top of page

1.1 Who we are


CFO & More is a limited company, registered in Scotland under number SC 533571. Our registered office is 272 Bath Street, Glasgow, Scotland, G2 4LR. We are registered as a data controller with the registration number ZA73675


1.1.2 What personal information we collect


Personal information gathered will depend upon the activity undertaken but it may include the following areas:


• Individual contact details, including in some cases bank details

• Company name and details, including bank details

• Payroll information where we are engaged to provide payroll services

• HMRC information in relation to your obligations, submissions and returns where we are engaged to provide such services

• Contractual information relating to the services we provide you


1.3 Where we collect personal information from


• Publicly available information, e.g. records held at Companies House

• Information that you have provided to us e.g. as part of your accounting system and records

• Information you have provided to us to enable us to satisfy our anti money laundering obligations


1.4 How we use your personal information


We use personal information that we hold about you to:


• Deliver services and meet legal responsibilities

• Verify identity where this is required

• Communicate by post, email or telephone

• Understand needs and how they may be met

• Maintain records

• Process financial transactions

• Prevent and detect crime, fraud or corruption

• Comply with any applicable legal or regulatory requirements

• Carry out other purposes that we have agreed with you from time to time


1.5 Legitimate interests


One of a number of lawful reasons that we can use (or ‘process’) your personal information is called ‘legitimate interests’. Broadly speaking Legitimate Interests means that we can process your personal information if we have a genuine and legitimate reason and we are not harming any of your rights and interests.This means when you provide your personal details to us we may use your information for our legitimate business interests to carry out our work providing you with professional services. Before doing this though, we will also carefully consider and balance any potential impact on you and your rights.


1.6 Who we share your personal information with


We only share personal information with others when absolutely necessary, for the purposes for which we hold it and where appropriate contractual and security frameworks are in place:


• Regulators, government (e.g. HMRC) and law enforcement agencies. We only provide personal information in these circumstances where there is consent or a legal requirement.

• Auditors and other professional advisers that you engage directly or you consent for us to engage with on your behalf

• Internal departments and suppliers who provides service and admin support to the company, for example, providers of IT systems and accounting systems

• For the purposes of enforcing or applying the terms of our contract with you

• Where we are under a duty to disclose or share such information in order to comply with any legal or regulatory requirements, or otherwise for the prevention or detection of fraud or crime.


1.7 Discrepancy Reporting


Under Regulation 30A of the 2017 Money Laundering Regulations, we are now subject to an ongoing obligation to notify you, the client, of any material discrepancy between the information we hold as a result of Customer Due Diligence Measures and the information recorded by Companies House on the public companies register.


1.8 How we secure your data


We take the security of your information very seriously. Whilst we ensure our systems and processes are robust, we cannot guarantee 100% security. We use industry standard physical, technical, and logical security measures to protect your data, for example, we use encrypted computer systems housed with physical security measures to keep your data secure. In addition, we maintain vigorous policies, procedures and training staff in data protection and information security.


1.9 How long we retain your personal information for


We will only retain your personal data for as long as there is a provable business reason and there is a legal basis for doing so. Records are all kept in line with our company records retention policy. Under Regulation 40 of the 2017 Money Laundering Regulations, we will retain copies of documentation used to fulfil our AML obligations for a period of five years following the end of the business relationship. For further details please email


The transmission of any information from you to CFO & More via website or e-mail is not completely secure. The transmission of such data, in such circumstances, is at your own risk.


1.10 Holding personal information outside the EEA


We aim that the data we collect from you will not be transferred or stored outside the EEA (European Economic Area). However, in certain circumstances, for example our usage of cloud-based storage, this will not be possible. In such cases, we will endeavour to mirror the security requirements of the UK legal system.


Please do not send us any personal data if you do not consent to the transfer of this information outside the User Jurisdiction (including, if applicable, outside the EEA).


1.11 Your rights


Access to your personal information – You have the right to request a copy of the personal information that we hold about you, along with information on what personal information we use, why we use it, who we share it with, how long we keep it for and whether it has been used for any automated decision making. You can make a request for access free of charge.


Rectification – We want to make sure that your personal information is accurate, complete and up to date and you may ask us to correct any personal information about you that you believe does not meet these standards.


Erasure – You have the right to ask us to delete (erase) personal information about you where:


• You consider that we no longer require the information for the purposes for which it was obtained.

• We are using that information with your consent and you have withdrawn your consent

• You have validly objected to our use of your personal information

• Our use of your personal information is contrary to law or our other legal obligations.


Objecting to how we may use your information - You can object to our processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes. Please contact us as noted above, providing details of your objection.


Restricting how we may use your information – In some cases, you may ask us to restrict how we use your personal information. This right might apply, for example, where we are checking the accuracy of personal information about you that we hold or assessing the validity of any objection you have made to our use of your information. The right might also apply where this is no longer a basis for using your personal information but you don't want us to delete the data. Where this right to validly exercised, we may only use the relevant personal information with your consent, for legal claims or where there are other public interest grounds to do so.


Automated processing – If we use your personal information on an automated basis to make decisions which significantly affect you, you have the right to ask that the decision be reviewed by an individual to whom you may make representations and contest the decision. This right only applies where we use your information with your consent or as part of a contractual relationship with you.


Portability – You can ask us to provide you, or a third party with some of the personal information that we hold about you in a structured, commonly used, electronic form, so it can be easily transferred.


Withdrawing consent using your information – Where we use your personal information with your consent you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.1.12Contact information and further adviceIf you require any further information, would like to complain or would like to exercise any of your rights, please email us at 


1.13 Changes to our privacy statement


We keep this privacy statement under regular review and will issue any updated where required. Paper copies of the privacy statement may also be obtained by contacting us at the following email address:


This privacy statement was last reviewed in March 2024.


1.14 Complaints


We seek to directly resolve all complaints about how we handle personal information but you also have the right to lodge a complaint with the Information Commissioner's Office, whose contact details are as follows:


Information Commissioner's Office

Wycliffe House

Water Lane





Telephone - 0303 123 1113 (local rate) or 01625 545 745

Website –

bottom of page