Brite Dental Privacy Policy

Our mission statement –

At Brite dental our mission is to protect the privacy of all patient’s personal data and store it in a safe and secure environment that maintains confidentiality. We are fully committed to handling your personal data in accordance with General Data Protection Regulations (GDPR). Brite Dental is the data controller and this privacy notice describes how we collect and use your personal information.

We will only collect information that is necessary to deliver your dental and oral health care. We will protect your data by only sharing it with 3rd party providers that are necessary to improve upon and deliver services and have confirmed that they have the appropriate security measures in place to comply with the GDPR. 

Why we collect your data

Brite Dental collects your personal data in order to provide dental health care, treatment and management to you. Our lawful basis for processing your data is special category, this allows us to carry out the provision of your dental and oral health care, treatment and management as we have previously done.

For us to keep you up to date with the latest services, products, exclusive events and special offers you will be required to opt in to receive these. Once you opt in, you can opt out at any stage by clicking unsubscribe in any marketing email you have received or by asking our reception team to opt you out.

Brite Dental uses cookies to enhance your experience, further information can be obtained about cookies here

How we collect your information

We only collect your information directly from you for you, or if you are making an appointment on behalf of someone including children.  We may also receive personal data from the NHS that relates directly to your oral and dental health.

What information we collect

We collect personal information relating to your residential address, contact number, relevant medical and dental history.

Sharing your information

We will only use your data as the law allows.

We may share your data with third party service providers that are necessary for us to deliver the services to you. All third-party service providers are required to confirm that they have the appropriate security measures in place to comply with the GDPR and only process your personal information in accordance with our instructions.   

Retention period

Under GDC (General Dental Council - the regulatory body which governs dentists) guidelines we are required to retain all information on your health record for 12 years or if the patient is a child at the time of treatment until they reach their 25th Birthday whichever one is first. After this your file will be made inactive or deleted on our computer software system or paper records will be shredded and disposed of appropriately.

Any details that we may hold for you that are not directly related to your health record will be deleted in accordance with out retention policy.

Your right to access

You have the right to receive a copy of the data we hold about you. You should do this in writing and we will need verification that the request has come from you personally.   We will endeavour to provide this without delay and within 1 month of your written request however, we reserve the right to extend this by 2 months if the request is complex or numerous.

Your right to rectification

You have the right to rectify any of your personal data if it is inaccurate or incomplete unless this proves impossible or involves disproportionate effort. Brite Dental will endeavour to allow you the opportunity to review and amend your personal details when you attend for an oral health check. You can also make a request to update your personal details via phone or email.

Your right to erasure

Brite Dental erase your data if you have not attended the clinic for 11 complete years or if you have been treated as a child and have reached your 25th birthday and have not attended.  This is in accordance with the GDC Guidelines.

Your right to restriction

You have a right to ‘block’ or supress your data from being processed. You can make a written request for this. We will continue to store that data under GDC Guidelines, but we will not process it. In this event we will make your file inactive and prevent any further processing. In the rare event we need to access your data we will inform you.

Your right to object

If you object to Brite Dental processing information required and relevant to carrying out your health care, you may be unable to be a registered patient.   

Your right to data portability or automated decision making

These are not applicable to Brite Dental.

Failing to provide Brite Dental with your personal information

In the event you refuse or fail to provide personal information Brite Dental may refuse to see you for your health care as all information we collect is essential to carrying out this service.


Brite Dental may have CCTV installed. If they do it will be clearly displayed via sign. The purpose of the CCTV is to ensure the safety of staff and patients. Notices are displayed in areas where CCTV is in operation.

Breach reporting 

In the event of a suspected or actual data breach Brite Dental will make an assessment of the risk to individuals patients and clients.  If the breach is assessed as high risk the affected individual will be contacted as soon as possible and is appropriate the Information Commissioners Office will also be notified in accordance with our notification policy.   

Queries and concerns 

If you have a query about any aspect of this policy, a concern about your personal data or suspect a data protection breach please contact the practice manager.

If you have a concern or complaint that we cannot resolve then you can contact the Information Commissioners Office, Wycliffe House, Water Lane, Wilslow, Cheshire, SK95AF.

This document was last updated on May 18, 2018.