Compliance

GDPR Compliance

Built GDPR-first, not retrofitted. Complete compliance with UK data protection regulations.

UK Data Residency

All personal data is stored on UK-based servers and never transferred outside the UK without your explicit consent.

Data Minimisation

We only collect data necessary to provide our services. No excessive data collection.

Your Rights

Full support for access, rectification, erasure, portability, and objection rights.

Retention Limits

Clear data retention policies with automatic deletion after account closure.

Back to Home

Our GDPR Commitment

Unlike US-based platforms that retrofitted GDPR compliance, Surgeie was built from the ground up with UK data protection regulations at its core. We're committed to maintaining the highest standards of data privacy and protection for all our users.

Lawful Basis for Processing

We process personal data under the following lawful bases:

  • Contractual Necessity: To provide the services you've subscribed to
  • Legitimate Interests: To improve our services and prevent fraud
  • Legal Obligation: To comply with UK laws and regulations
  • Consent: For optional marketing communications

Your Rights Under GDPR

As a data subject, you have the following rights under UK GDPR:

Right of Access

Request a copy of all personal data we hold about you.

Right to Rectification

Correct any inaccurate personal data we hold.

Right to Erasure

Request deletion of your personal data.

Right to Portability

Receive your data in a machine-readable format.

Right to Restrict

Limit how we process your personal data.

Right to Object

Object to processing based on legitimate interests.

Data Processing Agreements

When Surgeie acts as a data processor on your behalf (processing your clients' data), we provide comprehensive Data Processing Agreements (DPAs) that meet GDPR requirements. Enterprise customers receive customised DPAs upon request.

Sub-Processors

We use a limited number of sub-processors, all of which are GDPR-compliant and based in the UK or EU. A full list of sub-processors is available upon request.

Data Breach Notification

In the event of a data breach affecting your personal data, we will notify you and the ICO (Information Commissioner's Office) within 72 hours as required by GDPR.

Exercise Your Rights

To exercise any of your GDPR rights, contact our Data Protection Officer:

Complaints

If you believe we have not handled your data appropriately, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk