R

Privacy Policy

Last updated: January 2026

1. Introduction

River Aesthetics ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

We collect information that you provide directly to us, including:

  • Name, email address, and contact information
  • Billing and shipping addresses
  • Payment information (processed securely via Stripe)
  • Professional credentials (for healthcare practitioners)
  • Prescription documents (when required)
  • Order history and preferences

3. How We Use Your Information

We use the information we collect to:

  • Process and fulfill your orders
  • Verify healthcare practitioner credentials
  • Validate prescriptions for prescription-only medicines
  • Communicate with you about orders and services
  • Comply with legal and regulatory requirements
  • Improve our products and services

4. Legal Basis for Processing (GDPR)

Under UK GDPR, we process your data based on:

  • Contract: To fulfill orders and provide services
  • Legal obligation: To comply with healthcare regulations
  • Legitimate interests: To improve our services and prevent fraud
  • Consent: For marketing communications (where applicable)

5. Data Sharing

We may share your information with:

  • Payment processors (Stripe) for secure payment handling
  • Delivery partners for order fulfillment
  • Regulatory bodies when legally required
  • Professional verification services (GMC, GPhC, NMC)

We do not sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption, secure servers, and access controls. However, no method of transmission over the internet is 100% secure.

7. Data Retention

We retain your personal data for as long as necessary to provide our services and comply with legal obligations. Order records are retained for 7 years for accounting and regulatory purposes. Prescription records are retained as required by healthcare regulations.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request erasure of your data (subject to legal requirements)
  • Restrict processing of your data
  • Data portability
  • Object to processing
  • Withdraw consent at any time

9. Cookies

We use cookies and similar technologies to enhance your experience, analyze site usage, and assist in our marketing efforts. You can control cookie preferences through your browser settings.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

11. Contact Us

For privacy-related inquiries or to exercise your rights, please contact our Data Protection Officer at

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data has been mishandled.