Privacy policy

Privacy & Data Protection Policy

Supply & Glow Aesthetics Co Ltd

Last updated: 11 February 2026

1. Who We Are

Supply & Glow Aesthetics Co Ltd (“we”, “us”, “our”) is a company registered in England and Wales.

Registered Office:
20 Wenlock Road
London
N1 7GU
United Kingdom

Email: info@supplyandglow.co.uk

We operate a UK based e-commerce store supplying products to businesses, health professionals and aesthetic practitioners.

For the purposes of UK data protection law, we are the data controller of the personal data collected through our website.

2. Scope of This Policy

This policy explains how we collect, use, store and protect personal data when you:

Visit our website
Create an account
Place an order
Contact us
Interact with our services

This policy applies to customers and account holders located in the United Kingdom.

3. The Information We Collect

We may collect the following types of personal data:

a) Information You Provide Directly

Full name
Business name (where applicable)
Billing and delivery address
Email address
Telephone number
Account login credentials
Order history and transaction details
Communications sent to us via email or contact forms

Account creation is required to place orders on our website.

b) Information Collected Automatically

When you use our website, certain data is collected automatically, including:

IP address
Device type and browser type
Website activity and usage patterns
Session logs and referring URLs

This information helps us operate, secure and improve our website.

c) Professional Use Notice

Our products are intended for use by trained professionals. We include appropriate usage warnings; however, we do not currently collect or store qualification documentation as part of our ordering process

4. How We Use Your Information

We use your personal data to:

Create and manage customer accounts
Process and fulfil orders
Take and process payments
Arrange delivery
Provide customer support
Prevent fraud and maintain platform security
Comply with legal, tax and accounting obligations
Improve our website and services

We do not sell or rent personal data to third parties.

5. Legal Basis for Processing

Under UK GDPR, we rely on the following legal bases:

Contractual necessity – to process orders and manage your account
Legitimate interests – to operate, secure and improve our business
Legal obligation – to comply with tax and accounting requirements
Consent – where required for non-essential cookies or future marketing communications

6. Payments

All payments are processed securely via Worldpay

We do not store full card details on our servers. Payment data is processed in accordance with Worldpay's security and compliance standards.

7. Data Sharing

We only share personal data where necessary to operate our business, including with:

Shopify, our e-commerce platform provider
Worldpay, for secure payment processing
Our contracted fulfilment and distribution partner(s) who process orders on our behalf
Professional advisers (such as accountants or legal advisers where required)
Authorities where legally required

We share necessary personal data (such as name, delivery address and order details) with our contracted fulfilment partner(s) solely for the purpose of fulfilling and delivering orders.

These partners act as data processors and process personal data only in accordance with our instructions and applicable UK data protection laws

8. Data Hosting & Security

Our website is hosted via Shopify. Data may be stored within the UK, European Economic Area (EEA), or other jurisdictions where Shopify operates secure infrastructure.

Where international transfers occur, appropriate safeguards such as Standard Contractual Clauses are in place.

We implement appropriate technical and organisational security measures including:

SSL encryption
Secure account authentication
Access controls
Fraud monitoring tools

While no system is completely risk-free, we take reasonable steps to protect personal data.

9. Data Retention

We retain personal data only for as long as necessary to:

Fulfil orders
Provide after-sales support
Maintain financial and tax records (typically 6 years)
Resolve disputes
Comply with legal obligations

When data is no longer required, it is securely deleted or anonymised.

10. Cookies

Our website uses cookies and similar technologies to:

Enable essential website functionality
Support secure login and checkout
Detect fraud and maintain security
Analyse website performance

Essential cookies cannot be disabled.

Where non-essential analytics tools are introduced in the future (such as Google Analytics or advertising pixels), appropriate consent mechanisms will be implemented.

You can manage cookie preferences through your browser settings.

11. Marketing Communications

We do not currently send marketing communications.

If we introduce email or SMS marketing in the future, you will only receive communications where you have opted in. You will be able to unsubscribe at any time.

12. Your Rights

Under UK data protection law, you have the right to:

Request access to your personal data
Request correction of inaccurate data
Request deletion (where legally permitted)
Object to certain processing
Request restriction of processing
Request data portability
Withdraw consent where applicable

To exercise your rights, contact:
info@supplyandglow.co.uk

We will respond within one calendar month.

If you are not satisfied, you may contact the Information Commissioner’s Office (ICO).

13. External Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of external sites.

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect legal or operational changes.

The most recent version will always be published on our website. Continued use of our website indicates acceptance of any updates