Privacy Policy

Last updated: June 2025

1. Who We Are

Astetica Group Ltd (“Astetica”, “we”, “us”, or “our”) is a UK-registered company (Company Number: 15831763) and the data controller responsible for your personal data processed via our website www.astetica.co.uk and our prescription facilitation system.

Our registered office is at: 14A Whittelegge Street, Bury, BL8 1SL
Email: info@astetica.co.uk | Phone: +44 7361 252163

We are a registered UK provider specialising in the supply of aesthetic and dermatological products to qualified professionals.


2. Definitions

• Personal Data: Any information relating to an identified or identifiable individual.
  
  
• Processing: Any operation performed on personal data (collection, storage, use, disclosure, etc.).
  
  
• Data Controller: The entity that determines the purposes and means of processing personal data (Astetica).
  
  
• Data Processor: A third-party processing personal data on behalf of the controller.
  
  
• Cookies: Small text files stored on your device that collect information about your browsing behaviour.
  
  
• User: Anyone accessing our website or services.

3. What Data We Collect
We collect and process:

• Identity Data: Full name, professional registration numbers (e.g., GMC, NMC, GPhC, HCPC), date of birth.
  
  
• Contact Data: Email address, phone number, billing and delivery address.
  
  
• Professional Verification Data: Proof of qualifications, professional registration, prescribing rights, insurance documents.
  
  
• Transaction Data: Purchase history, order details, and payment status.
  
  
• Technical Data: IP address, browser type, device identifiers, and usage data when you access our website.
  
  
• Marketing Preferences: Your consent to receive marketing materials.

4. How We Use Your Data
We process your data to:

• Verify your professional status to comply with pharmacy and medical regulations such as the Human Medicines Regulations.
  
  
• Fulfil orders, process payments, and deliver products.
  
  
• Communicate with you about your orders or account.
  
  
• Meet legal and regulatory obligations.
  
  
• Send service-related updates and occasional marketing communications (with your consent).
  
  
• Improve our website and services through analytics.
  
  
• Prevent fraud and ensure platform security.

5. Lawful Bases for Processing
Our lawful bases include:

• Contractual necessity: To provide you with products and services.
  
• Legal obligation: To comply with pharmacy, tax, and regulatory laws.
  
• Legitimate interests: For fraud prevention, business operations, and improving services.
  
• Consent: For direct marketing or use of non-essential cookies.

6. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site usage, and deliver relevant marketing. Cookies are small text files stored on your device that help us recognise you and remember your preferences.

We use the following types of cookies:

• Essential cookies: Necessary for the basic operation of the website.
• Analytics cookies: To collect data on how visitors use our site, helping us improve functionality.
• Preference cookies: To remember your settings and personalise your experience.
• Marketing cookies: To deliver targeted advertisements based on your interests.

You can manage or disable cookies through your browser settings; however, blocking some cookies may affect website functionality. We also use tracking pixels in marketing emails to monitor engagement.


7. Marketing Communications
We only send marketing emails with your explicit consent. You may unsubscribe at any time via the link in our emails or by contacting us at info@astetica.co.uk. Withdrawal of consent does not affect the lawfulness of prior processing.


8. Embedded Content & Third-Party Features
Our website may contain embedded videos, social media widgets, or other third-party content that may collect your data. We are not responsible for the privacy practices or content of those third-party websites or services.


9. Technical Data Use
We collect technical data such as IP addresses, device and browser type, and log times to maintain security, prevent fraud, and improve website functionality.


10. Data Sharing
We share your data only with:

• Registered prescribers and dispensing pharmacies.
• Service providers (e.g., hosting, email platforms, payment processors).
• Regulatory authorities (when legally required).
  
  

All third parties are contractually obligated to protect your data and use it only for specified purposes. Some may process data outside the UK or European Economic Area (EEA), and where this occurs, we ensure appropriate safeguards such as Standard Contractual Clauses are in place.


11. Automated Decision-Making and Profiling
We do not use automated decision-making or profiling processes that produce legal or similarly significant effects on you.


12. Data Retention
We retain your data only as long as necessary to:

• Fulfil the purposes for which it was collected.
• Comply with legal and regulatory requirements (e.g., medical and pharmacy records retained for at least 6 years).
• Resolve disputes or enforce agreements.
  
  

Inactive user accounts may be deleted after 24 months of inactivity.


13. Security Measures
We employ appropriate technical and organisational measures including encryption, secure servers, access controls, and regular security audits to protect your personal data. However, no system is completely secure, and you acknowledge residual risks. In case of a personal data breach posing a risk to your rights, we will notify you and the relevant supervisory authorities as required by law.


14. Your Data Protection Rights
Under UK GDPR, you have the right to:

• Access personal data we hold about you.
• Request correction or deletion of your data.
• Object to or restrict processing.
• Request data portability.
• Withdraw consent at any time for processing based on consent (e.g., marketing).
• Lodge a complaint with the Information Commissioner’s Office (ICO): https://ico.org.uk.

To exercise your rights, please contact us at info@astetica.co.uk. We aim to respond within one week.


15. Business Transfers
If Astetica is involved in a merger, acquisition, or sale, your personal data may be transferred to the new entity. We will notify you of such changes via email or website announcements.


16. Links to External Websites
Our website may include links to third-party websites or services. We are not responsible for their privacy policies or content. Please review their policies before submitting personal data.


17. How to Complain
If you are unhappy with how we handle your personal data, you have the right to file a complaint with the Information Commissioner’s Office (ICO) or other relevant supervisory authority.


18. Children’s Privacy
Our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18.


19. Changes to This Policy
We may update this Privacy Policy periodically. The latest version will always be posted on our website with an updated effective date.


20. Contact Us
For any questions, concerns, or data rights requests, please contact:

Email: info@astetica.co.uk
Phone: +44 7361 252163
Astetica, 14A Whittelegge Street, Bury, BL8 1SL