Privacy Policy

Effective Date: 10 April 2026

Last Updated: 10 April 2026

This Privacy Policy explains how Canta Esthetic UK LTD (“Canta Esthetic”, “we”, “us”, or “our”) collects, uses, stores, discloses, and otherwise processes your personal data when you visit or use our website, place an order, create an account, contact our customer support team, request training or after-sales assistance, subscribe to marketing communications, or otherwise interact with us.

We are committed to handling your personal data responsibly and in accordance with applicable UK data protection laws, including the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018.

Please read this Privacy Policy carefully to understand how we process your personal data and the rights available to you.

1. Who We Are

Company: Canta Esthetic UK LTD

Company Number: 17092064

Registered Address: 124, City Road, London, EC1V 2NX, United Kingdom

Phone: +44 7446 470988

Email: info@cantaesthetic.co.uk

For the purposes of applicable data protection law, Canta Esthetic UK LTD is the data controller of your personal data, unless otherwise stated in this Privacy Policy.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

2. Scope of This Privacy Policy

This Privacy Policy applies to personal data collected through:

  • our website and online store;
  • email, phone, chat, contact forms, and customer support communications;
  • orders, returns, refunds, and delivery arrangements;
  • marketing and promotional communications;
  • training requests, technical support, and warranty-related communications;
  • other interactions you may have with us in connection with our products or services.

This Privacy Policy does not apply to third-party websites, services, or platforms that we do not control, even if they are linked to or accessible from our website.

3. The Personal Data We Collect

The types of personal data we collect depend on how you interact with us. We may collect the following categories of personal data:

3.1 Identity Data

This may include:

  • your first and last name;
  • title or job role, where provided;
  • business name or clinic name, where provided.

3.2 Contact Data

This may include:

  • billing address;
  • shipping address;
  • email address;
  • telephone number;
  • other contact details you provide to us.

3.3 Account Data

If you create an account or otherwise engage with account-based features, we may collect:

  • login credentials;
  • account preferences;
  • saved carts;
  • order history associated with your account;
  • communication preferences.

3.4 Transaction and Order Data

This may include:

  • details of products ordered;
  • order number;
  • transaction amount;
  • payment status;
  • shipping and delivery details;
  • invoice details;
  • refund, exchange, and return records;
  • order-related communications.

3.5 Payment Data

Payments are generally processed by third-party payment service providers. We do not ordinarily store full payment card details ourselves. We may, however, receive limited payment-related information such as:

  • payment method used;
  • transaction confirmation;
  • payment status;
  • partial payment reference information;
  • fraud screening results or payment risk indicators.

3.6 Technical Data

When you access or use our website, we may automatically collect technical information such as:

  • IP address;
  • browser type and version;
  • device type;
  • operating system;
  • language settings;
  • time zone;
  • internet service provider;
  • referral source;
  • log data;
  • cookie identifiers and similar technologies.

3.7 Usage Data

This may include information about how you interact with our website, such as:

  • pages viewed;
  • products viewed;
  • clicks and navigation paths;
  • session duration;
  • site search terms;
  • cart activity;
  • browsing patterns;
  • interactions with emails or advertisements.

3.8 Marketing and Communications Data

This may include:

  • your subscription status;
  • your preferences for receiving marketing from us;
  • your responses to campaigns or promotions;
  • records of email, phone, or support communications;
  • responses to surveys, feedback requests, or review requests.

3.9 Support, Training, Warranty, and Service Data

Where you request product support, training, troubleshooting, or warranty assistance, we may collect:

  • product details and order information;
  • issue descriptions;
  • photos, videos, recordings, or files you send us;
  • troubleshooting history;
  • technician or support notes;
  • communications regarding service, replacement parts, or product use.

3.10 Compliance and Fraud Prevention Data

We may collect and process information necessary to:

  • verify orders;
  • detect suspicious activity;
  • prevent fraud or abuse;
  • comply with legal obligations;
  • investigate disputes or chargebacks.

4. How We Collect Personal Data

4.1 Directly From You

You may provide personal data to us when you:

  • place an order;
  • create an account;
  • contact us by email, phone, form, or chat;
  • request information, support, training, or warranty assistance;
  • subscribe to newsletters or marketing communications;
  • submit feedback, reviews, photos, videos, or other materials;
  • participate in promotions or surveys.

4.2 Automatically

When you use our website, we may automatically collect certain technical and usage data through cookies, log files, pixels, analytics tools, and similar technologies.

4.3 From Third Parties

We may receive personal data from third parties, including:

  • payment processors;
  • shipping and logistics providers;
  • fraud prevention and security providers;
  • analytics providers;
  • ecommerce or website platform providers;
  • advertising and marketing service providers;
  • financing or instalment-payment providers, where selected by you;
  • publicly available sources, where necessary and lawful.

5. How We Use Your Personal Data

We may use your personal data for the following purposes:

5.1 To Provide Our Website and Services

We use personal data to operate, maintain, administer, and improve our website and services, including technical troubleshooting and website performance monitoring.

5.2 To Process Orders and Fulfil Contracts

We use personal data to:

  • process purchases;
  • confirm orders;
  • collect payment;
  • arrange shipping and delivery;
  • provide invoices;
  • manage returns, refunds, and exchanges;
  • communicate with you about your order.

5.3 To Provide Customer Service and Product Support

We use personal data to:

  • respond to enquiries;
  • provide technical support;
  • provide training assistance;
  • review service requests;
  • manage warranty matters;
  • evaluate and respond to troubleshooting materials such as photos or videos.

5.4 To Manage Customer Accounts

Where relevant, we use personal data to:

  • create and manage user accounts;
  • authenticate users;
  • maintain account settings and preferences;
  • keep account-linked order history.

5.5 To Send Service Communications

We may send non-marketing communications relating to:

  • orders and deliveries;
  • payment confirmations;
  • support and service updates;
  • warranty matters;
  • changes to terms, policies, or operational matters.

5.6 To Send Marketing Communications

Where permitted by law or based on your consent, we may use personal data to send:

  • promotional emails;
  • product announcements;
  • discount or campaign updates;
  • educational or training-related communications;
  • customer follow-ups;
  • review or feedback requests.

5.7 To Improve Our Website, Products, and Services

We may use data to understand customer behavior, monitor website performance, improve user experience, refine product offerings, and enhance customer support.

5.8 To Protect Our Business and Prevent Fraud

We may use personal data to:

  • verify transactions;
  • detect fraud, abuse, or suspicious activity;
  • enforce our terms and policies;
  • investigate disputes, returns, chargebacks, or misuse;
  • secure our systems and records.

5.9 To Comply With Legal and Regulatory Obligations

We may process personal data to comply with:

  • tax obligations;
  • accounting requirements;
  • consumer protection obligations;
  • law enforcement requests;
  • court orders;
  • other legal or regulatory requirements.

5.10 To Establish, Exercise, or Defend Legal Claims

Where necessary, we may use personal data in connection with legal proceedings, disputes, investigations, or enforcement matters.

6. Lawful Bases for Processing

Under UK data protection law, we must have a lawful basis for processing personal data. Depending on the context, we rely on the following lawful bases:

6.1 Performance of a Contract

We process personal data where necessary to perform a contract with you or to take steps at your request before entering into a contract. This includes:

  • processing orders;
  • taking payments;
  • arranging deliveries;
  • providing customer support relating to purchased products;
  • managing returns, refunds, or exchanges.

6.2 Legal Obligation

We process personal data where necessary to comply with legal obligations, including obligations relating to:

  • tax and accounting records;
  • fraud prevention;
  • consumer law compliance;
  • lawful requests from public authorities;
  • record retention requirements.

6.3 Legitimate Interests

We may process personal data where necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms. These legitimate interests may include:

  • operating and improving our website and business;
  • managing customer relationships;
  • responding to support requests;
  • preventing fraud and abuse;
  • securing systems and data;
  • analysing website usage and performance;
  • managing internal administration;
  • defending legal claims;
  • conducting reasonable business analytics and service improvements.

6.4 Consent

We rely on consent where required, including for:

  • certain marketing communications;
  • non-essential cookies and similar tracking technologies;
  • certain optional promotional or advertising activities.

Where we rely on your consent, you may withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing carried out before withdrawal.

7. Cookies and Similar Technologies

We use cookies and similar technologies on our website to support website functionality, remember preferences, improve performance, analyse traffic, and help us understand how visitors use the site.

These technologies may include:

  • strictly necessary cookies;
  • functionality cookies;
  • analytics cookies;
  • performance cookies;
  • advertising or targeting cookies;
  • pixels, tags, scripts, and similar tools.

Some cookies are essential for the operation of the website and do not require consent. Other cookies, such as analytics or advertising cookies, may only be used where required by law and where you have provided appropriate consent.

You may be able to control cookies through:

  • our cookie consent mechanism or preferences tool, where available;
  • your browser settings;
  • device privacy settings.

Please note that disabling some cookies may affect the functionality or performance of the website.

8. Marketing Communications

Where permitted by law, or where you have opted in, we may send you marketing communications by email or other appropriate channels.

These communications may include:

  • product updates;
  • special offers and promotions;
  • educational content;
  • brand news;
  • support-related follow-ups;
  • review invitations;
  • campaign announcements.

You may opt out of marketing communications at any time by:

  • clicking the unsubscribe link in an email; or
  • contacting us at info@cantaesthetic.co.uk.

Even if you opt out of marketing, we may still send transactional or service-related communications where necessary.

9. Disclosure of Personal Data

We may disclose personal data to trusted third parties where reasonably necessary for the purposes described in this Privacy Policy.

These may include:

9.1 Ecommerce and Website Service Providers

We may share data with providers that support our website, ecommerce operations, checkout systems, hosting, and technical infrastructure.

9.2 Payment Processors

We may share data with payment service providers to process transactions, verify payments, prevent fraud, and manage refunds or payment issues.

9.3 Financing or Instalment Payment Providers

Where you choose financing or instalment options, we may share relevant data with the selected provider.

9.4 Shipping, Delivery, and Fulfilment Providers

We may share data with couriers, shipping providers, fulfilment partners, logistics providers, and customs-related service providers as necessary to deliver orders and manage returns or service-related shipments.

9.5 Customer Support and Communications Providers

We may use third-party systems for help desk management, CRM, email communications, call handling, or support workflows.

9.6 IT, Security, and Cloud Providers

We may share data with hosting providers, backup systems, cybersecurity vendors, and other technology providers who help us operate securely.

9.7 Analytics and Marketing Providers

We may share data with analytics, advertising, remarketing, and campaign management providers, subject to applicable law and consent requirements.

9.8 Professional Advisers

We may disclose data to lawyers, accountants, auditors, insurers, consultants, or other professional advisers where reasonably necessary.

9.9 Regulators and Authorities

We may disclose personal data where required by law, regulation, court order, legal process, or where necessary to protect our rights or the rights of others.

9.10 Corporate Transactions

If we are involved in a merger, acquisition, financing, restructuring, asset sale, or other business transfer, personal data may be disclosed as part of that process, subject to appropriate confidentiality and legal safeguards.

We require third parties acting on our behalf to process personal data only as permitted and to implement appropriate security measures.

10. International Transfers of Personal Data

Some of our service providers or partners may be located outside the United Kingdom, and your personal data may therefore be transferred to or accessed from countries outside the UK.

Where we transfer personal data internationally, we take steps designed to ensure that appropriate safeguards are in place, which may include:

  • transfers to countries recognized as providing an adequate level of protection;
  • approved contractual safeguards;
  • other lawful transfer mechanisms recognized under applicable law.

You may contact us if you would like more information regarding the safeguards used for international transfers.

11. Data Retention

We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, including to satisfy legal, regulatory, tax, accounting, warranty, operational, and dispute-resolution requirements.

Retention periods vary depending on the type of data and the reason for processing. In general:

  • enquiry records may be retained for a reasonable period after the enquiry is closed;
  • customer service and support records may be retained for internal support, warranty, and service continuity purposes;
  • order, invoice, payment, return, and related business records may be retained for up to 6 years or longer where required by law;
  • marketing records may be retained until you unsubscribe or until the data is no longer considered necessary;
  • technical logs, analytics data, and website-related data may be retained in accordance with operational needs and the settings of relevant tools.

When personal data is no longer needed, we will delete it, anonymise it, or securely retain it only where continued storage is legally required.

12. Data Security

We implement reasonable technical, administrative, and organisational measures designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access.

Such measures may include:

  • access controls;
  • password protection;
  • secure systems and infrastructure;
  • restricted internal access;
  • vendor oversight;
  • data minimisation practices;
  • monitoring and fraud prevention tools.

However, no website, transmission method, or storage system can be guaranteed to be completely secure. You are responsible for keeping your account credentials confidential and for notifying us promptly if you believe your information has been compromised.

13. Your Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

13.1 Right of Access

You may request confirmation of whether we process your personal data and, if so, request access to that data and related information.

13.2 Right to Rectification

You may request that we correct inaccurate personal data or complete incomplete personal data.

13.3 Right to Erasure

You may request deletion of your personal data in certain circumstances.

13.4 Right to Restrict Processing

You may request that we restrict the processing of your personal data in certain circumstances.

13.5 Right to Object

You may object to certain types of processing, including processing based on legitimate interests and processing for direct marketing purposes.

13.6 Right to Data Portability

Where applicable, you may request a copy of certain personal data in a structured, commonly used, and machine-readable format.

13.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time.

13.8 Right to Complain

You have the right to lodge a complaint with the UK Information Commissioner’s Office if you believe your data protection rights have been infringed.

To exercise any of these rights, please contact us at info@cantaesthetic.co.uk.

We may need to verify your identity before responding to a request. In some cases, legal exemptions or limitations may apply.

14. Direct Marketing Rights

You have the right to object at any time to the processing of your personal data for direct marketing purposes.

If you object to direct marketing, we will stop processing your personal data for that purpose.

This right is absolute in relation to direct marketing.

15. Automated Decision-Making

We do not generally carry out solely automated decision-making that produces legal effects or similarly significant effects on individuals.

If this position changes and such processing becomes relevant, we will update this Privacy Policy accordingly and provide any legally required information.

16. Children’s Privacy

Our website and services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16.

If you believe that a child has provided personal data to us, please contact us so that we can review the situation and take appropriate steps.

17. Third-Party Websites and Services

Our website may contain links to third-party websites, services, tools, plugins, or social media platforms. If you choose to interact with any third-party service, your information will be governed by that third party’s own privacy notice or policy.

We are not responsible for the privacy practices, content, or security of third-party services.

We encourage you to review the privacy policies of any third-party websites or services you use.

18. If You Do Not Provide Personal Data

Where we need personal data in order to process an order, provide support, comply with legal obligations, or otherwise perform a contract with you, failure to provide that data may mean that we are unable to:

  • process your order;
  • deliver products or services;
  • respond fully to your enquiry;
  • provide training, technical support, or warranty assistance;
  • complete returns, refunds, or other service actions.

19. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business, website functionality, services, legal obligations, or privacy practices.

When we make updates, we will revise the Effective Date at the top of this page. Any revised version will take effect when posted on our website, unless otherwise required by law.

We encourage you to review this page periodically.

20. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or our processing of your personal data, please contact us:

Company: Canta Esthetic UK LTD

Address: 124, City Road, London, EC1V 2NX, United Kingdom

Phone: +44 7446 470988

Email: info@cantaesthetic.co.uk

Free Shipping

Free shipping to 28 countries and regions.

Expert Support

Assistance for a smooth shopping experience.

Safe Shopping

Secure checkout with encrypted payments.

Safe Payments

Pay with the world’s trusted secure methods.