Privacy Policy

Privacy Policy

Last updated: 18 May 2026

1. Who we are

This website (https://www.my-hair.uk) is operated by MY Surgical UK Ltd, trading as My-Hair UK. We are a company registered in England and Wales, company number 15203739, with our registered office at 35 Berkeley Square (Berkeley Suite), London, England, W1J 5BF.

For the purposes of UK data protection law (the UK GDPR and the Data Protection Act 2018), MY Surgical UK Ltd is the data controller for personal data collected through this website.

We act as an introducer for My Hair Transplant Clinics. Where relevant, enquiry information is shared with them so they can respond to you about treatment — see “Who we share your data with” below.

If you have any questions about this policy or your personal data, contact us at:

• Email: privacy@my-hair.uk

• Phone: 0203 368 3012

 

2. What personal data we collect

Information you give us directly:

• Name, email address and phone number when you submit our contact form.

• Any message content and any photographs you choose to upload (for example, images of areas of hair loss you would like advice about). These are optional.

Information collected automatically when you use the site:

• IP address (truncated where possible), approximate location (country/region), device type, browser type and version, operating system.

• Pages visited, time on page, referring website, click and scroll behaviour, mouse movements, and session recordings (via Microsoft Clarity — see Cookies and Tracking below).

• Standard server log information collected by our hosting provider, Wix.

Information from third parties:

• We may receive information back from My Hair Transplant Clinics about the outcome of an enquiry we referred to them.

 

3. Special category data (health information)

If you tell us about a medical condition, hair-loss concern, or upload photographs of an affected area, this is “special category data” under Article 9 UK GDPR. We process this only where you have given us your explicit consent (Article 9(2)(a)) by choosing to submit it through our contact form. You can withdraw that consent at any time by contacting us, and we will delete the data unless we are legally required to keep it.

Please do not include health information or images in any message unless you are comfortable with us holding it for the purpose of responding to your enquiry.

 

4. Why we use your data and our lawful basis

We use your personal data for the following purposes:

• To respond to enquiries you submit through our contact form, including arranging consultations and providing information about hair transplant procedures. Lawful basis: performance of a contract (or steps prior to entering into one) under Article 6(1)(b), and explicit consent under Article 9(2)(a) where health data is involved.

• To pass enquiries to My Hair Transplant Clinics so they can contact you about treatment. Lawful basis: consent (Article 6(1)(a)), given by you when you submit the form knowing we are an introducer.

• To operate, secure and improve the website, including analytics and session replay. Lawful basis: consent (Article 6(1)(a)), obtained via our cookie banner.

• To comply with our legal and regulatory obligations. Lawful basis: legal obligation (Article 6(1)(c)).

 

5. Cookies and tracking

We use cookies and similar technologies on this website. Non-essential cookies are only set after you give consent through our cookie banner. You can change or withdraw your consent at any time using the cookie settings link in our website footer.

Essential cookies — required for the site to function (set by Wix, our hosting platform). No consent required.

Analytics and behavioural cookies — set only with your consent:

• Google Analytics (provider: Google LLC / Google Ireland Limited). Measures aggregated website usage such as pages viewed, traffic sources and visit duration. See Google’s Privacy Policy.

• Microsoft Clarity (provider: Microsoft Corporation). Captures how visitors interact with our website through mouse movements, clicks, scrolling, heatmaps and session recordings, helping us improve usability. Clarity automatically masks text entered into form fields. Microsoft acts as a joint controller with us for this processing. See the Microsoft Privacy Statement.

For details of every cookie used, see our cookie banner settings.

 

6. Who we share your data with

We share personal data with the following categories of recipient, under written contracts requiring them to protect your data:

• My Hair Transplant Clinics — the clinic partner we introduce enquiries to, so they can respond to you about treatment.

• Wix.com Ltd — our website host and form provider.

• Google (Google Analytics) — website analytics.

• Microsoft Corporation (Microsoft Clarity) — behavioural analytics and session replay.

• Our professional advisers (accountants, legal advisers, insurers) where strictly necessary.

• Regulators, law enforcement or courts where we are legally required to do so.

We do not sell your personal data to third parties.

 

7. International transfers

Some of the providers above are based outside the UK, including in the United States (Microsoft, Google) and Israel (Wix). Where personal data is transferred outside the UK, we rely on the following safeguards:

• UK adequacy regulations where they apply;

• the UK Extension to the EU-US Data Privacy Framework, where the recipient is certified;

• the International Data Transfer Agreement or Standard Contractual Clauses, with supplementary measures where required.

 

8. How long we keep your data

• Enquiry contact form data (including any health information or images you upload): up to 24 months from your last contact with us, unless you ask us to delete it sooner or we need to keep it longer to deal with a complaint or legal claim.

• Information shared with My Hair Transplant Clinics: retained by them in line with their own privacy policy and clinical record-keeping obligations.

• Analytics data (Google Analytics, Microsoft Clarity): retained in line with each provider’s default settings (typically up to 14 months for Google Analytics, up to 13 months for Microsoft Clarity).

• Accounting and tax records: 6 years, as required by UK law.

When the retention period ends, we securely delete or anonymise the data.

 

9. Your rights

Under UK GDPR, you have the right to:

• access the personal data we hold about you;

• have inaccurate data corrected;

• have your data erased (“right to be forgotten”);

• restrict or object to our processing;

• data portability — receive your data in a structured, machine-readable format;

• withdraw consent at any time, where we rely on consent;

• not be subject to solely automated decision-making (we do not carry out automated decision-making).

To exercise any of these rights, contact us at privacy@my-hair.uk. We will respond within one month.

1

0. Complaints

If you are unhappy with how we have handled your personal data, please contact us first so we can try to resolve the issue. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

• Website: https://ico.org.uk/make-a-complaint/

• Helpline: 0303 123 1113

1

1. Security

We take appropriate technical and organisational measures to protect your data, including encrypted connections (HTTPS), access controls, and contractual obligations on our processors. No system is completely secure, but we take reasonable steps to reduce risk.

1

2. Embedded content from other websites

Pages on this site may include embedded content (videos, images, social media posts). Embedded content behaves as if you had visited the third-party site directly, including their cookies and tracking. We have no control over these technologies.

 

13. Children

This website and our services are intended for adults aged 18 and over. We do not knowingly collect personal data from children.

 

14. Changes to this policy

We may update this policy from time to time. The “Last updated” date at the top of this page shows when it last changed. Material changes will be highlighted on the website.