Privacy Policy

Upholding your rights is important to us. We have made an effort to make sure our Privacy Policy is clear and simple.

For any questions regarding the Privacy Policy, please contact us at info@chfinancial.org or +442030867220.

Our Privacy Policy describes:

The types of information we collect and how we use the data.
The steps we take to make sure your data is secure and handled appropriately.
The rights you have to your data and how you can manage the data we collect.

Information we collect:

We only collect information from you to provide our services. In GDPR terms, that means we have legitimate interests in collecting personal data, or if you register to use our services then we collect personal data as part of the contract in providing you our services. For advertising or tracking cookies on our website, we only place them with your explicit consent. Below is a list of the types of personal data we might process, along with our reasons and lawful bases for doing so:

Date of Birth
- Reason for processing: Security / identity authentication
- Lawful Basis: Legal obligation
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Driver License/Government ID
- Reason for processing: Security / identity authentication
- Lawful Basis: Legal obligation
Email Address
- Reason for processing: Customer relations
- Lawful Basis: Contract
Employment Information
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Financial Details
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Full Name
- Reason for processing: Security / identity authentication
- Lawful Basis: Legal obligation
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Home Address
- Reason for processing: Customer relations
- Lawful Basis: Consent
- Reason for processing: Security / identity authentication
- Lawful Basis: Legal obligation
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Location Information
- Reason for processing: Security / identity authentication
- Lawful Basis: Legal obligation
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Passport/SSN/National ID
- Reason for processing: Security / identity authentication
- Lawful Basis: Legal obligation
Pension Details
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Tax Details
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Pay Details
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Annual Leave Details
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Sick Leave Details
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract
Purchase History
- Reason for processing: Accounting / Bookkeeping
- Lawful Basis: Contract

It is possible to use our website without giving us any of your personal data. We do not use cookies or similar technologies to monitor your activities on our website.

We may take the general information about how you use our website or interact with our services and use it to help us improve our services. The information we collect may be anonymised and combined with other information about the use of our services.

Managing Your Cookie Consents

We want to make it simple for you to opt-out of analytics and tracking services. To do so, contact us at info@chfinancial.org.

Alternatively, you can download a browser plug-in to manage cookies or disable cookies in your browser.

Other Information We Collect

If we do process personal data (e.g. name, email address, IP address), we make sure such processing is in accordance with the General Data Protection Regulation (GDPR) and any other applicable regulations.

If we need any additional personal data or wish to use the personal data we already have for a different purpose than originally intended, we will make sure that we inform you that the original use of your personal data has changed and/or re-notify you of our privacy policy and terms at the time the new data is collected.

Storage and Security

We use and store the personal data collected for as long as reasonably necessary to provide our services. The particular timeline depends on the type of service and our legal basis for processing the data, along with other factors such as the sensitivity of the data and specific national retention requirements. Personal data that is stored is either pseudonymised or secured through encryption and/or industry standard access controls (to make sure such access to your personal data is provided only to the people required to provide our services).

Third Parties

Some of the technologies we use for storage, analytics and marketing include third-parties like Brighpay, Brightpay, Freeagent, Google, Quickbooks, Sync, Tax Filer, Taxfiler, Xero, Zoho. We take reasonable precautions to prevent personal data from being provided to third-parties unless the services require certain personal data such as an email address. If we do share your personal data with third-parties, we will ensure that it is lawful (e.g. through consent or based on legitimate interests) and reasonably verify that the third-party data handling processes are compliant with the General Data Protection Regulation (GDPR).

International Transfers

Some of our processing and storage takes place in Canada, United States of America. In the event that your personal information is transferred from one country to another, we ensure that the transfer is compliant with the appropriate data protection and privacy laws. This includes the EU General Data Protection Regulation, the EU-US Privacy Shield, and the Swiss-US Privacy Shield.

Your rights to your data

We want to make it easy for you to understand your rights and empower you to use them.

Under the GDPR, you have the right to:

Access any personal data we have on you;
Rectify any personal data that may be incorrect;
Object to processing;
Restrict processing;
Request to erase any of your personal data;
Withdraw consent (if applicable);
Data portability: the right to a copy of your personal data in a machine-readable format and transfer it easily and freely from us to another company;
if you consider we’ve infringed upon your rights and you wish to lodge a formal complaint about us, please contact our Supervisory Authority at Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom (UK), +44 303 123 1113, casework@ico.org.uk.

Upon reviewing your personal data, if you determine that certain information is not correct please contact us. When you make requests for restriction, erasure, or rectification, we will notify you when we have made the necessary corrections or deletions.

While we will make every reasonable effort to comply with your requests, in some cases we will be unable to comply due to other, overriding concerns such as establishing or exercising legal claims, or to comply with an outstanding legal obligation.

If you have any questions or concerns about the personal data we collect, or to exercise your rights under the GDPR, please contact our designated representative: Chris Hitchcock, +442030867220.

If you believe we have not adequately addressed your concerns and you wish to make a formal complaint, you can contact your local Supervisory Authority. You can find their contact information here https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm.

Any formal legal complaints and contractual or non-contractual obligations will be addressed according to the laws of United Kingdom (UK).

Compliance and Changes

We regularly review our compliance with our Privacy Policy and will update it following any changes in applicable privacy regulation. As a result, our Privacy Policy may change from time to time. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any Privacy Policy changes on this page and, if the changes are significant, we may send a notice via email or other method of contact.

Age Restriction

Our services and products are not knowingly directed at, nor do we knowingly collect any information from persons under the age of Thirteen(13). If you are under Thirteen years old, please do not use this website or its applications. If you learn that your child has provided us with personal data without your consent, please contact us at chris@chfinancial.org or +442030867220.

Dispute Resolution

If you have any issues with our services, or feel that your rights are being infringed upon, we ask that you first submit any complaints directly to us by contacting info@chfinancial.org. In the event that the dispute cannot be resolved and you wish to settle the matter through arbitration, the courts of United Kingdom (UK) will have exclusive jurisdiction to settle any dispute which arises.

Key Terms

A cookie is a small file containing a string of characters that is sent to your computer when you visit a website. When you visit the website again, the cookie allows that site to recognise your browser. Cookies may store user preferences and other information. You can reset your browser to refuse all cookies or to indicate when a cookie is being sent. However, some website features or services may not function properly without cookies. Cookies also come in different forms. Single-session cookies are erased after a visit to a website and help with navigation. Persistent (multi-session) cookies remain until they are manually deleted or expire. Cookies can also be placed by either a first party (i.e. the website you visit) or by a third party that has permission from the first party to place a cookie.

Explicit Consent

For us to get your consent under the GDPR, that consent has to be informed (it has to be plainly written so you understand what you’re consenting to), freely given (as in we can’t coerce you by withholding some information), and unambiguous (both sides need to be sure what each doing and agreeing to, meaning it can’t be wrapped into other activities). Consent also has to be a clear affirmative action (like ticking a box or choosing particular technical settings), and you have to be able to withdraw that consent at any time.

IP address

Every device connected to the Internet is assigned a number known as an Internet protocol (IP) address. These numbers are usually assigned in geographic blocks and can either be static (i.e. your computer always has the same IP address) or dynamic (i.e. it is assigned to you by your network when you connect). An IP address can often be used to identify the location from which a device is connecting to the Internet.

Lawful Basis of Processing

This term refers to the legal reason that a company uses to process your personal data. In the GDPR, there are six lawful bases for processing personal data: consent, legitimate interests, performance of a contract, legal obligation, public interest, and to protect your vital interests. You can read about each basis in the UK ICO’s Guide to the GDPR. If you think that we are using the wrong basis for processing your personal data, please email us and we will be happy to discuss our reasoning.

Legal or Similarly Significant Effects

A processing activity has legal effects if it could impact your rights – like your freedom to associate with others, vote in an election, or take legal action – or affect your legal status or rights under a contract – like being denied housing or entry into the country. “Similarly significant effects” are ones that could affect your circumstances, behaviour, or choices. This could include decisions that affect your job prospects, or even targeted advertisements that play on particular stereotypes or biases towards minority or vulnerable groups.

Non-personally identifiable information

This is information that is recorded about users so that it no longer reflects or references an individually identifiable user.

Personal data

This is information that you provide to us which personally identifies you, such as your name, email address or billing information, or other data which can be reasonably linked to such information by CHF Ltd.

Pixel tag

A pixel tag is a type of technology placed on a website or within the body of an email for the purpose of tracking activity on websites, or when emails are opened or accessed, and is often used in combination with cookies.

Processing (of data)

“Processing” means doing anything to your data. In more legal terms, according to GDPR Article 4, this can refer to collecting, manipulating, storing, disclosing, or erasing data, among other actions.

Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person. See GDPR Article 4(5).

Special Categories of Personal Data

GDPR Article 9(1) defines special categories of personal data as data that could identify your racial or ethnic origin, political opinions, sex or sexual orientation, religious or philosophical beliefs, trade union membership, genetic information, biometric data and other health data.

Supervisory Authority

A Supervisory Authority is an independent public authority established by an EU Member State. It’s in charge of handling your complaints and making sure that all businesses in its purview are acting in accordance with the GDPR. We are based in United Kingdom (UK), our lead Supervisory Authority is: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom (UK), casework@ico.org.uk or +44 303 123 1113.

For more information, see GDPR Article 4(22) or Article 51.