GDPR Compliance Statement
Last updated: January 2024
SurreymontePro takes data protection seriously. This page outlines our commitment to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, explaining how we protect your rights as a data subject.
Our Commitment to Data Protection
We have implemented comprehensive measures to ensure your personal data is handled lawfully, fairly, and transparently. Our approach is built on the principle that you should maintain control over your own information while we process only what is genuinely necessary to serve you.
Data Controller Information
SurreymontePro acts as the data controller for personal information collected through our website and services. This means we determine the purposes and means of processing your data and bear responsibility for protecting it.
Contact details:
SurreymontePro
47 Whitmore Lane
Guildford, Surrey GU2 4PQ
Email: [email protected]
Your Rights Under Data Protection Law
The UK GDPR grants you several important rights regarding your personal data:
Right to Be Informed
You have the right to know how your data is being used. Our Privacy Policy provides detailed information about our data processing activities, including what data we collect, why we collect it, and who we share it with.
Right of Access
You can request a copy of all personal data we hold about you. This is commonly known as a Subject Access Request. We will provide this information free of charge within one month of receiving your request.
Right to Rectification
If any information we hold about you is inaccurate or incomplete, you have the right to have it corrected. Simply contact us with the correct information and we will update our records promptly.
Right to Erasure
In certain circumstances, you can request that we delete your personal data. This applies when the data is no longer necessary for its original purpose, you withdraw consent, or there is no legitimate reason for continued processing.
Right to Restrict Processing
You can request that we limit how we use your data while you verify its accuracy or contest our legal grounds for processing it.
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your data in a commonly used, machine-readable format and transfer it to another service.
Right to Object
You can object to processing based on legitimate interests at any time. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.
Rights Related to Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects. All substantive decisions about our services are made by qualified human consultants.
How We Protect Your Data
We implement appropriate technical and organisational measures to ensure security:
- Encryption of data in transit and at rest
- Secure access controls and authentication
- Regular security assessments and updates
- Staff training on data protection requirements
- Physical security measures at our premises
- Incident response procedures for potential breaches
Lawful Basis for Processing
We only process personal data when we have a valid legal basis. For each processing activity, we identify and document the appropriate lawful basis:
- Consent: When you explicitly agree to specific processing, such as receiving marketing communications
- Contract: When processing is necessary to deliver services you have requested
- Legal obligation: When we must process data to comply with the law
- Legitimate interests: When processing is necessary for our legitimate business purposes and does not override your rights
Data Minimisation
We collect only the personal data that is genuinely required for the stated purpose. During our services, we may ask you to share financial information, but we only request what is necessary for effective consultation. We do not collect data "just in case" it might be useful later.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are based on business necessity and legal requirements. When data is no longer needed, we securely delete or anonymise it.
Third-Party Data Sharing
When we share data with third parties such as payment processors, we ensure they provide adequate protection through contracts that require them to:
- Process data only according to our documented instructions
- Implement appropriate security measures
- Not share data with other parties without our consent
- Delete or return data when the relationship ends
International Transfers
Your data is primarily stored within the United Kingdom. If any international transfer becomes necessary, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the relevant authorities.
Data Breach Notification
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it. If the breach is likely to result in a high risk, we will also notify you directly without undue delay.
Exercising Your Rights
To exercise any of your data protection rights, contact us at [email protected]. Please provide sufficient information to verify your identity and specify which right you wish to exercise. We will respond within one month, though complex requests may require an extension of up to two additional months.
Making a Complaint
If you believe we have not handled your data appropriately, we encourage you to contact us first so we can address your concerns. You also have the right to lodge a complaint with the Information Commissioner's Office:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk
Updates to This Statement
We review this GDPR compliance statement periodically and update it when necessary. Material changes will be communicated through our website. We recommend checking this page occasionally to stay informed about how we protect your data.