GDPR Compliance

Last Updated: June 15, 2026

Introduction

reed-mongoose is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with data protection legislation and outlines your rights as a data subject.

Data Controller

reed-mongoose acts as the data controller for personal information collected through our website and services. We determine how and why your personal data is processed.

Data Controller Contact Details:
reed-mongoose
Queen Square
Bristol BS1 4JQ
United Kingdom
Email: [email protected]

Lawful Basis for Processing

We only process your personal data when we have a lawful basis to do so under UK GDPR. The lawful bases we rely on include:

Consent

We process certain data based on your explicit consent. You have the right to withdraw consent at any time by contacting us.

Contract Performance

When you engage our services, we process your data to fulfill our contractual obligations to you.

Legitimate Interests

We may process data where we have legitimate business interests, provided these interests do not override your fundamental rights and freedoms.

Legal Obligation

In some cases, we process data to comply with legal requirements, such as financial record-keeping obligations.

Your Data Protection Rights

Under UK GDPR, you have the following rights regarding your personal data:

Right to be Informed

You have the right to clear, transparent information about how we use your personal data. This information is provided in our Privacy Policy and this GDPR page.

Right of Access

You can request a copy of the personal data we hold about you. This is commonly known as a "subject access request." We will provide this information free of charge within one month of your request.

Right to Rectification

If personal data we hold about you is inaccurate or incomplete, you have the right to have it corrected or completed.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected.

Right to Restrict Processing

You can request that we limit how we use your personal data in certain situations, such as when you contest the accuracy of the data or object to our processing.

Right to Data Portability

You have the right to obtain and reuse your personal data for your own purposes across different services. We will provide your data in a structured, commonly used, and machine-readable format.

Right to Object

You can object to processing of your personal data in certain circumstances, particularly when we process data based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal effects or similarly significantly affect you. We do not currently use automated decision-making processes.

How to Exercise Your Rights

To exercise any of your data protection rights, please contact us using the details provided above. We will respond to your request within one month, though this may be extended by two additional months for complex requests.

Verification

To protect your privacy and security, we may need to verify your identity before fulfilling your request. This typically involves confirming identifying information you have previously provided to us.

No Fee Required

We do not charge a fee for most requests to exercise your data protection rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Data Processing Activities

What Personal Data We Collect

• Contact information (name, email address)
• Service inquiry details
• Financial information relevant to consultations
• Communication records
• Technical data (IP address, browser type, device information)

How We Use Your Data

• To provide requested services and consultations
• To communicate with you about appointments and inquiries
• To improve our website and services
• To comply with legal and regulatory obligations
• To protect against fraud and security threats

Who We Share Data With

We do not sell your personal data. We may share data with:

• Service providers who assist with website hosting and maintenance (under strict data processing agreements)
• Professional advisors (such as lawyers and accountants) when necessary
• Regulatory authorities when required by law

Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls limiting who can view personal data
• Staff training on data protection principles
• Secure backup procedures

Data Retention

We retain your personal data only as long as necessary for the purposes it was collected or as required by law. Financial consultation records are typically retained for seven years to comply with professional standards and tax regulations.

Retention Criteria

Our retention periods are based on:

• The nature of our relationship with you
• Legal and regulatory requirements
• Legitimate business needs
• Your preferences and consent

International Data Transfers

We process and store data within the United Kingdom. If we transfer data outside the UK, we ensure appropriate safeguards are in place to protect your information in accordance with UK GDPR requirements.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach, as required by UK GDPR.

Children's Privacy

Our services are not directed at children under 18 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such information, please contact us immediately so we can delete it.

Updates to This Page

We may update this GDPR information periodically to reflect changes in our practices or legal requirements. Significant changes will be communicated through our website.

Complaints

If you are not satisfied with how we have handled your personal data or responded to your requests, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 0303 123 1113
Website: ico.org.uk

Contact Us

If you have questions about our GDPR compliance, wish to exercise your data protection rights, or need further information, please contact us:

reed-mongoose
Queen Square
Bristol BS1 4JQ
United Kingdom
Email: [email protected]