Privacy Policy

We take your privacy very serious. This notice informs you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not.

Your personal data is processed fairly and lawfully in line with the GDPR (General Data Protection Regulation).

The practice is registered with the Information Commissioner’s Office (ICO).

Data Controller of the practice is owner Yvonne Bruehmann who will deal with any queries you might have.

Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.

Personal data we hold of you

  • Name
  • Contact details including mobile phone, landline number and email address
  • Date of birth
  • Gender
  • Community Health Index number (CHI)
  • Name and contact details of guardian (where patient has impaired decision capacity or is unable to consent or a child under 16 who has not sufficient capacity to consent yet.)
  • Medical and Health Details / History including name of GP
  • Dental Records including dental photos, radiographs, dental models and laboratory work
  • Ethnic Origin and Sexual Orientation ( only required in particular circumstances where it serves the purpose of preventative or occupational medicine- not routinely held by us)
  • Benefits Information including exemptions
  • Membership of dental/medical insurance plans
  • Card payment details (if you opt to pay this way)
  • Correspondence with you (letters and emails, enquiries)
  • Debt records
  • Your signature

All data we hold is received from you directly, through your consent or through Practitioner Services.

How we use your personal data

  • Administration
  • Confirmation of your identity
  • To contact you (Appointment reminders, response to any of your queries, etc.)
  • Payment and claim transmission to Practitioner Services and/or Dental Insurance Provider
  • Clinical necessity
  • To transfer or share with other registered dental or medical professionals
  • Occupational health reasons
  • Consent for dental treatment
  • Processing of payments for services we provided to you

We don’t create derived or inferred data about the data we hold of you and we don’t plan to use this in future for any other purposes.

Our intended use is unlikely to cause individuals to object or complain.

What is our basis for legal processing of your data?

We only hold data of you which we require in order to perform the contract between you and us providing you with our services.

As Health Care Providers we have a legal obligation to hold certain types of your personal data.

We hold data of you which is of legitimate interest to us and which you have been informed about, you consent and freely give to us.

If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.

How we collect your personal data

  • In person through you or your guardian -at our reception by filling in NHS forms and Medical History forms we use to regularly collect and update your information on.
  • Phone
  • Letter
  • Email
  • Website

Please be aware when you contact us through email or the contact form on our website that like any generic email account this is not encrypted and can be hacked into. Only volunteer the information you feel safe you can share with us this way.


Our website uses Google Analytics to help analyse how users use the site. “Cookies” are used, which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. This including IP address is transmitted to Google which then evaluates visitors’ use of our website and produces statistics of the website activity. Google and us will not associate or seek to link your IP address with any other data held by Google. We will never use the statistical analytics tool to track or collect any Personally Identifiable Information of visitors to our site. We also will not allow any third party to do so.

Who we share your data with

We only share the individual components of your personal data with others as far as it is required.

  • Practitioner Services
  • Other registered dental or medical professionals
  • Your dental insurance provider
  • Service Providers of the practice (i.e. Dental laboratories, accountant, IT services, website designer, card machine merchant)
  • Third Parties in context of a potential future sale or restructuring of the business (if it was to become the case)

Children’s Personal Data

Our website is directed to adults; it is not directed to children under the age of 13. We operate our site in compliance with the Children’s Online Privacy Protection Act, and will not knowingly collect or use personal information from anyone under 13 years of age.

The contact form on our site will only be used for the practice’s internal processes. Please be aware when you contact us through email or the contact form on our website that like any generic email account this is not encrypted and can be hacked into. Only volunteer the information you feel safe you can share with us this way. We will delete this data from our email account after a period of three months. We may record this information within our practice management software.

The contact form on our website is only to be used by children aged 13 years and over. If you are younger please ask your parent or guardian to fill it in for you. If you don’t know what to do, please phone the practice and we can help you further.

We keep your name, address, contact details, date of birth, medical and dental records and Community Health Index number, name and contact of your guardian (if necessary) and any details you freely give to us so that we can help you in the best way. By law, we need to keep your data up to 11 years or until you are aged 25, whichever is longer.

It is always good to bring a parent or guardian with you when you come to see us.

If you are under age 16, bring your parent/guardian because they will need to fill in and sign forms for you which give us details about you and your health.

How we ensure the security of your data

Your data is partially stored on password-protected computers with the latest anti-virus software and partially stored in the cloud. Practice premises are secured and alarmed and paper files stored in lockable cabinets to which only authorised staff hold the key to. Data is backed-up daily and stored in a secure place. The dental software we use is cloud-based and is hosted on servers that are owned and operated by Amazon Web Services (AWS) that reside within the European Union. AWS is an industry leader and provides a highly scalable cloud computing platform with end-to-end security and privacy features. Access to these data centres is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures and 24/7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centres by AWS employees is authorized strictly on a least privileged basis and is logged and audited routinely.

Personal data is reviewed, updated and deleted in a confidential and secure manner when no longer required.

Transfer of your clinical/medical records is only by post or encrypted email.

Staff is trained on up-to-date data protection requirements and their contracts include a clause regarding confidentiality and data protection.

Your right to access data

You have the right to access the data we hold of you. Please put your request in writing to the practice owner Yvonne Bruehmann.

We will supply the requested information within one month. Where requests are complex or numerous we can extend this by up to a further two months.

A fee can be requested by the practice, but only restricted to requests which are manifestly unfounded or excessive.

How long we hold your data

Most of the personal data we hold of you we need to keep by law up to 11 years or until you are aged 25, whichever is longer. Card payment details we hold for 6 years and 11 months.

Your data is deleted in a confidential and secure manner when no longer required.

Request to delete your data

As a health care provider we need to comply with the law and are required to keep most of the data for the above listed periods of time.

However you can request immediate deletion of your contact phone numbers and/or email contact.


TELEPHONE - 01877 330 703 Email Us