Privacy Policy

Last updated: June 2025

This Privacy Policy explains how Astetica collects, uses, stores, and protects your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who We Are

Astetica Group Ltd (“Astetica”, “we”, “us”, or “our”) is a UK-registered company (Company Number: 15831763) and is the data controller responsible for personal data processed via our website www.astetica.co.uk and our prescription facilitation system.

Our registered office is:
14A Whittelegge Street, Bury, BL8 1SL

Contact details:
Email: info@astetica.co.uk
Phone: +44 7361 252163

We are a UK provider specialising in the supply of aesthetic and dermatological products to qualified professionals.

2. Definitions

  • Personal Data: Any information relating to an identified or identifiable individual.
  • Processing: Any operation performed on personal data, including collection, storage, use, or disclosure.
  • Data Controller: The entity that determines the purposes and means of processing personal data (Astetica).
  • Data Processor: A third party that processes personal data on behalf of the data controller.
  • Cookies: Small text files stored on your device that collect information about browsing behaviour.
  • User: Any individual accessing our website or services.

3. What Data We Collect

We collect and process the following categories of personal data:

  • Identity Data, including full name, professional registration numbers (such as GMC, NMC, GPhC, HCPC), and date of birth.
  • Contact Data, including email address, telephone number, and billing or delivery address.
  • Professional Verification Data, including proof of qualifications, professional registration, prescribing rights, and insurance documentation.
  • Transaction Data, including purchase history, order details, and payment status.
  • Technical Data, including IP address, browser type, device identifiers, and website usage data.
  • Marketing Preferences, including your consent to receive marketing communications.

4. How We Use Your Data

We process personal data in order to:

  • Verify your professional status to comply with medical, pharmacy, and regulatory requirements, including the Human Medicines Regulations.
  • Fulfil orders, process payments, and deliver products.
  • Communicate with you regarding your account, orders, or services.
  • Comply with legal and regulatory obligations.
  • Send service-related communications and marketing materials where consent has been provided.
  • Improve our website, services, and user experience through analytics.
  • Prevent fraud and maintain platform security.

5. Lawful Bases for Processing

We rely on the following lawful bases under UK GDPR:

  • Contractual necessity, where processing is required to provide products or services to you.
  • Legal obligation, where processing is required to comply with regulatory, pharmacy, or tax laws.
  • Legitimate interests, including fraud prevention, business operations, and service improvement.
  • Consent, where required for direct marketing or non-essential cookies.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance user experience, analyse site usage, and deliver relevant marketing.

We use the following categories of cookies:

  • Essential cookies, required for core website functionality.
  • Analytics cookies, used to understand how visitors interact with our website.
  • Preference cookies, which remember your settings and preferences.
  • Marketing cookies, used to deliver targeted advertising based on your interests.

You may manage or disable cookies through your browser settings. Disabling cookies may affect website functionality. We may also use tracking pixels in marketing emails to monitor engagement.

7. Marketing Communications

We send marketing communications only where you have provided explicit consent. You may unsubscribe at any time using the link included in our emails or by contacting us at info@astetica.co.uk.

Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

8. Embedded Content and Third-Party Features

Our website may include embedded videos, social media widgets, or other third-party content that may collect personal data. We are not responsible for the privacy practices or content of third-party websites or services.

9. Technical Data Use

We collect technical data such as IP addresses, browser type, device information, and access logs to:

  • Maintain website security.
  • Prevent fraud and unauthorised access.
  • Improve website functionality and performance.

10. Data Sharing

We may share personal data with:

  • Registered prescribers and dispensing pharmacies.
  • Service providers, including hosting providers, email platforms, and payment processors.
  • Regulatory authorities where disclosure is legally required.

Where personal data is transferred outside the UK or European Economic Area (EEA), appropriate safeguards such as Standard Contractual Clauses are implemented.

11. Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

12. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil the purposes for which the data was collected.
  • Comply with legal and regulatory requirements, including medical and pharmacy record retention obligations (typically a minimum of six years).
  • Resolve disputes or enforce agreements.

Inactive user accounts may be deleted after 24 months of inactivity.

13. Security Measures

We implement appropriate technical and organisational security measures, including encryption, secure servers, access controls, and regular security reviews.

While we take reasonable steps to protect personal data, no system is entirely secure. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify affected individuals and the relevant supervisory authorities as required by law.

14. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access personal data we hold about you.
  • Request correction or deletion of your personal data.
  • Object to or restrict processing of your data.
  • Request data portability.
  • Withdraw consent at any time where processing is based on consent.
  • Lodge a complaint with the Information Commissioner’s Office (ICO).

Requests may be made by contacting info@astetica.co.uk. We aim to respond within one week.

15. Business Transfers

If Astetica is involved in a merger, acquisition, or sale of assets, personal data may be transferred to the new entity. We will notify users of any such change via email or website notice.

16. Links to External Websites

Our website may contain links to third-party websites or services. We are not responsible for their privacy policies or content. You should review those policies before submitting personal data.

17. How to Complain

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) or another relevant supervisory authority.

18. Children’s Privacy

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal data from children under the age of 18.

19. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be available on our website, with the effective date updated accordingly.

20. Contact Us

Email: info@astetica.co.uk
Phone: +44 7361 252163
Astetica Group Ltd
14A Whittelegge Street
Bury, BL8 1SL