Privacy Policy

Welcome to Dense Hair Experts' Privacy Policy

Dense Hair Experts (a trading name of FAMILY PHARMACEUTICALS LIMITED, Company No. 16327969) respects your privacy and is committed to protecting your personal data. This policy outlines how we collect, process, and store your information when you use our website (https://densehairexperts.com).

This Privacy Policy supplements other notices and privacy policies and is not intended to override them. Please read it together with our Cookie Policy and Consent Preferences Centre.

 

Important information 

Controller

Dense Hair Experts is the controller and is responsible for your personal data.

Data Protection Officer (DPO): Aftab Ali
Email: aftab@densehairexperts.com
Postal Address: 124 City Road, London, United Kingdom, EC1V 2NX

 

The Data We Collect

We collect, use, store, and transfer the following types of personal data:

  • Identity Data: name, title, date of birth, gender

  • Contact Data: billing/delivery addresses, email, phone

  • Medical Information: collected through health questionnaires for prescribing treatment, in accordance with GPhC guidelines

  • Financial Data: payment details

  • Transaction Data: purchase history

  • Technical Data: IP address, browser type, login data

  • Usage Data: how you use our website

  • Marketing Data: your preferences for receiving communications

  • Profile Data: account credentials, reviews, preferences

We also collect Aggregated Data for statistical purposes.

We do not collect any special categories of data (e.g., race, religion, political opinions) unless required by law.

 

How We Collect Data

  • Directly from you via forms, checkout, or correspondence

  • Automatically via cookies and analytics

  • From third-party platforms (e.g., Meta, Google, Klaviyo, Shopify)

 

How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Where we need to perform the contract we are about to enter into or have entered into with you.

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

  • Where we need to comply with a legal obligation.

We may also use your personal data in the following ways:

  • To register you as a new customer

  • To process and deliver your order

  • To manage our relationship with you

  • To provide you with relevant content, services, and marketing

  • To use data analytics to improve our website and services

  • To maintain legal and regulatory compliance

We do not use health data for advertising or for any purpose not directly related to your treatment and compliance with our pharmacy duties.

 

Medical and Health Data

As a registered online pharmacy, Dense Hair Experts is required to collect and process medical and health information as part of the prescription process. This data is essential to ensure the safety, appropriateness, and legal validity of the treatments we provide.

We collect health information through online medical questionnaires and, where necessary, follow-up communications. This information includes, but is not limited to, your medical history, current conditions, treatments, allergies, and any other relevant health factors required by our prescribing clinicians or pharmacists.

All medical information is:

  • Processed in strict compliance with the General Pharmaceutical Council (GPhC), MHRA, and applicable UK data protection laws

  • Used solely for providing and verifying the clinical appropriateness of treatment

  • Never used for marketing, profiling, or shared with any advertising or third-party analytics platform

  • Stored securely in encrypted pharmacy records and accessible only to authorised healthcare professionals involved in your care

We will retain your medical data only as long as necessary to meet our professional and legal obligations, typically in line with NHS and pharmacy recordkeeping standards (usually 6 to 8 years).

We may share this data with licensed medical professionals, regulators (e.g., GPhC), or in exceptional cases where legally required (e.g., safeguarding or court orders), and only when there is a clear legal basis to do so.

We do not and will not share health information with social media or ad platforms under any circumstances.

If you wish to access, correct, or request deletion of your medical data, please email: help@densehairexperts.com

 

Marketing and Tracking Technologies

We use tracking technologies to better understand how visitors interact with our website and marketing campaigns, and to tailor advertising across platforms. These technologies include:

  • Meta Pixel and Conversions API

  • Google Ads Tags (e.g., Conversion Tag, Remarketing Tag)

  • Snapchat Pixel

These tools only collect data after you have provided explicit consent via our cookie banner.

Meta (Facebook and Instagram) Tracking

We use the Meta Pixel and Conversions API to measure campaign performance and reach users with relevant content. Meta may receive hashed versions of your personal data (such as email or phone number) strictly for the purposes of attribution or custom audience matching. No health or sensitive personal data is shared. This data is sent only once you accept tracking cookies.

For further details, please see Meta’s Data Policy.

Google Ads and Snapchat Tracking

Google and Snapchat may track anonymised engagement data using their respective tools to help us serve retargeted and performance-based advertisements. Again, these tools are only activated when you provide clear opt-in consent via our cookie banner.

For more information, please refer to:

Consent Management and Cookie Control

We employ a GDPR-compliant Consent Management Platform (CMP) that:

  • Prevents tracking tools from firing before consent is granted

  • Allows users to manage and withdraw consent at any time

  • Supports compliance with GDPR, PECR, CCPA, and other international regulations

You may update your preferences or withdraw consent at any time via our Cookie Settings page.

We do not share medical or health data with any marketing or advertising platform.

 

Disclosures of Personal Data

We only share your personal data with third parties when it is necessary, lawful, and in accordance with this privacy policy. We require all third parties to treat your personal data with confidentiality and to process it in accordance with data protection legislation.

We may share your personal data with:

  • Internal Third Parties – Other companies within the FAMILY PHARMACEUTICALS LIMITED group acting as joint controllers or processors who are based in the United Kingdom and provide IT, administrative, or clinical support services.

  • External Third Parties, including:

    • IT service providers who host and support our systems and website infrastructure.

    • Professional advisers, such as solicitors, auditors, accountants, or insurers who assist with legal, auditing, or compliance matters.

    • Payment processors and logistics partners, to process payments and deliver products to you.

    • Regulatory bodies such as the General Pharmaceutical Council (GPhC), Medicines and Healthcare products Regulatory Agency (MHRA), or HM Revenue & Customs (HMRC) where required by law or regulation.

  • Third parties in the context of a business restructure – We may share your personal data with external advisers, acquirers, or successors in the event of a merger, sale, restructuring, or acquisition of part or all of our business or assets. In such cases, your data will continue to be used only as outlined in this privacy policy.

We do not allow third parties to use your personal data for their own marketing purposes. They may only process your data on our instructions and where they have agreed to treat it confidentially and keep it secure.

 

International Transfers

We primarily store and process your personal data within the United Kingdom. However, in certain limited circumstances, your data may be transferred outside the UK – for example, when we use international service providers or cloud-based platforms with servers located in the European Economic Area (EEA) or the United States.

Whenever your personal data is transferred out of the UK, we ensure that a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • Ensuring the destination country has been deemed to provide an adequate level of protection for personal data by the UK government.

  • Using specific contracts approved by the UK Information Commissioner’s Office (ICO) which give personal data the same protection it has in the UK, such as International Data Transfer Agreements (IDTAs) or Standard Contractual Clauses (SCCs).

You may contact us at any time to request further information about the safeguards we apply to your personal data if it is transferred internationally.

 

Data Security and Retention

We have implemented appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used, altered, disclosed, or accessed in an unauthorised way.

Access to your personal data is limited to employees, agents, contractors, and other third parties who have a business need to know. These individuals will only process your personal data on our instructions and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

In particular:

  • Medical records are retained in accordance with General Pharmaceutical Council (GPhC) and NHS guidance (usually 6 to 8 years)

  • Financial and transactional data is typically retained for up to 6 years for tax and contractual compliance

  • Marketing preferences and analytics data are retained only while consent remains valid and up to a maximum of 2 years following inactivity

You may request that we delete or anonymise your personal data where there is no longer a lawful reason to retain it.

 

Your Rights Under UK GDPR

As a data subject, you have the following rights under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018:

1. Right to Access

You have the right to request a copy of the personal data we hold about you and to check that we are lawfully processing it.

2. Right to Rectification

You can request that any inaccurate or incomplete data we hold about you is corrected or updated.

3. Right to Erasure (Right to be Forgotten)

You may request that we delete your personal data if there is no lawful reason for us to continue processing it.

4. Right to Restrict Processing

You may request that we suspend the processing of your data in certain circumstances, such as where you contest the data’s accuracy or object to our use of it.

5. Right to Object

You have the right to object to our processing of your personal data where we rely on legitimate interest or if we are using your data for direct marketing purposes.

6. Right to Data Portability

You have the right to request the transfer of your data to another provider in a structured, commonly used, machine-readable format.

7. Right to Withdraw Consent

If we rely on your consent to process your personal data, you have the right to withdraw it at any time. This will not affect the lawfulness of any processing carried out prior to the withdrawal.

 

Glossary

Consent – The freely given, specific, informed and unambiguous indication of your wishes by which you signify agreement to the processing of your personal data.

Controller – The organisation (in this case, Dense Hair Experts) that determines the purposes and means of processing your personal data.

Data Subject – You, the individual whose personal data is being collected and processed.

ICO – The Information Commissioner's Office, the UK’s independent authority set up to uphold information rights and privacy.

Internal Third Parties – Other companies within the FAMILY PHARMACEUTICALS LIMITED group acting as joint controllers or processors and providing shared services.

External Third Parties – External service providers (such as IT, payment, delivery, legal or regulatory authorities) who process your personal data on our behalf.

Legitimate Interest – The interest of our business in conducting and managing our operations to enable us to provide the best services and secure experience. We balance any potential impact on you and your rights before relying on this basis.

Performance of Contract – Processing your personal data where it is necessary for the performance of a contract or to take steps at your request before entering into one.

Personal Data – Any information relating to an identified or identifiable individual.

Processing – Any operation or set of operations performed on personal data, such as collection, use, storage, disclosure or deletion.

Special Category Data – Sensitive personal data such as health information, which requires higher levels of protection.

 

Cookies

Cookies are small text files placed on your device to help us deliver a better and more personalised experience when you visit our website.

We use cookies to:

  • Enable core website functionality (e.g. cart, login)

  • Analyse website traffic and user behaviour

  • Serve and measure personalised advertisements (subject to your consent)

We categorise cookies as follows:

  • Strictly Necessary Cookies – Essential for the operation of the site and cannot be disabled.

  • Performance & Analytics Cookies – Help us improve site functionality and user experience.

  • Marketing & Targeting Cookies – Used to deliver relevant adverts on platforms such as Facebook, Google, and Snapchat.

You are presented with the option to manage your cookie preferences when you first visit our website via a cookie consent banner. You can adjust these settings or withdraw consent at any time by visiting our Cookie Settings page.

For more information about specific cookies we use, their duration, and how to manage them, please see our full Cookie Policy.

 

Changes to this Policy

We keep this privacy policy under regular review to ensure it remains accurate, up to date, and reflective of how we process your personal data.

We may amend this policy from time to time to reflect changes in our legal obligations, operational needs, or improvements in our services. Where appropriate, we will notify you of significant changes by email or by a prominent notice on our website.

We encourage you to revisit this page periodically to stay informed about how we protect your privacy.

The most recent version of this policy was updated in July 2025.

 

Contact Us

For questions, contact our Data Protection Officer: