Monderma
Last Updated: June 2025
1.1. Oversight
Monderma Limited, herein referred to as Monderma, is the controller and responsible for personal information on this website. Enquiries about this Privacy Policy are overseen by the registered data protection officer (DPO).
1.2. Commitment
This Privacy Policy explains how personal information is collected, used, secured, as well as rights that can be exercised when using this website, regardless of where it is visited from. This Privacy Policy complements, and does not override the Terms and Conditions.
2.1. Categories
Personal information, otherwise known as personal data, refers to any data that can be used to identify a specific customer. Anonymous information, in which the identity has been removed, is excluded. Various types of personal information can be collected, as outlined below:
| Type | Examples |
| Identity | First name, last name, date of birth, gender |
| Contact | Billing address, shipping address, email address, phone number |
| Financial | Payment card |
| Technical | Operating system, browser, internet protocol (IP) address |
| Usage | Subscription, orders, consultation, interests, feedback, complaints |
| Communication | Preferences |
2.2. Aggregation
Aggregated information, such as statistical or demographic insights, may be derived from personal information but does not directly identify customers. If combined with personal information in a way that identifies customers, it will be considered personal information under this Privacy Policy.
2.3. Health
Certain health information may be collected in order to provide services, such as consultations. This information is not used for any other purposes. No information about sexual orientation, religious beliefs, political views, trade union membership, or criminal convictions is collected. The website is not intended for use by those under the age of 16. No information about children is knowingly collected, although services may include customers aged 16 and 17.
3.1. Direct
Personal information may be collected through direct interactions, including forms on the website, social media, email, telephone, or post.
3.2. Automated
Cookies, server logs, and other technologies are used to automatically collect technical information about browsing activities and equipment. Cookies are small data files that are saved on a browser or hard drive to improve the browsing experience. Cookies may be disabled by adjusting browser settings, but some website features may become impaired. The table below provides information on the various types of cookies used, with examples of each:
| Type | Examples |
| Essential | Enables core website functions, including login and checkout |
| Performance
|
Monitors usage to improve website performance and functionality |
| Functional
|
Recognises returning customers and remembers preferences |
| Targeting | Records browsing activity to tailor advertising and content. Information may be shared with third parties for this purpose |
The table below lists the names of each cookie and its purpose:
| Name | Purpose |
| WordPress_[hash] | Recognises logged-in customers and manages their preferences |
| wp-settings-{time}-[UID] | Customises the appearance of the account and its main interfaces |
| google-analytics_v4_60a4__engagement | Monitors usage and page views for analytical purposes |
3.3. Third-parties
Third parties, such as advertisers may use cookies beyond Monderma’s control. These may include analytical, performance, or targeting cookies. Preferences can be managed by changing cookie settings or blocking cookies in the browser, although essential cookies may still be required for website functionality. Most cookies expire after 6 months. Additional information may be gathered from analytics providers located outside of the UK, as well as payment and identity verification services.
4.1. Purpose
Personal information is processed in accordance with applicable law, either to perform contractual obligations, protect legitimate interests, or comply with legal obligations, as detailed below:
| Type | Purpose | Basis |
| Identity, contact | Registering as a new customer | Contract performance |
| Identity, contact, financial, transaction, communications | Order processing, payment handling, debt recovery | Contract performance |
| Identity, contact, usage, communications | Managing customer relationships, updates, competitions, reviews, surveys | Contract performance, product and service improvement |
| Identity, contact, technical | Website administration, IT support, security, information analysis | Operations and security, legal and regulatory compliance |
| Identity, contact, technical, usage, communications | Personalised content, advertising, promotions | Marketing, product and service development |
| Technical, usage | Information analytics | Marketing |
| Identity, contact, technical, usage, communications | Product, service recommendations | Marketing, product and service development |
4.2. Change
Personal information is only used for its intended purpose, unless a more compatible purpose arises. If use is required for an unrelated purpose, notice and explanation will be provided, unless otherwise permitted by law.
4.3. Third-parties
Information may be shared with staff, contractors, service providers, and legal and regulatory bodies, or during business restructuring. Third parties are strictly required to respect the security of personal information and process it only for the purposes specified in the instructions.
4.4. Transfers
Transfers of personal information outside the UK are only made to countries that provide adequate protection or through legally approved mechanisms.
4.5. Marketing
Consent is obtained prior to sending third-party direct marketing communications. Consent may be withdrawn at any time. Marketing preferences are respected, and opt-in consent is required before sharing personal information with third parties for marketing purposes.
4.6. Communications
Marketing communications can be opted out at any time by following the unsubscribe button at the bottom of each email. Opting out will have no effect on other lawful uses of personal information related to transactions or service experiences.
5.1. Account
Users are responsible for maintaining account security by using trusted devices, secure passwords, two-factor authentication, and up-to-date antivirus software. The National Cyber Security Centre‘s (NCSC) website provides additional guidance.
5.2. Compliance
Robust security measures are implemented to prevent unauthorised access, loss, alteration, or disclosure of personal information. Access is limited to those who have a legitimate need and are bound by confidentiality obligations. Procedures exist to respond to suspected breaches, including notification when legally required.
5.3. Retention
Basic customer information is retained for 6 years for tax purposes. Anonymised data may be used for research or statistical purposes indefinitely.
6.1. Requests
Customers have the legal right to access, correct, erase, restrict, or object to the processing of their personal information. They can also request data transfer and withdraw consent. Further information about these rights can be found on the Information Commissioner’s Office (ICO) website. Data Subject Access Requests (DSAR) can be made by contacting Monderma.
6.2. Response
No fee is charged for exercising these rights, unless requests are unfounded, repetitive, or excessive. In such case a fee may be charged, or the request may be refused. Requests may require identity verification to ensure that personal information is not disclosed to unauthorised individuals. Responses to legitimate requests are typically provided within 30 days. Complex or multiple requests may take more time, with updates provided as needed. In these cases, customers will receive updates as needed.
6.3. Disputes
Any further concerns can be raised directly with Monderma. If the request remains resolved, a complaint can be made to the ICO.