top of page
  • LinkedIn
  • Instagram

GDPR Compliance Policy

SOTERweb, a trading arm of Montgomery & Coupers Ltd.

​

1. Introduction

​

This policy explains how Montgomery & Coupers Ltd complies with the UK General Data Protection Regulation (UK GDPR) as the data controller for the SOTERweb platform. It also clarifies circumstances where we act as a data processor on behalf of our clients who use SOTERweb to manage their Health & Safety, Property, and Contractor Management obligations.

 

2. Scope

​

This policy applies to all personal data processed in connection with SOTERweb, including that of clients, prospective clients, website visitors, and individuals communicating with us.

​

3. Data Controller Details

​

Montgomery & Coupers Ltd is a UK-registered micro-entity (Company No. 07143806) providing cloud-based compliance and safety management software.

​

All intellectual property, licensing, and data processing for SOTERweb are owned and managed by Montgomery & Coupers Ltd.

Data protection enquiries: admin@soterweb.org.uk.

​

4. Personal Data Collected

​

We collect personal data such as names, job titles, contact details (telephone numbers and email addresses), and limited technical information (IP addresses and browser types).

​

We may also retain correspondence via contact forms, support requests, or service communications.

 

5. Lawful Basis for Processing

​

We process personal data only where a lawful basis applies:

​

•    Contractual necessity – to deliver services to clients.

•    Legal obligation – to comply with statutory requirements.

•    Legitimate interests – to maintain and improve our platform.

•    Consent – where required for communications or marketing (withdrawable at any time).

 

6. Data Subject Rights

​

Individuals have rights of access, rectification, erasure, restriction, portability, and objection.

Requests can be made via admin@soterweb.org.uk, and we aim to respond within one calendar month.

 

7. Data Sharing and Sub-processors

 

We do not sell personal data.

​

We may share data with trusted UK-based service providers that support hosting, analytics, and security. These include: Easyspace, T3 Network Solutions, NB Data, Equilibrium Security, and AbilityNet.

​

All operate under written agreements meeting UK GDPR standards.

​

8. Data Security

​

All data is stored within UK-based, ISO 27001-certified data centres with daily encrypted backups, firewalls, and multi-factor authentication for administrators. Staff devices use encryption and antivirus protection.

 

9. International Transfers

​

We do not transfer personal data outside the UK.

​

10. Data Retention

​

Personal data is retained only as long as necessary to meet legal, contractual, or operational requirements, after which it is securely deleted or anonymised.

​

11. Data Breach Management

​

We will investigate any suspected data breach immediately and, where required, notify the ICO within 72 hours. If a breach poses a high risk to individuals, we will contact those affected without undue delay.

 

 

12. Data Protection by Design

​

We embed privacy principles in our system design and processes, ensuring data minimisation, restricted access, and use of pseudonymisation or encryption where appropriate.

​

13. Monitoring and Review

​

This policy is reviewed annually or sooner if regulations or practices change. All staff receive GDPR awareness training.

 

14. Contact

Questions or concerns about this policy should be directed to: admin@soterweb.org.uk.

bottom of page