The F D Centre Limited t/a The CFO Centre – Privacy Notice (Clients, Prospects and Website Users)

Contact Details

Post

FD Centre, Barbury House, Stonehill Green, Westlea, Swindon, SN5 7HB

Telephone

0800 169 1499

Email

[email protected]

Purpose of this Privacy Notice:

The F D Centre Limited, trading as The CFO Centre (the “Company”), is a data controller for the purposes of UK data protection law and collects and uses personal information about you.

Your personal information may also be shared with and processed by other companies within our group, including:

1. The CFO Centre Group Limited (“The CFO Centre Group”); and
2. The Liberti Group Limited (“The Liberti Group”)
3. Liberti Limited (“Liberti Limited”)
4. Certain minority shareholders of The Liberti Group Limited (incl. The Marketing Centre Limited; YRH Finance Team Limited; People Puzzles Limited; and Kiss the Fish Limited), under legitimate interests (PECR applies) where we reasonably believe their services may be of interest to you (“Sister Businesses”)

In this notice, references to ‘we’ or ‘us’ mean the Company.

Scope of this Notice

This notice applies to:

• Clients and prospective clients (including directors, partners, officers, employees, contractors, consultants, family members, trustees, representatives or agents).
• Website and app users.
• Event attendees and newsletter subscribers.
• Individuals involved in compliments, complaints, claims, or investigations.

Recruitment data is handled separately at:https://careers-uk.cfocentre.com/privacy-policy

What information we collect, use, and why

We may collect or use the following information to provide and improve products and services for clients:

• Names and contact details
• Occupation
• Usage data (including information about how you interact with and use our website, products and services)
• Information relating to compliments or complaints
• Video recordings
• Audio recordings (eg calls)
• Records of meetings and decisions
• Website user information
• Information provided voluntarily

We may collect or use the following personal information for the operation of client or customer accounts:

• Names and contact details
• Purchase or service history
• Account information, including registration details
• Marketing preferences

We may collect or use the following personal information for information updates or marketing purposes:

• Names and contact details
• Profile information
• Marketing preferences
• Purchase or account history
• Website and app user journey information
• IP addresses

We may collect or use the following personal information for research or archiving purposes:

• Names and contact details
• Purchase or client account history
• Website and app user journey information
• IP Addresses

We may collect or use the following personal information for dealing with queries, complaints or claims:

• Names and contact details
• Payment details
• Account information
• Purchase or service history
• Call recordings
• Witness statements and contact details
• Relevant information from previous investigations
• Customer or client accounts and records
• Financial transaction information
• Information relating to health and safety (including incident investigation details and reports and accident book records)
• Correspondence

Telephone, SMS and WhatsApp Outreach

We may use business contact details to carry out direct marketing by telephone, SMS, or WhatsApp. This includes contacting individuals in their professional business capacity to discuss our services or relevant business opportunities.

We only conduct such outreach where we consider the subject matter to be relevant to the recipient’s role or organisation.

We rely on the lawful basis of Legitimate Interests for this activity. Our legitimate interest is to promote and develop our services in the B2B environment in a proportionate way that does not unduly impact individuals’ rights and freedoms.

We may obtain business telephone numbers from our existing records, publicly available sources, referrals, or licensed business data providers. Before making any cold marketing calls, we screen numbers against the Telephone Preference Service (TPS) and Corporate TPS (CTPS) registers and will not call numbers listed on these registers unless we have the necessary consent.

<p;”>We may also share your business contact details with our trusted direct marketing and B2B outreach partners who may contact you by telephone on our behalf. These partners act strictly under our instructions, and we have entered into appropriate data processing agreements and confidentiality agreements with them to ensure that your personal data is handled securely and lawfully.

If calls are recorded for training, monitoring, or compliance purposes, individuals will be informed at the start of the call.

Individuals may object at any time to receiving telephone, SMS, or WhatsApp marketing from us or from our outreach partners acting on our behalf. If you tell us you do not wish to receive such messages, we will stop contacting you through these channels and will add your details to our suppression list to ensure your preference is respected.

We retain business contact details used for marketing only for as long as they remain relevant. Suppression records are kept as necessary to ensure we do not contact you again for marketing purposes.

AML and Identity Verification

We must verify identities for anti-money laundering and fraud prevention purposes. If required information is not provided, we may be unable to engage.

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the Information Commissioner Officer (“ICO”) website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

• Your right of access – You have the right to ask us for copies of your personal information. You can request other information such as details about where we get personal information from and who we share personal information with. There are some exemptions which means you may not receive all the information you ask for. Read more about the right of access.
• Your right to rectification- You have the right to ask us to correct or delete personal information you think is inaccurate or incomplete. Read more about the right to rectification.
• Your right to erasure- You have the right to ask us to delete your personal information. Read more about the right to erasure.
• Your right to restriction of processing- You have the right to ask us to limit how we can use your personal information. Read more about the right to restriction of processing.
• Your right to object to processing- You have the right to object to the processing of your personal data. Read more about the right to object to processing.
• Your right to data portability- You have the right to ask that we transfer the personal information you gave us to another organisation, or to you. Read more about the right to data portability.
• Your right to withdraw consent– When we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.

Accessing your data (Subject Access Request)

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

If you make a request, we must respond to you without undue delay and in any event within one month however if your request is complex or you have made a number of requests we will notify you of the time frame in line with the ICO guidance.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients are:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • To develop our products/services and grow our business

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for the operation of client or customer accounts are:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.

Our lawful bases for collecting or using personal information for information updates or marketing purposes are:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • To define types of customers for our products and services
  • To keep our website updated and relevant
  • To develop our business and to inform our marketing strategy
  • Sharing information about services offered by us and by our Sister Businesses within the Liberti network where these may be of interest.

We comply with PECR for electronic marketing. You can opt out of marketing at any time.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for research or archiving purposes:

• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • To develop our products/services and grow our business

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Our lawful bases for collecting or using personal information for dealing with queries, complaints or claims are:

• Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
• Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
• Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability. Our legitimate interests are:
  • To develop our products/services

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Where we get personal information from

• Directly from you
• Legal bodies or professionals (such as courts or solicitors)
• Publicly available sources such as Companies House, government websites and LinkedIn and which our subcontractors outside the EU (such as the Philippines, India or South Africa) then aggregate together and/or manage.
• Providers of marketing lists and other personal information
• Suppliers and service providers
• Automated technologies or interactions, As you interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies
• Third parties:
  • analytics providers such as Google based outside the EU; advertising networks based inside OR outside the EU; and
  • search information providers based inside OR outside the EU.
  • Contact, Financial and Transaction Data from providers of technical, payment and delivery services based inside OR outside the EU.
  • Identity Data and Contact Data from data brokers or aggregators such as Dun and Bradstreet based outside the EU.
  • Identity and Contact Data from publicly availably sources such as Companies House, government websites and LinkedIn and which our subcontractors outside the EU (such as the Philippines, India or South Africa) then aggregate together and/or manage.
  • Identity, Contact, Financial, Transaction, Usage, Technical, Profile, Marketing and Communications Data from our principals and regional directors who have been in contact with you for the delivery or potential delivery of services, invitation to our events or subscription for our newsletter and who are based inside or outside the EU

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the details above.

If we need to use your personal data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law

Opting Out

You can ask us or third parties to stop sending you marketing messages at any time by logging into the website and checking or unchecking relevant boxes to adjust your marketing preferences or by following the opt-out links on any marketing message sent to you or by Contacting us at any time.

Opting out of marketing will not affect personal data we need to use in connection with a product or service you have purchased, your experience of that product or service, or other transactional communications.

If you fail to provide personal data
Where we need to collect personal data by law or under a contract with you, and you do not provide it when requested, we may be unable to provide our products or services. We will notify you if this results in a product or service being cancelled.

How long we keep information

For more information on how long we store your personal information or to view our record management and retention policy please contact us using the details provided at the start of this privacy notice.

Who we share information with

Providers may be based in the EEA, Australia, Canada, Hong Kong, India, New Zealand, Singapore, South Africa, UAE, USA, South Africa or the Philippines.

• The CFO Centre Group Limited and the Liberti Group entities
• Liberti Group Sister Business under legitimate interests (PECR applies)
• Debt collection agencies
• Other financial or fraud investigation authorities
• Insurance companies, brokers or other intermediaries
• Professional or legal advisors
• Insolvency practitioners
• Regulatory authorities
• External auditors
• Organisations we’re legally obliged to share personal information with
• Publicly on our website, social media or other marketing and information media
• Previous employers
• Suppliers and service providers
• Professional consultants
• Trusted third parties whose services may interest you

Third-party links

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit

Sharing information outside the UK

Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are in place.

We share your personal data within The Liberti Group. This will involve transferring your data outside the European Economic Area (EEA).

Some of our External Third Parties may be based outside the European Economic Area (EEA) so their processing of your personal data may involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last updated 10/02/2026