Privacy Policy

The Intrinsic CFO website (https://www.intrinsiccfo.com/) is operated and maintained by Intrinsic CFO Limited, a company registered in the Republic of Ireland (Company Registration Number: 725915).

You can contact us by telephone on 087 224 7331 or by email at hello@intrinsiccfo.com.

The purpose of this Privacy Notice is to explain how Intrinsic CFO Limited collects, uses, stores, and protects personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (as amended).

Intrinsic CFO Limited is legally required to safeguard any personal information that it holds or processes. This Privacy Notice outlines the measures we take to ensure that personal data is handled lawfully, fairly, and securely, whether it is collected through our website, client engagements, or internal business processes.

What is Personal Data?

In this Privacy Notice and in our communications with you, the terms “personal data”, “personal information”, and “personally identifiable information” may be used interchangeably.

For the purposes of data protection law, and in accordance with the EU General Data Protection Regulation (GDPR), personal data means any information relating to an identified or identifiable natural person (referred to as a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Our lawful basis for collecting your personal data:

Under the EU General Data Protection Regulation (GDPR), organisations are required to identify a lawful basis for processing personal data and to ensure that such processing is necessary for a specific and legitimate purpose.

As an CFO services and advisory firm, Intrinsic CFO typically processes personal data on the basis that it is necessary for the performance of a contract with you, or in order to take steps at your request prior to entering into a contract. This is referred to as the contractual basis for processing.

In certain circumstances, personal data may also be processed on one or more of the following lawful bases:

Consent – where you have given clear permission for us to process your personal data for a specific purpose
Legal obligation – where processing is required to comply with applicable laws or regulatory requirements
Vital interests – where processing is necessary to protect your life or that of another person
Public task – where processing is necessary for the performance of a task carried out in the public interest or under official authority
Legitimate interests – where processing is necessary for our legitimate business interests, provided that such interests are not overridden by your rights and freedoms

We will process personal data only in accordance with the lawful basis under which it was collected. Where further processing is required, it will be carried out only where it is compatible with the original purpose or otherwise permitted by law.

The Lawful Basis of Consent:

Where Intrinsic CFO relies on your consent as the lawful basis for processing personal data, that consent will have been provided by you freely, specifically, on an informed basis, and through a clear affirmative action (for example, by opting in).

You have the right to withdraw your consent at any time. This can be done by contacting us at hello@intrinsiccfo.com or by telephone on 087 224 7331. Once consent is withdrawn, we will cease processing the relevant personal data without undue delay.

Please note that withdrawing consent may mean that we are unable to continue providing certain services where the processing of your personal data is necessary for those services.

Personal data processed on the basis of consent will be retained only for as long as consent remains valid and the purpose for which the data was collected continues to apply, after which it will be securely deleted or anonymised in accordance with our data retention policy.

What types of personal data do we collect?

As a provider of advisory, and fractional CFO services, Intrinsic CFO is required to collect and process certain personal and financial information in order to deliver our services and meet our legal and regulatory obligations.

Depending on the nature of the engagement, we may collect and process the following categories of information:

First and last name
Residential or business address and postcode
Email address
Telephone number
Bank and payment details
Government-issued identification (e.g. passport or driver’s licence)
Payslips and bank statements
Tax returns and other historical financial records
Personal Public Service (PPS) Number or equivalent tax identification number
Employment records such as P45s / P60s (or equivalent)
Criminal offence or regulatory information only where required by law or voluntarily disclosed and relevant to the services provided
Any other information reasonably necessary to provide our professional services

All personal data is handled in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR), and is processed only for lawful and legitimate purposes connected with our services.

Where the processing of criminal offence data is required, Intrinsic CFO complies with the requirements of Articles 9 and 10 of the EU General Data Protection Regulation (GDPR) and Schedule 1 of the Data Protection Act 2018.

For Intrinsic CFO, the lawful condition relied upon for processing such data is explicit consent, as provided for under Condition 29 of Schedule 1 of the Data Protection Act 2018. Criminal offence data is processed only where it has been freely given, specific, informed, and provided through a clear and unambiguous affirmative action by the data subject, and only where such processing is necessary in connection with the provision of advisory services requested by the data subject.

During the course of providing our services, we may also request or collect additional information directly from you where this is reasonably necessary to progress or complete the services we provide.

How do we get your information and why do we have it?

Intrinsic CFO typically receives personal and financial information from clients on a voluntary basis in order to provide our services. To enter into and perform a contractual relationship with you, we are required to collect and process certain information.

Your information is processed for the purpose of delivering CFO services and advisory services, which may include (but are not limited to):

Bookkeeping and accounting services
Preparation of financial statements
Tax compliance, preparation, and tax planning
Payroll processing and reporting
Business and financial advisory services
Budgeting, forecasting, and cash flow analysis
Management accounting and performance reporting
Processing and administering payments for services provided

We may collect your information through a variety of channels, including telephone conversations, written or electronic forms, email correspondence, and our secure website or client portal.

Once received, your information is stored and managed within our secure client management and advisory systems, with appropriate technical and organisational safeguards in place.

Upon completion or termination of our engagement with you, your personal data is retained only for as long as necessary to meet legal, regulatory, and professional obligations and is then securely deleted or anonymised in accordance with our data retention policy (outlined further below).

How we handle your data:

Intrinsic CFO acts as both a data controller and, in certain circumstances, a data processor, and is committed to complying with the data protection principles set out in the EU General Data Protection Regulation (GDPR).

By processing personal information in accordance with these principles, Intrinsic CFO ensures that your data is handled lawfully, responsibly, and securely, while respecting your data protection rights.

The principles we adhere to are as follows:

Lawfulness, Fairness and Transparency
We collect and process personal information in a manner that is lawful, fair, and transparent, and we clearly explain how and why your data is used.

Accountability
We take responsibility for our handling of personal data and for compliance with GDPR requirements, and we can demonstrate that compliance where required.

Purpose Limitation
We process personal data only for specified, explicit, and legitimate purposes and do not use it in a manner incompatible with those purposes.

Data Minimisation
We ensure that the personal data we collect and process is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

Accuracy
We take reasonable steps to ensure that personal data is accurate and, where necessary, kept up to date.

Storage Limitation
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to meet legal, regulatory, or professional obligations.

Integrity and Confidentiality (Security)
We apply appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.

Data Security:

Intrinsic CFO is committed to protecting the security and confidentiality of your personal information. We recognise that a breach of personal data may cause concern and, in serious cases, may affect your rights and freedoms. For this reason, we have implemented appropriate technical and organisational security measures designed to protect personal data against accidental loss, unauthorised access, alteration, or disclosure.

Access to personal data is restricted to employees and third parties who have a legitimate business need to know in order to provide our services. We share personal data with third parties only where necessary, and we require that all such parties maintain appropriate security measures and are subject to confidentiality obligations.

In the unlikely event of a personal data breach, Intrinsic CFO follows the procedures set out by the Data Protection Commission (DPC) to investigate, manage, and document the incident in a transparent and responsible manner. Where a breach is likely to result in a risk to your rights and freedoms, we will notify both you and the DPC in accordance with our legal obligations.

Who we share your data with:

In order to deliver our services effectively, Intrinsic CFO may share personal information that you provide to us with trusted third parties, where this is necessary and consistent with our lawful processing purposes.

These third parties may include professional service providers, software platforms, regulators, and financial institutions, including (but not limited to):

Creditsafe
VisionNet
Notion
Google Suite
QuickBooks
Sage
Xero
Revenue Commissioners
Banking and financial institutions

All third-party service providers engaged by Intrinsic CFO are required to maintain strict confidentiality and to process personal data only in accordance with our documented instructions and applicable data protection law. These obligations are governed by appropriate written agreements, including data processing agreements where required.

In certain circumstances, we may be legally required to disclose personal information to third parties in order to:

Comply with legal or regulatory obligations
Respond to lawful requests from courts, regulators, or public authorities
Protect the public interest or enforce our legal rights

In all such cases, we take care to ensure that any disclosure is lawful, proportionate, and limited to what is necessary, and that your privacy and confidentiality remain a priority.

Emergency Contact Information:

Intrinsic CFO may collect and use personal contact details, including personal mobile and telephone numbers, of staff and contractors solely for emergency purposes. This may include situations relating to health and safety incidents, urgent business continuity matters, or where immediate contact is necessary to protect the vital interests of the individual or others.

This information is processed on the basis of legitimate interests and, where applicable, vital interests, in accordance with Article 6(1)(f) and Article 6(1)(d) of the EU GDPR.

Access to emergency contact details is strictly limited to authorised personnel and such information will not be used for non-emergency or unrelated purposes.

Emergency contact data is retained in line with our data retention policy and is securely deleted or anonymised when no longer required.

How long do we keep your data?

In accordance with requirements set out by the Irish Revenue Commissioners, Irish accountancy and advisory firms are legally required to retain certain records for a period of six years from the end of the accounting period to which those records relate. In addition, some records may be subject to longer statutory retention periods, including requirements arising under anti-money laundering and related legislation.

Intrinsic CFO retains personal data in line with these legal and regulatory obligations. Unless a longer retention period is required by law or regulation, personal data will be securely deleted or anonymised six years after the end of the relevant accounting period.

In limited circumstances, a minimum amount of personal data may be retained for a longer period, up to twenty years, where this is strictly necessary for purposes such as estate planning or capital transactions. Any such extended retention is limited to what is necessary and is subject to appropriate safeguards.

Your data rights:

Under the EU and UK General Data Protection Regulations, you have a number of rights in relation to your personal data. It is important that you are aware of these rights, which are outlined below:

The right to be informed
You have the right to receive clear, transparent, and easily accessible information about how your personal data is collected, used, and processed.
The right of access
You have the right to request access to, and receive copies of, the personal data we hold about you.
The right to rectification
You have the right to request that inaccurate or incomplete personal data be corrected.
The right to erasure
You have the right to request the deletion of your personal data in certain circumstances, where legally permitted.
The right to restriction of processing
You have the right to request that the processing of your personal data be restricted in specific circumstances.
The right to object to processing
You have the right to object to the processing of your personal data, either entirely or in relation to a particular purpose or method of processing.
The right to data portability
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to have it transferred to another organisation where technically feasible.
Rights relating to automated decision-making and profiling
You have the right not to be subject to decisions based solely on automated processing, including profiling, and to challenge such decisions where applicable.

Please note that not all rights are absolute. In certain circumstances, legal or regulatory exemptions may apply which limit our ability to fulfil a request. Where this occurs, we will clearly explain the reason for the exemption in our response to you.

Exercising your rights – the SAR process:

Accessing your personal data is often the first step in exercising your data protection rights. By exercising your right of access, you are entitled to receive a copy of the personal data that Intrinsic CFO holds about you. This allows you to understand how and why your data is being used and to verify that it is being processed lawfully.

The right of access is exercised by making a Subject Access Request (SAR). A SAR can be made verbally (for example, by telephone or in person) or in writing, including by email or via social media. You do not need to use the term “Subject Access Request” — a simple request for a copy of your personal data is sufficient.

If you wish to submit a written request, you may do so by contacting us at:

Email: hello@intrinsiccfo.com
Post:
Intrinsic CFO Limited
24 – 26 IDA Business Park
Cork Road
Waterford
X91 DC96
Ireland

Once we receive your request, we may need to verify your identity before releasing any personal data, in order to protect your information. We will respond to your request within one month (30 days) of receipt, in line with GDPR requirements.

Subject Access Requests are normally provided free of charge. However, where a request is considered to be manifestly unfounded or excessive, we may charge a reasonable fee to cover the administrative costs involved, as permitted under data protection law.

Information collected while using our website, including Cookies:

When you visit the Intrinsic CFO website, certain information may be collected from your internet browser through the use of cookies for analytical and statistical purposes. Cookies are small text files that are placed on your device by your web browser.

Cookies help us to understand how visitors interact with our website by allowing us to recognise repeat visits, analyse website usage, and improve the performance and functionality of our site. Cookies used on our website do not directly identify you as an individual.

Some cookies are session-based and are automatically deleted when you close your browser, while others may remain on your device for a defined period, depending on their purpose and your browser settings.

You can control or disable cookies through your browser settings at any time. Please note that disabling cookies may affect the functionality of certain parts of the website.

For more information about cookies, including how to manage or delete them, please visit:
http://www.allaboutcookies.org

Google Analytics

We keep track of our website traffic in Google Analytics. Through this way, we analyse the performance of our website, and we’re able to see the effect of our marketing actions. Google Analytics registers, among others:

What is the source site of your visit?
How long did you stay on our website?
Which pages do you visit?
Which device/operating system/browser do you use?
Which forms do you fill?

When legally obliged, Google might share this information with third parties. If third parties process the information, Google might also share this information. We signed a data processing agreement with Google and forbade Google to use the obtained information for any other of their services.

No personal data is collected or saved in Google Analytics. The data will not be shared with third partners unless legally obliged.

How to complain:

Complaints to Intrinsic CFO

Should you be unhappy with the way in which your personal data is being handled, then a formal complaint may be made to either Intrinsic CFO or to the Data Protection Commission.

Complaints about the handling of data can be made to hello@intrinsiccfo.com. Our Data Protection Team are responsible for ensuring that data is handled in line with legal and regulatory requirements. Received complaints will result in an investigation of the data handling practices of the relevant office of department, prior to the issuing of a final report.

If the complaint is related to the handling of personal data by the Data Protection Team, then the formal Intrinsic CFO complaints procedure can be used. All complaints must be sent to hello@intrinsiccfo.com this is for both internal and external complaints.

Complaints Handling:

We will provide written acknowledgment within 5 business days of its receipt. Giving the name or job title of the individual handling the complaint for the firm (Together with details of the firms’ internal complaints handling procedure).

The Organisation will, by end of eight weeks after its receipt of a complaint send the complainant either a final response; or a response which explains that the Organisation is still not able to make a final response, gives reasons for the further delay and indicated when it expects to be able to provide a final response.

Complaining to the DPC:

If you have any concerns about the way in which Intrinsic CFO handle your personal information, you also have the right to complain to the Data Protection Commission, which is Irelands data protection regulator; the contact details of which can be handled below:

The DPC’s address:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 Rd28
Ireland

Helpline number: (01) 765 01 00 (9:30am – 1pm, & 2pm – 5pm, Mon-Fri)

DPC website: https://www.dataprotection.ie/