Skip to content

Rated 4.9★ on Google — Doctor-led clinic in Mayfair, London

← Home

Legal

Privacy Policy

Last updated: 30 June 2026

This privacy policy explains how Dr Alexa Clinic collects, uses, shares and protects your personal information, and sets out your rights under the UK GDPR and the Data Protection Act 2018. It applies to our website, our skincare shop, and the services we provide at our clinic.

If you have any questions about this policy or how we handle your data, please contact us by phone on 020 7846 6403 or by email at info@dralexa.co.uk. Our address is 44 South Molton St., Mayfair, London W1K 5RT.

Who we are (data controller)

Dr Alexa Clinic is a trading name of Beauty Digger Ltd, a company registered in England and Wales under company number 13736134. Beauty Digger Ltd is the data controller responsible for your personal data.

We are registered with the Information Commissioner's Office (ICO) under registration number ZB338958.

The personal data we collect

Identity and contact data: your name, date of birth, email address, postal address and telephone number.

Booking and appointment data: the treatments and appointments you book or enquire about, and the communications you have with us.

Health data: information about your health, medical history, medications, allergies, skin and treatment concerns, consent forms, treatment records, and before/after photographs where you agree to these. This is a special category of personal data (see below).

Payment data: details necessary to process payments and orders. Card payments are handled by our payment providers; we do not store full card details.

Marketing data: your preferences for receiving marketing from us and your engagement with our communications.

Technical and usage data: your IP address, browser type, operating system, referring and exit pages, and how you interact with our website, collected automatically via cookies and similar technologies.

Special category (health) data

Because we are an aesthetic and medical clinic, some of the data we hold about you is health information, which the law treats as a 'special category' requiring extra protection.

We process this data to assess your suitability for treatment, to plan and deliver your treatment safely, and to keep accurate clinical records. We rely on your explicit consent and/or the basis that processing is necessary for the provision of health care and treatment by, or under the responsibility of, a health professional (UK GDPR Article 9(2)(a) and 9(2)(h)).

How we use your data and our lawful bases

To provide treatments and products, manage your appointments and orders, and respond to your enquiries — lawful basis: performance of a contract with you, and steps taken at your request before entering into a contract.

To assess suitability for, and safely deliver, clinical treatments and keep clinical records — lawful basis: explicit consent and/or the provision of health care (special-category conditions above).

To send you marketing communications and clinic news where you have asked us to — lawful basis: your consent, which you can withdraw at any time.

To operate analytics and advertising on our website — lawful basis: your consent (managed through your cookie choices).

To meet our legal, regulatory, tax and record-keeping obligations — lawful basis: compliance with a legal obligation.

To run, secure and improve our business, prevent fraud and keep records — lawful basis: our legitimate interests, balanced against your rights.

Cookies and tracking

Our website uses cookies and similar technologies, including Google Analytics and the Meta (Facebook) Pixel, to understand how the site is used and to measure and tailor advertising. You can manage non-essential cookies through your browser settings or our cookie controls. For full detail, see our Cookies Policy.

Marketing and email

We use Mailchimp, a secure email marketing platform, to manage subscribers, send communications and track engagement. We only send marketing where you have consented.

You can unsubscribe at any time using the link in our emails or by contacting us. Unsubscribing removes you from marketing but does not delete your account or records, and essential service communications (for example, about an order or appointment) may continue.

Who we share your data with

We do not sell your personal data. We share it only where necessary, with providers who act on our instructions as our processors, and with others where the law allows or requires it.

Our service providers include: our clinic and booking management system (Pabau) for appointments, consent forms and clinical records; Mailchimp for email marketing; Google and Meta for website analytics and advertising; our payment providers for processing payments; and couriers and the skincare shop for fulfilling product orders.

We may also share data with our professional advisers, regulators and authorities where necessary for legal compliance, to protect rights, property or safety, to investigate fraud, in response to lawful government requests, or in connection with a business sale or reorganisation.

International transfers

Some of our providers (such as Mailchimp, Google and Meta) are based outside the UK, including in the United States. Where your data is transferred outside the UK, we rely on appropriate safeguards — such as UK adequacy regulations, the UK extension to the EU-US Data Privacy Framework, or the International Data Transfer Agreement / Standard Contractual Clauses — to ensure your data remains protected.

How long we keep your data

We keep your personal data only for as long as necessary for the purposes set out in this policy, and to meet our legal and professional obligations.

Clinical and treatment records are retained for the period required by our legal and professional obligations as a healthcare provider. Webshop order records are retained for five years and are then automatically deleted. Marketing data is kept until you withdraw your consent. After applicable retention periods, data is securely deleted or anonymised.

How we protect your data

We use appropriate technical and organisational measures to protect your data during transmission and storage, and we limit access to those who need it. However, no method of transmission or storage can be guaranteed completely secure.

Your rights

Under data protection law you have the right to: be informed about how we use your data; access a copy of your data; have inaccurate data corrected; have your data erased in certain circumstances; restrict how we process your data; data portability; and to object to processing based on our legitimate interests or to direct marketing.

Where we rely on your consent, you have the right to withdraw it at any time. This does not affect the lawfulness of processing carried out before you withdrew it.

To exercise any of these rights, please contact us at info@dralexa.co.uk. We will respond within the time limits set by law. We may need to verify your identity before acting on a request.

Your right to complain

If you have a concern about how we handle your personal data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk or on 0303 123 1113.

Children's data

Our treatments and services are intended for adults. We do not knowingly collect data from children without appropriate consent, and treatments are provided only where age and suitability requirements are met.

Changes to this policy

We may update this policy from time to time. Any changes will be posted on this page and, where appropriate, notified to you by email. Please check back periodically for the latest version.

Book NowWhatsApp