Who we are

Suggested text: Our website address is: https://epicdentallisburn.co.uk.


Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.


Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Who we share your data with

Suggested text: If you request a password reset, your IP address will be included in the reset email.

How long we retain your data

Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where your data is sent

Suggested text: Visitor comments may be checked through an automated spam detection service.

Our dental practice is independent and offers various private dental and facial aesthetic treatments. Our team includes both employed and self-employed staff. We all work to protect our patients’ privacy and keep their information safe.

This document explains how we use patient information. We follow the rules of the UK GDPR and the Data Protection Act of 2018.

The people responsible for data protection compliance is Debbie Adams & Andrew Moorehead you can reach them at pm@epicdentallisburn.co.uk or by calling the practice at 02892528228

Collecting Your Personal Data

We usually get your personal information directly from you. This happens when you contact us, use our website, complete a feedback form or come for an appointment. Sometimes, we might also get your information from other places, like:

· Other dentists who have treated you

· Your GP or a hospital

· A carer, family member, or partner

· Your insurance company or dental plan provider

· The NHS, regulators, or authorities like the Police

· Your solicitor

Additionally, we may get information from online companies, such as Google and Facebook. These companies are not in the UK and help us with things like analysing our website, advertisements, and handling payments and services.

The Types of Personal Information We Collect and Process

We handle various kinds of patient information at our dental practice. The table below explains these types in detail. For each type of information, you will find:

1. What We Collect: This column describes the different kinds of personal data we gather, like your name, contact details, health data, etc.

2. Why We Need It: Here, we outline the purposes for which we use your information. This could range from registering you in our system to managing our relationship with you.

3. Our Legal Grounds: This is where we explain the legal basis under UK GDPR and the Data Protection Act 2018 for processing your data.

Categories of Personal Data Examples of What We Collect Why We Need It Our Legal Grounds


Identifiers Name, Contact Details, Patient Reference number, date of birth, signatures, photos and videos (non-1. Register you in our system. 2. Contact you about treatment and manage our relationship. 3. Send marketing information. 1. Performance of a contract (private treatments) 2. Performance of a contract (private treatments),

Categories of Personal Data Examples of What We Collect Why We Need It Our Legal Grounds clinical purposes), CCTV footage identification. 4. Share non-clinical photos and videos (e.g., reactions, testimonials) online. 5. Prevent crime and protect our assets (CCTV images). legitimate interest. 3. Consent, legitimate interest. 4. Consent. 5. Legitimate interest.

Family Details Next of kin, guardians, carers, representatives. 1. Emergency contact. 2. Discuss your care with responsible parties. 1. Vital interest, consent. 2. Contract ,consent.


Details Payment details, debit/credit card information, bank account details. 1. Process payments. 2. Debt recovery. 1. Contract, 2. Legitimate interest.

Technical Data Website usage data (IP address, browser details, etc.), social media, patient portal usage. 1. Improve online services, marketing. 2. Manage and secure our practice, website, and social media. 3. Detect unlawful activities on guest WI-FI. 1, 2. Legitimate interest. 3. Legitimate interest, legal obligation.


Data Data in emails, social media comments, letters, instant messages. 1. Handle complaints, queries, feedback. 2. Legal defence or regulatory enquiry evidence. 1, and 2 Legitimate interest.

Health Data Medical/dental histories, lifestyle data, x-rays, clinical photos, treatment plans, recorded communications, clinical notes, incident information. 1. Assess and treat dental health. 2. Legal defence in claims or investigations. 3. Clinical and peer review. 4. Record health and safety incidents. 1. Necessary for treatment and administration. 2. Legal defence 3. Necessary for treatment, Substantial Public Interest – Equality. 4. Legal defence, Substantial Public Interest – Insurance


Information Ethnic group and language details. 1. Understand cultural, religious, language needs. 2. Comply with equality law. 1. Necessary for treatment. 2. Necessary for treatment, Substantial Public Interest – Equality.

Categories of Personal Data Examples of What We Collect Why We Need It Our Legal Grounds

Religious and


Beliefs Relevant beliefs impacting care (e.g., fasting, treatment preferences). 1. Assess and provide appropriate care. 2. Comply with equality law. 1. Necessary for treatment. 2. Necessary for treatment, Substantial Public Interest – Equality.

The Necessity of Your Personal Data for Dental Treatment

For effective private dental care, our practice must collect and process certain personal data. This is crucial for planning and providing safe, personalised treatment. If you choose not to share this essential information, it may hinder our ability to treat you, potentially leading to discontinuation of your treatment at our clinic.

Withdrawing Your Consent

The above table shows when we need your consent to use your personal details. For example, suppose when you first visited our dental practice, you were pleased with the service and agreed to give a video testimonial. We included this testimonial on our website and in our training courses with your consent. If you now decide that you no longer want us to use your video, you can withdraw your consent for this specific purpose.

If you wish to withdraw your consent, please reach out to us. You can find how to contact us at the top of this notice. If you decide to withdraw your consent, we will not use your information for those purposes anymore, unless there is a legal need. Just know, if you withdraw your consent, it doesn’t change any use of your information that happened before.

When We Share Your Information

Our dental practice uses your information mainly internally, by our team and dentists who take care of you. We ensure only those who need to know will access your data. We take great care to keep your information confidential and share it when necessary, such as:

· Relatives and Carers: If you agree, or it helps you.

· Healthcare Workers: When necessary.

· NHS Bodies: For audit or other regulatory purposes.

· Regulators: As required by bodies like GDC, CQC.

· Social Services: If you consent or in certain situations.

· Law Enforcement: As the law dictates or with your consent.

· Solicitors: With your consent or by court order.

· Courts/Tribunals/Coroners: On legal request.

· HMRC: For legal compliance.

· Research and Audit Bodies: Anonymously or with your consent.

· Insurance Providers: For claim processing.

· Potential New Practice Buyers and Brokers: During business ownership changes.

· IT System Providers: To manage and protect our data systems.

· Security Partners: For the security and safety of our practice and patients.

· Translators: To assist you if you need language support.

· Professional Services

o Accountants: For financial management and auditing.

o Business/Marketing/Clinical/Compliance Consultants: For advice and support in these specific areas.

o Our Solicitors: For legal advice and representation.

How We Store Your Data

We store your personal details safely, using both paper and computers. For online and cloud services and storage, especially when it’s outside the UK, we follow strict legal rules to keep your data safe.

How Long Do We Keep Your Data

We keep your details only as long as we need to. We do this to comply with health, legal, and financial-related rules and guidance. When deciding how long to keep your information, we look at its amount, type, and how private it is. We also consider the risk of someone else getting access to it. We also think about whether we need the information for situations like legal matters after your treatment ends.

How We Protect Data Transferred Internationally

Sometimes, we might need to send your personal data to countries outside the UK and the European Economic Area. Whenever this happens, we take steps to make sure your information stays safe and secure, just like it would at home. We follow the rules set by data protection laws to protect your privacy.

Here’s how we do it:

· Adequacy Decisions: We check that the country where your data is going has strong privacy protections. These protections must be recognized by UK and EU authorities.

· Standard Contractual Clauses: If the country doesn’t have these protections, we have a special contract in place. This contract uses specific terms that the UK and EU authorities agree will keep your data safe.

Your Data Rights and Third-Party Requests

Data protection laws grant you certain rights about your personal details:

· Access: You can request to see the personal details we hold about you.

· Correction: If you find errors in your information, you can ask us to correct it. You can also have incomplete details completed.

· Deletion: Under some conditions, you have the right to request that we delete your personal information.

· Limit Use: If you wish, you can ask us to limit the way we use your personal information.

· Object: There are times when you can object to our use of your personal details.

· Transfer: You may ask us to move your personal information to another organization, or directly to you, in certain situations.

FAQ: Responding to Your Request

Q: When can I respect a response for my request?

A: We aim to respond quickly. If your request lands on a day we’re closed, we’ll start counting our one-month response time from the next working day.

Q: Does my data request need to be in writing?

A: Not at all. You can make your request in any form that suits you. This can be in person, by phone, or via a message on social media. We’ll acknowledge and process your request regardless of how you submit it. While we might suggest filling out a form to streamline the process, it’s not mandatory. You’re free to choose how you’d like to make your request.

Q: What if my request is not specific enough?

A: We’ll ask you to clarify what you’re looking for. While we wait for your clarification, we pause the one-month countdown.

Q: Will I be charged for making a request?

A: Usually, it’s free. But if your request is unfounded, repetitive, or excessive, we may ask for a fee to cover our costs.

Q: Can my request be denied?

A: Yes, in certain cases. If a request is too broad, doesn’t have a clear purpose, or places an unreasonable burden on us, it might be considered “manifestly unfounded” or “manifestly excessive”. We carefully evaluate each request and ensure that any decision to deny is fair and compliant with data protection regulations. We’d then inform you why we can’t fulfil it, and you can challenge our decision by contacting us.

Q: Are there any limits to my requests?

A: Yes, some requests might be limited by law. We’ll let you know if that’s the case.

Q: Can someone else make a request on my behalf?

A: Sure, but we’ll need proof that they’re allowed to act on your behalf. If we’re concerned about the safety of your data, we might talk to you directly or send the data to you instead of someone else.

Concerns and Complaints

If you have concerns about how we handle your data or if you’re dissatisfied with our response to a request, please reach out using the contact information provided at the beginning of this notice. You’re also entitled to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/