Free shipping on orders over £70
a
M
Shop
Product Types
Skin concerns
Pro Treatments
Find a pro
About us
Contact us

Privacy Policy

1. Introduction

genosys.co.uk is operated by Skin Health Solutions Ltd (trading as GENOSYS) ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website and purchase our products or services.

Skin Health Solutions Ltd is the data controller responsible for your personal data. This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Please read this policy carefully. If you have any questions, contact us using the details in Section 13.

2. Who We Are — Data Controller Details

Legal Entity: Skin Health Solutions Ltd

Trading Name: GENOSYS

Registered Office Address: Market House, 25 Market Square, Leighton Buzzard, LU7 1EU

Email: info@genosys.co.uk

ICO Registration Number: ZC104666

If you have any questions about this Privacy Policy or your personal data, please contact us at the address above.

3. Information We Collect

3.1 Personal Information You Provide

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Place an order
  • Subscribe to our newsletter
  • Contact us for customer support
  • Participate in surveys, competitions, or promotions

This information may include: full name, email address, postal/delivery address, phone number, and payment information (processed securely via our payment processor — we do not store full card details).

3.2 Information We Collect Automatically

When you visit our website, we automatically collect certain technical data including your IP address, browser type and version, operating system, referring URLs, pages viewed, time and date of your visit, and browsing behaviour on our site. This data is collected via cookies and similar technologies (see Section 10).

3.3 Information from Third Parties

We may receive information about you from third parties such as payment processors, delivery partners, or fraud prevention services, where they are authorised to share it with us.

4. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing your personal data. We rely on the following lawful bases:

  • Performance of a Contract (Article 6(1)(b)): To process your order, manage your account, arrange delivery, and provide customer support.
  • Legal Obligation (Article 6(1)(c)): To comply with our legal obligations, such as tax and financial record-keeping requirements.
  • Legitimate Interests (Article 6(1)(f)): To prevent fraud and enhance website security, improve our products and services, and conduct necessary business analytics. We balance these interests against your rights.
  • Consent (Article 6(1)(a)): To send you marketing communications and to use non-essential cookies. You can withdraw consent at any time (see Section 9 and Section 10).

5. How We Use Your Information

We use the personal data we collect for the following purposes:

  • To process and fulfil your orders, including payment and delivery
  • To send order confirmations, updates, and delivery notifications
  • To manage your account and provide customer support
  • To send marketing communications where you have given consent
  • To improve our website, products, and services
  • To prevent fraud, abuse, and other harmful activities
  • To comply with our legal and regulatory obligations
  • To conduct internal business analysis and reporting

6. Information Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties for their own marketing purposes.

We may share your personal data with the following categories of third parties, who act as our data processors and are bound by appropriate data processing agreements:

  • Payment processors (e.g., Stripe, PayPal) to securely process your transactions
  • Delivery and fulfilment partners (e.g., Royal Mail, DPD, DHL) to ship your orders
  • Email service providers (e.g., Mailchimp) to send order confirmations and, where consented, marketing emails
  • Website hosting and IT infrastructure providers
  • Analytics providers to help us understand website usage
  • Fraud prevention and identity verification services
  • Professional advisers such as solicitors, accountants, and insurers where necessary

We may also disclose your personal data to law enforcement authorities, regulators, or courts where we are required to do so by law.

7. International Data Transfers

Some of our third-party service providers are based outside the UK. Where we transfer your personal data outside the UK, we ensure that appropriate safeguards are in place, such as:

  • Transfers to countries that have been granted UK adequacy decisions
  • Use of the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU Standard Contractual Clauses

You may request further details about the specific safeguards in place for any international transfers by contacting us at info@genosys.co.uk.

8. Data Retention

We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. Our retention periods are as follows:

  • Order and transaction records: 7 years (to comply with HMRC tax obligations)
  • Account information: For the duration of your account, plus 2 years after closure
  • Marketing consent records: Until you withdraw consent, plus 1 year
  • Customer support communications: 3 years from the date of resolution
  • Technical/website logs: Up to 12 months

Where data is no longer required, we will securely delete or anonymise it.

9. Your Rights Under UK GDPR

You have the following rights in relation to your personal data:

  • Right of Access: You have the right to request a copy of the personal data we hold about you (a Subject Access Request).
  • Right to Rectification: You can ask us to correct inaccurate or incomplete personal data.
  • Right to Erasure ("Right to be Forgotten"): You can ask us to delete your personal data where there is no longer a lawful basis for us to hold it.
  • Right to Restrict Processing: You can ask us to pause the processing of your personal data in certain circumstances.
  • Right to Data Portability: Where processing is based on consent or contract, you can request your data in a structured, commonly used, machine-readable format.
  • Right to Object: You can object to processing based on legitimate interests or for direct marketing purposes at any time.
  • Right to Withdraw Consent: Where we process data based on your consent, you can withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before you withdrew consent.
  • Rights Related to Automated Decision-Making: You have the right not to be subject to solely automated decisions that produce legal or similarly significant effects, except in limited circumstances.

To exercise any of these rights, please contact us at info@genosys.co.uk. We will respond within one calendar month. We may need to verify your identity before processing your request.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection:
ICO Website: www.ico.org.uk
ICO Helpline: 0303 123 1113

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. A cookie is a small text file placed on your device. We use the following categories of cookies:

  • Strictly Necessary Cookies: Essential for the website to function (e.g., shopping cart, login sessions). These do not require your consent.
  • Analytics Cookies: Help us understand how visitors use our website (e.g., Google Analytics). These are only set with your consent.
  • Marketing/Targeting Cookies: Used to deliver relevant advertising. These are only set with your consent.

When you first visit our website, you will be presented with a cookie consent banner. You can accept or decline non-essential cookies at that time, or manage your preferences at any time via our Cookie Settings link in the website footer.

You can also control cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. For more information about cookies, visit www.allaboutcookies.org.

11. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include SSL/TLS encryption for data in transit, secure password storage, restricted access to personal data on a need-to-know basis, and regular security assessments.

Payment transactions are processed by our payment processor and are protected by industry-standard encryption. We do not store full payment card details on our systems.

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO as required by UK GDPR.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. We will notify you of significant changes by posting the updated policy on this page and updating the "Last Updated" date at the top of this document. Where required by law, we will seek your consent to material changes.

We encourage you to review this policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Skin Health Solutions Ltd (trading as GENOSYS)
Address: Market House, 25 Market Square, Leighton Buzzard, LU7 1EU
Email: info@genosys.co.uk
Phone: 01494 928977

This Privacy Policy was last updated on 14 April 2026.