Last updated: 7 April 2026
SurreymontePro is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. This page outlines how we comply with these regulations and respect your data rights.
For the purposes of data protection legislation, SurreymontePro is the data controller responsible for your personal information.
Data Controller: SurreymontePro Financial Education Services
Address: 42 High Street, Guildford, Surrey, GU1 3DY, United Kingdom
Email: [email protected]
We process your personal data only when we have a lawful basis to do so. Our processing activities rely on the following legal grounds:
We process your personal and financial information to deliver the educational services you have purchased from us. This includes developing personalised financial strategies, conducting consultations, and providing ongoing support throughout your programme.
We process certain data to pursue legitimate business interests, provided these interests do not override your rights. Examples include:
For certain processing activities, we rely on your explicit consent, including:
You may withdraw consent at any time without affecting the lawfulness of processing conducted before withdrawal.
We process and retain certain information when required by UK law, such as financial record-keeping requirements or responding to lawful requests from authorities.
Under UK GDPR, you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.
You have the right to obtain confirmation that we process your data and to receive a copy of that data. We will provide this information in a commonly used electronic format within 30 days of your request.
If your personal information is inaccurate or incomplete, you have the right to request correction. We will update your records promptly upon verification of the correct information.
You may request deletion of your personal data in certain circumstances, including:
This right is not absolute. We may need to retain certain information to comply with legal obligations or establish legal claims.
You can request that we limit how we use your data in specific situations, such as when you contest the accuracy of the data or object to processing. During restriction, we will store your data but not actively process it without your consent.
For data you provided to us based on consent or contract, you have the right to receive that information in a structured, commonly used format. You may also request direct transfer to another service provider where technically feasible.
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease such processing unless we demonstrate compelling legitimate grounds that override your interests.
We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts on individuals. Our financial education services involve human review and personalised analysis.
To exercise any of your data protection rights, please contact us at [email protected]. Your request should include:
We will respond to your request within 30 days. If your request is complex or we receive multiple requests, we may extend this period by up to 60 additional days, but we will notify you of any extension and explain the reasons.
We do not charge a fee for processing most requests. However, we may charge a reasonable administrative fee or refuse to act on requests that are manifestly unfounded, excessive, or repetitive.
We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:
In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you without undue delay. Our notification will include:
We will also notify the Information Commissioner's Office within 72 hours of becoming aware of a qualifying breach.
When we engage third-party service providers to process data on our behalf, we ensure they comply with GDPR requirements. We establish data processing agreements that:
We primarily store and process your data within the United Kingdom. If we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place, such as:
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying legal, accounting, or reporting requirements. Our retention periods are based on:
When data is no longer required, we securely delete or anonymise it.
Our services are not directed to individuals under 18 years of age. We do not knowingly process personal data of children. If we become aware that we have collected data from a child without appropriate consent, we will delete it promptly.
If you believe we have not handled your personal data in accordance with UK GDPR, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: www.surreymontepro.com
Helpline: 0303 123 1113
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first if possible.
We may update this GDPR compliance information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website or directly to active clients. The date at the top of this page indicates when it was last updated.
For questions about our GDPR compliance or to exercise your data rights, please contact us:
Email: [email protected]
Address: 42 High Street, Guildford, Surrey, GU1 3DY, United Kingdom