Who we are (data controller)
This Is It Dental (This Is It Dental) is a private dental practice at 99 Harley Street, London W1G 6AQ. We are regulated by the Care Quality Commission and our clinicians are registered with the General Dental Council.
Our principal dentist is Dr Rena Uberoi (BDS, United Kingdom, qualified 1993 from Guy's Dental Hospital, London), GDC registration number 69753. You can verify registration on the GDC register.
This Is It Dental is the data controller for the personal information described in this privacy notice. For privacy enquiries, contact our practice team at hello@thisisitdental.london, +44 (0) 20 7486 5180, or write to us at the address above.
What this notice covers
This privacy notice explains how we handle personal data when you use our website, contact us, book appointments, receive treatment, are referred to us, or interact with us in other ways. It applies to patients, prospective patients, referrers and website visitors.
It does not cover third-party websites linked from our site (for example booking platforms or social media). Please read their privacy policies separately. For cookies, see our Cookie Policy.
Personal data we may collect
Depending on how you interact with us, we may collect:
- Identity and contact details (name, date of birth, email, telephone number, address)
- Appointment, enquiry and referral information sent through our forms, phone, email or WhatsApp
- Clinical and dental records when you are a patient, including medical history, examination findings, radiographs, photographs, models, consent records and treatment notes
- Insurance, payment plan or finance-related information where relevant to your care
- Communications between you and the practice, including complaints correspondence
- Marketing preferences where you have chosen to hear from us
- Technical data from your use of our website, such as IP address, browser type, device information and pages visited
Health and clinical information is special category data under UK GDPR. We only process it where the law allows, including for the provision of health or social care and to meet our professional obligations.
How we use your information
We use personal data to:
- Respond to enquiries and manage appointment requests
- Provide dental assessment, diagnosis, treatment, aftercare and related administration
- Maintain complete, accurate and contemporaneous clinical records in line with GDC standards
- Share information with others involved in your care where appropriate, as explained below
- Process payments, insurance claims and finance arrangements
- Send service-related messages about your care or appointments
- Send marketing communications only where you have given consent or where permitted by law
- Improve our website, services and patient experience
- Handle complaints and respond to regulatory requests
- Meet legal, regulatory and professional obligations, including those of the GDC and CQC
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
Legal bases for processing
Under UK GDPR and the Data Protection Act 2018, we rely on one or more of the following, depending on the activity:
- Contract — to provide care you have requested or to take steps before entering into a treatment agreement
- Legitimate interests — to operate and improve our practice, respond to enquiries, keep our website secure and manage complaints, balanced against your rights
- Legal obligation — to comply with healthcare, tax, safeguarding and regulatory duties
- Consent — where required, for example for certain marketing communications or non-essential cookies
- Health and social care purposes — for clinical care and associated administration (Article 9(2)(h) UK GDPR, with appropriate safeguards)
- Public interest in health — where applicable for healthcare management and quality assurance
- Vital interests — only in exceptional circumstances where necessary to protect life
Sharing information and confidentiality
We treat patient information as confidential and protect it in line with GDC Principle 4 (Maintain and protect patients' information). We do not sell your personal data.
We explain to patients when information may need to be shared with others involved in their healthcare, what will be shared, why, and the likely consequences. Where consent is required, we record your choice in your clinical notes. You may ask us not to share information in certain circumstances, and we will respect that unless disclosure is required by law, justified in the public interest, or in the overall benefit of a patient who lacks capacity.
We may share information only where necessary with:
- Clinicians and staff involved in your direct care at the practice
- Specialists, laboratories, dental technicians, insurers or finance providers involved in your treatment or payment
- IT, website, email, form and practice-management providers that process data on our instructions
- Professional advisers, insurers or regulators where we are legally or professionally required to do so
Anyone receiving confidential patient information from us is expected to keep it confidential and use it only for the purpose provided. Some service providers may process data outside the UK. Where this happens, we use appropriate safeguards such as UK adequacy regulations or contractual protections.
How long we keep data
We keep personal data only for as long as needed for the purposes above, including:
- Clinical records (adults): at least 11 years from the date of your last appointment, or until age 25 if you were under 18 when last seen — whichever is longer
- Clinical records (patients under 18): until your 25th birthday, or 11 years from the date of your last appointment — whichever is longer
- Enquiry and website data: typically up to 24 months unless a longer period is needed to follow up care or resolve a complaint
- Marketing data: until you withdraw consent or ask us to stop, or for a reasonable period after your last interaction
- Financial and tax records: as required by UK law, which may be up to six years
When data is no longer needed, we securely delete or anonymise it in line with our record retention procedures.
Access to your records
Although patients do not own their dental records, you have the right to access personal data we hold about you under UK data protection law. This includes the right to request copies of your records. We will respond promptly and, at the latest, within one month of a valid request, in line with GDC standards and UK GDPR.
We may need to redact third-party information or information that could cause serious harm if disclosed. In most cases we provide copies free of charge. We may charge a reasonable fee only where a request is manifestly unfounded, excessive or repetitive.
Your other rights
Subject to applicable law, you may also have the right to:
- Ask us to correct inaccurate information
- Request erasure in certain circumstances
- Object to or restrict certain processing
- Request data portability where applicable
- Withdraw consent where processing is based on consent (for example marketing or non-essential cookies)
To exercise your rights, contact us at hello@thisisitdental.london or +44 (0) 20 7486 5180. We will document access requests and our response.
You have the right to complain to the Information Commissioner's Office (0303 123 1113) if you are concerned about how we use your information.
Complaints about your care or our service
If you are unhappy with any aspect of your dental care or how we have handled your information, please contact us first so we can try to resolve your concern. See our complaints procedure in our Terms of Service for full details.
If you remain dissatisfied after our final response, private patients may contact the Dental Complaints Service on 020 8253 0800 or enquiries@dentalcomplaints.org.uk. Concerns about a registrant's fitness to practise may be referred to the General Dental Council.
Security
We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss or misuse. Clinical records are stored securely whether held on paper or electronically. Confidential information sent electronically is protected using appropriate security measures.
No online transmission is completely secure. Please avoid sending sensitive clinical information by unsecured channels unless we have asked you to do so.
Changes to this notice
We may update this privacy notice from time to time. The "Last updated" date at the top of this page shows when it was last revised. Significant changes will be reflected on this website. A copy is available on request by email or post.
