Privacy Policy


By using this site, you agree to the privacy policy of CST Wealth Management Limited.  If you do not agree to the policy, please do not use this site.  CST Wealth Management Limited reviews its privacy policy periodically and reserves the right, at its discretion, to modify or remove portions of this policy at any time.  This page should be reviewed periodically so that you are updated on any changes.

Information about us

We are CST Wealth Management Limited, and our office is at 2 Oldfield Road, Bocam Park, Bridgend, CF35 5LJ.

For more information, please see our ‘Contact Us’ page and/or the footer of this website.

This Website is designed and hosted on behalf of CST Wealth Management Limited by JE Consulting Limited (company registration number 058883501) and they are our GDPR compliant marketing partner who process your data under our instructions to manage our newsletter and website communications.

Personal Information

CST Wealth Management Limited recognises the importance of protecting the privacy of personally identifiable information collected about visitors to our site in accordance with the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulations (GDPR).

We process personally identifiable information for several purposes, and the means of collection, processing, use, disclosure, and retention periods for each purpose may differ from one customer and/or one service to another.  However, our policy is to collect only the personal data necessary for the purposes that we have agreed, and we ask our customers to only share personally identifiable data where it is strictly needed for those purposes.  We collect personal data from our clients, or from third parties acting on the instructions of the relevant client.

We process personal data to provide professional services such as financial or taxation advice, or to provide specific business advice as part of the range of services that we offer. We also process personal data in the administration and management of our own business.

Your business or personal contact details are used to provide you with information about our services and other information which we think will be of interest to you, unless you tell us not to.

We are subject to legal, regulatory and professional obligations and as such, we need to keep certain records to demonstrate that our services are provided in compliance with those obligations, and those records may contain personally identifiable data.

Personal data processed is kept by us for as long as it is considered necessary for the purpose for which it was collected (including as required by applicable law or regulation).  In the absence of specific legal, regulatory or contractual requirements, and whilst you are an engaged client, we will indefinitely retain the digital records and other digital documentary evidence created in the provision of the services that we have provided to you, as our clients often rely on us to provide historical information that they may have mislaid.

If you disengage from our services, we are still required by legislation, other regulatory requirements and our insurers to retain our data for a certain period of time.  Unless law or regulation specifically requires otherwise, it is our policy to retain data for a period of seven years from the end of the period concerned.

We take the security of your data we hold seriously.  We have a policy including procedures and training in place covering data protection, confidentiality and security, and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.

We will only share personal data with others when we are legally permitted to do so.  When we share data with others, we put contractual arrangements and security mechanisms in place to protect your data. We may use third parties located in other countries to help us run our business.  As a result, personal data may be transferred outside the countries where we and our clients are located.  This includes countries outside the European Union (“EU”).

Under the DPA (2018) and GDPR, individuals have certain rights over their personal data and data controllers are responsible for fulfilling these rights.

Website Privacy Statement

As a general policy, no personally identifiable information, such as your name, address or email address, is automatically collected from visitors to our site.  Personally identifiable information about visitors to our site is collected only when it is knowingly and voluntarily submitted via registration or contact forms.

We may collect certain non-personal information to optimise our web pages for your computer (for example, the identity of your internet browser, the type of operating system that you use, your IP address and the domain name of your internet service provider).  We may use such non-personal information for internal purposes, including but not limited to, improving the content of our site.  This information is on an anonymous and aggregated basis, and you cannot be identified from it.  It is only collected to provide us with an understanding of the areas of interest on our site and is kept only for as long as required for this purpose.  See Cookie Policy for more information.

Any personal information you supply will only be used to provide the information or service that you have requested or, subject to your agreement, to tell you about upcoming events, new services and other updates we think you’ll find interesting.  You can opt out of these email communications at any time by clicking on the unsubscribe link or contacting us at

We do not sell, trade or rent your personal information to others, and your personal information is not disclosed to third parties unless this is indicated at the time we collect the information from you, or as required by law.

Where links are provided to other websites it should be noted that they are not and cannot be governed by our Privacy Statement. We cannot guarantee your privacy when you access other websites through any link provided on this website.

Access to data

You have a right to access your personal data held by us and you can exercise that right by contacting us below. Our aim is to respond a request promptly and within the legally required limit of 40 days.

Correcting/Updating Personal Information

If you wish to update personal data submitted to us, please contact us as detailed below. Once we are informed that any personal data held by us is no longer accurate we will make changes based on your updated information.

Withdrawal of consent

Where we hold data based on consent, individuals have a right to withdraw consent at any time. To withdraw consent to our processing of your personal data please contact us below.


Other rights

This statement is intended to provide information about what personal data we collect about you, and how it is used.  As well as rights of access and amendment referred to above, individuals may have other rights in relation to the personal data we hold, such as a right to erasure/deletion, to restrict or object to our processing of personal data, and the right to data portability.  For further information on these rights please contact us below.

Notification of Changes

If we decide to change our privacy policy, we will post those changes on this page so that our users are always aware of the information we collect and how we use it.  If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.


If you want to complain about our use of your personal data, please contact us below with the details of your complaint. You also have the right to register a complaint with the Information Commissioner’s Office (“ICO”).  For further information on your rights and how to complain to the ICO, please refer to their website.

Use of Google Fonts Web API

Our website utilises Google Fonts API to provide a unified and visually pleasing textual experience for our users. Google Fonts is a service offered by Google LLC (“Google”) that allows websites to utilise high-quality fonts.

By using Google Fonts, some information may be transferred to Google servers, which may be located in other countries. This section outlines how Google collects and uses data in relation to the Google Fonts Web API.

Data Collection by Google

When you visit a page on our website that uses Google Fonts, your web browser automatically sends a request to Google’s servers. This request may include the following information:

  • IP Address
  • Browser type and version
  • Operating System
  • Referrer URL
  • The time of the request

This data is primarily used by Google to serve the font files to your browser and to improve the overall service quality.

Google may also use this data for the purposes of analytics and to enhance user experience. The data is processed in accordance with Google’s Privacy Policy, which you can review for further details: Google’s Privacy Policy.

If you are concerned about the data collection practices associated with Google Fonts, you may choose to disable the Google Fonts service through browser settings or use browser extensions designed to block such features. However, doing so may affect the appearance and functionality of our website.

Updates to this Section

We reserve the right to update or amend this section at any time to reflect changes in our practices or amendments to Google’s terms of service or privacy policy. We recommend reviewing this section periodically for the latest information on our use of Google Fonts.

Contacting us about your data

If you have any questions about this privacy statement or how and why we process personal data, please contact us at or on 01656 867167.