Privacy Policy

Last updated: 13/04/2026

Aster (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data.

This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website, contact us, complete forms, create an account, book services, make payments, or use our online weight management services.

For the purposes of UK data protection law, the data controller is:

VKEL Ltd trading as Aster
47 London Road
Edinburgh
EH7 5SP
Email: hello@we-are-aster.co.uk

1. Who this policy applies to

This policy applies to:

  • visitors to the Aster website;

  • people who contact us with an enquiry;

  • patients and prospective patients;

  • people who complete forms or assessments through our website or systems;

  • people who make payments to us.

Under the UK GDPR, individuals have the right to be informed about how their personal data is collected and used, and privacy information should be clear and accessible.

2. The personal data we collect

Depending on how you use our website and services, we may collect the following categories of personal data.

2.1. Identity and contact data, such as:

  • name

  • date of birth

  • postal address

  • email address

  • telephone number

2.2. Account and service data, such as:

  • login details or portal-related data

  • appointment, booking, enquiry, and consultation information

  • service history

  • messages you send to us

2.3. Health and special category data, such as:

  • information about your health, weight, BMI, medical history, medicines, allergies, lifestyle, and suitability for treatment

  • treatment preferences and relevant clinical information you provide during forms, assessments, or consultations

Health data is classed as special category data under the UK GDPR and requires both an Article 6 lawful basis and a separate Article 9 condition for processing.

2.4. Payment and transaction data, such as:

  • billing information

  • payment status

  • limited transaction information

We do not store full card details ourselves. Payments are processed by our payment provider.

2.5. Technical and usage data, such as:

  • IP address

  • browser type

  • device information

  • pages visited

  • referral source

  • cookie and consent preferences

2.6. Marketing and communications data, such as:

  • your preferences about receiving marketing

  • records of your consent or opt-out choices

  • correspondence with us

3. How we collect your personal data

3.1. We collect personal data:

  • directly from you when you fill in forms, contact us, book consultations, create an account, make a payment, or use our services;

  • from your interactions with our website;

  • from third-party service providers who support the operation of our website and services;

  • where relevant and lawful, from clinicians, prescribers, pharmacies, or service partners involved in your care.

4. How we use your personal data

4.1. We use your personal data to:

  • provide and manage our website;

  • respond to your enquiries;

  • register you for services and manage your account;

  • assess eligibility and suitability for treatment;

  • arrange consultations, prescriptions, dispensing, and fulfilment;

  • process payments and keep financial records;

  • communicate with you about your treatment, orders, and service updates;

  • maintain clinical and business records;

  • improve our website, services, and patient experience;

  • comply with legal, regulatory, professional, and safety obligations;

  • send marketing communications where permitted by law or where you have consented.

5. Our lawful bases for processing

Depending on the context, we rely on one or more of the following lawful bases:

5.1. Contract

Where processing is necessary to take steps at your request before entering into a contract, or to provide the services you have requested, including bookings, consultations, prescriptions, payments, and service administration.

5.2. Legal obligation

Where we need to process your personal data to comply with applicable legal, regulatory, professional, tax, accounting, pharmacy, and patient safety obligations.

5.3. Legitimate interests

Where it is necessary for our legitimate interests in running, improving, securing, and administering our business and website, provided your rights and interests do not override those interests.

5.4. Consent

Where we rely on consent, for example for certain marketing communications or where consent is specifically requested. If consent is our basis, you can withdraw it at any time.

6. How we process health information

6.1. Because Aster provides health-related services, we may process health information, which is special category data. The ICO says that special category data needs extra protection and cannot be processed unless an Article 9 condition is also met.

6.2. Where we process health information, we do so only where necessary and lawful, including:

  • for the provision of health-related services and clinical assessments;

  • for patient safety, prescribing, dispensing, and continuity of care;

  • to meet legal and professional obligations;

  • where you have given explicit consent, where that is the appropriate basis.

7. Sharing your personal data

7.1. We may share your personal data where necessary with trusted third parties involved in operating our website and services, including:

  • Squarespace as our website platform;

  • Pabau as our practice management / electronic health record system;

  • Stripe as our payment processor;

  • Signature Pharmacy and/or other dispensing and fulfilment partners where needed to supply prescribed treatment;

  • clinicians, prescribers, pharmacists, and professional advisers involved in your care or in supporting the business;

  • IT, hosting, analytics, and administrative service providers;

  • regulators, authorities, insurers, law enforcement, or courts where disclosure is required or justified.

7.2. The use of cookies through our website is managed by us through Squarespace.

7.3. We require third parties acting on our behalf to respect the security of personal data and to process it lawfully.

8. International transfers

8.1. Some of our service providers may process personal data outside the UK. Where this happens, we will take steps to ensure appropriate safeguards are in place so your personal data remains protected in accordance with applicable data protection law.

9. Data retention

9.1. We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, regulatory, clinical, accounting, and reporting requirements.

9.2. In general, we consider:

  • the nature of the data;

  • whether the information relates to healthcare or patient safety;

  • legal and regulatory retention requirements;

  • limitation periods for legal claims;

  • tax and accounting requirements;

  • whether retention is necessary to resolve complaints, disputes, or audits.

10. Marketing communications

10.1. We may send you service-related communications where necessary to provide our services.

10.2. We may also send you marketing communications where you have asked to receive them or where we are otherwise permitted to do so by law. You can opt out of marketing at any time by using the unsubscribe link in an email or by contacting us.

11. Cookies and website technologies

11.1. Our website is hosted on Squarespace and may use cookies and similar technologies to help the site function, remember preferences, understand usage, and support analytics or other site features.

11.2. Squarespace provides cookie banner and privacy controls, and states that by default some non-essential cookies can be restricted through its cookie banner settings.

11.3. Where required, we will request your consent for non-essential cookies. You can also manage cookie preferences through your browser settings and any cookie tools made available on our website.

12. Your data protection rights

12.1. The ICO says individuals may have rights including:

  • the right to be informed;

  • the right of access;

  • the right to rectification;

  • the right to erasure;

  • the right to restrict processing;

  • the right to data portability;

  • the right to object; and

  • rights relating to automated decision-making, where applicable.

These rights are not absolute and may not apply in every case.

If you would like to exercise any of your rights, please contact us at:
hello@we-are-aster.co.uk

13. Complaints

13.1. If you have concerns about how we use your personal data, please contact us first and we will try to resolve the issue.

13.2. You also have the right to complain to the Information Commissioner’s Office (ICO). You can do so by following the link here.

14. Children

14.1. Aster’s website and services are intended for adults aged 18 and over. We do not knowingly provide services through this website to children.

15. Security

15.1. We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, disclosure, or alteration. However, no internet transmission or storage system can be guaranteed to be completely secure.

16. Third-party links

16.1. Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy notices.

17. Changes to this Privacy Policy

17.1 We may update this Privacy Policy from time to time. Any changes will be posted on this page and the “Last updated” date will be amended.

18. Contact

18.1. For questions about this Privacy Notice, please contact:

Aster
VKEL Ltd
47 London Road
Edinburgh
Scotland
EH7 5SP
hello@we-are-aster.co.uk
www.we-are-aster.co.uk