Privacy Policy

Your data protection and privacy rights

Form Dental – Privacy Notice

(Effective from 9 July 2025)

At Form Dental we treat the security and confidentiality of your personal data as a core part of good clinical care. Our procedures comply with:

  • the Data Protection Act 2018
  • the United Kingdom General Data Protection Regulation (UK GDPR)
  • guidance issued by the Information Commissioner's Office (ICO)
  • the professional standards set by the General Dental Council (GDC)

1. Who is responsible for your information?

Data Controller and Information Governance Lead FORM DENTAL
Contact hello@formdental.com · 07817 171 714

Address for all correspondence:
Form Dental, 65 London Road, Stapleford, Cambridgeshire CB22 5DG, United Kingdom

2. How to view this notice

You can read or download the latest version at www.formdental.com/privacy, pick up a copy at reception, or request one by email or phone.

3. Why we collect and use personal data

We only collect the information we need to:

  • plan, deliver and review your dental care
  • arrange appointments, recalls and treatment estimates
  • manage payments (where relevant)
  • keep you informed about important service updates or new treatment options (marketing is always by consent)
  • meet our legal and professional obligations, including those under the Equality Act 2010
  • recruit, employ and support members of our team
  • monitor quality, investigate complaints or incidents, and improve our services

4. What information we hold

Personal data
name, address, date of birth, contact details, NHS number, GP details, payment information, IP address
Special-category data
medical and dental history, X-rays, photographs, ethnicity or religious information (where clinically relevant), equality information, safeguarding notes
Employment data
CVs, references, payroll details, Disclosure & Barring Service checks

We follow the principle of data minimisation – keeping only what is necessary and for no longer than necessary.

5. Where and how your data is stored

  • Electronic records are held on secure UK or EU servers.
  • Paper documents are kept in locked cabinets within restricted areas of the practice.
  • When a reputable supplier stores data outside the UK/EU (for example, encrypted cloud back-ups), we ensure appropriate safeguards such as Standard Contractual Clauses are in place.

6. Lawful bases for processing

Purpose
UK GDPR lawful basis
Article 9 condition (special data)
Provision of dental care
Contract · Legitimate interest
Health care
NHS submissions, tax & legal duties
Legal obligation
Health care
Equality monitoring
Legitimate interest
Equality of opportunity
Marketing by email/text
Consent (you can withdraw at any time)
Team recruitment & DBS checks
Legitimate interest · Consent
Explicit consent (criminal record)

7. Sharing your information

We keep your data confidential. We only disclose it when:

  • you ask us to (for example, referral to a specialist)
  • we have to share it with the NHS, regulators or insurers
  • a trusted supplier processes data under a written contract (e.g. laboratory, IT provider)

We never sell your details or allow third-party marketing.

8. How long we keep your records

  • Adult clinical records – at least 11 years from the date of last entry
  • Child clinical records – until the patient is 25 years old (or 26 if treatment finished at 17)
  • Financial and administrative data – normally 2 years after the last transaction

Full retention schedules are available on request.

9. Your data protection rights

You can:

  • Access a free copy of your records (within one month)
  • Ask for corrections to inaccurate or incomplete data
  • Restrict or object to certain uses of your data
  • Receive your data in a portable format
  • Ask for deletion where legal retention rules allow
  • Withdraw consent for marketing at any time

To exercise any of these rights, contact the Information Governance Lead (details above).

10. Queries, feedback or complaints about data use

Please raise any concerns with our Information Governance Lead first – we take complaints very seriously and will respond promptly.

If you remain dissatisfied you may contact:
Information Commissioner's Office (ICO) – ico.org.uk · 0303 123 1113

11. Related policies and documents (available on request)

  • Data Protection & Information Security Policy
  • Consent Policy
  • Record Retention Schedule
  • Privacy Impact Assessment & Security Risk Assessment

12. Privacy notice for children (simplified)

We keep your name, address, birthday, health details and information about your dental treatment so we can look after your teeth. We only share this with another dentist or doctor if you need their help. Your records stay safe and private, and we keep them until you are at least 25. You (or your parent/guardian) can ask to see them, correct mistakes, or tell us not to send reminders once you leave the practice.

Last reviewed: 9 July 2025    Next review due: July 2026

If you have any questions about how we look after your information, please get in touch – we're always happy to help.