MARBL Privacy Policy
Last updated: 22 October 2025
This Privacy Policy explains how MYNT Ltd ("MARBL", "we", "us", or "our") collects, uses, and protects personal data when you use the MARBL Marketplace or otherwise interact with us.
We are committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
- Data Controller: MYNT Ltd (trading as MARBL)
- Registered address: Flat 23 Highbury House, 5 Highbury Crescent, London N5 1RN
- Email: support@getmarbl.com
2. The Data We Collect and How We Obtain It
We collect and process personal data from the following sources:
| Category | Examples | Source |
|---|---|---|
| Customer data | Name, email, phone, booking details (treatment, clinic, time), payment information (via Stripe), communications | Provided directly by you |
| Clinician data | Name, photo, qualifications, professional experience, publicly listed business contact details | Publicly available websites, social media, directories, or provided by the clinic |
| Clinic data | Clinic name, address, services, opening hours, contact details | Publicly available or provided by the clinic |
| Technical data | IP address, browser type, device identifiers, cookies | Automatically when you visit our website |
| Marketing and communication data | Marketing preferences and communication history | Provided by you |
We do not intentionally collect special category data (e.g. health data) and take steps to avoid publishing identifiable patient information.
All clinician data is processed in a business and professional context for the purpose of providing a transparent directory of aesthetic practitioners and clinics.
3. How We Use Personal Data
We use personal data to:
- Facilitate and manage bookings.
- Process payments securely via Stripe.
- Provide customer and technical support.
- Publish accurate and publicly available information about clinics and clinicians.
- Improve our platform, services, and user experience.
- Send appointment confirmations and reminders.
- Conduct analytics and usage reporting.
- Send marketing communications (only if you've opted in).
- Comply with legal and regulatory obligations.
We only process personal data in ways that are necessary and proportionate to achieve these purposes.
4. Legal Basis for Processing
We process personal data under one or more of the following lawful bases:
| Purpose | Data Type | Legal Basis |
|---|---|---|
| Managing bookings and payments | Customer data | Performance of a contract |
| Listing clinic and clinician information | Clinician and clinic data | Legitimate interests – operating a trusted directory that improves transparency and helps consumers make informed choices |
| Customer support and platform improvement | Customer & technical data | Legitimate interests |
| Marketing communications | Contact data | Consent (can be withdrawn at any time) |
| Compliance and record keeping | All data types | Legal obligation |
Legitimate Interests:
MARBL has a legitimate business interest in maintaining a verified directory of UK aesthetics clinics and practitioners to promote patient transparency and safety. We balance this interest against individual privacy rights and limit processing to professional and publicly available information. You can object to this processing at any time (see Section 7).
5. Who We Share Data With
We may share personal data with:
- Clinics and practitioners you book with.
- Service providers and vendors (e.g. Stripe, hosting, analytics, communication tools) acting under contract and bound by data protection obligations.
- Professional advisors (legal, accounting, or audit firms).
- Regulators or authorities when legally required.
All sharing is on a need-to-know basis, and third parties are required by contract to handle data securely and lawfully.
We do not sell or rent personal data to third parties.
6. Data Retention
We keep data only as long as necessary for each purpose:
- Booking and payment records – 6 years (tax and legal compliance).
- Marketing data – until consent is withdrawn.
- Clinician and clinic listings – while relevant to MARBL's business and reviewed periodically for accuracy.
We apply secure deletion or anonymisation once retention periods expire.
7. Your Rights
Under the UK GDPR you have the right to:
- Access your personal data (Data Subject Access Request).
- Correct inaccurate data.
- Request deletion of personal data.
- Object to processing based on legitimate interest.
- Restrict processing.
- Withdraw consent for marketing.
- Request data portability.
Requests may be made verbally or in writing.
We may ask for information to verify identity and will respond within one month (extendable for complex cases).
In certain cases, we may decline a request where an exemption applies (e.g. to protect the rights of others or comply with legal obligations).
Contact: support@getmarbl.com
8. Cookies and Similar Technologies
We use essential cookies to make our website function and optional analytics or advertising cookies only with your consent.
Your preferences are recorded and can be changed at any time through our cookie banner or browser settings.
See our Cookie Policy for more information.
9. Security
We maintain appropriate technical and organisational measures to protect personal data, including encryption, access controls, and regular security assessments.
We also ensure our service providers implement equivalent safeguards and review these measures periodically.
10. International Data Transfers
Data may be transferred outside the UK (for example, to the United States for service providers).
Where this occurs, we ensure appropriate safeguards such as UK Standard Contractual Clauses or transfers to entities certified under the UK–US Data Privacy Framework.
You may request further details or a copy of these safeguards by contacting us.
11. Registration and Complaints
MYNT Ltd is registered with the Information Commissioner's Office (ICO) and pays the applicable data protection fee.
If you have concerns, contact us first at support@getmarbl.com.
You can also complain to the ICO: www.ico.org.uk.
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect legal, technical, or business changes.
We will post the updated version with a new "last updated" date.
Continued use of our website after changes means you accept the revised Policy.
