Privacy
Policy
Last updated 3 Jun 2026
Introduction
This Privacy Notice ("Notice") explains how Cavis Marketing Limited ("Cavis", "Pocket Claim", "Data Breach Advisors", "we", "our", or "us") collects, processes, and protects personal data in the course of providing our services and conducting business operations. It also outlines the rights and choices available to you regarding your personal data.
We are committed to handling personal data lawfully, fairly and transparently in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Please read this policy carefully to understand how and why we process your data.
We provide lead generation, customer acquisition, and referral services in relation to both regulated and unregulated claims and compensation matters. This includes FCA-regulated claims management activities relating to personal injury, financial services and products, housing disrepair and employment-related claims, together with unregulated matters such as flight delay claims, data breach claims and other consumer compensation opportunities. We do not provide legal advice and are not a law firm. Where appropriate, eligible individuals may be referred to an independent professional representative or law firm.
Company Information
Cavis Marketing Limited is a company registered in England & Wales. Company Registration Number: 16437994, with its registered office at Cavis Marketing Limited, C/O Brabners LLP, 100 Barbirolli Square, Manchester, M2 3AB.
Cavis Marketing Limited is an independent Data Controller of Personal Data and registered with the Information Commissioner's Office (ICO) under registration number ZB897675.
Email address: privacy@cavis.co.uk
What Personal Data We Collect
We may collect and process the following categories of Personal Data:
| Category | Examples |
|---|---|
| Identity | Information that is capable of identifying you as an individual, including but not limited to, title, forename, surname, date of birth, and signature. |
| Contact | Information used for contact or claim related purposes, including but not limited to, a valid email address, valid mobile telephone number, residential address. |
| Claim | Information relating to a potential claim, complaint, compensation opportunity or redress matter, including details of the circumstances giving rise to the claim, supporting information, housing information, employment information, financial products or services held, membership information, account ownership information, flight information, and information required to determine whether you may be eligible to be referred to a law firm or claims management company. |
| Health | Information about health, including but not limited to, additional needs and requirements, service adaptation, and support needs. |
| Vulnerability and Support Needs | Information relating to customer vulnerability, accessibility requirements, communication preferences, financial hardship, mental or physical health conditions, capacity considerations, safeguarding concerns, or other circumstances requiring additional support or reasonable adjustments. |
| Marketing | Information about your marketing preferences and interactions, including but not limited to, consent records, opt-in status, opt-out status, and marketing/communication preferences. |
| Correspondence | Information contained in communications with you, including but not limited to, emails, letters, SMS messages, WhatsApp messages, live chat records, call recordings, complaint communications, and notes of conversations. We record and retain telephone calls and other communications where required for regulatory compliance, quality assurance, customer protection, complaint handling, evidential purposes, staff training, fraud prevention, and the establishment, exercise or defence of legal claims. |
| Technical | Information collected when you use our websites or systems, including but not limited to, device type, browser, session data, operating system, and interaction data via cookies and analytics tools. |
| Complaints | Information relating to complaints or feedback you submit, including but not limited to, complaint details, investigation records, complaint outcomes, complaint correspondence. |
| Data Protection | Information relating to data protection rights requests and regulatory compliance, including but not limited to, data protection rights requests, request records and responses, and ICO correspondence. |
How We Collect Personal Data
We may collect Personal Data about you:
Directly
We may receive your personal information from you when:
- You complete an online web form
- You contact us by telephone
- You contact us by email
- You contact us by post
- Automatically by cookies or analytics technologies when using our websites
Indirectly
We may obtain personal information about you from:
| Source | Personal Data |
|---|---|
| Big on Media Limited (website) | We may obtain personal data about you from Big On Media Limited (trading as Join The Claim). This may include your full name, contact information and marketing contact choice(s). This may occur when you submit your personal data on their website for our marketing purposes, and only with your consent. They may also provide us with your updated marketing preferences, including where you have withdrawn consent for us to send you direct marketing communications. |
| Rev-X Limited (website) | We may obtain personal data about you from Rev-X Limited. This may include your full name, contact information and marketing contact choice(s). This may occur when you submit your personal data on their website for our marketing purposes, and only with your consent. They may also provide us with your updated marketing preferences, including where you have withdrawn consent for us to send you direct marketing communications. |
| Review Platforms | We may obtain personal data about you from online review platforms, including full names, feedback, and role/appointments. |
Where we obtain personal data from publicly available sources, we will provide this Privacy Notice at the first point of contact or within one month of obtaining the data, unless an exemption under Article 14(5) UK GDPR applies.
Purposes and Lawful Basis of Processing
Under the UK GDPR, we must identify a lawful basis for each purpose of processing. We rely primarily on consent and legitimate interests, and where necessary on legal obligation. We have set out the purposes and lawful bases for processing personal data as follows:
| Purpose | Description | Lawful Basis |
|---|---|---|
| Claims Management | To identify if you have a potential claim offered by a third-party independent SRA-regulated law firm based on eligibility criteria. | Legitimate interest – Article 6(1)(f) UK GDPR as it is necessary to provide individuals with requested services and to meet the needs of independent SRA-regulated law firms to whom individuals may be referred in relation to claims. |
| Claims Management | To share your information with an appropriate independent SRA-regulated law firm to progress a claim offered by that law firm. | Legitimate interest – Article 6(1)(f) UK GDPR as it is necessary to provide individuals with requested services including sharing that information with an SRA-regulated law firm to progress that request where eligible. Establishment, Exercise or defence of legal claims – Article 9(2)(f) as an additional condition for processing where Special Category Health Data relates to a claim. |
| Contact Verification | To verify or validate the legitimacy of your mobile telephone number and email address to reduce fraud, misuse of the service, duplicate submissions. | Legitimate interest – Article 6(1)(f) UK GDPR as it is necessary to ensure contact information is genuine and accurate and so we can connect potential claimants to partnered SRA-regulated law firms and ensure effective communication regarding your potential claim. |
| Marketing | To send you marketing communications by the contact channels you have selected (SMS, Email and/or WhatsApp) about our services including different consumer compensation claims. | Consent – Article 6(1)(A) UK GDPR |
| Marketing Preferences | To manage your marketing preferences, opt-outs and screening. | Legal Obligation – Article 6(1)(C) UK GDPR to comply with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR suppression requirements. |
| Claim Updates and Notifications | To provide you with updates you have specifically requested to receive about potential claims you have expressed and registered an interest in, including any next steps that may be available to you. | Consent – Article 6(1)(A) UK GDPR |
| Call Recording and Communication Monitoring | To record, monitor, retain and review telephone calls and other customer communications for regulatory compliance, quality assurance, staff training, complaint handling, fraud prevention, evidential purposes, safeguarding vulnerable customers, and the establishment, exercise or defence of legal claims. | Legal Obligation – Article 6(1)(c) UK GDPR where recording is required to comply with FCA regulatory obligations. Legitimate Interests – Article 6(1)(f) UK GDPR to maintain service quality, protect customers and the business, and evidence interactions. Substantial Public Interest – Article 9(2)(g) UK GDPR together with Schedule 1 Data Protection Act 2018 where special category data relating to vulnerability or health is incidentally processed for safeguarding and regulatory compliance purposes. Establishment, Exercise or Defence of Legal Claims – Article 9(2)(f) UK GDPR where relevant to complaints or legal claims. |
| Vulnerable Customer Support and Reasonable Adjustments | To identify, record, assess, respond to, or share customer vulnerability, accessibility requirements, communication needs, safeguarding concerns, or support requirements in order to provide appropriate assistance, fair treatment, and reasonable adjustments, including where necessary sharing relevant information with a partnered law firm involved in your claim. | Legitimate Interests – Article 6(1)(f) UK GDPR to ensure fair customer outcomes and appropriate support. Legal Obligation – Article 6(1)(c) UK GDPR where necessary to comply with FCA obligations relating to vulnerable customers and Consumer Duty requirements. Substantial Public Interest – Article 9(2)(g) UK GDPR together with Schedule 1 Data Protection Act 2018 where special category data is processed for safeguarding or equality of opportunity purposes. Explicit Consent – Article 9(2)(a) UK GDPR where you expressly consent to us sharing health or vulnerability information with a law firm, professional representative or other claims-related service provider. |
| Complaints | To investigate and resolve complaints in accordance with regulatory and contractual obligations, including to record complaints, investigate, respond to complainants. | Legitimate Interests – Article (6)(1)(f) UK GDPR as it is necessary to investigate and resolve complaints, maintaining accurate records, improving our services, and protecting our legal and regulatory position. This processing is necessary to respond appropriately to concerns raised and to ensure fair and accountable handling of complaints. |
| Data Protection | To comply with applicable legal and regulatory obligations, including data protection compliance, record-keeping/audit trails. | Legal Obligation – Article 6(1)(C) UK GDPR to comply with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR suppression requirements. |
Disclosure of Personal Data
We may share personal data with:
- Trusted independent SRA-regulated law firms, legal representatives, claims service providers and other professional representatives involved in assessing eligibility for, advising upon, or progressing a potential claim or compensation matter
- Where special category data relating to health or vulnerability is shared, we will do so only where a lawful basis and additional condition under UK GDPR applies, including explicit consent where required
- Internal staff requiring access for service delivery, all of whom have received data protection training
- Professional advisors (e.g., legal, financial, insurance consultants)
- Third-party IT, marketing, and cloud service providers are necessary to provide our services
- Any entity involved in a sale or restructuring of our business
International Transfers
Some data may be processed outside the UK or EEA, such as when using cloud services. We will always ensure such transfers comply with UK and EU data protection laws using appropriate safeguards.
Automated Decision-Making
We do not make decisions about you based solely on automated processing that has legal or similarly significant effects. If we ever implement such technologies, we will do so only where permitted by law or based on your explicit consent, and with appropriate safeguards, including the right to obtain human review.
Data Security
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or disclosure. These include encryption, access controls, secure servers, staff training, and contractual data-processing safeguards with our suppliers. We review our security arrangements regularly to ensure they remain effective and proportionate to the nature, scope, context, and purposes of our processing. In the event of a personal data breach, we have procedures in place to identify, investigate, and notify the Information Commissioner’s Office and affected individuals where legally required.
Data Storage & Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or to meet legal, regulatory, or operational requirements. Where it is not possible to specify an exact retention period, we determine the appropriate duration by considering factors such as: the nature and sensitivity of the personal data; the potential risk of harm from unauthorised use or disclosure; the purposes for which we process the data; whether those purposes can be achieved through other means; our contractual and legal obligations; and applicable limitation periods for potential claims or regulatory investigations.
For specific retention periods, please contact us at privacy@cavis.co.uk.
Your Data Subject Rights
Under the UK GDPR, you have the following Data Subject Rights; however, not all Rights are absolute and, in some cases, shall not apply.
- The right to be informed about how your personal data is used.
- The right of access to your personal data.
- The right to rectification of inaccurate or incomplete personal data.
- The right to erasure ("right to be forgotten") in certain circumstances.
- The right to restrict processing.
- The right to data portability.
- The right to object to the processing (including for direct marketing or processing based on legitimate interests).
- Rights in relation to automated decision-making and profiling.
To exercise your rights, or if you have any concerns about how we process your personal data, please contact us at privacy@cavis.co.uk.
Your Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before withdrawal.
Your Right to Withdraw Consent for Direct Marketing
To withdraw consent for direct marketing purposes, please contact privacy@cavis.co.uk. Alternatively, you can withdraw consent at any time by using the unsubscribe mechanisms included within direct marketing communications received by SMS, WhatsApp, or email.
Data Subject Rights Conditions
| Data Subject Right | Conditions |
|---|---|
| Right of Access | The Right to Access can be restricted where disclosure would adversely affect the rights of others, involve disproportionate effort, or fall within specific exemptions under the Data Protection Act 2018. The Right to Access can also be refused if it is manifestly unfounded or excessive. |
| Right to Rectification | The Right to Rectification shall not apply if the data is accurate, if an exemption applies or if the request is manifestly unfounded or excessive. |
| Right to Erasure | Generally, the Right to Erasure shall apply if the personal data is no longer necessary for the purpose(s) which it was originally collected or processed for, where the lawful basis for processing is consent and the individual has withdrawn their consent, if the lawful basis for processing is legitimate interests and the individual has objected to the processing provided there is no overriding legitimate interest to continue the processing, where the personal data is processed for direct marketing purposes and the individual has objected to that processing, where the personal data has been processed unlawfully, or where erasure is necessary to comply with a legal obligation. It shall not apply where the processing is necessary for the establishment, exercise or defence of legal claims, to comply with a legal obligation. The request can also be refused if it is manifestly unfounded or excessive, or a specific exemption applies. |
| Right to Restrict Processing | The Right to Restrict Processing shall generally apply if the individual contests the accuracy of their personal data and we are verifying the accuracy of that data, where personal data has been processed unlawfully and the individual opposed erasure in favour of a request to restrict that data, where we no longer need the personal data but the individual needs us to retain it to establish, exercise or defend a legal claim, or the individual has objected to the processing and we are considering whether our legitimate grounds override those of the individual. It shall not apply if an exemption applies or if the request is manifestly unfounded or excessive. |
| Right to Data Portability | The Right to Data Portability shall apply if it concerns information that an individual has provided to the Controller and only if the lawful basis for processing is consent or for the performance of a contract. It may also apply if the processing is carried out by automated means. It shall not apply if an exemption applies or if the request is manifestly unfounded or excessive. |
| Right to Object | You have an absolute right to object to your personal data being used for direct marketing and in some cases where we process the personal data is processed if the lawful basis for that processing is legitimate interests. In other circumstances, the Right to Object shall not apply where we can demonstrate compelling legitimate grounds that override the individual’s interests, rights and freedoms, or for legal claims. |
| Rights Related to Automated Decision-making and Profiling | Rights Related to Automated Decision-making and Profiling may still lawfully occur if an exception applies and suitable safeguards are in place. |
Complaints
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), but you must first lodge a complaint with us directly. You can make a complaint about the handling of your or other people’s personal information, usually in the following circumstances:
- We have not properly responded to your request for your personal information.
- We have not kept your information secure.
- We hold inaccurate information about you.
- We have disclosed information about you.
- We keep information about you for longer than necessary.
- We have collected information for one reason and are using it for something else; or
- We have not upheld any of your data protection rights.
If you wish to make a complaint about how we have handled your personal data, please use the following contact information and allow one month to enable us to investigate and respond:
- Registered Office Address: Cavis Marketing Limited, C/O Brabners LLP, 100 Barbirolli Square, Manchester, United Kingdom, M2 3AB.
- Email Address: privacy@cavis.co.uk
Complaints to the Information Commissioner’s Office (ICO)
If you are dissatisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO):
- Postal Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
- Phone: 0303 123 1113
- Online: https://ico.org.uk/make-a-complaint/personal-information-complaint/
- Website: www.ico.org.uk
Cookies
Our website uses cookies and similar technologies to ensure it functions correctly, to analyse usage, and to deliver relevant content and advertising. We use Cookiebot to manage cookie consent and compliance with the UK GDPR and the Privacy and Electronic Communications Regulations (PECR).
Strictly necessary cookies operate on the basis of our legitimate interests in providing a secure and functional website. All other cookies, including those used for statistics and marketing, are deployed only with your consent.
You can review, adjust, or withdraw your consent for non-essential cookies at any time via the Cookiebot banner or by selecting “Cookie Settings” in the website footer.
Updates to this Policy
We may update this privacy policy from time to time. We will publish any changes on our website and, where appropriate, notify you by other means. The date at the top of this page indicates when it was last revised.