Privacy Policy

CWF & Partners Ltd is a firm of chartered accountants and business advisers who are bound by our professional body’s relevant professional codes and regulations, including client confidentiality and the protection of client data.

We have adopted a risk-based approach to data protection, whereby our policies and procedures only cover those areas which apply to our use of personal information.

This privacy policy explains how we use any personal information we collect about you when you use our services.

It is your responsibility to share this policy with your employees whose information we hold as part of our service to you.


We collect only the information necessary to perform the services that you have requested from us as agreed in the signed engagement letter.

The information we collect may include:

Your name, date of birth, NI number, passport number, address, email address, telephone number, job title, personal financial details and any other information we need in order to provide you with the services you require from us.

In some circumstances depending on the service we are providing to you, we may need more sensitive personal data like information about your physical or mental health, the commission or alleged commission of any offence by you, any proceedings for an offence committed or alleged offence committed by you, your membership of a Trade Union, etc.

You do not have to provide us with any personal information and you may at any time ask us to restrict or stop processing the personal information which you have supplied to us.

If however you decide not to supply us with the personal information we require or to restrict or stop us from further processing your personal information, we may not be able to provide you with the services that you have requested us to do.

We collect your personal information directly from you or a third party acting under your instruction or on your behalf.

We collect your information in line with relevant regulations and law. This may relate to any of our services you apply for, currently use or have used in the past.

Where we perform payroll services for your company, we usually collect employee information that you as the employer make available to us. We only collect employee information to the extent that is needed in order to perform the services you require from us.

We use the personal information you give us to perform services that you request from us. These services are stipulated in the letter of engagement that you agree to.

We cannot do any processing outside of the engagement letter without separate instruction from you.

We have no automated decision-making procedures in place. All decision-making is done by actual people.

We may share your information with third parties in order to provide our agreed service to you. These third parties include, but are not restricted to HM Revenue & Customs for taxation purposes, Companies House, pension companies regarding auto-enrolment, credit and identity check agencies as part of law enforcement and our regulators and supervisory authorities like the Financial Conduct Authorities (FCA) and The Institute of Chartered Accountants in England and Wales (ICAEW).

You may request that we share your personal information with a specific third party.

We may keep your information for as long as you have a relationship with us. After the relationship ends, we continue to keep it only where we may need it for our legitimate purposes e.g. our legal obligation under HMRC or responding to requests from regulators.

You may at any time request from us to destroy your personal information before or after the end of your relationship with us. Keep in mind that we will no longer be able to supply the services you requested from us once your personal information has been destroyed. We can only comply with this request where there is no overriding legal obligation that we are bound by.

Documents and records relevant to your tax affairs are required by law to be retained for a period of 6 years.

Although certain documents may legally belong to you, we may destroy correspondence and other papers that we store electronically or otherwise that are more than six years old, except documents we think may be of continuing significance.

You have a legal responsibility to retain documents and records relevant to your financial affairs, so we will return any original documents to you if requested.

We may export personal information you supply to us outside the EU/EEA/UK for the purposes of storage and data processing as we do not have control over the location where certain cloud based accounting and other systems store data. We will ensure all such information exports is compliant with relevant data protection legislation. Where cloud based services are to be used you may be subject to cloud services terms and conditions.

Generally we do not send any marketing information to you unless you registered on our website where you have explicitly selected to receive marketing and other information from us.

If you are registered on our website you may change your personal preferences regarding the information you receive from us, at any time. It is your responsibility to review and update these preferences on your profile.

It is your responsibility to make sure the personal information we have is up to date and accurate at all times. You can update or correct your personal information at any time by informing us to do so and supplying us with the corrections and updates.

At any point in time you may access your data and supplementary information that is in our possession. We will do our best to provide your personal information to you within 30 days at no charge.

You may at any time ask us to restrict or stop processing your personal information in order to update or correct the information. Keep in mind that such an action may prevent us from performing the service that you have requested from us.

We follow strict security procedures (including appropriate technical and organisational measures) regarding the storage and disclosure of your personal information to safeguard against unauthorised or unlawful processing, destruction, damage, access or loss. We store electronic information you provide to us on secure servers and take appropriate measures to ensure that information disclosed to us is kept accurate and safe.

Physical paperwork is stored on our premises where we have put appropriate security measures in place to ensure the safety of your personal information. These measures include a state of the art security system, key code access, etc.

Security relating to your use of our website is contained in a separate Privacy Notice on the website itself under the Privacy Statement. You can find our web address in this document under ‘Changes to our privacy policy’.

All our security measures are reviewed and updated on a regular basis.

Communicating with you via email has always involved risk. There is a risk that emails sent over the internet may be intercepted, there is no guarantee that an email received over an insecure network has not been altered during transit and attachments could contain a virus or malicious code.

You may prefer that we discontinue using emails for communication and information exchange with you. If so, we are happy to respond by an alternative method. We will agree this with you in person, by telephone or in writing via post.

Keep in mind that such an action could prevent us from performing the service that you have requested from us effectively and efficiently.

We keep our privacy policy under regular review and we will place any updates to this policy on our web page. This privacy policy was last updated in 2023.

Please contact us if you have any questions about our privacy policy or regarding information we hold about you:

Our address:

  • 67 Westow Street, Upper Norwood, London, SE1 3RW