Privacy Policy
We are committed to protecting your privacy and ensuring the security of your personal information. Through our website and services, we provide access to medical advice, clinical support, and treatment options to help you make informed decisions about your health.
Please read this Privacy Notice carefully as it contains important information about who we are, how and why we collect, store, use, and share personal information, your rights in relation to your personal information, and how to contact us.
Who We Are
This Privacy Notice applies to And Other Ways (UK) Ltd, operating under the brand name "& Other Ways".
- Registered Name: And Other Ways (UK) Ltd
- Company Number: 17197207
- Registered Address: Unit A, 82 James Carter Road, Mildenhall, Suffolk, IP28 7DE
- ICO Registration: ZC182246
- Data Protection Contact: DPO@andotherways.com
Our pharmacy services are provided through our GPhC-registered pharmacy partner Pharmacy To My Door (GPhC Premises Registration: 9010526).
What This Notice Covers
This Notice covers any personal information we collect:
- When you use our website or complete our online consultation
- When you register an account with us
- When you purchase our products or services
- When you interact with our social media channels
- When you provide feedback or participate in surveys
- When you are referred to us by a partner barbershop
- When you contact our support team
Our services are not intended for individuals under the age of 18, and we do not knowingly collect data from children.
Personal Information We Collect
| Data Type | Description |
|---|---|
| Identity Data | First name, last name, date of birth, username, password |
| Contact Data | Email address, delivery address, telephone number |
| Financial Data | Payment card details (processed securely by Stripe) |
| Transaction Data | Details of products purchased, order history, subscription status |
| Health Data | Medical history, consultation responses, treatment preferences |
| Chairside Scan Photos | Standardised scalp photos taken by your partner barber at each appointment, used to track your treatment progress |
| Technical Data | IP address, browser type, device information, location data |
| Usage Data | How you use our website, pages visited, features used |
| Referral Data | Which barbershop referred you, barber name (if provided) |
| Marketing Data | Your preferences for receiving marketing communications |
How We Use Your Personal Information
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Assess treatment suitability | Identity, Contact, Health Data | Necessary for healthcare purposes under health professional responsibility |
| Process prescriptions | Identity, Contact, Health, Transaction Data | Contract performance; Healthcare purposes |
| Clinical consultations | Identity, Contact, Health Data | Contract performance |
| Maintain medical records | All relevant health information | Legal obligation (GPhC requirements) |
How We Collect Your Information
We collect information from:
- Directly from you — when you complete our online consultation, create an account, make a purchase, or contact us
- Automatically — when you visit our website, we collect Technical and Usage Data through cookies and similar technologies
- From partner barbershops — referral information when you’re referred to us
- From our pharmacy partner — prescription and dispensing information
Who We Share Information With
Pharmacy Partner
Our GPhC-registered pharmacy partner, Pharmacy To My Door, who dispenses your medication. They are bound by strict confidentiality and data protection obligations.
Payment Processor (Stripe)
We use Stripe to process payments securely. Stripe handles your payment card details and does not share them with us.
Email Service Providers (Klaviyo and AWS SES)
We use Klaviyo to send marketing emails and AWS SES (Amazon Web Services) to send transactional and clinical emails including prescription notifications, dispatch confirmations, and check-in reminders. Both services process your contact data on our behalf.
SMS Notifications (Twilio)
We use Twilio to send SMS notifications about your orders and treatment. They process your phone number on our behalf.
Analytics (PostHog)
We use PostHog to understand how our website and app are used and to improve our services. PostHog collects technical and usage data only.
File Storage (AWS S3)
We use Amazon Web Services (AWS S3) for secure storage of files including Chairside Scan photos. Files are encrypted at rest.
Delivery Partners
Courier services that deliver your treatments. We share only the information necessary for delivery (name and address).
Partner Barbershops
If you have a partner barber linked to your account, we share limited information (that your subscription is active) so they can be paid their Chairside Scan service fee. We do not share your health data.
Partner Barbers
Your partner barber does not have access to your Chairside Scan photos, consultation answers, or any health data. Scan photos are accessible only to our clinical team and the reviewing pharmacist. We share with barbershops only what is necessary to pay their Chairside Scan service fee.
Professional Advisers
Lawyers, auditors, and accountants where necessary.
Legal Compliance
We may disclose information where required by law or to protect our legal rights.
All service providers are contractually bound to keep your information confidential and use it only for the services they provide to us.
International Data Transfers
As a UK-registered company, we use service providers based in other countries. Your personal information may be transferred outside the United Kingdom.
Transfers may occur to:
- United States — where some of our service providers are based (Stripe, Klaviyo, AWS, PostHog)
Whenever we transfer your personal information outside the UK, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses approved by the UK Information Commissioner
- Adequacy decisions where applicable
- Contractual commitments to data protection standards
For more information about the specific safeguards we use, please contact us at DPO@andotherways.com.
Data Security
We have implemented appropriate technical and organisational measures to protect your personal information, including:
- Encryption of data in transit and at rest
- Secure payment processing through Stripe (PCI-DSS compliant)
- Access controls limiting who can view your information
- Regular security assessments
- Staff training on data protection
Whilst we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. We will notify you promptly if any breach occurs that may affect you.
How Long We Keep Information
| Data Type | Retention Period |
|---|---|
| Medical records & health data | 10 years from last treatment (GPhC requirement) |
| Chairside Scan photos (treatment progress) | 10 years from last treatment (GPhC requirement) |
| Transaction records | 7 years (tax and accounting requirements) |
| Account information | Duration of account plus 3 years |
| Marketing data (non-customers) | 2 years from last engagement |
| Referral data | Duration of subscription plus 2 years |
| Technical/usage data | 26 months |
We may retain your data for longer if required by law or to defend legal claims.
Your Rights
Access Your Data
Request a copy of the personal information we hold about you.
Correct Your Data
Request correction of inaccurate or incomplete information.
Delete Your Data
Request deletion of your personal data in certain circumstances.
Data Portability
Receive your data in a structured, commonly used format.
Restrict Processing
Request limitation on how we use your data in certain situations.
Object to Processing
Object to processing based on legitimate interests or marketing purposes.
To exercise any of these rights, please contact us at DPO@andotherways.com. We will respond within one month.
Marketing Communications
We will only send you marketing communications if you have opted in to receive them. You can withdraw your consent at any time by:
- Clicking the “unsubscribe” link in any marketing email
- Updating your preferences in your account settings
- Contacting us at DPO@andotherways.com
Please note: Even if you opt out of marketing, we will still send you essential service communications (order confirmations, prescription information, account updates) as these are necessary for our service.
Cookies
We use cookies and similar technologies to improve your experience on our website. You can manage your cookie preferences at any time using the cookie consent banner at the bottom of the page, where you can accept, reject, or customise individual cookie categories.
For full details on the cookies we set and how long we retain them, please see our Cookie Policy.
Third-Party Links
Our website may contain links to third-party websites, plugins, and applications. Clicking on those links may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
Contact Us
For any questions about this Privacy Notice or to exercise your rights:
Data Protection Contact:
Company Address:
And Other Ways (UK) Ltd
Unit A, 82 James Carter Road
Mildenhall, Suffolk, IP28 7DE
Complaints
We hope to resolve any concerns you raise about our use of your personal information.
You also have the right to complain to the UK supervisory authority:
Changes to This Notice
We may update this Privacy Notice from time to time. We will notify you of significant changes by email or through our website.
Please check back periodically to stay informed about how we protect your information.
Regulatory Information
Our pharmacy services are provided in partnership with a GPhC-registered pharmacy, ensuring compliance with UK pharmacy regulations and professional standards.
This Privacy Policy was last reviewed in November 2025.