GDPR Compliance

Your data protection rights explained

Last updated: 1 March 2026

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) establishes important rights regarding your personal data. Following the UK's departure from the European Union, these principles continue to apply through the UK GDPR and Data Protection Act 2018.

At SurreymontePro, we are fully committed to meeting our obligations under this legislation. This page explains how we comply and what rights you have.

Data Controller

SurreymontePro Ltd is the data controller responsible for your personal data. This means we determine the purposes and means of processing your information.

Contact details:
SurreymontePro Ltd
14 Chancery Lane
London WC2A 1PL
Email: [email protected]

Lawful Basis for Processing

Under GDPR, we must have a lawful basis for processing your personal data. We rely on the following bases:

Contractual Necessity

When you engage our services, we process your information to fulfil our contract with you. This includes using your contact details to arrange consultations and processing financial information to provide advice.

Legitimate Interests

We process certain data based on legitimate business interests, such as improving our services, website analytics, and responding to enquiries. We always balance these interests against your rights.

Consent

Where required, we obtain your consent for specific processing activities. You can withdraw consent at any time by contacting us.

Legal Obligation

Some processing is necessary to comply with legal requirements, such as financial record keeping and tax obligations.

Your Rights Under GDPR

The regulation provides you with specific rights regarding your personal data:

Right to Be Informed

You have the right to know how your data is being used. Our Privacy Policy and this page provide that information.

Right of Access

You can request a copy of all personal data we hold about you. This is known as a Subject Access Request (SAR).

Right to Rectification

If your data is inaccurate or incomplete, you can request that we correct it.

Right to Erasure

In certain circumstances, you can request that we delete your personal data. This is sometimes called the "right to be forgotten".

Right to Restrict Processing

You can request that we limit how we use your data in certain situations.

Right to Data Portability

You can request your data in a structured, machine-readable format for transfer to another organisation.

Right to Object

You can object to processing based on legitimate interests, including profiling and direct marketing.

Rights Related to Automated Decision Making

You have rights regarding automated processing that significantly affects you. We do not currently use automated decision-making.

Exercising Your Rights

To exercise any of these rights, please contact us at [email protected]. Include:

  • Your full name
  • The specific right you wish to exercise
  • Any relevant details to help us locate your data

We will respond to your request within one month. In complex cases, we may extend this by two months, but we will inform you of any delay.

We will not charge a fee for most requests. However, we may charge a reasonable fee for manifestly unfounded or excessive requests.

Data Protection Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These include:

  • Encryption of personal data during transmission and storage
  • Measures to ensure ongoing confidentiality, integrity, and availability of systems
  • Regular testing and evaluation of security measures
  • Processes for restoring access to data in the event of an incident
  • Staff training on data protection obligations

Data Breach Procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware
  • Communicate the breach to you without undue delay if it is likely to result in high risk to your rights
  • Document the breach and our response

International Transfers

When transferring personal data outside the UK and EEA, we ensure adequate protection through:

  • Standard Contractual Clauses approved by regulatory authorities
  • Adequacy decisions by the UK government
  • Binding Corporate Rules where applicable

We will not transfer your data to jurisdictions without adequate safeguards in place.

Children's Data

Our services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately.

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: surreymontepro.pro

We would appreciate the opportunity to address your concerns before you contact the ICO. Please reach out to us first, and we will do our best to resolve any issues.

Updates to This Information

We may update this GDPR information periodically to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last revised.