Privacy Policy - Imperial Dental Care

Practice Data Protection & Privacy Policy

Imperial Dental Care aims to meet the requirements of the Data Protection Act 2018, the United Kingdom General Data Protection Regulation (UK GDPR), the guidelines on the Information Commissioner’s (ICO) website, and our professional guidelines and requirements.

At Imperial Dental Care, we take your privacy and the security of your data seriously. This privacy policy informs you about how we look after your personal data when you visit our website, submit inquiries, use our online booking platform, log into our patient portal, or visit our physical practice. It also outlines your privacy rights under UK law.

Information We Collect and How We Use It

We apply “Data Protection by Design and Default” principles, collecting only the minimum information necessary to safely manage your bookings, communications, and dental care.

The personal data we process includes:

Name, address, contact details, gender, pronoun preferences, date of birth, nationality, NHS number, medical history, dental history, family medical history, family contact details, emergency contact details, marital status, information about care needs, financial details, doctor’s details, treatment plans, consent, X-rays, clinical photographs, digital scans, study models, appointment dates, details of complaints and call recordings.
Website Inquiries & Contact Forms: We collect your name, email address, phone number, and any details you provide about your booking or inquiry.
Online Booking & Patient Portal: We use secure online booking and patient portal systems powered by Software of Excellence (EXACT). When booking or completing forms online via their portal, we collect your name, date of birth, contact details, reason for your appointment, medical history updates, and NHS exemption data.
Clinical Records: For registered patients, this website interfaces with our management software to log clinical notes, treatment plans, X-rays, and financial records securely.
CCTV Surveillance Imagery: We operate closed-circuit television (CCTV) cameras covering the internal reception/waiting areas and the external perimeter of the building. No CCTV cameras are located within clinical treatment rooms.
Cookies & Analytics: We track standard internet log data and visitor behaviour to optimize website speed and security.

The reasons we process the data include:

To fulfil our contract with you.
To maintain a contemporaneous clinical record.
To discuss treatment options.
To provide dental prevention and oral health advice.
To ensure any medication we prescribe is suitable.
To modify treatments based on individual needs.
To meet our obligations under the Equality Act 2010.
To carry out financial transactions.
To manage appointments, recall arrangements and send reminders.
To communicate with your next of kin in an emergency.
To communicate with parents or carers about the person being cared for.
To refer to other dentists, doctors and health professionals as required.
For debt recovery.
To continually improve the care and service you receive from us.
To assist with safeguarding or public protection concerns.
To assist with dealing with queries, complaints or claims.

Our Lawful Bases for Processing Data

Under the UK GDPR, we process your personal data using the following lawful bases:

Contractual Necessity: To register you as a patient, schedule appointments, send text/email booking confirmations, and process private fees.
Public Task / Provision of Healthcare: To deliver safe, effective dental treatments and process claims through the NHS Business Services Authority.
Legal Obligation: To maintain medical records according to General Dental Council (GDC) guidelines and to satisfy CQC Regulation 17 (Good Governance) audits.
Legitimate Interests: We operate CCTV cameras to ensure the personal safety of our staff and patients, protect clinical property, and assist in the prevention and detection of crime.
Consent: For marketing emails, promotional offers, and practice newsletters sent via Software of Excellence. Consent can be completely withdrawn at any time.

Patient Communications & Marketing Opt-Out

We use automated systems within Software of Excellence to manage our communication streams:

Essential Communications: We will send you text messages and emails for appointment confirmations, booking reminders, and clinical updates under our contractual obligation to manage your healthcare.
Marketing Communications: We may occasionally send you practice updates, newsletters, and exclusive treatment offers. You will only receive these if you have actively opted in. You can change your marketing preferences or opt out at any time by clicking the “unsubscribe” link in any email, adjusting your preferences within the Software of Excellence Patient Portal, or speaking directly with our reception team.

Third-Party Data Sharing and Security

We never sell, rent, or trade your personal data. To provide your care, we share data strictly on a need-to-know basis with trusted partners:

Software of Excellence (EXACT): Our software partner securely hosts your clinical data, online bookings, and marketing preferences using banking-grade encryption during transmission and storage.
The NHS: If you are an NHS patient, data is shared with NHS authorities to process funding claims and audit compliance.
Medical Referrals: If you require specialist dental treatment, your information is shared securely with external specialist practitioners, hospitals, or dental laboratories.
Regulators & Law Enforcement: Data may be shared securely during clinical inspections with the CQC or the GDC. CCTV footage may be disclosed to the police or law enforcement authorities if required by law for criminal investigations.
Situations where there is a serious public health risk or risk of harm to other individuals.
When information is required by the police to prevent or detect crime or to apprehend or prosecute offenders (if not providing the information would prejudice these purposes).
In response to a court order.
To enable a dentist to pursue a legal claim against a patient.

Data Retention

We keep personal, clinical, and video records only for as long as legally mandated by healthcare regulations and privacy laws:

Adult Patient Records: Retained for a minimum of 10 years after your last attendance.
Child Patient Records: Retained for 11 years after their last attendance, or until they turn 25 years old, whichever is longer.
CCTV Footage: Footage is automatically overwritten on a rolling cycle unless required for an active security investigation.

Your Rights Under UK Data Protection Law

You have explicit rights regarding how we manage your information:

Right to Access: You can request a copy of your dental records, portal data via a Subject Access Request (SAR). We will provide this free of charge within one calendar month.
Right to Rectification: You can request that we immediately correct any inaccurate or incomplete personal contact details.
Right to Erasure / Restriction: You can ask us to delete or stop processing your data. Please note, we cannot erase medical or clinical histories before statutory retention deadlines pass.
Right to Withdraw Consent: You can opt out of marketing communications at any time.

Website Online Booking Form Summary Notice

Privacy Summary: Imperial Dental Care uses Software of Excellence to manage online bookings securely. By submitting this form, you agree to us processing your contact details to schedule your appointment and send automated reminders. We do not sell your information. CCTV cameras are active across these premises (internal communal areas and external perimeters) for the purposes of staff and patient safety, property protection, and crime prevention. No cameras are present in clinical treatment areas.

This privacy notice is reviewed annually and updated to ensure its effectiveness and compliance with current regulations, guidance, and standards.

Date: 17th June 2026

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.