GDPR Compliance Statement

Last updated: 9 April 2026

Our Commitment to Data Protection

Neuron Gear Ltd is committed to protecting the privacy and security of personal information. We comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 in all our operations.

This page provides specific information about your rights under these regulations and explains how we ensure compliance when processing your personal data.

Data Controller Information

For the purposes of data protection legislation, Neuron Gear Ltd is the data controller responsible for the personal information we process.

Data Controller: Neuron Gear Ltd
Address: 42 Bloomsbury Square, London, WC1A 2RP, United Kingdom
Company Number: 08542167
ICO Registration: ZA548219

For data protection enquiries, contact us at [email protected]

Your Data Protection Rights

UK GDPR grants you specific rights regarding your personal data. We respect these rights and have procedures in place to facilitate their exercise.

Right of Access

You have the right to request access to the personal data we hold about you. This is commonly known as a "subject access request." When you make such a request, we'll provide you with a copy of your personal data along with information about how we're processing it.

We'll respond to access requests within one month, free of charge. If your request is particularly complex or you've made multiple requests, we may extend this period by two additional months or charge a reasonable fee to cover administrative costs.

Right to Rectification

If personal information we hold about you is inaccurate or incomplete, you can ask us to correct or complete it. We'll respond to rectification requests promptly and update our records accordingly.

Right to Erasure

Also known as the "right to be forgotten," this allows you to request deletion of your personal data in certain circumstances:

  • The data is no longer necessary for the purposes we collected it
  • You withdraw consent on which processing is based
  • You object to processing and there are no overriding legitimate grounds
  • The data has been unlawfully processed
  • Deletion is required to comply with a legal obligation

Note that this right is not absolute. We may need to retain certain information to comply with legal obligations or establish, exercise, or defend legal claims.

Right to Restriction of Processing

You can ask us to restrict processing of your personal data in specific situations:

  • You contest the accuracy of the data (restriction applies while we verify accuracy)
  • Processing is unlawful but you prefer restriction to erasure
  • We no longer need the data but you need it for legal claims
  • You've objected to processing (restriction applies while we verify our legitimate grounds)

Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you can request a copy of your personal data in a structured, commonly used, and machine-readable format. You can also ask us to transmit this data directly to another controller where technically feasible.

Right to Object

You have the right to object to processing of your personal data in certain circumstances:

  • Processing based on legitimate interests or performance of a public interest task (you must provide grounds relating to your particular situation)
  • Direct marketing (we'll stop processing immediately upon your objection)
  • Processing for scientific, historical research, or statistical purposes (subject to exceptions)

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. We do not currently engage in automated decision-making of this nature.

How to Exercise Your Rights

To exercise any of your data protection rights, contact us by email at [email protected] or write to Data Protection Enquiries, Neuron Gear Ltd, 42 Bloomsbury Square, London, WC1A 2RP, United Kingdom.

Please include sufficient information to allow us to identify you and understand your request. We may need to verify your identity before processing certain requests to protect your personal information.

We'll respond to requests within one month. If your request is complex or we've received multiple requests from you, we may extend this period by up to two additional months. We'll notify you of any extension and explain the reason for the delay.

Lawful Basis for Processing

We only process personal data when we have a lawful basis to do so. The specific basis depends on the purpose of processing:

Contractual Necessity

We process personal data to deliver services you've requested or to take steps at your request before entering into a contract. This includes providing book recommendations, conducting consultations, and managing your account.

Legitimate Interests

We process certain data based on our legitimate business interests, provided these don't override your rights and interests. Examples include improving our services, preventing fraud, maintaining business records, and ensuring network and information security.

Consent

For some activities, particularly marketing communications, we rely on your explicit consent. You can withdraw consent at any time, and we've made this process straightforward.

Legal Obligations

Sometimes we must process data to comply with legal requirements, such as maintaining financial records for tax purposes or responding to valid legal requests.

Data Minimisation and Retention

We adhere to the data minimisation principle, collecting only personal information necessary for our specified purposes. We don't gather data "just in case" it might be useful later.

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected or to meet legal obligations. Client records are typically kept for seven years after the last service provision. Website analytics data is retained for up to 26 months.

When information is no longer needed, we securely delete or anonymise it.

Data Security Measures

We implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls limiting who can view personal data
  • Staff training on data protection principles and security practices
  • Secure backup and disaster recovery procedures
  • Vendor management processes ensuring third parties meet our security standards

Data Breach Procedures

We have procedures in place to detect, report, and investigate personal data breaches. If a breach occurs that is likely to result in a high risk to your rights and freedoms, we'll notify you without undue delay.

We'll also notify the Information Commissioner's Office within 72 hours of becoming aware of a breach that meets the relevant threshold, as required by UK GDPR.

Third-Party Processing

When we engage third parties to process personal data on our behalf, we ensure they provide sufficient guarantees of appropriate technical and organisational measures.

We maintain written contracts with processors that specify their obligations regarding data protection, security, confidentiality, and compliance with our instructions. We regularly review our processors' practices to ensure ongoing compliance.

International Data Transfers

We primarily process data within the United Kingdom. When we transfer personal data outside the UK or European Economic Area, we ensure appropriate safeguards are in place as required by UK GDPR.

These safeguards may include standard contractual clauses approved by the UK authorities, adequacy decisions confirming the recipient country provides equivalent protection, or other mechanisms recognised under data protection law.

Children's Data

Our services are directed at adults. We do not knowingly process personal data of children under 16 without parental or guardian consent. If we become aware that we've inadvertently collected such information, we'll delete it promptly.

Complaints and Regulatory Authority

If you believe we've handled your personal data inappropriately or violated your data protection rights, please contact us first so we can address your concerns.

You also have the right to lodge a complaint with the supervisory authority:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: neuron-gear.com

Updates to This Statement

We may update this GDPR compliance statement to reflect changes in our practices or legal requirements. Significant updates will be communicated to clients by email. The "Last updated" date at the top of this page indicates when the most recent changes were made.

Further Information

For more details about how we collect and use personal data, please see our Privacy Policy.

For questions about GDPR compliance or data protection generally, contact us at [email protected]