Privacy Policy (Medart Hair)

Effective Date: 22 December 2025

This Privacy Policy explains how Medart Hair (“Medart Hair”, “we”, “us”, “our”) collects, uses, discloses, and safeguards personal data when you visit our website, request information, submit a consultation form, upload photos for hair analysis, communicate with us (including via messaging apps), or use our services.

We are committed to protecting your privacy and handling your personal data transparently and securely.

1) Who We Are (Controller) and How to Contact Us

Medart Hair is the data controller for personal data collected through our website and communications.

Contact details
Address: 23 Harley Street, London W1G 9QN
Phone: +44 7464 424011
Email: info@medartinternational.com

If you have questions about this Policy or want to exercise your rights, please contact us using the details above.

2) What This Policy Covers

This Policy applies to personal data we collect from:

  • Website visitors
  • People who contact us by email, phone, forms, or messaging apps
  • People who request a consultation and/or provide photos for hair analysis
  • Clients who proceed with treatment coordination and related services

This Policy does not apply to third-party websites you may access through links on our website. We recommend reviewing their privacy policies separately.

3) Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of data:

A) Identity and contact information

  • Name
  • Email address
  • Phone number
  • Country of residence, preferred language, time zone (if provided)

B) Consultation and enquiry information

  • Your messages, questions, and preferences
  • Appointment details and travel window (if relevant)

C) Photos and health-related information (special category data)

If you request a hair analysis/consultation, you may choose to provide:

  • Scalp/hair photos (front, top, back, etc.)
  • Information about hair loss history and previous treatments
  • Relevant medical information you provide voluntarily (e.g., conditions or medications)
    This information may be considered health data under data protection laws.

D) Payment and transaction information (where applicable)

  • Payment status, invoices/receipts (we typically do not need full card details; if a payment provider is used, they process payment data directly)

E) Technical and usage data

  • IP address, browser type, device identifiers
  • Pages visited, referring page, approximate location (derived from IP)
  • Cookie and similar tracking data (see Section 9)

4) How We Collect Your Data

We collect data when you:

  • Browse our website (cookies/analytics)
  • Submit contact or consultation forms
  • Upload photos for analysis
  • Communicate with us by email, phone, or messaging apps
  • Proceed with service arrangements and follow-up support

5) Why We Use Your Data (Purposes)

We use personal data to:

  • Respond to enquiries and provide information you request
  • Provide a hair analysis/consultation and discuss options
  • Coordinate appointments and services, including with partner clinics/medical professionals where relevant
  • Arrange logistics you request (e.g., scheduling support, accommodation/transport coordination, translators), if applicable
  • Provide aftercare guidance and respond to follow-up questions
  • Improve our website, services, and user experience
  • Send administrative communications (e.g., confirmations, updates)
  • Send marketing communications only where permitted (see Section 8)
  • Protect our business, prevent fraud, and maintain security
  • Comply with legal and regulatory obligations

6) Legal Bases for Processing (UK GDPR / GDPR)

We process personal data under one or more of the following legal bases:

  • Consent: e.g., when you opt in to marketing or when you submit certain optional information.
  • Contract / Pre-contract steps: to take steps at your request before entering into a service arrangement and to provide services you request.
  • Legitimate interests: to respond to enquiries, improve our services, secure our systems, and manage our business—balanced against your rights.
  • Legal obligation: to meet legal, tax, or regulatory requirements.

Processing health data (special category)

Where we process health data (including scalp/hair photos and medical details you provide), we rely on:

  • Your explicit consent, and/or
  • Processing necessary for the provision/coordination of health-related services at your request, where applicable under local law.

You can withdraw consent at any time (see Section 10). Withdrawal does not affect the lawfulness of processing before withdrawal.

7) Who We Share Your Data With

We may share personal data with trusted parties, only as needed for the purposes described:

  • Partner clinics, doctors, and healthcare professionals involved in consultation/treatment planning and delivery (they may act as independent controllers for their medical records and legal obligations).
  • Service providers who help us operate our business (e.g., hosting, email systems, CRM tools, analytics, customer support).
  • Travel/logistics providers if you request logistics support (e.g., accommodation, transport, translation).
  • Professional advisers (lawyers, accountants, insurers) as necessary.
  • Authorities where required by law or to protect rights/safety.

We do not sell your personal data.

8) Marketing Communications

If you opt in (or where allowed by law), we may send marketing messages about our services, updates, or offers via email, SMS, phone, or messaging apps.

You can opt out at any time by:

  • Using the unsubscribe option in our emails (where available), or
  • Contacting us using the details in Section 1.

Opting out of marketing does not affect service/administrative messages.

9) Cookies and Similar Technologies

We use cookies and similar technologies to:

  • Enable core site functionality
  • Understand how visitors use the site
  • Improve performance and content
  • Support marketing (where enabled)

You can control cookies through your browser settings and, where implemented, our cookie preference tools. Disabling certain cookies may affect how the website functions.

10) International Transfers

Your data may be processed in countries outside the UK/EEA (for example, where partner clinics or service providers are located). When we transfer data internationally, we take steps to ensure an appropriate level of protection, such as:

  • Using UK International Data Transfer Agreement (IDTA) and/or EU Standard Contractual Clauses (SCCs) where applicable
  • Applying additional safeguards (e.g., access controls, encryption where appropriate)
  • Sharing only the data necessary for the relevant purpose

11) How Long We Keep Your Data (Retention)

We keep personal data only for as long as necessary for the purposes described, including legal, accounting, or reporting requirements. Typical retention periods may include:

  • Enquiry data: kept for a reasonable period to manage your request and follow-ups.
  • Consultation photos/health-related information: kept only as long as needed for consultation/treatment coordination and aftercare support, and to address any disputes or legal obligations.
  • Marketing data: until you unsubscribe/opt out or we determine it is no longer appropriate to keep it.
  • Technical logs: retained for security and analytics purposes for limited periods.

Exact retention periods may vary depending on your circumstances and applicable legal requirements.

12) Your Data Protection Rights

Depending on your location and applicable law, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (where applicable)
  • Restrict processing
  • Object to processing (including direct marketing)
  • Data portability (where applicable)
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact us using the details in Section 1.

13) Security

We implement appropriate technical and organizational measures to protect personal data, including access controls, secure storage, and staff confidentiality practices. No method of transmission or storage is 100% secure, but we work to protect your data using industry-appropriate safeguards.

14) Children

Our website and services are not intended for individuals under 18. We do not knowingly collect personal data from children.

15) Third-Party Links

Our website may contain links to third-party websites or platforms. We are not responsible for their privacy practices. Please review their policies before providing personal data.

16) Changes to This Policy

We may update this Privacy Policy from time to time. The “Effective Date” at the top indicates when it was last updated. If changes are significant, we will take reasonable steps to notify you.

17) Complaints

If you believe your data protection rights have been violated, you can contact us first so we can try to resolve your concern. You may also have the right to lodge a complaint with your local data protection authority (for example, the UK Information Commissioner’s Office, if UK law applies).