Warstwa X0020 1 - Perfect Smile Dental Centre

07490 565656

Opening hours: Mon-Fri: 09:00-20:00, Sat: 09:00-18:00

hello@twojdentysta.co.uk

Perfect Smile Dental Centre logo
Book a Visit

Opening hours: Mon-Fri: 09:00-20:00, Sat: 09:00-18:00

Perfect Smile Dental Centre logo

Privacy Policy & Cookies

ROXDENT LTD trading as Perfect Smile Dental Centre
Company No. 08978156, registered in England and Wales
36 Crown Street, Acton, London W3 8SB
Tel: 07490 565656 | Email: hello@twojdentysta.co.uk

Last updated: 6 March 2026

1. Data Controller

The data controller responsible for your personal data is ROXDENT LTD, trading as Perfect Smile Dental Centre. The company is registered in England and Wales under company number 08978156. Registered address: 36 Crown Street, Acton, London W3 8SB.

You can contact us about your personal data at hello@twojdentysta.co.uk or by phone on 07490 565656.

2. What data we collect

Depending on the services you use, we may collect the following data:

  • Identity data – name, date of birth, NHS number (where applicable)
  • Contact data – home address, phone number, email address
  • Health data – medical and dental history, test results, X-rays, clinical photographs, treatment plans, appointment notes
  • Financial data – payment details, transaction history, dental insurance information
  • Technical data – IP address, browser type, cookie data (when using our website)

3. Legal bases for processing

We process your data on the following legal bases (UK GDPR):

  • Article 6(1)(b) – performance of a contract – for example: when you book an appointment, we need your contact details to send you a confirmation and reminder. When you request treatment, we process the data needed to deliver the service
  • Article 6(1)(c) – legal obligation – for example: we are required to keep clinical records for a set period. We must also meet tax and regulatory requirements
  • Article 6(1)(f) – legitimate interest – for example: analysing appointment data to improve service quality, protecting the practice against legal claims
  • Article 6(1)(a) – consent – for example: sending marketing materials. You can withdraw your consent at any time
  • Article 9(2)(h) – health data – processing is necessary for the provision of healthcare, in accordance with the UK Data Protection Act 2018, Schedule 1, Part 1, Condition 2 (health data)

4. How we use your data

  • Providing dental care and managing your treatment
  • Booking, confirming and sending appointment reminders
  • Issuing invoices and processing payments
  • Communicating with you about your care
  • Meeting legal and regulatory obligations
  • Improving our services based on anonymised data
  • Sending marketing information (only with your consent)

5. Who we share data with

Your data may be shared with:

  • Dental laboratories – to the extent needed to carry out prosthetic work (for example, impressions, treatment plans)
  • Other healthcare providers – as part of a referral or continuation of treatment (for example, a hospital or specialist)
  • Regulatory bodies – GDC, CQC, NHS – where required by law
  • IT service providers – companies that support our systems (practice management software, website hosting) – under data processing agreements
  • Payment service providers – to the extent needed to process payments

We do not sell your data to third parties. We do not share your data for the marketing purposes of other organisations.

As part of your treatment, we may share clinical data with other specialists. This mainly applies to:

  • Referrals to specialists (orthodontist, surgeon, periodontist) – we pass on the data needed to continue your treatment
  • X-rays and CBCT scans – these may be shared with another clinician solely for diagnostic and treatment purposes
  • Clinical notes – shared with your consent or where required by law

We will inform you before sharing your data with another specialist. You have the right to refuse, though this may limit your treatment options.

6. Cookies and tracking technologies

Our website uses the following cookies:

  • wordpress_test_cookie – checks whether your browser accepts cookies. Type: session. Deleted when you close your browser
  • wordpress_logged_in_* – identifies a logged-in user (staff only). Type: session. Deleted when you close your browser
  • PHPSESSID – maintains a server session. Type: session. Deleted when you close your browser
  • _ga – Google Analytics 4, used to distinguish users. Type: persistent. Lifespan: 2 years
  • _gid – Google Analytics 4, used to distinguish users. Type: persistent. Lifespan: 24 hours

Google Analytics 4 uses anonymised IP addresses. We do not use cross-domain tracking. Google Analytics data is not linked to your personal data.

You can manage cookies through your browser settings. Disabling cookies may limit the functionality of our website.

7. Data security

We use appropriate technical and organisational measures to protect your data:

  • Computer systems are password-protected and regularly updated
  • Electronically stored data is encrypted both in transit and at rest
  • Only authorised members of staff have access to patient data
  • Paper records are kept in locked cabinets
  • We carry out an annual security review

Breach procedure: In the event of a data breach, we will notify the Information Commissioner’s Office (ICO) within 72 hours of becoming aware. If the breach poses a high risk to your rights and freedoms, we will notify you directly without undue delay.

CCTV cameras may be in use at the practice for security purposes. Footage is stored for a maximum of 30 days and is accessible only to authorised members of staff. Telephone calls may be recorded for training and quality purposes. You will be informed at the start of the call if recording is in progress.

The legal basis for CCTV is Article 6(1)(f) UK GDPR (legitimate interest in the security of the premises, staff and patients). Appropriate signage is displayed at all camera locations within the practice.

8. How long we keep your data

  • Adult clinical records – 11 years from the date of last treatment, or until the patient reaches the age of 25 (whichever is longer), in line with the NHS Records Management Code of Practice
  • Children’s clinical records – until the age of 25, or 11 years from the date of last treatment (whichever is longer)
  • Financial records – 7 years from the last transaction (HMRC requirements)
  • Marketing data – until you withdraw your consent
  • X-rays – in accordance with IRMER 2017 guidelines
  • Complaint records – 10 years from the date the complaint was resolved

9. Your rights

Under UK GDPR, you have the following rights:

  • Right of access – you may request a copy of your data (Subject Access Request). We will respond within 1 month. In complex cases, the deadline may be extended by a further 2 months. If so, we will tell you about the delay and the reason
  • Right to rectification – you may ask us to correct inaccurate or incomplete data
  • Right to erasure – you may ask us to delete your data. Please note that we cannot always delete clinical records. Under GDC Principle 4 and the NHS Records Management Code of Practice, we are legally required to retain clinical records for a set period. In such cases, we will restrict processing to the minimum required by law
  • Right to restriction of processing – you may ask us to limit how we use your data
  • Right to data portability – you may ask us to transfer your data to another practice or provider
  • Right to object – you may object to processing for marketing purposes at any time
  • Right to withdraw consent – if we process your data based on consent, you may withdraw it at any time

To exercise any of these rights, please contact us in writing or by email at hello@twojdentysta.co.uk. We will respond within 1 month of receiving your request.

When you submit a request, we will need to verify your identity before releasing any information. We may ask for a copy of a photo ID (such as a passport or driving licence) and proof of address. This is to protect your data from unauthorised access.

10. Children’s data

We treat patients of all ages, including children. Regarding children’s data:

  • We process data for children under 13 on the basis of parental or guardian consent
  • For marketing purposes (such as newsletters), we require consent from individuals aged 13 or over, in line with ICO guidance
  • Children’s clinical records are retained until the age of 25 or for 11 years from the date of last treatment (whichever is longer)
  • A parent or legal guardian may exercise data access rights on behalf of a child under 13

11. Profiling and direct marketing

We do not profile patients for marketing purposes. We do not create behavioural profiles based on your medical data. Direct marketing (such as newsletters with dental advice, information about promotions) is sent only with your explicit consent.

You can opt out of receiving marketing materials at any time by clicking the “Unsubscribe” link in the email or by contacting us at hello@twojdentysta.co.uk. Opting out of marketing does not affect your rights as a patient or the quality of care you receive.

12. Emergency contact information

We ask you to provide an emergency contact (name, phone number, relationship). This information will only be used in situations where your health or life is at risk. You can update these details at any time by informing reception.

13. International data transfers

We do not currently transfer your personal data outside the United Kingdom. All data is stored on servers located in the UK or within the European Economic Area.

Should the need arise to transfer data outside the UK in the future, we will put appropriate safeguards in place, such as: a UK adequacy decision, Standard Contractual Clauses, or your explicit consent.

14. Automated decision-making

We do not use automated decision-making or profiling in relation to patient data. All decisions about your treatment are made by qualified clinical staff.

15. Data Protection Officer

The person responsible for data protection at our practice is the Practice Manager, who acts as our Data Protection Lead.

For all data protection enquiries, subject access requests, or to exercise any of your rights under UK GDPR, please contact:

  • Data Protection Lead (Practice Manager)
  • Perfect Smile Dental Centre (ROXDENT LTD)
  • 36 Crown Street, Acton, London W3 8SB
  • Email: hello@twojdentysta.co.uk
  • Tel: 07490 565656

16. Complaints

If you are unhappy with how we handle your data, we encourage you to contact us first so we can try to resolve the issue.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s independent supervisory authority for data protection:

  • Website: www.ico.org.uk
  • Tel: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

17. Changes to this privacy policy

We reserve the right to update this policy. We will communicate any significant changes on our website. We encourage you to review this page regularly.

Effective from: 6 March 2026

Last updated: 6 March 2026

ROXDENT LTD trading as Perfect Smile Dental Centre, Company No. 08978156, registered in England and Wales