Data Protection: Requests & Complaints

Smart Associates Ltd is committed to handling personal data lawfully and transparently. Our Privacy Policy explains what we collect and why. This page is for taking action: making a data protection complaint, or exercising any of your rights under the UK GDPR and the Data Protection Act 2018 (as amended by the Data (Use and Access) Act 2025).

Making a Data Protection Complaint

If you believe we have infringed your data protection rights – for example by using your information in a way you did not expect, failing to keep it accurate, or continuing to contact you after you opted out – you have the right to complain directly to us, and we have a legal duty to deal with your complaint.

You can complain by whichever route suits you. We accept complaints however they reach us:

• Online: the form below
• Email: privacy@smart.associates
• Post: Data Protection, Smart Associates Ltd, Valley View, The Old Quarry, Haslemere, Surrey GU27 3SS, United Kingdom
• Social media or in person – we will treat any clear expression of a data protection concern as a complaint, whatever the channel

What happens when you complain

1. We acknowledge your complaint within 30 days of receiving it – usually much sooner.
2. We investigate. We make appropriate enquiries into the subject matter of your complaint and may contact you for further information.
3. We respond without undue delay, telling you the outcome of the investigation and any steps we have taken or will take.

If you are not satisfied with our response, you can take your complaint to the Information Commissioner’s Office (ICO) – ico.org.uk, 0303 123 1113. New Zealand users can contact the Office of the Privacy Commissioner, 0800 803 909.

Exercising Your Data Protection Rights

You can use the same form (or any of the channels above) to exercise your rights, including:

• Access – a copy of the personal data we hold about you (a Subject Access Request)
• Rectification – correction of inaccurate or incomplete data
• Erasure – deletion of your data (“right to be forgotten”)
• Portability – your data in a structured, machine-readable format
• Restriction – limits on how we process your data
• Objection – including to any direct marketing, which we will stop immediately. For marketing emails you can do this instantly, per product and topic, on our email preferences page

We respond to rights requests within one calendar month. For complex or numerous requests we may extend by up to two further months, and we will tell you within the first month if so. We may need to verify your identity before releasing or deleting data; we will only ask for what is proportionate. Exercising your rights is free of charge.

Submit a Request or Complaint

What would you like to do? Make a data protection complaint Request a copy of my data (access) Correct my data (rectification) Delete my data (erasure) Export my data (portability) Restrict processing of my data Object to processing (including marketing)

Your name

Email address

Please use the email address you registered or corresponded with us from, so we can locate your records.

Details

Submit

How We Govern Personal Data

Behind this page sit formal procedures: a lawful basis register documenting the legal grounds for every processing activity, a Record of Processing Activities (ROPA), Data Protection Impact Assessments for new high-risk processing, tracked SLA deadlines for every request and complaint, and audited erasure across all of our systems. If you would like more detail about any of these – for example as part of a vendor assessment – please contact us.