Privacy Policy
Last updated: 03/07/2026
1. Introduction
Welcome to Mesoeutics (mesoeutics.com), owned and operated by Zartaux Holding Ltd (“we,” “us,” or “our”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and purchase our professional-grade cosmetic solutions.
For the purposes of UK GDPR and EU GDPR, the data controller is Zartaux Holding Ltd, contactable at info@zartaux.com. Because our products are supplied exclusively to authorised professionals, this policy governs both standard user data and professional credential-verification data.
2. Our Data-Minimisation Approach
We take a strict data-minimisation approach. We process your information only to the extent needed to verify your eligibility and to complete, ship, and invoice your order. With one exception — the invoice and order records we are legally required to keep (see Data Retention below) — we do not store your personal data on our systems after your order has been fulfilled. Much of the information involved is handled directly by our payment and shipping partners rather than retained by us.
3. Professional Practitioner Verification
Because Mesoeutics supplies authorized professionals only, we may check your professional status (for example, a license, accreditation, or business registration you provide) at the point of registration or order.
-
This check is used solely to confirm your eligibility.
-
We do not retain verification documents on our systems once the check is complete.
4. What We Process, and What We Keep
To place and fulfil an order, the following information is processed. Unless stated, it is used only to complete your order and is not stored by us afterwards — it is retained only within the legally required invoice/order record described in Data Retention:
-
Identity & Contact Data: name, title, email, telephone, billing and shipping address — used to process, ship, and invoice your order.
-
Financial / Payment Data: card and payment details are entered directly with our payment provider (for example, PayPal or the card gateway). We do not see or store your full card details at any time.
-
Technical Data: limited technical data (such as IP address or browser type) may be processed transiently by our hosting, security, and analytics providers. We do not maintain our own store of this data. See the Cookie Policy below.
5. Data Retention
The only records we retain are invoices and their associated order records, which we keep because tax, accounting, and customs law requires it — for the statutory period in the relevant jurisdiction (in the UK, generally 6 years). These records contain the transaction and billing information needed for a valid, legally compliant invoice.
We do not keep any other personal data on record once your order is complete. We do not maintain marketing databases or profiles of the information above beyond what is contained in these statutory invoice records.
6. How We Use Your Data
We process your information on the bases of contract performance, compliance with our legal obligations, and — where you contact us directly — your consent. Specifically, to:
-
Verify your eligibility as an authorized professional at the point of order (not stored afterwards).
-
Process, ship, and invoice your order, via our payment and shipping partners.
-
Issue and retain the invoice/order records required by tax, accounting, and customs law.
-
Respond to lawful requests from competent authorities, limited to the invoice records we hold.
Contacting Us and Consent
If you contact us by email or through the website, you do so voluntarily and on the basis of your own consent. We use your message and the contact details you provide solely to respond to your enquiry and act on your request. We do not add your contact details to any stored contact list, mailing list, or marketing database, and we do not retain them beyond what is necessary to handle your enquiry — or, where your enquiry results in an order, within the statutory invoice record described in Data Retention. You can ask us at any time to confirm that your details have not been retained.
7. Third-Party Service Providers
We use trusted third-party providers to operate our storefront, process secure payments, and ship products. These providers only access your information to the extent necessary to perform their services, under contractual data-protection obligations.
International transfers: Some providers may process data outside the UK or EEA. Where this happens, we put appropriate safeguards in place (such as UK International Data Transfer Agreements or EU Standard Contractual Clauses) so that your data continues to receive an equivalent level of protection.
Third-party responsibility: Each third-party provider (including payment and shipping partners) operates under its own privacy policy and terms of service. We are not responsible for the independent data-handling practices, content, or policies of these third parties. Once your information is processed by, or you are directed to, a third-party service — for example when you enter payment details with a payment provider — that processing is governed by their privacy policy, not ours. We encourage you to review the privacy policies of any third-party service before using it.
8. Data Frameworks & Your Rights
We comply with UK GDPR and, where applicable, EU GDPR. You have the following rights regarding your personal data:
-
Access & Rectification: request copies of your data or correct errors.
-
Erasure (“Right to be Forgotten”): request deletion, subject to legal record-keeping requirements.
-
Restriction & Objection: restrict or object to certain processing.
-
Data Portability: transfer your data to another provider.
-
Withdraw Consent: withdraw consent at any time where processing is based on consent.
To exercise these rights, or request account deletion, contact us at info@zartaux.com. You also have the right to lodge a complaint with your supervisory authority — in the UK, the Information Commissioner’s Office (ICO).
Data Security & Breach Notification
We implement appropriate technical and organizational measures to protect your data from unauthorized access. In the event of a personal-data breach likely to result in a risk to your rights, Zartaux Holding Ltd will notify the relevant supervisory authority and affected users without undue delay, in line with applicable data-protection law.
9. Cookie Policy
What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They help websites function, remember your preferences, and provide statistical insights to site owners.
How We Use Cookies
-
Strictly Necessary Cookies: essential for site navigation, secure logins, and shopping-cart function. These do not require consent.
-
Performance Cookies: collect anonymous statistics about how visitors use our site.
-
Functionality Cookies: remember regional preferences, language settings, and username.
-
Targeting & Advertising Cookies: tailor content to your professional interests.
Managing Consent
Non-essential cookies (performance, functionality, and advertising) are set only after you give consent through our cookie banner. You can change or withdraw your choices at any time via the banner or your browser settings. Disabling essential cookies may prevent you from logging in or completing checkout. For guidance on managing cookies across browsers, see www.allaboutcookies.org.