Privacy

Last updated: November 2025

Shared Equity Ltd trading as CGA (“CGA”, “we”, “us”, “our”) is committed to protecting the privacy and security of your personal data. This Privacy Notice explains what personal data we collect, how we use it, why we use it, and your rights under UK data protection law.

This notice applies to all clients, prospective clients, former clients, and individuals whose personal data we process as part of our services.

1. Who We Are

CGA is the data controller for the purposes of UK GDPR and the Data Protection Act 2018. Contact details: Shared Equity Ltd t/a CGA 3 & 4 Park Court Riccall Road Escrick York YO19 6ED Data Protection Contact: Claire Barnard Email: claire@cga-york.co.uk

If Claire is unavailable, Chelle Thirsk will act in her place.

2. What Personal Data We Collect

The personal data we collect depends on the services we provide. It may include:

Identity and contact information

  • Name, address, date of birth, place of birth, marital status
  • Nationality
  • Email address, telephone numbers

Financial, tax and employment information

  • Income, expenses, PAYE details
  • National Insurance numbers
  • Tax reference numbers and tax history
  • Bank details (where required for payroll or tax refunds)
  • Business accounts and financial statements
  • Information relating to assets, property, investments, and capital gains

Documentation for Anti-Money Laundering (AML)

  • Passports, driving licences, proof of address
  • Information obtained through electronic verification tools

Information from third parties

  • HMRC
  • Companies House
  • Previous accountants or advisers
  • Credit reference and identity verification services
  • Your employer (for payroll clients)
  • Government agencies where necessary

Information you provide to us directly

  • Emails, correspondence, forms, questionnaires and checklists
  • Information uploaded through our secure client portal

3. How We Collect Personal Data

We collect data: – Directly from you (face-to-face, phone, email, website, secure portal) – From third parties with your permission – From publicly available sources such as Companies House and HMRC – Automatically through our systems (e.g., audit logs and portal access logs)

4. What We Use Your Personal Data For

We process personal data for the following purposes:

a) To deliver professional accountancy, tax and advisory services

This includes preparing accounts, tax returns, payroll services, VAT, bookkeeping, advisory work and communicating with HMRC.

b) To fulfil our legal and regulatory obligations

Such as:

  • Anti-Money Laundering checks (MLR 2017)
  • Compliance with ACCA requirements
  • Responding to HMRC, OPBAS or other regulatory requests

c) To manage our relationship with you

Including:

  • Responding to enquiries
  • Invoicing and payments
  • Updating you about changes to our services

d) To operate, improve and protect our business

Such as:

  • IT systems and security
  • Use of our secure online portal
  • Staff training, quality reviews and internal audits

e) With your permission: sending updates and newsletters

If you choose to receive them, we may send:

  • Monthly newsletters
  • Tax updates or service information You can unsubscribe at any time.

f) To defend or establish legal claims

For example:

  • Professional indemnity insurance matters
  • Evidence required in HMRC investigations
  • Probate or CGT enquiries relating to historic work

5. Our Legal Bases for Processing

We process personal data under the following lawful bases:

Contract

To provide the services you have engaged us to perform.

Legal obligation

To comply with laws, such as tax legislation, AML regulations, and regulatory requirements.

Legitimate interests

For purposes such as:

  • Managing our business and client relationships
  • Maintaining accounting and tax records
  • Protecting against fraud or errors
  • Retaining certain historic tax data to assist you in future CGT or probate matters

We only rely on legitimate interests where such interests are not overridden by your rights.

Consent

Only used for:

  • Optional marketing communications You may withdraw consent at any time.

6. Who We Share Personal Data With

We may share personal data with the following:

Organisations involved in providing your services

  • HMRC
  • Companies House
  • Payroll providers, pension providers (where applicable)
  • Subcontractors assisting with work (bound by confidentiality)

Professional advisers

  • 3rd Party accountants, auditors or legal advisers
  • Professional indemnity insurers

Regulators and authorities

  • Association of Chartered Certified Accountants (ACCA)
  • Office for Professional Body Anti-Money Laundering Supervision (OPBAS)
  • Law enforcement or government agencies, where legally required

IT and system providers

Such as:

  • Secure portal providers
  • Cloud accounting software
  • Email, backup and document storage providers

Some of these providers may be based outside the UK.

When transfers occur, we ensure appropriate safeguards (e.g. standard contractual clauses or adequacy decisions).

7. Use of Our Secure Client Portal

We provide a secure online portal for sending and receiving confidential or sensitive documents.

We strongly recommend that clients use the portal rather than email for transmitting:

  • ID documents
  • Financial statements
  • Tax returns
  • Bank statements
  • Payroll information
  • Any data containing personal or financial details

This improves confidentiality and protects your data.

8. How Long We Keep Personal Data

Our retention periods depend on the nature of the data and our legal obligations.

Standard retention

We generally keep records for 6 years from:

  • the end of the tax year (for tax work), or
  • the end of the business relationship (for advisory work).

Longer retention where necessary

Certain records may be retained for longer, for example:

  • CGT base cost and asset history
  • Inheritance tax / probate-related information
  • Lifetime gift information

We retain these where necessary to:

  • comply with legal obligations,
  • respond to HMRC enquiries, or
  • establish, exercise or defend legal claims.

Destruction of records

Our Terms & Conditions explain when third-party documents are destroyed.

We always dispose of data securely.

9. Your Rights

Under UK GDPR you have the following rights:

  • Right of access – to request a copy of the personal data we hold about you
  • Right to rectification – to correct inaccurate or incomplete data
  • Right to erasure – in certain circumstances
  • Right to restrict processing – in certain circumstances
  • Right to object to processing – including where based on legitimate interests
  • Right to data portability – where processing is based on contract and carried out by automated means
  • Right to withdraw consent – where consent is the legal basis

How to exercise your rights

Email: claire@cga-york.co.uk

We respond within one month, as required by UK GDPR.

There is no fee unless the request is manifestly unfounded or excessive.

10. Complaints

If you have concerns about how we use your personal data, please contact us at:

claire@cga-york.co.uk

We will respond promptly and work to resolve your concerns.

You also have the right to complain to the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk Helpline: 0303 123 1113

11. Updates to This Privacy Notice

We may update this Privacy Notice from time to time. The latest version will be available on our website and can be provided on request.