1. Introduction and Who We Are

Malgorzata Kedzierska Enderma Group (“we”, “us”, “our”) is committed to protecting and respecting your privacy.

This Privacy Policy explains when and why we collect personal information about people who visit our website (https://enderma.co.uk/), use our services, or purchase products from our shop. It outlines how we use this data, the conditions under which we may disclose it to others, and how we keep it secure.

For the purpose of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, the Data Controller is:

  • Business Name: Malgorzata Kedzierska Enderma Group
  • Address: 57 Laburnum Crescent, Kettering, NN16 9PJ, United Kingdom
  • Email: gosia@enderma.co.uk
  • Phone: 07424 103 989

If you have any questions about this policy or our privacy practices, please contact us at the details above.

2. What Information Do We Collect?

We may collect, store, and use the following types of personal data:

  • Identity Data: Includes your full name, date of birth (to verify you are over 18), and gender.
  • Contact Data: Includes your billing address, delivery address, email address, and telephone numbers.
  • Transaction Data: Includes details about payments to and from you, and other details of products and services you have purchased from us.
  • Technical Data: Includes internet protocol (IP) address, browser type and version, time zone setting and location, and other technology on the devices you use to access this website.
  • Usage Data: Includes information about how you use our website, products, and services.
  • Marketing and Communications Data: Includes your preferences in receiving marketing from us.

3. Special Category (Health) Data

Due to the nature of our business (aesthetic treatments), we must also collect sensitive information about you. This is known as “Special Category Data”.

This data includes:

  • Your medical history (including conditions, allergies, and current medications).
  • Records of your past and present aesthetic treatments.
  • Clinical photographs (taken with your consent) to monitor treatment progress.

We process this data only to ensure your safety and to provide our Treatments effectively and professionally.

4. Our Lawful Basis for Processing

Under UK GDPR, we must have a valid lawful basis for processing your data.

  • For standard personal data (Identity, Contact, Transaction): We rely on the Performance of a Contract (i.e., to fulfil your order or booking) and our Legitimate Interests (to run our business and communicate with you).
  • For Special Category (Health) Data: We rely on the specific condition under Article 9(2)(h) of the UK GDPR, which allows processing for “the provision of health or social care or treatment”.

5. How We Use Your Data

We use your information to:

  • Schedule, manage, and provide your consultations and Treatments.
  • Process orders from our online shop and deliver products to you.
  • Process payments and manage your account.
  • Communicate with you regarding your bookings, orders, or enquiries.
  • Maintain our records for legal, insurance, and tax purposes.
  • Send you marketing information, but only if you have given us your explicit consent to do so.

6. Who Has Access to Your Information?

We will never sell or rent your information to third parties. We will only share your information with trusted third-party service providers for the purposes of completing tasks and providing services to you on our behalf. These include:

  • Payment Processors: To securely process your payments for products and services.
  • Delivery Companies: To dispatch and deliver product orders.
  • Booking Software: To manage our clinic diary and appointments.
  • Our Insurers and Professional Advisers: In the event of a query or claim.

6.1. Klarna Payments To offer you Klarna’s payment methods, we are required to pass your personal data to Klarna during the checkout process.

In order to offer you Klarna’s payment methods, we might in the checkout pass your personal data in the form of contact and order details to Klarna, in order for Klarna to assess whether you qualify for their payment methods and to tailor those payment methods for you. Your personal data transferred is processed in line with Klarna’s own privacy notice.

7. Data Security and Retention

We take the security of your data very seriously. We have put in place appropriate technical and organisational measures to protect your personal information from being accidentally lost, used, or accessed in an unauthorised way.

We will hold your personal data on our systems only for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us. We are legally required to hold some types of information (e.g., medical and treatment records) to fulfil our statutory and insurance obligations.

8. Your Legal Rights

Under UK data protection law, you have several rights regarding your personal information:

  • Right of Access: You have the right to request a copy of the information we hold about you.
  • Right of Rectification: You have the right to correct any inaccurate or incomplete data we hold about you.
  • Right to Erasure: You have the right to request that we delete your data (under certain conditions).
  • Right to Restrict Processing: You have the right to request that we limit the processing of your data.
  • Right to Data Portability: You have the right to have your data transferred to another organisation.
  • Right to Object: You have the right to object to certain types of processing (such as direct marketing).

To exercise any of these rights, please contact us at gosia@enderma.co.uk.

9. Cookies

Like most other websites, our website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns and do not identify you as an individual.

10. How to Complain

You have the right to lodge a complaint at any time with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection issues.

We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance at gosia@enderma.co.uk.

ICO Contact Details:

Website: https://www.ico.org.uk/concerns

Last Updated: 6 November 2025