Privacy Policy
Important Legal Notice
This is a draft Privacy Policy template and must be reviewed and approved by qualified legal and data protection advisers before use. Dentello does not provide legal or regulatory compliance advice. This document should be customised to your specific data processing activities and reviewed by specialists in UK GDPR, data protection law, and healthcare regulation.
1. Introduction
Dentello is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, share, and safeguard personal data when you interact with our website, platform, or services.
Who We Are: Dentello operates the UK’s first dedicated dental workforce platform, connecting dental practices with qualified clinicians while providing compliance support, workforce management technology, and professional development resources.
Our Commitment: We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and applicable UK data protection law. We act as a data controller for the personal information we collect and process through our website and platform services.
Purpose of This Policy: This Privacy Policy describes our data protection practices and your rights as a data subject under UK law. It applies to all individuals whose personal data we process, including website visitors, dental practice contacts, clinicians, and platform users.
2. Who We Are & Contact Details
Data Controller: Dentello Limited [Company Number: XXXXX]*
*Placeholder – insert actual legal entity details
-
General Privacy Inquiries:
privacy@dentello.co.uk -
Data Protection Contact:
Email: dpo@dentello.co.uk -
Postal Address::
[Insert full registered office address] United Kingdom
Website Visitors
Individuals who access or browse www.dentello.co.uk, including those who complete contact forms, download resources, or interact with our content.
Dental Practice Contacts
Practice owners, managers, clinical leads, and authorised representatives from NHS, mixed, and private dental practices who enquire about or use Dentello's platform services.
Dentists and Clinicians
Qualified dental clinicians (dentists, dental therapists, dental hygienists) who register with Dentello, apply for positions through the platform, or express interest in clinical opportunities.
Separate Processing Activities: Where Dentello processes personal data as a data processor on behalf of dental practices (for example, managing clinician records within the platform), separate data processing agreements and privacy notices apply. This Privacy Policy covers Dentello’s activities as a data controller only.
Personal data you actively provide to us includes:
- Contact Information: Name, email address, phone number, practice/clinic name, job title
- Professional Information: GDC registration number, professional qualifications, clinical experience, specialisms, references
- Application and Registration Data: CVs, cover letters, portfolios, career history, availability preferences, location preferences
- Compliance Documentation: Right to Work evidence, professional indemnity certificates, DBS certificates, Hepatitis B immunity records, GDC annual retention confirmations
- Communication Content: Enquiries submitted via contact forms, emails, WhatsApp messages, call recordings (where disclosed), chat messages
- Account Credentials: Username, password (stored in encrypted form), security questions
- Payment Information: Billing details for clinics (processed via secure third-party payment providers)
- Feedback and Surveys: Responses to user satisfaction surveys, platform feedback, testimonials
When you visit our website or use our platform, we automatically collect certain technical information:
- Device Information: IP address, device type, operating system, browser type and version
- Usage Data: Pages visited, time spent on pages, navigation paths, links clicked, features accessed
- Cookies and Similar Technologies: Session identifiers, analytics cookies, preference cookies (see our Cookies Policy for full details)
- Log Files: Server logs recording access times, error logs, security event logs
- Analytics Data: Aggregated user behaviour patterns, traffic sources, conversion metrics
We may receive personal data about you from external sources, including:
- Job Boards and Recruitment Platforms: CV data, application information, professional profiles
- Professional Networks: LinkedIn profile information (where you connect with us or apply via LinkedIn)
- Referrals: Contact details and professional information provided by colleagues, professional contacts, or existing users who refer you
- Publicly Available Sources: GDC register (to verify registration status), professional directories, published research or articles
- References: Information provided by professional referees you nominate
- Background Check Providers: DBS disclosure information, Right to Work verification results
Responding to Enquiries
To respond to questions, requests for information, and general correspondence submitted via our website, email, or other communication channels.
Providing Information About Services
To respond to questions, requests for information, and general correspondence submitted via our website, email, or other communication channels.
Processing Clinic Onboarding
To process enquiries from dental practices, assess suitability for platform use, prepare proposals, execute agreements, and onboard clinics onto the Dentello platform.
Processing Clinician Applications
To review applications from dentists and clinicians, verify professional qualifications and compliance documentation, facilitate introductions to dental practices, and support placement processes.
Facilitating Matches and Introductions
To match clinicians with suitable practice opportunities, share relevant profiles with practices (with appropriate consent), and coordinate interviews and placement discussions.
Compliance Verification and Monitoring
To verify GDC registration, Right to Work status, professional indemnity, DBS clearance, and other regulatory requirements. To monitor document expiry dates and send renewal reminders.
Platform Operation and Account Management
To create and manage user accounts, provide access to platform features, authenticate users, and deliver platform functionality.
Improving Website and Platform
To analyse user behaviour, understand how our services are used, identify areas for improvement, test new features, and optimise user experience.
Marketing and Communications
To send newsletters, updates about new features, relevant job opportunities, industry insights, and promotional communications (where you have consented or we have a legitimate interest).
Security and Fraud Prevention
To detect and prevent fraudulent activity, unauthorised access, security incidents, and misuse of our website or platform.
Legal and Regulatory Compliance
To comply with legal obligations, respond to lawful requests from authorities, enforce our terms and conditions, and protect our rights and the rights of others.
- Legitimate Interests
We process personal data based on our legitimate interests (or those of third parties) where those interests are not overridden by your data protection rights. Our legitimate interests include:
• Operating and improving our platform and website
• Connecting dental practices with qualified clinicians (B2B service provision)
• Marketing our services to relevant healthcare professionals and practices
• Detecting and preventing fraud and security threats
• Understanding user needs and improving service delivery
• Maintaining accurate records for business administration
- Consent
Where we rely on consent, you have the right to withdraw your consent at any time. We use consent as a legal basis for:
- Marketing emails and newsletters (you can unsubscribe at any time)
- Non-essential cookies and analytics tracking
- Sharing clinician profiles with specific practices
- Processing special category data (where consent is the appropriate basis)
- Legal Obligation
We process personal data where necessary to comply with legal obligations, including:
- Verifying Right to Work compliance (Immigration Act requirements)
- Maintaining records for tax and accounting purposes
- Responding to lawful requests from regulatory authorities
- Complying with data protection law and subject access requests
7. Sharing Your Data
Dental Practices and Clinics
For Clinicians: With your consent or where necessary for contract performance, we share your professional profile, CV, qualifications, and compliance documentation with dental practices for the purpose of facilitating job opportunities and placements.
For Practices: We share contact and practice information with potential clinician candidates during the matching and introduction process.
Service Providers and Processors
We engage third-party service providers to support our business operations. These providers process personal data on our behalf under strict contractual obligations. Categories include:
- Cloud hosting and infrastructure providers (e.g., AWS, Google Cloud)
- Customer relationship management (CRM) platforms
- Email and communication platforms
- Analytics and performance monitoring tools
- Payment processors and billing systems
- Background check and compliance verification providers
- IT support and cybersecurity services
Professional Advisers
We may share personal data with solicitors, accountants, auditors, insurers, and other professional advisers where necessary for obtaining professional advice or services.
Legal and Regulatory Authorities
We may disclose personal data to regulatory bodies, law enforcement, courts, or other public authorities where:
- Required by law or legal process
- Necessary to comply with a lawful request or court order
- Required to protect our rights, property, or safety, or that of others
- Necessary to detect, prevent, or address fraud or security issues
Business Transfers
In the event of a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred to the acquiring entity or successor, subject to appropriate safeguards and notification to affected individuals.
Data Protection Standards: All third parties with whom we share personal data are required to maintain appropriate security measures and process data only in accordance with our instructions and applicable data protection law. We conduct due diligence on service providers and execute data processing agreements where required under UK GDPR.
8. International Transfers
Dentello’s operations are based in the United Kingdom. However, some of our service providers and technology infrastructure may be located outside the UK, which may result in your personal data being transferred to, stored in, or accessed from countries outside the United Kingdom.
Safeguards for International Transfers: Where we transfer personal data outside the UK, we ensure appropriate safeguards are in place to protect your data in accordance with UK GDPR requirements. These safeguards may include:
Adequacy Decisions:
Transfers to countries recognised by the UK government as providing adequate data protection (e.g., EEA member states under the UK-EEA data bridge)
Standard Contractual Clauses (SCCs):
UK-approved International Data Transfer Agreements or International Data Transfer Addendums with service providers
Supplementary Measures:
Technical and organisational measures to ensure data protection equivalent to UK standards
Specific Transfer Scenarios: Personal data may be transferred internationally in the following circumstances:
- Cloud hosting services (e.g., data stored on servers in the EEA or other approved jurisdictions)
- CRM and analytics platforms with international operations
- Technical support services provided by global vendors
- Payment processing infrastructure
You may request further information about the specific safeguards in place for international transfers by contacting us at privacy@dentello.co.uk.
Website Visitor Data
Analytics and Cookies: Up to 26 months (in line with common analytics platform retention)
General Enquiries: 2 years from last contact
Marketing Consent: Until consent is withdrawn, plus 1 year for compliance records
Dental Practice (Clinic) Data
Active Clients: Duration of commercial relationship plus 6 years (for contractual and tax purposes)
Prospective Clients: 3 years from last meaningful contact
Former Clients: 6 years from contract termination (UK limitation periods and tax law)
Clinician (Candidate) Data
Active Candidates: Duration of active job search plus 2 years
Placed Candidates: Duration of placement plus 6 years (for reference and compliance purposes)
Unsuccessful Applicants: 1 year from application (unless consent given for longer retention)
Compliance Documents: As required by regulation (e.g., Right to Work records: 2 years post-employment as per Home Office guidance)
Compliance and Legal Records
Tax and Accounting: 6 years from end of relevant financial year (HMRC requirements)
Legal Claims: Duration of limitation period (typically 6 years for contract claims)
Regulatory Requests: As required by regulatory authority or until legal obligation is satisfied
Retention Criteria: When determining retention periods, we consider:
- The nature and sensitivity of the personal data
- Potential risk of harm from unauthorised use or disclosure
- The purposes for which we process the data and whether we can achieve those purposes through other means
- Applicable legal, regulatory, tax, accounting, or other operational requirements
Secure Deletion: At the end of the retention period, personal data is securely deleted or anonymised in accordance with our data retention and disposal procedures.
Right of Access (Subject Access Request)
You have the right to request a copy of the personal data we hold about you, along with information about how we process it. We will respond within one month of receipt of your request.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data we hold about you. We will correct verified inaccuracies promptly.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data in certain circumstances, such as where data is no longer necessary for the purpose collected, or where you withdraw consent. This right is not absolute and may be limited by legal obligations to retain data.
Right to Erasure ("Right to be Forgotten")
You have the right to request deletion of your personal data in certain circumstances, such as where data is no longer necessary for the purpose collected, or where you withdraw consent. This right is not absolute and may be limited by legal obligations to retain data.
Right to Withdraw Consent
Where processing is based on your consent, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing prior to withdrawal. You can unsubscribe from marketing emails using the link in each email or by contacting us.
Right to Data Portability
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller.
How to Exercise Your Rights
To exercise any of these rights, please contact us at:
Email: privacy@dentello.co.uk
Subject line: “Data Subject Rights Request”
Please provide sufficient information to enable us to identify you and verify your identity. We may request additional information to confirm your identity before actioning your request.
Response Time: We will respond to your request within one month. In complex cases, this may be extended by up to two additional months, and we will inform you of any extension and the reasons for it.
Our website uses cookies and similar tracking technologies to enhance user experience, analyse website traffic, and improve our services.
What are Cookies? Cookies are small text files placed on your device when you visit a website. They help websites recognise your device and remember information about your visit.
Types of Cookies We Use:
- Essential Cookies: Necessary for website operation, including security, session management, and core functionality
- Analytics Cookies: Help us understand how visitors use our website, which pages are most popular, and where improvements can be made
- Functionality Cookies: Remember your preferences and settings to provide a personalised experience
- Marketing Cookies: Track your activity across websites to deliver relevant advertising (where you have consented)
Full Cookie Details:
For comprehensive information about the specific cookies we use, their purposes, duration, and how to manage your cookie preferences, please see our dedicated Cookies Policy.
Managing Cookies: You can control and delete cookies through your browser settings. However, disabling certain cookies may affect website functionality. Most browsers allow you to:
- View cookies stored on your device
- Delete cookies individually or all at once Block third-party cookies
- Block cookies from specific websites
- Block all cookies (not recommended for website functionality)
We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage.
Security Measures Include:
Encryption
Data in transit encrypted via TLS/SSL. Sensitive data at rest encrypted.
Access Controls
Role-based access. Multi-factor authentication. Regular access reviews.
Regular Backups
Automated backups with secure off-site storage and tested recovery procedures.
Security Monitoring
24/7 monitoring for security incidents. Intrusion detection systems.
Staff Training
Regular data protection and security awareness training for all staff.
Incident Response
Documented breach procedures. ICO notification protocols in place.
Data Breach Notification: In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the Information Commissioner’s Office (ICO) without undue delay and within 72 hours where feasible, in accordance with UK GDPR requirements.
Your Responsibility: While we implement robust security measures, you are responsible for maintaining the confidentiality of your account credentials and for any activity under your account. Please notify us immediately if you suspect unauthorised access.
Final Legal Notice
Dentello does not provide legal advice. These Terms & Conditions should be customised to reflect your specific business operations, risk profile, and legal requirements. We strongly recommend that you engage solicitors with expertise in UK commercial law, healthcare regulation, data protection, and digital services to review and finalise this document before publishing it on your website.
We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or operational needs.
Notification of Changes: When we make material changes to this Privacy Policy, we will:
- Update the “Last Updated” date at the top of this page
- Display a prominent notice on our website homepage
- •Email registered users about significant changes affecting their rights
- Seek fresh consent where required by law for material changes to processing purposes
Your Responsibility: We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. Your continued use of our website or services following the posting of changes constitutes your acknowledgment and acceptance of those changes.
Historical Versions: Previous versions of this Privacy Policy are available upon request by contacting privacy@dentello.co.uk.
If you have questions, concerns, or complaints about this Privacy Policy or our data processing practices, please contact us:
- Email: legal@dentello.co.uk
- General Inquiries: hello@dentello.co.uk
- Website: www.dentello.co.uk
Response Time: We aim to respond to all privacy inquiries within 5 working days, and to formal data subject rights requests within one month as required by UK GDPR.
You have the right to lodge a complaint with the UK’s data protection supervisory authority if you believe we have not handled your personal data in accordance with data protection law.
Information Commissioner’s Office (ICO)
Website: www.ico.org.uk
Helpline: 0303 123 1113
Live Chat: Available on ICO website
Address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
We would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us first if possible.
Final Legal Notice
Dentello does not provide legal advice. These Terms & Conditions should be customised to reflect your specific business operations, risk profile, and legal requirements. We strongly recommend that you engage solicitors with expertise in UK commercial law, healthcare regulation, data protection, and digital services to review and finalise this document before publishing it on your website.