Caversham Financial Management Ltd – Data Privacy as of May 2018

Caversham Financial Management Ltd (“CFM”) are committed to protecting and respecting your privacy.

This notice sets out the basis on which any personal data CFM collect from you, or that you provide to us, will be processed by us.

The General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 (“GDPR”) is a new regulation which replaces the Data Protection Regulation (Directive 95/46/EC).  The Regulation aims to harmonise data protection legislation across EU member states, enhancing privacy rights for individuals and providing a strict framework within which commercial organisations can legally operate.

Your rights under GDPR are set out in this notice and apply from 25 May 2018.

Please read the following carefully to understand our views and practices regarding your personal data and how CFM will treat it.

For the purposes of data protection legislation in force from time to time the Data Controller is Caversham Financial Management Ltd, 89 St. Peters Avenue, Caversham, Berks, RG4 7DP.

Our nominated Data Protection Officer is Barry Fowler who is also a Director of the business as stated on the Companies House website.

Who CFM are and what we do

CFM provide customised part time Finance Director services to clients, and various accounting services, including payroll services, to some clients.  CFM collect the personal data of the following types of people in order to allow us to undertake our business:

  • Our employees and associate workers
  • Supplier contacts to support our services
  • Prospective and live clients
  • Employees of client companies, only where we provide payroll services

CFM collect information about you to carry out our core business.

Information you give to us or we collect about you

This is information about you that you give us by visiting our website or by corresponding with us by phone, email, SMS or otherwise.  It includes information that you provide when you:

  • Request a consultation via our website, email, phone, SMS or otherwise
  • Report a problem with our website
  • Provide information in order for us to run payroll on behalf of your employer
  • Refer colleagues or friends to us

CFM stores personal information about individuals such as name and email address, etc.  For payroll processing CFM stores additional information such as home address, date of birth, sex, salary, tax code, etc., solely for the purpose of processing payroll on behalf of your employer.

Information CFM collect about you when you visit our website

When you visit our website CFM will collect only the data you enter requesting an initial consultation.

We do not collect or store any of your IP addresses or information about your visit.

Purposes of the processing and the legal basis for the processing

CFM use the information held about you in the following ways:

To carry out our obligations arising from any contracts CFM intend to enter into or have entered into between you and CFM to provide you with the information and services that you request from us or CFM think will be of interest to you.

In the case of payroll processing, to carry out our obligations arising from any contracts CFM intend to enter into or have entered into between your employer and CFM to provide your employer with the information and services required to fulfil their payroll obligations.

Our legal basis for the processing of personal data is our legitimate interests, described in more detail below, although CFM will also rely on contract, legal obligation and consent for specific uses of data.

CFM will rely on any existing contract with you or your organisation to provide services to you or your organisation or to receive services from you or your organisation.

CFM will rely on legal obligation if CFM are legally required to hold information on you in order to fulfil our legal obligations.

CFM will rely on your consent for particular uses of your data and you will be asked for CFM express consent, if legally required.

Our Legitimate Interest

Our legitimate interest in collecting and retaining your personal data is described below:

To maintain, expand and develop our business CFM need to record the personal data of prospective client contacts.

For processing payroll on behalf of clients, CFM are required to hold all relevant personal data of the employees being paid by that client.


Should CFM want or need to rely on consent to lawfully process your data CFM will request your consent orally, by email, by SMS or by completing an online process for the specific activity.  Where consent is the lawful basis for our processing you have the right to withdraw your consent to this particular processing at any time.

Disclosure of your information

CFM will not sell or distribute your personal information to anyone else unless we have your permission or are required to do so by law to a person authorised to obtain data under specific legislation.

Where CFM store and process your personal data

All information you provide to us is stored on secure servers.

Unfortunately, the transmission of information via the internet is not completely secure.  Although CFM will do our best to protect your personal data, CFM cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk.  Once CFM have received your information, CFM will use strict procedures and security features to try to prevent unauthorised access.

Retention of your data

CFM will retain your personal data for as long as necessary in order to provide services to you and our clients and for the purposes of satisfying any legal, accounting, regulatory or reporting requirements.

CFM may archive all or part of your personal data, or delete all or part of it from our systems.

Your rights

You have the right to ask us not to process your personal data for marketing purposes, but as we have stated above, CFM will never sell or share your information for marketing purposes.

Our website may, from time to time, contain links to and from the websites of others.  If you follow a link to these websites, please note that these websites have their own privacy policies and that CFM do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

The GDPR provides you with the following rights


  • Request correction of the personal information that CFM hold about you. This enables you to have any incomplete or inaccurate information CFM hold about you corrected.
  • Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it.  You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below)
  • Object to processing of your personal information where CFM are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground.
  • Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
  • Request a transfer of your personal information to another party in certain formats, if practicable
  • Make a complaint to a supervisory body which in the United Kingdom is the Information Commissioner’s office. The ICO can be contacted through this link:

Access to information

The Data Protection Act 1998 and the GDPR give you the right to access information held about you.  CFM also encourage you to contact us to ensure your data is accurate and complete.

Changes to our privacy notice

Any changes CFM make to our privacy notice in the future will be posted on this page and, where appropriate, notified to you by email.  Please check back frequently to see any updates or changes to our privacy notice.


Questions, comments and requests regarding this Privacy Notice are welcomed and should be addressed to the Data Protection Manager, Caversham Financial Management Ltd, 89 St. Peters Avenue, Caversham, Reading, RG4 7DP or via email to:

May 2018