GDPR Compliance

Last updated: 15 April 2026

Our Commitment to Data Protection

Smooth Purse Ltd is committed to complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take our data protection responsibilities seriously and have implemented policies and procedures to ensure your personal information is handled lawfully, fairly, and transparently.

This page provides specific information about our GDPR compliance practices. For comprehensive details about how we handle your data, please also refer to our Privacy Policy.

Data Controller Information

For the purposes of UK GDPR, the data controller is:

Smooth Purse Ltd
42 Portland Street
Manchester M1 4DG
United Kingdom
Email: [email protected]

Principles of Data Processing

We process personal data in accordance with the following principles set out in UK GDPR:

  • Lawfulness, fairness, and transparency: We process data lawfully, fairly, and in a transparent manner.
  • Purpose limitation: We collect data for specified, explicit, and legitimate purposes and do not process it in ways incompatible with those purposes.
  • Data minimisation: We collect only data that is adequate, relevant, and limited to what is necessary.
  • Accuracy: We take reasonable steps to ensure personal data is accurate and kept up to date.
  • Storage limitation: We keep personal data only for as long as necessary for the purposes for which it was collected.
  • Integrity and confidentiality: We process data securely using appropriate technical and organisational measures.
  • Accountability: We take responsibility for compliance and can demonstrate our adherence to these principles.

Your Rights Under UK GDPR

UK GDPR grants you specific rights regarding your personal data. We respect these rights and have procedures in place to facilitate their exercise:

Right to Be Informed

You have the right to clear, transparent information about how we use your personal data. We provide this through our privacy policy and related communications.

Right of Access

You can request confirmation of whether we process your personal data and obtain a copy of it. This is commonly known as a subject access request. We will respond within one month, free of charge, unless your request is manifestly unfounded or excessive.

Right to Rectification

You can ask us to correct inaccurate personal data and complete incomplete data. We will respond to your request within one month.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when:

  • The data is no longer necessary for the purpose it was collected
  • You withdraw consent (where consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • The data must be erased to comply with a legal obligation

Right to Restrict Processing

You can request that we limit how we use your data in certain situations, such as when you contest the accuracy of the data or object to processing.

Right to Data Portability

Where we process your data based on consent or contract, and the processing is automated, you can request your data in a structured, commonly used, machine-readable format and have it transmitted to another controller.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests.

Rights Related to Automated Decision Making

You have rights related to automated decision-making and profiling. We do not currently use automated decision-making processes that produce legal or similarly significant effects.

How to Exercise Your Rights

To exercise any of your rights under UK GDPR, please contact us:

Email: [email protected]
Post: Smooth Purse Ltd, 42 Portland Street, Manchester M1 4DG, United Kingdom

When making a request, please provide:

  • Your full name and contact details
  • Details of the specific right you wish to exercise
  • Any relevant information that helps us locate your data
  • Proof of identity if we need to verify your identity

We will respond to your request within one month. In complex cases, we may extend this by two additional months, but we will inform you if this is necessary.

Legal Bases for Processing

We only process personal data when we have a lawful basis to do so. The legal bases we rely on are:

Consent

We may ask for your consent to process certain personal data. When we do, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

Contract

Processing is necessary to fulfil our contractual obligations when you purchase our services or to take steps at your request before entering into a contract.

Legal Obligation

Processing is necessary to comply with legal obligations, such as tax and accounting requirements.

Legitimate Interests

Processing is necessary for our legitimate business interests or those of a third party, provided your fundamental rights and freedoms do not override those interests. Our legitimate interests include:

  • Providing and improving our services
  • Understanding how our website is used
  • Preventing fraud and ensuring security
  • Managing our business operations

Data Sharing and Third Parties

We do not sell or rent your personal data. We may share data with:

  • Service providers: Companies that provide services on our behalf, such as payment processors or email service providers. These processors are bound by data processing agreements and can only use your data as instructed by us.
  • Legal authorities: When required by law or to protect our rights.
  • Professional advisers: Such as lawyers, accountants, or consultants, under duties of confidentiality.

We ensure appropriate safeguards are in place whenever we share personal data.

Data Security Measures

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication systems
  • Regular security assessments and updates
  • Staff training on data protection
  • Secure backup procedures
  • Incident response procedures

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by law.

Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected. Retention periods depend on:

  • The nature of the data and why we collected it
  • Legal, regulatory, or contractual requirements
  • Whether we have a legitimate business need to retain it

Client service data is typically retained for seven years after service completion to meet legal obligations. Website usage data is retained for shorter periods. When data is no longer needed, we securely delete or anonymise it.

International Transfers

Your data is primarily processed within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place, such as:

  • Transfers to countries with adequacy decisions
  • Standard contractual clauses approved by authorities
  • Other legally approved transfer mechanisms

Children's Data

Our services are not directed at children under 18, and we do not knowingly collect data from children. If we become aware that we have collected data from a child without appropriate consent, we will take steps to delete it promptly.

Updates to This Notice

We may update this GDPR compliance notice to reflect changes in our practices or legal requirements. Material changes will be communicated through our website. The "Last updated" date at the top indicates when changes were last made.

Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Telephone: 0303 123 1113
Website: ico.org.uk

We encourage you to contact us first so we can address your concerns directly.

Questions and Contact

If you have questions about our GDPR compliance or data protection practices, please contact us:

Email: [email protected]
Address: Smooth Purse Ltd, 42 Portland Street, Manchester M1 4DG, United Kingdom