Legal
Privacy Policy
Last updated: March 2026
1. Who We Are
Promeds Online UK is an online retailer specialising in sleep and pain relief products, operating within the United Kingdom. We are committed to protecting your personal data and handling it responsibly in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
If you have any questions about this policy, please contact us via our Contact Us page or through WhatsApp.
2. What Data We Collect
When you use our website or place an order, we may collect the following personal data:
- Full name
- Delivery and billing address
- Email address
- Phone number
- Payment information (bank transfer details — we do not store card details)
- Order history and preferences
- IP address and browser information (via cookies)
3. How We Use Your Data
We use your personal data for the following purposes:
- To process and fulfil your orders
- To send order confirmations, invoices and dispatch notifications
- To respond to queries and provide customer support
- To comply with legal and regulatory obligations
- To improve the functionality and performance of our website
We do not use your personal data for unsolicited marketing without your explicit consent.
4. Legal Basis for Processing (UK GDPR)
Under UK GDPR, we process your personal data on the following lawful bases:
- Contract: Processing is necessary to fulfil your order
- Legal obligation: We are required to retain certain data for tax and regulatory purposes
- Legitimate interests: To improve our services and prevent fraud
- Consent: Where you have explicitly opted in, such as for marketing communications
5. How We Share Your Data
We do not sell, rent or trade your personal data to third parties. We may share your data only with:
- Royal Mail — to fulfil and track your delivery
- Our payment processor — solely to process your bank transfer
- Legal authorities — where required by law
All third parties we work with are required to handle your data securely and in accordance with UK GDPR.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy. Order and financial records are retained for a minimum of 6 years in accordance with HMRC requirements. You may request deletion of your data at any time, subject to any legal obligations we must comply with.
7. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of access — you can request a copy of the data we hold about you
- Right to rectification — you can ask us to correct inaccurate data
- Right to erasure — you can request that we delete your data
- Right to restrict processing — you can ask us to limit how we use your data
- Right to data portability — you can request your data in a portable format
- Right to object — you can object to processing based on legitimate interests
To exercise any of these rights, please contact us through our Contact Us page. We will respond within 30 days.
9. Data Security
We take the security of your personal data seriously. Our website uses SSL encryption (indicated by the padlock icon and "https" in your browser), and we take appropriate technical and organisational measures to protect your data against unauthorised access, loss or misuse.
10. Changes to This Policy
We may update this privacy policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review this policy periodically.
11. Contact & Complaints
If you have any concerns about how we handle your data, please contact us in the first instance via our Contact page or on WhatsApp.
You also have the right to lodge a complaint with the Information Commissioner's Office (ICO): ico.org.uk