to read the privacy policy of any other websites you visit. We do not accept any responsibility for a third-party site or use of your information or their use of cookies.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the website(s) may become inaccessible or not function properly. For more information about the cookies we use, please refer to our Cookie Policy.
Changes to the privacy statement
We may change this privacy policy to reflect changes in how we process your personal data or how changes in the law. Please check this policy regularly for any updates. If there are any key updates, we will inform you.
V.2 – July 2025