← Back to Stock Sure

GDPR Compliance

Last updated: 05/09/2025

1. Our Commitment to GDPR Compliance

Stock Sure is fully committed to compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We take data protection seriously and have implemented comprehensive measures to ensure your personal data is processed lawfully, fairly, and transparently.

2. Data Controller Information

Stock Sure acts as the data controller for personal data collected through our service. As a UK-based company, we are registered with the Information Commissioner's Office (ICO).

3. Lawful Basis for Processing

We process your personal data under the following lawful bases:

Contract (Article 6(1)(b))

  • Account management and service provision
  • Processing payments and billing
  • Providing customer support

Legitimate Interests (Article 6(1)(f))

  • Service improvement and development
  • Security monitoring and fraud prevention
  • Analytics and performance monitoring

Legal Obligation (Article 6(1)(c))

  • Tax and accounting requirements
  • Regulatory compliance
  • Response to legal requests

Consent (Article 6(1)(a))

  • Marketing communications (where applicable)
  • Optional features requiring explicit consent

4. Your Rights Under UK GDPR

As a data subject, you have the following rights:

Right of Access (Article 15)

You can request a copy of all personal data we hold about you, including information about how it's processed.

Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances, including when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other lawful basis
  • The data has been unlawfully processed

Right to Restriction (Article 18)

You can request that we limit the processing of your data in certain situations.

Right to Data Portability (Article 20)

You can request your data in a structured, commonly used format for transfer to another controller.

Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing purposes.

Rights Related to Automated Decision-making (Article 22)

You have rights regarding decisions made solely by automated processing, including profiling.

5. How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. Send an email to info@stocksure.io with your request
  2. Include sufficient information to verify your identity
  3. Specify which right you wish to exercise and any relevant details

We will respond to your request within one month (extendable by two months for complex requests). Some requests may be subject to exemptions under data protection law.

6. Data Security Measures

We implement appropriate technical and organisational measures to protect your data:

Technical Measures

  • Encryption of data in transit and at rest
  • Regular security updates and patches
  • Access controls and authentication systems
  • Regular security assessments and monitoring

Organisational Measures

  • Staff training on data protection
  • Data protection impact assessments
  • Privacy by design principles
  • Regular review of data processing activities

7. Data Transfers

Your personal data is primarily processed within the UK and European Economic Area (EEA). Any transfers to third countries are protected by appropriate safeguards:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes

8. Data Retention

We retain personal data only for as long as necessary:

  • Account data: Duration of your subscription plus 7 years for regulatory compliance
  • Payment data: 7 years from the last transaction for tax purposes
  • Support communications: 3 years for quality assurance
  • Marketing data: Until consent is withdrawn or legitimate interest ceases

9. Data Breach Procedures

In the event of a personal data breach:

  • We will assess the risk to individuals within 72 hours
  • The ICO will be notified within 72 hours if required
  • Affected individuals will be informed without undue delay if high risk
  • We will document all breaches and our response measures

10. Children's Data

Our service is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children without appropriate parental consent.

11. Complaints and Supervisory Authority

If you believe we have not handled your personal data appropriately, you have the right to lodge a complaint with the supervisory authority:

  • Information Commissioner's Office (ICO)
  • Website: ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

12. Updates to This Document

We may update this GDPR compliance information as our practices evolve or regulations change. We will notify you of any significant changes through our service or by email.

13. Contact Us

For any questions about GDPR compliance or to exercise your rights, please contact: