Privacy Policy

Toome Dental & Aesthetics

At Toome Dental & Aesthetics, we take great care with all personal data we hold to ensure we comply with best professional practices and the law.

We are a Data Controller under the terms of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This Privacy Notice explains what personal data we hold, why we hold and process it, who we may share it with, and your rights under data protection law.

Types of Personal Data We Collect

We hold personal data in the following categories:

Patient clinical and health data and correspondence
Staff employment data
Contractor and supplier information

Why We Process Personal Data

“Processing” means obtaining, storing, updating and archiving data. We process personal data for the following purposes:

Patient data – to provide you with appropriate, safe, and high-quality dental and aesthetic care
Staff data – to meet our obligations under employment, taxation and pensions legislation
Contractor data – to manage working relationships and fulfil contracts

Lawful Basis for Processing

We process personal data under the following legal bases:

Patients: We hold your data because it is necessary for the provision of healthcare and treatment, a legitimate interest supported by Article 6(1)(e) and Article 9(2)(h) of the UK GDPR.
Staff: We process staff data to meet our legal obligations.
Contractors: We process data to fulfil our contractual obligations.

Who We May Share Your Data With

We will only share your information where necessary and always securely.

Patient data may be shared with other healthcare professionals involved in your care (e.g. if we refer you to a specialist or require laboratory work).
Data may also be securely stored with our dental software provider for backup purposes.
Staff and contractor data may be shared with government bodies such as HMRC, payroll providers, and accountants.

Your Rights

You have the right to:

Be informed about the data we hold and why we process it
Request access to the data we hold about you
Correct any inaccurate or incomplete information
Request deletion of your data in certain circumstances
Request the transfer of your data to another provider
Restrict how we process your data in certain situations

To make a request or exercise any of these rights, please contact:

📧 hello@toomedental.com

📞 02879 650 630

How Long We Keep Your Data

Patient records are kept while you are receiving care and then archived securely in accordance with NHS or professional guidelines.
Children’s records are kept until age 25 (or 26 if last treatment was at age 17), or for 15 years (NHS) / 11 years (private) after completion of treatment, whichever is longer.
Staff data is kept for 6 years after employment ends.
Contractor data is kept for 7 years after the contract ends.

Privacy Notice for Children

We keep information like your name, address, birthday, health problems, treatments, and family details so we can give you the best care. Your information is kept securely and confidentially.

We only share your information with other health professionals (like a dentist or doctor) if needed. We won’t share it with anyone else unless the law says we must.

If you stop coming to the clinic, we’ll keep your information securely until you’re 25 (or 26 if you were 17 when you finished treatment), or as legally required.

You can ask to see your information, have it corrected, or transferred to another clinic. When you turn 18, the adult version of our Privacy Policy will apply.