GDPR Compliance

Last updated: 15 April 2026

Our Commitment to Data Protection

Premos Quar Ltd is committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This page explains how we comply with these regulations and what rights you have regarding your personal information.

Data Controller

Premos Quar Ltd is the data controller responsible for your personal information. Our contact details are:

Premos Quar Ltd
12 Artisan Lane
Bridgwater
Somerset TA6 4EQ
United Kingdom
Email: [email protected]
Company Number: 11847629

Lawful Basis for Processing

We process your personal data only when we have a lawful basis to do so. The legal grounds we rely on include:

  • Contract: Processing is necessary to fulfill our contractual obligations to you when you purchase products or services
  • Consent: You have given clear permission for us to process your data for marketing purposes
  • Legitimate interests: Processing is necessary for our legitimate business interests, such as improving our services and preventing fraud, provided your rights are not overridden
  • Legal obligation: Processing is required to comply with legal requirements, such as tax and accounting regulations

Your GDPR Rights

Under UK GDPR, you have comprehensive rights regarding your personal data:

Right to Access

You can request a copy of all personal data we hold about you. We will provide this information free of charge within one month of your request.

Right to Rectification

If any personal information we hold is inaccurate or incomplete, you have the right to have it corrected promptly.

Right to Erasure

Also known as the "right to be forgotten," you can request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purpose it was collected or you withdraw consent.

Right to Restriction of Processing

You can ask us to limit how we use your data while we investigate concerns you have about the accuracy or use of your information.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, machine-readable format, or have it transferred directly to another controller where technically feasible.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. If you object to marketing, we will stop processing your data for these purposes immediately.

Rights Related to Automated Decision Making

We do not use automated decision-making or profiling processes. All customer service decisions are made by human team members.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us at [email protected] with the subject line "GDPR Request." Please include:

  • Your full name and contact information
  • A clear description of your request
  • Proof of identity (we may request additional verification to protect your information)

We will respond to your request within one month. In complex cases, we may extend this period by two additional months and will inform you of the extension and reasons for the delay.

Data We Collect

We collect and process the following categories of personal data:

  • Identity data: name, username
  • Contact data: postal address, email address
  • Transaction data: order details, payment information (handled by secure third-party processors)
  • Technical data: IP address, browser type, device information
  • Usage data: how you interact with our website
  • Marketing data: your communication preferences

How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes outlined in our Privacy Policy:

  • Transaction records: 7 years (tax and legal requirements)
  • Customer service correspondence: 3 years after last contact
  • Marketing consent: until you withdraw consent
  • Website analytics: aggregated and anonymized after 26 months

Data Security

We have implemented appropriate technical and organizational measures to protect your personal data, including:

  • SSL encryption for data transmitted through our website
  • Access controls restricting who can view personal information
  • Regular security audits and vulnerability assessments
  • Employee training on data protection responsibilities
  • Secure physical storage of paper records with restricted access
  • Data backup and disaster recovery procedures

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office within 72 hours of becoming aware of the breach
  • Inform affected individuals without undue delay if the breach is likely to result in high risk
  • Take immediate steps to mitigate the breach and prevent recurrence

Third-Party Data Processors

We work with carefully selected third-party processors who handle data on our behalf:

  • Payment processors for secure transaction handling
  • Delivery services for order fulfillment
  • Email service providers for newsletters and customer communications
  • Website hosting and security services

All processors are bound by data processing agreements that ensure they comply with UK GDPR requirements and only process data according to our instructions.

International Data Transfers

We primarily store and process data within the United Kingdom. If we transfer data outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by regulatory authorities
  • Adequacy decisions confirming the recipient country provides adequate protection
  • Additional security measures where necessary

Consent Management

When we rely on consent as our legal basis for processing:

  • We obtain clear, specific consent for each processing purpose
  • We make it easy for you to withdraw consent at any time
  • We maintain records demonstrating when and how consent was obtained
  • We do not use pre-ticked boxes or assume consent from inaction

Children's Data

While we sell products designed for children, our website and services are directed at adults. We do not knowingly collect personal data from anyone under 16 without parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately.

Updates to This Page

We review and update our GDPR compliance documentation regularly to reflect changes in legislation and our practices. Significant changes will be communicated through our website and, where appropriate, by email.

Making a Complaint

We take data protection seriously and strive to handle all personal information responsibly. If you have concerns about our data handling practices, please contact us first so we can address the issue.

If you remain unsatisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: ico.org.uk

Further Information

For more detailed information about how we handle your personal data, please see our Privacy Policy. For information about cookies and tracking technologies, see our Cookies Policy.