Privacy Policy

General Data Protection Regulation Compliant

Updated May 2018

This privacy policy outlines what information (“PERSONAL DATA”) is collected from you (“CLIENT”) and how that information is handled by CNG Associates Ltd (the “COMPANY”). All is done in accordance with the General Data Protection Regulation (GDPR).

CNG Associates (the “COMPANY”) respects your privacy concerns and provides this privacy statement to explain what information is gathered during an interaction and or visit to the COMPANY and how such information may be used.

If you have questions about this Privacy Policy and how we use your personal data, please contact us directly at:CNG Associates, 23 Austin Friars, London, EC2N 2QPor email, and we will aim to respond to your query within 30 days from receipt.


To serve you, the COMPANY collects specific personally identifiable information (“PERSONAL DATA”), such as your name, address, telephone number, date of birth, identification documents, national insurance number, personal bank statements (when needed), so that it can provide their services year end accounts, tax returns, payroll, VAT, company secretarial services, business start up, bookkeeping, budgets and forecasts, business plans, and tax planning.

PERSONAL DATA is information that specifically identifies you (name, email address, home address, business address, job title, phone number, national insurance number, date of birth) and can be used to specifically locate you from within the COMPANY’S database and or filing system.

The COMPANY collects this information from you:

  • Name
  • Email
  • Address
  • Telephone number
  • Date of birth
  • Identification documents
  • National insurance number
  • Tax reference number and tax codes
  • Employment and tax history
  • Personal bank statements (when required)

Information provided by CLIENT (at the time of signing a letter of engagement, attending client meetings, corresponding via email and mail, and submitting financial and business accounts) is used to:

  • Prepare accounts, register taxes with HMRC, register and form limited companies, payroll processing, tax returns preparation, communicate with Companies House, and provide the business accountancy, taxation and related services you have contacted to receive from us.
  • Keep CLIENT file in good standing;

PERSONAL DATA submitted voluntarily by the CLIENT is held:

  • On the COMPANY computer and backup, and hard copy(if necessary) in long term storage as required
  • For 8 years (or longer if necessary).
  • Data can be accessed by CNG Associates Ltd’s employees for the purpose of performing of our services to clients

You can request copies of your personal data or deletion (subject to legal requirements) by emailing the COMPANY at


The COMPANY is legally processing CLIENT’S PERSONAL DATA based on the following:

  • The CLIENT has given his or her explicit and voluntary consent to the COMPANY;
  • The CLIENT has a contract with the COMPANY that necessitates the COMPANY having his or her PERSONAL DATA;
  • The COMPANY has a legal obligation that requires processing CLIENT’S PERSONAL DATA;
  • There is a vital interest that necessitates the COMPANY processing CLIENT’S PERSONAL DATA;
  • The COMPANY has an obligation necessitated by a public interest to process CLIENT’S PERSONAL DATA;
  • The COMPANY has a legitimate interest to process CLIENT’S PERSONAL DATA;


PERSONAL DATA is never sold, leased, or shared with any third parties, except with legal bodies as required to fulfil requirements set out within our CONTRACT. A third party is a COMPANY outside of the CLIENT – COMPANY relationship.


The COMPANY does not store any credit card information it may receive in regard to a specific transaction and/or billing arrangement except as necessary to complete and satisfy its rights and obligations with regard to such transaction, billing arrangement, and/or as otherwise authorized by a user.

The COMPANY only stores credit card statements for year end accounts and tax return preparation.


The COMPANY may disclose CLIENT information in special cases when required by  law enforcement and onlywhen required by law.

If the COMPANY has reasonable reason(s) to believe that disclosing PERSONAL DATA held by the COMPANY is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference (either intentionally or unintentionally) with the COMPANY’S rights or property, and or anyone else that could be harmed by such activities, then the COMPANY will work with the appropriate and legitimate law enforcement and or legal authorities to make sure that the PERSONAL DATA is handled in accordance with the applicable laws.


As a CLIENT you have the following rights:

  • Transparent information from the COMPANY regarding how they communicate and interact with the CLIENT;
  • The right to hear back from the COMPANY regarding any inquiry into CLIENT’S PERSONAL DATA;
  • To request correction of PERSONAL DATA from the COMPANY;
  • Access to CLIENT’S PERSONAL DATA including knowing the purposes that the data is used for;
  • To request erasure from the COMPANY’S records provided that there are not overriding legal, public interest, or legitimate interests;
  • To a restriction on the processing of the PERSONAL DATA;
  • Data portability of PERSONAL DATA (having a record provided to you that is readable and commonly used that outlines the PERSONAL DATA the COMPANY has on you)
  • To object to processing of PERSONAL DATA – the COMPANY shall no longer process the CLIENT’S PERSONAL DATA unless the COMPANY demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the CLIENT or for the establishment, exercise or defence of legal claims.
  • To file a complaint with the supervisory authority;
  • The right to unsubscribe at any time (withdraw consent)


Profiling means any form of automated processing of PERSONAL DATA consisting of the use of PERSONAL DATA to evaluate certain personal aspects relating to a CLIENT, in particular to analyse or predict aspects concerning that CLIENT’S performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;



The COMPANY recognizes the special obligation to protect PERSONAL DATA obtained from children age 13 and under. Any data collected from children age 13 and under will be done in a signed document by the parent and or guardian of the child.


If you have any complaints or concerns about the COMPANY or about this privacy statement, please let the COMPANY know directly.


Security for all PERSONAL DATA is extremely important to the COMPANY.

Unfortunately, no data transmission over the internet can be guaranteed to be 100% secure.

As a result, while the COMPANY strives to protect CLIENT’S PERSONAL DATA, the COMPANY cannot ensure or warrant the security of any PERSONAL DATA the CLIENT transmits via the internet. By transmitting any such information to the COMPANY, CLIENT accepts that he or she does so at their own risk.


Customer list and information are properly considered assets of a business. If COMPANY merges with another entity, or if it sells its assets to another entity, the COMPANY’S customer list and information would be included among the assets transferred.

CLIENT would be given the opportunity to object before any such transfer would occur.