Privacy Policy

Last updated: 17/05/2026

This Privacy Policy sets out the way we handle your personal data.

This Privacy Policy describes how PREMSOX LTD ("we", "us", "our") collects, uses, discloses and safeguards your personal data when you use our website https://premsoxcompany.com (the "Website") and when you purchase our products or otherwise interact with us.

We are committed to safeguarding your privacy and handling your personal data in accordance with the UK General Data Protection Regulation ("UK GDPR") and the Data Protection Act 2018.

Kindly review this Privacy Policy carefully. If you do not agree with this Policy, you should refrain from using our Website or providing your personal data to us.

1. Definitions and terminology

In this Privacy Policy, the following terms shall be interpreted in accordance with the meanings set forth below:

  • "Controller" – the natural or legal person which determines the purposes and means of the processing of personal data. For purposes of this Policy, the Controller is PREMSOX LTD.
  • "Personal data" – any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, notably by reference to an identifier such as a name, identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  • "Processing" / "to process" – any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  • "UK GDPR" – the UK General Data Protection Regulation, being the retained EU law version of the General Data Protection Regulation (EU) 2016/679, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018, as amended.
  • "Data subject" / "you" / "your" – any identified or identifiable natural person whose personal data is processed by us, such as a Website visitor, customer or contact person.
  • "Third party" – a natural or legal person, public authority, agency or body other than the data subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.
  • "Website" – our website accessible at https://premsoxcompany.com and any of its sub-pages or online resources operated and controlled by us.

Any terms used but not defined in this section shall have the meanings assigned to them in the UK GDPR.

2. Data controller and contact details

2.1. We act as the data controller of your personal data.

2.2. The data controller ("Controller") with responsibility for your personal data is:
PREMSOX LTD
Company Number: 14654272
Registered office: 27 Old Gloucester Street, London, United Kingdom, WC1N 3AX

For any questions concerning this Privacy Policy or our data protection practices, you may reach us at: info@premsoxcompany.com

3. Scope and who this Policy applies to

3.1. This Policy governs your interactions with us in connection with our Website and products.

3.2. This Privacy Policy covers:

  • visitors to our Website;
  • customers purchasing our products;
  • individuals who get in touch with us (for example by email, via contact forms or through social media);
  • prospects who receive our marketing communications (where permitted).

3.3. This Policy shall not extend to websites, apps or services operated by third parties, including carriers (such as DHL or any other delivery partners), payment providers, or social media platforms. Such services are governed by their own privacy notices.

4. Categories of personal data we collect

4.1. We collect various types of personal data based on how you interact with us.

4.2. Subject to your interactions with us, we may collect and process the following categories of personal data:

4.2.1. Identity and contact data

  • name;
  • billing and delivery address;
  • email address;
  • telephone number (where provided).

4.2.2. Order and transaction data

  • products ordered;
  • order dates and values;
  • payment status;
  • delivery status and tracking information;
  • information regarding returns, reversals and chargebacks.

4.2.3. Payment data

Basic payment information such as payment method and transaction identifiers. Full payment card details are not retained by us; these are processed by our third-party payment processors on our behalf.

4.2.4. Technical and usage data

  • IP address;
  • browser type and version;
  • device identifiers;
  • time zone setting and approximate location;
  • information regarding how you use our Website (pages viewed, interactions on pages, referring URLs, session duration and similar usage statistics), gathered by automated means such as server logs and similar technologies.

4.2.5. Marketing and communication data

  • your preferences in the receipt of marketing material from us;
  • records of your communication preferences and any consent you have provided;
  • information regarding your interaction with our marketing communications (including, whether you open or click our emails).

4.2.6. Customer support and communication data

  • messages you direct to us (e.g. via email, contact form, webchat or social media);
  • information regarding complaints, returns, reversals and chargebacks;
  • further information you voluntarily share in your communications with us.

4.2.7. Social media and online community data (where applicable)

If you engage with us via social media (for example, by following our page, commenting, sending a direct message, or participating in a promotion we run on a platform), we may collect:

  • your public profile information (name, username or handle, profile photo);
  • the content of your messages, comments or posts directed to us;
  • further information disclosed to us by the social media platform subject to your settings on the relevant platform.

5. How we collect your personal data

5.1. Personal data is collected by us directly from you and from certain third parties.

5.2. Data you provide directly

5.2.1. Specifically, we collect personal data when you:

  • complete forms on our Website (for example, during checkout or via a contact form);
  • create or update an account (where account functionality is available);
  • subscribe to our newsletters or other marketing communications;
  • engage with us by email, phone, webchat, social media or other channels;
  • take part in promotions, surveys or similar activities that we organise.

5.2.2. By completing the submission form and clicking the "send" / "checkout" button on our Website you agree to the terms of this Policy and grant the Controller your informed consent to the processing of your personal data where consent serves as the applicable legal basis, and you acknowledge that we may process your data on other legal bases as described in section 7 of this Policy.

5.2.2.1. In addition, we proceed from the following:

  • you have submitted entirely reliable information. Verification of its authenticity is not undertaken by us. All risks of providing false or insufficient information rest with you;
  • you have the right to grant appropriate consent. In the event that you do not have such a right, consent to the processing of personal data is provided on your behalf by your legal representative.

5.2.2.2. By granting consent to the processing of personal data and accepting the terms of this policy, you agree to the transfer of your data, including to third parties.

5.3. Data we collect automatically

5.3.1. When you use our Website, certain technical and usage data is automatically collected (see section 4.2.4 above) by means of our IT systems (for example, server logs and similar technologies). This information enables us to operate, secure and improve the Website and to understand how it is used.

5.4. Data we receive from third parties

5.4.1. We may obtain personal data about you from third parties, including:

  • payment service providers (including, confirmation of payment, limited payment details, information regarding chargebacks and reversals);
  • delivery and logistics partners (such as, status of shipment and delivery, proof of delivery, information about returns);
  • analytics and advertising providers (such as, aggregated or pseudonymised information regarding how you interact with our Website or adverts);
  • social media platforms when you interact with our content or communicate with us through those channels;
  • fraud prevention and risk management providers, where applicable.

5.4.2. In the event we obtain your personal data from other sources, we will process it in accordance with this Privacy Policy and, where the law so requires, we will inform you within the applicable deadlines about the relevant processing.

6. Purposes and legal bases for processing

6.1. Personal data is processed by us only where we have a lawful basis to do so.

6.2. Personal data is processed by us under the legal bases set out in the UK GDPR. Subject to the purpose, we rely on one or more of the following legal bases:

  • the processing is necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract (Art. 6(1)(b) UK GDPR);
  • the processing is necessary for compliance with a legal obligation to which we are subject (Art. 6(1)(c) UK GDPR);
  • the processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms (Art. 6(1)(f) UK GDPR);
  • in some cases, you have given your consent to the processing (Art. 6(1)(a) UK GDPR).

6.3. To process and fulfil your orders

Purposes: to receive and process your orders; to handle payments and manage transactions; to arrange shipping, delivery and returns; to communicate with you regarding your order, including dispatch, delays or issues; to administer reversals and chargebacks.

Legal basis: performance of a contract or taking steps at your request before entering into a contract (Art. 6(1)(b)); our legitimate interest in maintaining the proper administration of our operations and preventing abuse (Art. 6(1)(f)).

6.4. Customer service and after-sales support

Purposes: to address your enquiries and support requests; to manage complaints, reversals, chargebacks and disputes; to administer our return and refund policy (including any statutory cooling-off period or other consumer rights).

Legal basis: performance of a contract (Art. 6(1)(b)); our legitimate interest in delivering high-quality customer service, protecting our rights and defending legal claims (Art. 6(1)(f)).

6.5. Website operation, security and fraud prevention

Purposes: to run and maintain the Website; to monitor and preserve the security and integrity of our systems; to detect, investigate and prevent fraud, abuse or misuse (including potential theft of products, fraudulent use of payment methods, unusual patterns of orders, reversals and chargebacks); to enforce our terms and conditions.

Legal basis: our legitimate interest in maintaining the security and proper functioning of our services and defending our business and customers against fraud and other unlawful activities (Art. 6(1)(f)); in some cases, compliance with legal obligations (for example, in relation to record-keeping and cooperation with law-enforcement) (Art. 6(1)(c)).

Where we deploy automated tools to help identify potentially fraudulent transactions (for example, based on technical indicators, history of chargebacks or other risk signals), such tools do not generally produce legal effects concerning you or similarly significantly affect you within the meaning of the UK GDPR. Should we ever implement automated decision-making that has such effects, we will provide you with specific information and explain your related rights (see section 12 below).

6.6. Marketing and analytics

Purposes: to send you newsletters and other marketing communications about our products, services, offers and promotions, where the law permits; to tailor our marketing communications based on your purchase history and preferences, where permitted; to understand how visitors use our Website, our products and our marketing campaigns; to analyse and improve our services, user experience, Website performance and marketing effectiveness.

Legal basis: your consent (Art. 6(1)(a)), including where required by law for email or SMS marketing; our legitimate interest in promoting and developing our business, understanding our customers and improving our services (Art. 6(1)(f)).

You are entitled to withdraw your consent to marketing at any time, or object to marketing based on our legitimate interests (see section 11).

6.7. Compliance with legal obligations and legal claims

Purposes: to comply with legal obligations under applicable laws (for example, tax, accounting, consumer protection and data protection laws); to establish, exercise or defend legal claims (including, in the event of disputes, fraud investigations or regulatory enquiries); to answer requests from public authorities, regulators, law-enforcement or courts where we are legally required or permitted to do so.

Legal basis: compliance with legal obligations (Art. 6(1)(c)); our legitimate interest in safeguarding our rights, defending legal claims and cooperating with public authorities as needed (Art. 6(1)(f)).

7. Who we share your personal data with

7.1. Disclosure of your data is undertaken by us only when it is necessary and lawful to do so.

7.2. We may disclose your personal data to the following categories of recipients, only to the extent necessary for the purposes outlined in this Policy:

  • payment service providers handling your payments on our behalf;
  • delivery and logistics partners, including DHL and other carriers, to deliver your orders and manage returns;
  • IT and hosting providers, encompassing providers of Website hosting, email, cloud storage and maintenance services;
  • analytics and marketing providers, where we rely on such services in accordance with applicable law;
  • customer support tools (for example, webchat or ticketing systems), where deployed;
  • fraud prevention, risk management and security providers, where applicable;
  • professional advisers, including lawyers, accountants or auditors, where necessary to secure advice or protect our legal rights;
  • public authorities, regulators, law-enforcement or courts, where required by law or necessary to protect our rights or the rights of others.

7.3. In the event of a corporate transaction such as a merger, acquisition, restructuring, sale of assets or transfer of business, we may transfer your personal data to the prospective or actual buyer, investor or other successor entity, subject to appropriate confidentiality and data protection obligations. In such circumstances, we will ensure that any recipient continues to process your personal data in accordance with this Privacy Policy and applicable data protection laws.

8. International transfers

8.1. Your personal data may potentially be transferred outside the UK.

8.2. A number of the third parties we engage (for example, certain carriers, IT, analytics or payment providers) may process your personal data outside the United Kingdom.

8.3. Should your personal data be transferred outside the UK, we will ensure that appropriate safeguards are in place to protect your data, such as:

  • an adequacy decision by the UK Government for the destination country; or
  • standard contractual clauses or other appropriate contractual safeguards approved under the UK GDPR.

8.4. You may contact us for more information about the specific safeguards we rely on for international transfers.

9. How long we keep your personal data

9.1. Your personal data is retained by us only as long as necessary for the purposes for which it was collected.

9.2. We retain your personal data only for as long as reasonably required for the purposes outlined in this Policy, including for the purposes of fulfilling any legal, regulatory, tax, accounting or reporting requirements.

9.3. Specifically, and subject to applicable legal obligations:

  • data of Website visitors (technical and usage data) is commonly kept for a period of up to 12 months from your last interaction with our Website, unless a longer period is required for security or legal purposes;
  • order and transaction data, including associated identity and contact data, are typically stored for the statutory retention period required under tax and accounting laws (as a rule up to 6 years from the end of the relevant financial year, or longer where necessary in connection with legal claims);
  • records of customer support communications are typically retained for as long as necessary to resolve your request or issue, and for a reasonable period thereafter (up to 3 years, subject to the nature of the matter);
  • marketing data (including your contact details and marketing preferences) is kept until you withdraw your consent or object to further marketing, or for a shorter period if required by applicable law, and in any case no longer than 3 years from your last interaction with us.

9.4. Once the applicable retention periods lapse, we will delete or anonymise your personal data in a secure manner. In certain instances, we may retain certain information in an aggregated or anonymised form which no longer identifies you.

10. Security of your personal data

10.1. Appropriate measures are taken by us to protect your personal data.

10.2. We deploy appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage, having regard to the nature of the data and the risks involved.

10.3. Among others, such measures may include:

  • access controls, authentication and role-based permissions;
  • encryption or pseudonymisation of data where appropriate;
  • secure hosting environments and regular security updates;
  • internal policies and staff training on data protection and information security;
  • procedures to identify, assess and respond to data breaches.

10.4. Nevertheless, no system is completely secure. Absolute security of your data cannot be guaranteed by us, though we strive to mitigate risks and respond promptly to any incidents in accordance with our legal obligations.

11. Your rights as a data subject

11.1. You enjoy rights in relation to your personal data.

11.2. Under the UK GDPR you have a number of rights in relation to your personal data, subject to certain conditions and limitations:

  • Right to be informed – to receive clear and transparent information about how we use your data (this Privacy Policy is intended to deliver that).
  • Right of access – to obtain confirmation as to whether we process your personal data and, if so, to receive a copy of it and certain related information.
  • Right to rectification – to have inaccurate or incomplete personal data corrected or completed.
  • Right to erasure – to request deletion of your personal data in certain circumstances (for example, where the data is no longer necessary for the purposes for which it was collected, or where you withdraw consent and there is no other legal basis).
  • Right to restriction of processing – to request that we restrict the processing of your data in certain situations (including while we verify its accuracy or consider an objection you have raised).
  • Right to data portability – to receive the personal data you have provided to us in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible and where the processing is based on consent or contract and carried out by automated means.
  • Right to object – to object, on grounds relating to your particular situation, to processing based on our legitimate interests (including profiling based on those interests). Such processing will be discontinued by us unless we can demonstrate compelling legitimate grounds which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
  • Right to object to direct marketing – you have an absolute right to object at any time to the use of your personal data for direct marketing purposes, including profiling to the extent that it is related to such direct marketing. If you object, the use of your personal data for this purpose will cease.
  • Rights in relation to automated decision-making, including profiling – where applicable, to obtain meaningful information about the logic involved in automated decision-making that produces legal effects concerning you or similarly significantly affects you, to request human intervention, to express your point of view and to contest the decision.

11.3. To exercise any of your rights, please contact us at info@premsoxcompany.com. We may need to verify your identity before responding to your request.

11.4. You also enjoy the right to lodge a complaint with a supervisory authority. Within the United Kingdom, this is the Information Commissioner's Office (ICO). Details on how to reach the ICO are available on its website (ico.org.uk). We would, however, welcome the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance wherever possible.

12. Automated decision-making and profiling

12.1. Automated decision-making with legal or similarly significant effects is not ordinarily used by us.

12.2. We may use certain automated tools (including, fraud detection tools) to help us monitor transactions for potential fraudulent or abusive activity. These tools may take into account a range of factors such as technical information, transaction patterns or history of chargebacks.

12.3. That said, at the date of this Policy, we do not make decisions based solely on automated processing (including profiling) that produce legal effects concerning you or similarly significantly affect you within the meaning of the UK GDPR. Should we in the future implement such automated decision-making, we will update this Policy and provide you with the information required by law, as well as information about your related rights.

13. Children's data

13.1. Our services are not directed at children.

13.2. Our Website and products are not intended for children under 18 years of age, and personal data from children is not knowingly collected by us. Should we become aware that we have collected personal data from a child under 18, we will take steps to delete such information as soon as reasonably possible. If you believe that a child has provided us with personal data, please contact us using the details in section 2.

14. Changes to this Privacy Policy

14.1. This Policy may be updated by us periodically.

14.2. This Privacy Policy may be updated by us from time to time, including to reflect changes in our processing activities, legal requirements or guidance. The most recent version will always be available on our Website, and the "Last updated" date at the top will indicate when the Policy was most recently revised.

14.3. Your continued use of the Website after any changes have been published will constitute your acceptance of the updated Policy. Where we make material changes that significantly affect your rights, we will take reasonable steps to notify you ahead of time (including, by email or via a prominent notice on the Website).