Privacy policy

Privacy Policy

Last updated: 30/01/2026

Envisage Dental (“we”, “us”, “our”) is committed to protecting your personal data and being transparent about how we collect, use, and store it. This Privacy Policy explains how your personal information is handled when you visit our websites, contact us, or receive care at one of our dental clinics.

1. Who We Are

Envisage Dental is a group of dental practices operating across the UK. Each practice operates under its own brand name but is part of the Envisage Dental group.

Data Controllers

  • Individual dental practices are the Data Controller for patient care and clinical records.
  • Envisage Dental UK Ltd acts as:
    • Data Controller for group-level marketing, websites, and digital platforms, and/or
    • Joint Controller with practices where data is shared for operational or marketing purposes.

This structure ensures patient data is managed safely, lawfully, and transparently.

Group Entity: Envisage Dental UK Ltd The Hub, Devonshire House Aviary Court, Basingstoke, RG24 8PE

Data Protection Contact: Email: dataprotection@envisage-dental.co.uk

2. What Personal Data We Collect

2.1 Information you provide

  • Name and contact details
  • Appointment requests and enquiries
  • Medical and dental information required for treatment
  • Marketing preferences
  • Payment and billing information (where applicable)

2.2 Website & digital interactions

  • IP address and device information
  • Pages visited and interactions
  • Cookies and analytics data
  • Online booking activity
  • Contact form submissions

2.3 Messaging & automated tools

If you contact us via:

  • Live chat or chatbots
  • WhatsApp or other messaging platforms

We may collect:

  • Message content
  • Interaction timestamps
  • Technical data required to manage the service

These tools are used to support enquiries and improve service — not to provide clinical diagnosis or automated medical decisions.

3. How We Use Your Personal Data

We use your personal data for the following purposes:

3.1 Providing dental care

  • Booking and managing appointments
  • Maintaining accurate clinical records
  • Communicating about your treatment
  • Complying with professional and legal obligations

3.2 Customer service & enquiries

  • Responding to questions or requests
  • Managing feedback or complaints

3.3 Marketing & communications

Where you have provided consent, we may send:

  • Appointment reminders
  • Practice updates
  • Offers or promotions

Communications may be sent by email, SMS, phone, or WhatsApp. You can withdraw consent at any time.

3.4 Website improvement & analytics

  • Understanding how visitors use our websites
  • Improving user experience and content
  • Measuring marketing effectiveness

4. Lawful Bases for Processing

We process personal data under the UK GDPR using the following lawful bases:

  • Contract – to provide dental care and related services
  • Legal obligation – to maintain clinical records and meet regulatory duties
  • Consent – for marketing, cookies, WhatsApp, and optional communications
  • Legitimate interests – for service improvement and website analytics
  • Vital interests – in emergency situations

5. How We Share Your Information

We may share personal data with:

  • Clinicians and staff involved in your care
  • Dental laboratories and specialist providers
  • IT, booking, CRM, and practice management software providers
  • Payment processors
  • Marketing and analytics providers (only where consent applies)
  • Messaging service providers (e.g. WhatsApp Business)

All third parties are required to:

  • Process data securely
  • Use it only for agreed purposes
  • Comply with UK GDPR

We do not sell personal data.

6. Group & Third-Party Transfers

Some service providers may process data outside the UK or EEA. Where this happens, we ensure appropriate safeguards are in place, including:

  • UK adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Equivalent legal protections

7. Data Retention

We retain personal data only for as long as necessary:

  • Clinical records: Minimum 11 years (or until age 25 for children)
  • Marketing data: Until consent is withdrawn
  • Website & analytics data: Typically, up to 26 months
  • Chatbot and messaging data: In line with provider settings and business need

8. Your Rights

You have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request deletion (where legally permitted)
  • Restrict or object to processing
  • Withdraw consent at any time
  • Request data portability

Requests can be made via: dataprotection@envisage-dental.co.uk

9. Cookies & Tracking Technologies

Our websites use cookies to:

  • Enable core functionality
  • Measure performance and usage
  • Support marketing activity (with consent)

You can manage your cookie preferences at any time via our cookie banner or browser settings.

See our Cookie Policy for full details.

10. Messaging Services (WhatsApp & Chat Tools)

If you contact us via WhatsApp, live chat, or chatbot services:

  • Messages may be stored securely
  • Conversations may be monitored for quality and compliance
  • Metadata may be processed by the platform provider
  • Sensitive clinical information should only be shared when requested through secure channels

11. Data Security

We use appropriate technical and organisational measures to protect your data, including:

  • Secure systems and encryption
  • Access controls
  • Staff training
  • Regular audits and reviews

 

12. Complaints & Regulator Contact

If you have concerns about how your data is handled, please contact us first.

13. Changes to This Policy

We may update this Privacy Policy from time to time. The most recent version will always be published on our websites.