Your data protection rights under the General Data Protection Regulation
Last Updated: June 2026
The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on 25 May 2018. At merry-quest, we are committed to full compliance with GDPR requirements and protecting the personal data of all individuals who interact with our services.
This document explains your rights under GDPR and how we fulfill our obligations as a data controller.
We process personal data only when we have a lawful basis to do so. Our legal bases include:
Under GDPR, you have the following rights regarding your personal data:
You have the right to request copies of your personal data. We may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
You have the right to request that we erase your personal data under certain conditions, including when the data is no longer necessary for the purposes for which it was collected.
You have the right to request that we restrict the processing of your personal data under certain conditions, such as when you contest the accuracy of the data.
You have the right to object to our processing of your personal data under certain conditions, particularly when processing is based on legitimate interests.
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Where we rely on consent as the legal basis for processing, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us using the details provided on our Contact page. We will respond to your request within one month of receipt. If your request is complex or we receive multiple requests, we may extend this period by two additional months, and we will inform you of any such extension.
We process personal data for the following purposes:
We do not transfer personal data outside the United Kingdom except where necessary to deliver our services and with appropriate safeguards in place. Any international transfers comply with GDPR requirements, including the use of Standard Contractual Clauses or adequacy decisions by the UK Information Commissioner's Office.
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you without undue delay. We will also notify the UK Information Commissioner's Office within 72 hours of becoming aware of a qualifying breach.
For questions specifically related to data protection and GDPR compliance, you may contact our data protection representative at:
Email: [email protected]
Address: 42 Division Street, Sheffield S1 4GF, United Kingdom
If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with the supervisory authority:
Information Commissioner's Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Telephone: 0303 123 1113
Website: www.ico.org.uk
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected information from a child, we will take steps to delete such information promptly.
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on individuals.
We may update this GDPR compliance notice from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by posting the updated notice on our website.