Policies

Privacy & Cookie Policy

Last updated:

This Privacy & Cookie Policy explains how MMM Beauty ("we", "us", "our") collects, uses, and protects your personal information when you visit our website, make a booking, or interact with our services.

1. Who we are

MMM Beauty is a nail, brow and skin studio based in Brackley, UK. We provide salon services and related products, including digital gift cards and online booking.

Data controller: MMM Beauty. For data protection queries, contact us at the email address on our Contact page.

2. Information we collect

We may collect the following types of information:

  • Contact details – such as your name, email address, phone number and postal address.
  • Booking information – services booked, appointment dates and times, and notes relevant to your treatment.
  • Payment details – processed securely by our payment providers (for example, card details entered through our booking or payment system). We do not store full card numbers on our own systems.
  • Communication history – messages and emails you send to us, and responses we send to you.
  • Website usage data – IP address, browser type, pages visited and interactions with our website, collected through cookies and similar technologies.
  • Marketing preferences – whether you have chosen to receive updates, news or offers from us.

3. How we use your information

We may use your information to:

  • Manage and confirm your appointments and bookings.
  • Provide treatments and services safely and effectively.
  • Send appointment reminders, confirmations and important updates.
  • Process payments and manage deposits, refunds or fees.
  • Improve our website, services and client experience through analytics and feedback.
  • Send newsletters or marketing communications where you have opted in.
  • Comply with legal obligations, such as record-keeping and responding to lawful requests.

4. Legal basis for processing (UK GDPR)

We rely on one or more of the following legal bases:

  • Contract – to provide the services you have booked and manage your appointments.
  • Legitimate interests – to improve our services, manage our diary, and communicate important information about your bookings.
  • Consent – for certain types of marketing communications and non-essential cookies, where required.
  • Legal obligation – to comply with applicable laws and regulations.

5. How we share your information

We do not sell or rent your personal data to third parties.

We may share your information with trusted service providers who help us run our business. These currently include:

  • Square – payment processing, online booking, and loyalty programme.
  • Clerk – user authentication and sign-in code delivery.
  • Mailchimp – email newsletter delivery.
  • Resend – transactional email delivery (booking confirmations and contact form responses).
  • Google (GTM / GA4) – tag management and website analytics.
  • Meta (Facebook Pixel) – advertising analytics and audience insights.
  • Microsoft Clarity – session recording and heatmap analytics.
  • PostHog – product analytics.
  • Sentry – error monitoring and performance telemetry.
  • Vercel – website hosting and performance analytics.
  • Google reCAPTCHA v3 – spam and bot protection on forms.

Each provider processes data only as required for their service and under their own privacy policies. Analytics, session recording, and advertising providers are only activated after you have given your cookie consent.

We may also disclose information if required by law, regulation, or in response to a valid request from a public authority.

6. Data retention

We retain your personal data only for as long as necessary to:

  • provide our services,
  • maintain accurate treatment and booking records, and
  • satisfy legal, accounting or reporting obligations.

When data is no longer needed, it will be securely deleted or anonymised.

7. Your rights

You have the right to:

  • Request access to the personal data we hold about you.
  • Ask us to correct inaccurate or incomplete information.
  • Request deletion of your data where it is no longer needed, or object to certain types of processing.
  • Withdraw consent for marketing at any time.
  • Ask us to restrict processing of your data in certain circumstances (for example, while you contest its accuracy).
  • Request your data in a portable format where processing is based on your consent or a contract (right to data portability).
  • Lodge a complaint with the UK Information Commissioner's Office (ICO) if you are unhappy with how we handle your data.

To exercise your rights, please contact us using the details on our Contact page.

8. Cookies & similar technologies

Our website uses cookies and similar technologies to:

  • remember preferences and improve your browsing experience,
  • understand how visitors use the site,
  • support basic functionality and security.

Some cookies are essential for the site to function. Others (such as analytics cookies) are optional and may require your consent.

You can manage cookies:

  • via our cookie preference banner (where available), and
  • through your browser settings. Please note that disabling certain cookies may affect how the site functions.

9. Updates to this policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on our website. Where changes are material, we will take reasonable steps to notify you.

10. International data transfers

Some of our service providers (including Google, Meta, Sentry, PostHog, Vercel, Clerk, and Resend) may process personal data outside the United Kingdom. Where this occurs, we ensure appropriate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent standard contractual clauses, to protect your data to the same standard required under UK GDPR.

Manage cookies

You can update your analytics consent below. Essential cookies remain enabled so the site functions correctly.