Privacy Policy

This privacy statement was last updated on 6th October 2022 and applies to citizens and legal permanent residents of the United Kingdom.

1. Who we are

We are:

Aqua-Tox Ltd. registered with Companies House under registration 14188446, and with the ICO under registration ZB399793.
Aqua-Tox Health Ltd. registered with Companies House under registration 13437749, and with the ICO under registration ZB249828.
Aqua-Tox Aesthetics Ltd. registered with Companies House under registration 14379138 and with the ICO under registration ZB405867.

Our registered addresses are:

Aqua-Tox Ltd. (Wellness)
Clover Top, Nup End, Old Knebworth. SG3 6QJ

Aqua-Tox Health Ltd. (Laser & Recovery)
16 St Christopher’s Close, Dunstable. LU5 4PD

Aqua-Tox Aesthetics Ltd. (Aesthetics & Skincare)
14 Perowne Way, Ware. SG11 1SZ

2. The Basics

In this privacy statement, we explain what we do with the data we obtain about you via In our processing we comply with the requirements of privacy legislation, including the UK GDPR and the DPA2018. That means, among other things, that:

  • We keep the minimum amount of information we can about you.
  • We use your personal data to provide our services to you and meet our legal obligations.
  • We delete your data when it is no longer needed for these things.
  • We do not pass your information to third parties – but there are some exceptions.
  • You have lots of privacy rights.
  • We apply appropriate technical and organisational controls to keep your data secure.
  • We are happy to respond to any queries you have about any of this.

If you have any questions, or want to know exactly what data we keep on you, please contact us.

3. What data do we process?

As our client, we will hold the following information about you:

  • Your name and contact information.
  • Information about your treatments.
  • Information and documentation about your matters or enquiries, including communications with you.
  • Billing and payment information.

As a potential client, we will hold the following:

  • Your name, and contact information.
  • Information and documentation relating to your potential treatment.

Explaining the lawful basis

References to the basis of processing (e.g. “(Basis: Art. 6.1.f)”) are a reference to the article of the UK General Data Protection Regulation under which we undertake the processing in question. This will usually be an Article 6 lawful basis; in the very rare circumstances that Special category Data is processed, a suitable Art 9 basis will be listed.

Providing services to you

We use the information we hold about you to give you the best service we can.

For example, we will add your contact details to our internal email address book.

We also use your information to keep track of payments that you make, as well as to keep in contact throughout our relationship.

(Basis: Art. 6.1.b – performance of a contract): this is necessary to deliver the service to you.

Sending Email Newsletters

If you have signed up to receive our marketing emails we will send these to you (usually a few times a month). If at any time, you want to stop receiving emails from us, simply click the “unsubscribe” link in the footer of every email and we will stop.

Third parties

As a general principle, we will not transfer your personal data to third parties without your permission.

There are some exceptions to this:

It is possible, though unlikely, that we might be forced to disclose your information in response to a court order or other binding mandate. Lawful basis Art 6.1.c Legal Obligation

We use an external accountancy service and they have limited visibility of your personal business data for the administration of company financial affairs. Art 6.1.f We have a legitimate interest to allow our Accountant to have limited access to our client personal data in order to manage our accounts.

We also share or disclose this data to processors for the following purposes:


Name: Google Analytics
Tracking visitor behaviour on website

4. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Notice. We have concluded a data processing agreement with Google. Google may not use the data for any other Google services. The inclusion of full IP addresses is blocked by us.

5. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

6. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

7. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

8. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

9. Retention periods

Data about clients: duration of your relationship with us, then seven years

Data about prospective clients: 2 years from last meaningful contact unless you have asked us to suppress your details. If you have requested suppression, we will keep the bare minimum so that we can be sure not to re-add you to any mailing lists.

Data about specific matters: duration of the matter, then seven years

10. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner’s Office:

Wycliffe House
Water Lane

11. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

12. Contact details

Aqua-Tox Ltd.
Foxholes Farm
London Road
SG13 7NT
United Kingdom

Phone number: 01992 878381 / 07745 525133



We use Google Analytics to gather statistics about where visitors to our website come from and how they interact with the site. For more information on what types of information Google Analytics collects, please see Google’s privacy policy.

iThemes Security

The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 7 days.

This site is scanned for potential malware and vulnerabilities by the iThemes Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

Security logs are retained for 7 days.

This site is part of a network of sites that protect against distributed brute force attacks. To enable this protection, the IP address of visitors attempting to log into the site is shared with a service provided by For privacy policy details, please see the iThemes Privacy Policy.

Ready to feel amazing?

Scroll to Top