Privacy Policy

C & G Systems Limited

Last Updated: 04 March 2026

1. Introduction

This Privacy Policy explains how C & G Systems Limited (“C & G Systems”, “we”, “us”, “our”) collects, uses, stores, and protects personal data in connection with:

• www.cngsystems.co.uk
• https://checkpointhub.co.uk
• The Checkpoint Authority application
• The Checkpoint Reporting System
• Associated web portals
• Connected APIs and platform services

C & G Systems Limited is a company registered in Scotland under company number SC414124, with its registered office at:

10 Murray Lane
Montrose
Angus
Scotland
DD10 8LF

C & G Systems acts as the Data Controller in respect of the personal data described in this policy.

2. Contact Details

For all data protection enquiries:

Data Protection Officer
Scott Corker
Email: scott.corker@cngsystems.co.uk

General privacy enquiries
info@cngsystems.co.uk

If you are dissatisfied with how we handle your data, you have the right to complain to the Information Commissioner’s Office (ICO).

3. Scope of This Policy

This policy applies to personal data processed through:

• Our public websites
• Business-to-business client portals
• The Checkpoint Authority mobile application
• The Checkpoint Reporting System
• Platform APIs
• Google Cloud and Firebase-based services

All services are provided on a business-to-business (B2B) basis.
Our services are not directed to individuals under the age of 18.

4. Personal Data We Collect

4.1 Website Data

Through our websites we may collect:

• Name
• Business email address
• Business telephone number
• Company information
• IP address
• Browser type and version
• Analytics data

This data is collected via contact forms and analytics tools.

4.2 Platform & Application Data

When organisations use our platforms we may process:

• Full name
• Business email address
• Telephone number
• Date of birth
• Photographic identification
• Identification numbers (where required)
• IP address
• Device information
• Application version
• Location data
• System activity logs

We do not collect financial data such as payment card or bank account details.

5. Biometric Authentication

Biometric authentication (such as fingerprint recognition) may be used to secure access to certain mobile application features.

• Biometric data is processed solely by the user’s device.
• C & G Systems does not receive or store biometric templates.
• We only receive confirmation of successful or failed authentication.

Accordingly, we do not store or control biometric identifiers.

6. Location Data

Certain app features require GPS location in order to:

• Display maps
• Facilitate check-in functionality

Location data:

• Is processed in real time
• Is not stored by C & G Systems
• Is not used for continuous tracking
• Is optional

Users may disable location access in their device settings.

7. Cookies & Analytics

Our websites use cookies for:

• Essential functionality
• Website analytics

We do not use advertising tracking cookies.

Analytics cookies collect anonymised usage data to improve website performance. Users may control cookie preferences through browser settings.

8. Lawful Basis for Processing

Contract Performance

Where processing is necessary to provide services to our business clients.

Legitimate Interests

• Securing our platforms
• Preventing unauthorised access
• System administration
• Improving services
• Business communications

Consent

Where individuals opt-in to receive marketing communications.

9. Data Hosting & Storage

All primary data is hosted within the United Kingdom using:

• Google Cloud Platform (UK regions)
• Google SQL servers
• Firebase services

Data is encrypted both in transit and at rest using industry-standard security protocols.

10. Data Retention

• Account data: 12 months after account closure
• Security logs: 18 months
• Backups: 6 months
• Marketing data: until unsubscribe

11. Data Subject Rights

Under UK GDPR individuals have the right to:

• Access their personal data
• Rectify inaccurate data
• Request erasure
• Restrict processing
• Object to processing
• Request data portability

Requests may be submitted to info@cngsystems.co.uk.

12. Data Breaches

In the event of a personal data breach we will:

• Assess risk immediately
• Notify affected individuals where required
• Notify the ICO within 72 hours where legally mandated

13. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be published on our websites and platforms with a revised effective date.