Privacy Policy

1. Introduction

OpenDent ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our dental platform service.

As a UK-based company, we comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other applicable UK data protection laws.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the service.

2. Information We Collect

3. Legal Basis for Processing

Under UK data protection law, we must have a lawful basis for processing your personal data. We process your data on the following legal grounds:

• Contract: Processing necessary for the performance of our contract with you
• Legitimate interests: Processing necessary for our legitimate business interests
• Consent: Processing based on your specific consent
• Legal obligation: Processing necessary to comply with our legal obligations
• Vital interests: In rare cases, processing necessary to protect someone's life

For special category data (such as health information), we rely on specific conditions under the Data Protection Act 2018, including explicit consent and processing for healthcare purposes.

4. How We Collect Information

We collect information through:

• Account registration and profile creation
• Form completions and direct interactions with our service
• Communications with our customer support
• Automatic data collection technologies (cookies, web beacons)
• Integration with dental practice management systems (with authorisation)
• Third-party service providers (with your consent)

5. Use of Your Information

We may use the information we collect for various purposes, including:

• Providing, maintaining, and improving our services
• Processing appointments and facilitating communication between patients and dental providers
• Managing your account and providing customer support
• Sending administrative information, updates, and service-related notifications
• With your consent, sending marketing communications about our services
• Analysing usage patterns to enhance user experience
• Complying with legal obligations
• Detecting, preventing, and addressing technical issues or fraudulent activities

6. Health Information Privacy

As a service that processes health information, we adhere to the following practices:

• We implement physical, technical, and administrative safeguards to protect health information
• We enter into appropriate data processing agreements with dental providers using our platform
• We only use or disclose health information as permitted by UK data protection laws
• We maintain audit logs of access to health information
• We provide mechanisms for patients to access and request corrections to their health information
• We comply with NHS Digital standards where applicable

For healthcare providers, we assist with compliance with the General Dental Council's standards for patient confidentiality.

7. Disclosure of Your Information

We may share your information with:

• Dental providers you choose to connect with through our platform
• Third-party service providers who perform services on our behalf (e.g., payment processing, data analysis)
• Business partners with your consent
• In response to a legal request if required by law
• To protect and defend our rights and property
• With your consent or at your direction

We do not sell your personal information to third parties.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, and applicable legal requirements.

In some circumstances, we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.

9. Data Security

We implement appropriate security measures to protect your information, including:

• Encryption of sensitive data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Staff training on data protection
• Incident response procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

10. Your Rights Under UK Data Protection Law

Under UK data protection law, you have the right to:

• Access your personal data (known as a "subject access request")
• Have inaccurate data corrected
• Request erasure of your personal data in certain circumstances
• Restrict or object to processing of your data in certain circumstances
• Request the transfer of your data to you or a third party
• Withdraw consent at any time, where we rely on consent to process your data
• Make a complaint to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues

You will not have to pay a fee to access your personal data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

11. Children's Privacy

Our service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe we may have collected information about your child, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries outside the UK. These countries may have different data protection laws.

Whenever we transfer your personal data outside the UK, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

• Transfers to countries that have been deemed to provide an adequate level of protection for personal data by the UK government
• Use of specific contractual clauses approved by the UK government which give personal data the same protection it has in the UK
• Where we use providers based in the US, we may transfer data to them if they are part of a framework that ensures they provide similar protection to personal data shared between the UK and the US

13. Cookies

Our website uses cookies to distinguish you from other users. This helps us provide you with a good experience and allows us to improve our site.

For detailed information on the cookies we use, the purposes for which we use them, and how you can exercise your choices regarding our use of cookies, please see our Cookie Policy.

14. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

15. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

Data Protection Officer
Email: support@OpenDent.com

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (https://ico.org.uk).