Contact Us

Privacy Policy

Effective Date: 30th January 2026

Introduction

Superstar FD Ltd is committed to protecting your privacy and handling personal information in a transparent, secure, and responsible way.

This Privacy Policy explains how we collect, use, store, and share personal information when you visit our website, engage our services, contact us, or otherwise interact with us in the course of our business. It also explains your rights in relation to your personal information and how to contact us if you have any questions or concerns.

Not all sections of this Privacy Policy will apply to every individual. The personal information we collect and how it is used will depend on the nature of your relationship with us.

Contact details

Superstar FD Ltd (“we”) is a limited company, registered in England and Wales, company number: 15731903 and our registered address is 2-4 Petworth Road, HASLEMERE, Surrey, GU27 2HR. We are the data controller of your personal data.

Post: 2-4 Petworth Road, HASLEMERE, Surrey, GU27 2HR.

Email: info@superstarfd.co.uk

The kind of information we collect, use and why

We may collect or use the following information to provide and improve products and services for clients, information updates, marketing purposes, research or archiving purposes, to comply with legal requirements and to deal with queries or complaints:

  • Your personal details (such as your name, address and contact details)
  • Third party information (such as family members or other relevant parties)
  • Payment details (including card or bank information for transfers and direct debits)
  • Financial data (including income and expenditure)
  • Transaction data (including details about payments to and from you and details of products and services you have purchased)
  • Usage data (including information about how you interact with and use our website, products and services)
  • Employment details (including salary, sick pay and length of service)
  • Credit history and credit reference information
  • Information relating to compliments or complaints
  • Records of meetings and decisions
  • Website user information
  • Marketing preferences
  • Purchase or account history
  • Website and app user journey information
  • IP addresses
  • Identification documents
  • Client account information
  • Health and safety information
  • Any other personal information required to comply with legal obligations
  • Racial or ethnic origin (as a Special Category of Personal Data we will only ever process this where you provide your explicit consent or we are lawfully able to process the data for a different reason in accordance with the Regulations. We will always ensure we have a lawful basis to process any type of personal data, including Special Category Personal Data)

We may collect or use the following personal information for recruitment purposes:

  • Contact details (e.g. name, address, telephone number or personal email address)
  • Date of birth
  • National Insurance number
  • Copies of passports or other photo ID
  • Employment history
  • Education history and qualifications
  • Right to work information
  • Details of any criminal convictions
  • Security clearance details

Lawful bases and data protection rights

Under UK data protection law, we must have a “lawful basis” for collecting and using your personal information. There is a list of possible lawful bases in the UK GDPR. You can find out more about lawful bases on the ICO’s website.

Which lawful basis we rely on may affect your data protection rights which are set out in brief below. You can find out more about your data protection rights and the exemptions which may apply on the ICO’s website:

If you make a request, we must respond to you without undue delay and in any event within one month.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

Our lawful bases for the collection and use of your data

Our lawful bases for collecting or using personal information to provide and improve products and services for clients, information updates, marketing purposes, research or archiving purposes, comply with legal requirements, protect client welfare and recruitment purposes are:

  • Consent - we have permission from you after we gave you all the relevant information. All of your data protection rights may apply, except the right to object. To be clear, you do have the right to withdraw your consent at any time.
  • Contract – we have to collect or use the information so we can enter into or carry out a contract with you. All of your data protection rights may apply except the right to object.
  • Legal obligation – we have to collect or use your information so we can comply with the law. All of your data protection rights may apply, except the right to erasure, the right to object and the right to data portability.
  • Legitimate interests – we’re collecting or using your information because it benefits you, our organisation or someone else, without causing an undue risk of harm to anyone. All of your data protection rights may apply, except the right to portability.

Our legitimate interests are:

We process personal data under the lawful basis of legitimate interests where this is necessary to provide and improve our outsourced finance department and fractional CFO services. This includes processing personal data such as contact details, business information, financial and transactional data, and relevant communications in order to:

  • Deliver agreed services effectively
  • Manage client and prospective client relationships
  • Provide financial reporting, cashflow forecasting, performance analysis and strategic financial insight to support business decision-making
  • Administer contracts, billing, and payments
  • comply with contractual, legal, and professional obligations
  • Review and improve our services

The processing of this information is essential to the proper delivery of our services and directly benefits clients by enabling clearer financial oversight, informed decision-making, and improved operational control. We only collect and process personal data that is relevant, necessary, and proportionate for these purposes. We also process personal data relating to employees, contractors, and outsourced service providers where required to operate our business and deliver services to clients. This may include contact details, contractual information, payment details, and professional credentials for the purposes of workforce management, allocating and supervising work, processing payments, maintaining service quality, and meeting legal or contractual obligations.

We have balanced our legitimate interests against the rights and freedoms of individuals and do not consider this processing to be intrusive or unexpected. Individuals would reasonably expect their personal data to be used in this way when engaging with us as a client, supplier, employee, or contractor. Appropriate technical and organisational measures are in place to protect personal data and ensure it is handled securely, confidentially, and transparently at all times.

For more information on our use of legitimate interests as a lawful basis you can contact us using the contact details set out above.

Vital interests – collecting or using the information is needed when someone’s physical or mental health or wellbeing is at urgent or serious risk. This includes an urgent need for life sustaining food, water, clothing or shelter. All of your data protection rights may apply, except the right to object and the right to portability.

Public task – we have to collect or use your information to carry out a task laid down in law, which the law intends to be performed by an organisation such as ours. All of your data protection rights may apply, except the right to erasure and the right to portability.

Where we get personal information from

  • Directly from you - including when you contact us, engage our services, or submit information via our website (for example, through contact forms, bookings, or sign-ups for resources)
  • Legal bodies or professionals (such as courts or solicitors)
  • Publicly available sources
  • Suppliers and service providers

Cookies and website analytics

Our website uses cookies and similar technologies to ensure it functions correctly, to improve user experience, and to help us understand how visitors interact with our website. Cookies may collect information such as IP addresses, browser type, device information, and pages visited. This information helps us monitor website performance, maintain security, and make improvements to our website.

Where required, we rely on consent for the use of non-essential cookies. Visitors can manage or withdraw cookie preferences at any time through our cookie banner or by adjusting their browser settings. Further information about the cookies we use is available via our cookie banner or on request.

How long we keep information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including to provide services, manage our business operations, comply with legal and contractual obligations, and resolve any queries or disputes.

Where we provide services to clients, personal information is retained for the duration of the engagement and for as long as necessary thereafter in line with contractual requirements, professional obligations, and applicable legal or regulatory considerations.

Marketing and communications data is retained until an individual opts out or unsubscribes from communications, or where we determine that continued retention is no longer appropriate. Individuals can opt out of marketing communications at any time using the unsubscribe options provided or by contacting us directly.

Recruitment related information is retained only for as long as necessary to manage the recruitment process and, where applicable, ongoing engagement. Information relating to unsuccessful applicants is retained for a limited period unless consent is given to retain it for future opportunities.

In all cases, we regularly review the personal information we hold and take appropriate steps to securely delete or anonymise information when it is no longer required.

For more information on how long we store your personal information or the criteria we use to determine this please contact us using the details provided above.

Who we share information with

We may share your data with trusted service providers including:

  • Customer relationship management system (e.g. Hubspot)
  • Accounting system (e.g. Xero)
  • Relevant tax and regulatory Authorities (e.g. HMRC and Companies House)
  • Professional or legal advisors
  • Professional services firms (e.g. payroll bureaus and external accountants)
  • External auditors
  • Organisations we’re legally obliged to share personal information with
  • Professional consultants

Any access to personal information is limited to what is necessary to provide support and is subject to appropriate contractual and security safeguards.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice. If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
ICO Helpline: 0303 123 1113
https://www.ico.org.uk/make-a-complaint

About

The outsourced finance department built for ambitious professional services firms

Contact

hello@superstarfd.co.uk

2-4 Petworth Road, Haslemere, GU27 2HR

Superstar FD Ltd
Registered in England and Wales
Company number 15731903.

Privacy Policy