You are here:
  1. Home
  2. Governance & Legal
  3. Privacy Policy
  • Governance & Legal

Privacy Policy

Last updated: 1 February 2026
  • Governance & Legal
  • ESG & Social

Introduction

Saint Visage Dental Group (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy explains how we collect, use, store, and share your personal data when you interact with our practices, websites, and services.

We are the data controller for the personal information we process. Each practice within the Saint Visage Dental Group operates as a separate legal entity registered with the Information Commissioner’s Office (ICO).

Information We Collect

We may collect and process the following categories of personal data:

  • Identity data: Full name, date of birth, gender, NHS number, and photographic identification where required for clinical records.
  • Contact data: Postal address, email address, telephone and mobile numbers, and emergency contact details.
  • Health data: Medical history, dental records, treatment plans, clinical notes, radiographs, intra-oral photographs, and prescription records. This constitutes special category data under UK GDPR.
  • Financial data: Payment card details (processed securely and not stored), bank account details for direct debit arrangements, and insurance policy information.
  • Technical data: IP address, browser type, device information, and cookies when you use our website.
  • Recruitment data: CV, qualifications, GDC registration number, visa status, right-to-work documentation, and references for employment applicants.

How We Use Your Data

We use your personal data for the following purposes:

  • Providing dental care, treatment planning, and clinical record-keeping as required by the General Dental Council (GDC) and Care Quality Commission (CQC).
  • Managing your appointments, sending reminders via SMS, email, or post, and following up on treatment plans.
  • Processing payments, managing NHS claims, and handling insurance submissions on your behalf.
  • Communicating with you about your care, including referrals to specialist practitioners and hospitals.
  • Meeting our legal and regulatory obligations, including mandatory reporting to the GDC, CQC, and NHS England.
  • Improving our services through anonymised analysis and clinical audit.
  • Recruitment and employment administration for candidates applying to our associate development programmes or other positions.

Legal Basis for Processing

We process your personal data under the following legal bases as defined by UK GDPR:

  • Contract: Processing necessary for the performance of your treatment contract with us.
  • Legal obligation: Processing required to comply with healthcare regulations, tax obligations, and employment law.
  • Vital interests: Processing necessary to protect your life or health in emergency situations.
  • Legitimate interests: Processing for practice administration, service improvement, and fraud prevention, where these do not override your rights.
  • Consent: Where we send marketing communications or process data for purposes not covered above, we will seek your explicit consent.

For special category data (health records), we rely on the additional condition that processing is necessary for the provision of health care under Article 9(2)(h) of UK GDPR.

Data Retention

We retain your personal data in accordance with the following periods:

  • Adult dental records: Minimum 10 years from the date of last treatment, or until the patient reaches age 25 (whichever is longer), in line with NHS and GDC guidance.
  • Children’s dental records: Until the patient reaches age 25, or 10 years after last treatment, whichever is longer.
  • Financial records: 7 years from the date of transaction, as required by HMRC.
  • Recruitment data: 6 months from the date of decision for unsuccessful candidates; duration of employment plus 6 years for successful candidates.
  • Website analytics: 26 months from collection.

Data Sharing

We may share your personal data with:

  • Other dental and healthcare professionals involved in your care, including specialist referrals, hospitals, and laboratories.
  • NHS England, NHS Business Services Authority, and relevant NHS bodies for the administration of NHS dental contracts.
  • The General Dental Council and Care Quality Commission where required by law or regulation.
  • Our IT service providers, practice management software providers, and cloud hosting services (all operating under data processing agreements).
  • Payment processors and insurance companies for billing purposes.
  • Legal and professional advisers where necessary for the establishment, exercise, or defence of legal claims.

We do not sell your personal data to any third party. Where data is transferred outside the UK, appropriate safeguards are in place in accordance with UK GDPR requirements.

Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

  • Right of access: You may request a copy of the personal data we hold about you.
  • Right to rectification: You may request correction of inaccurate or incomplete data.
  • Right to erasure: You may request deletion of your data where there is no compelling reason for continued processing, subject to our legal retention obligations.
  • Right to restrict processing: You may request that we limit processing in certain circumstances.
  • Right to data portability: You may request transfer of your data to another provider in a structured, commonly used format.
  • Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
  • Rights related to automated decision-making: We do not carry out automated decision-making or profiling that produces legal effects.

To exercise any of these rights, please contact our Data Protection Officer using the details below.

Cookies

Our website uses cookies to improve your browsing experience. For full details of the cookies we use and how to manage them, please refer to our Cookie Policy.

Changes to This Policy

We may update this policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this policy periodically.

  • Data Protection Officer

For any questions regarding this policy or to exercise your data rights:

Email: privacy@saintvisage.co.uk

Post: Data Protection Officer, Saint Visage Dental Group, London, United Kingdom

ICO: If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office.

Questions about our policies?

Our governance team is available to discuss any aspect of our policies and procedures.

Contact Us
Message on WhatsApp