Privacy Policy · Mikki's Wax Bar

Privacy Policy.

For your reviewer · not shown to the public

This policy is drafted to UK GDPR, the Data Protection Act 2018 and PECR. If you are reviewing it (e.g. via a legal reviewer), these are the clauses worth a closer look:

  • Health & suitability data is special-category data (UK GDPR Art. 9) — confirm the explicit-consent basis and that the in-clinic consent wording matches §02–§03.
  • Retention: treatment records kept 8+ years (§04) — confirm this matches Insync’s actual record-keeping requirement.
  • Processors (§05 — Phorest, email provider, card processor) — confirm a data-processing agreement is in place with each.
  • Photography consent, clinical and marketing — confirm the clinic’s written consent form aligns with what’s described here.
Visible only via a ?review link — ordinary visitors never see this.
Plain English. This policy explains what data we collect, why, and what you can do about it. It reflects UK GDPR, the Data Protection Act 2018, and the PECR. Written to be read, not lawyered. Last reviewed 26 May 2026.

01 · Who we are

MC Perfect Services Ltd ("we," "us"), trading as Mikki's Wax Bar, is the data controller for personal data collected through this website and through our clinic at 10 Minories, Aldgate, London EC3N 1BJ.

Data controller: MC Perfect Services Ltd (t/a Mikki's Wax Bar).
Companies House number: 09948152.
ICO registration number: ZB480849.
Registered office: 94 Wickhay, Basildon, SS15 5AQ.
Trading address: 10 Minories, Aldgate, London, EC3N 1BJ.
Contact: info@mikkiwaxbar.co.uk · 020 8109 7007

02 · What we collect

We collect only what we need to provide treatment and run the booking system. Categorised:

CategoryWhat it includesHow we get it
Contact detailsName, email, phone, postcodeYou give it to us when you book or enquire
Booking historyTreatments booked, attended, cancelled, paidPhorest booking system
Health & suitabilitySkin type, medical history relevant to laser eligibility, medication declarations, patch-test resultsYou tell us at consultation
Photography (with consent)Treatment-area photographs for clinical records and/or marketingTaken at your appointment with your written consent
Marketing preferencesWhether you want our once-monthly journal emailYou opt in
Technical dataIP address, browser, pages viewed, cookiesAutomatically when you visit the site — see Cookie Policy

03 · Why we collect it

Each category above is collected under a specific lawful basis under UK GDPR Article 6 (and Article 9 for health data):

  • Contract — booking and treatment delivery (Art. 6(1)(b))
  • Explicit consent — health data, photography, marketing emails (Art. 9(2)(a) / Art. 6(1)(a))
  • Legitimate interest — keeping clinical records of laser settings and patch-test outcomes for safety on future visits, balanced against your privacy and easily overridable on request
  • Legal obligation — record-keeping required by our insurer, current clinical guidance, or HMRC

04 · How long we keep it

Treatment records are kept for at least eight years from your last visit — exceeding the seven-year minimum our insurer requires, and in line with current clinical record-keeping guidance. Before-and-after treatment photographs are taken with your written consent; where they form part of your clinical record they are retained for a minimum of two years for safety and insurance purposes, even if you later withdraw consent for us to use them in marketing — at which point any marketing use stops immediately. Marketing-list data is kept until you unsubscribe. Booking-history data follows Phorest's own retention schedule.

05 · Third parties

We share data only with the providers we need to run the clinic:

  • Phorest — appointment booking, payment processing, customer record
  • Our email provider — sending the once-monthly journal email
  • Our card processor — taking payment in clinic and online
  • HMRC and our accountant — for tax records, where the law requires it

We do not sell, rent or trade personal data to anyone. Ever.

06 · Your rights

Under UK GDPR you have the right to:

  • Ask what data we hold about you (a Subject Access Request)
  • Have inaccurate data corrected
  • Have your data deleted, subject to our legal record-keeping obligations
  • Object to or restrict how we process your data
  • Withdraw any consent you've given, including photography consent
  • Lodge a complaint with the Information Commissioner's Office (ICO) — ico.org.uk

Requests are free, and we respond within thirty days.

07 · Contact & complaints

For anything related to your data, write to info@mikkiwaxbar.co.uk, call 020 8109 7007, or write to us at 10 Minories, Aldgate, London EC3N 1BJ. We respond within a working day for routine requests and within thirty days for formal Subject Access Requests.