Data protection privacy notice

About us

We are The Curve Dental, located at 22 Boutport Street, Barnstaple, Devon EX31 1RP.
We are committed to complying with the UK General Data Protection Regulation (UK GDPR),
the Data Protection Act 2018, and the guidance of the General Dental Council (GDC), NHS,
and other relevant standards.

Ravi Patel is our Data Protection Officer and is responsible for ensuring the secure and
lawful processing of your personal data. You can contact him by email at
ravi@thecurvedental.co.uk
or by phone on 01271 500050.

Why we hold information about you

To provide you with high-quality dental care and treatment, we need to keep records of
information about you and your health. Sometimes we may also receive information from
other healthcare providers involved in your care. This notice explains what information
we hold, why we hold it, and how we use it.

Information that we hold and how we collect it

We may hold the following types of personal information about you:

  • Contact details: name, address, date of birth, telephone number, email address, NHS number, National Insurance number
  • Medical and dental histories, including your GP’s details
  • Clinical records made by our team during consultations and treatment
  • X-rays, digital scans, photographs, and study models
  • Treatment plans, notes of conversations, and records of consent
  • Appointment history and correspondence with you
  • Financial information: treatment costs, payments made, NHS exemptions
  • Details of complaints or feedback
  • Correspondence with other healthcare professionals or organisations
  • Employment details (if you apply for a role with us)
  • Social media identifiers if you engage with us online
  • Data submitted via patient portal, contact forms, or feedback tools

We may collect your data:

  • In writing: paper forms (medical history, consent, NHS forms, treatment plans)
  • Digitally: website forms, patient portal submissions, email or other digital correspondence
  • Verbally: in-person conversations or phone calls

We collect this data to fulfil our contract with you, meet legal and regulatory obligations,
and deliver appropriate care. Our lawful bases include:

  • Consent
  • Legitimate interest (ensuring continuity of care)
  • Legal obligation, including NHS record-keeping requirements
  • Special category data under Article 9 for healthcare provision and legal claims

Approved by: Ravi Patel
Date published: 29/01/2026
Next review date: 29/02/2027

How we use your information

  • Provide and manage your dental care and treatment
  • Schedule appointments and send reminders
  • Maintain accurate medical records
  • Process NHS claims and manage exemptions
  • Respond to enquiries or complaints
  • Share updates about services or offerings (with your consent)
  • Process job applications
  • Improve services through patient feedback and quality monitoring

We send reminders via SMS, email, or telephone. We may also contact you after
appointments for feedback. These communications are considered legitimate interest
for continuity of care and service improvement and are not marketing.

We will only send marketing content with your explicit, recorded consent.

Call recording

Some of our phone calls may be recorded:

  • To provide evidence of transactions
  • For regulatory compliance
  • For training and quality assurance
  • For prevention or detection of crime

During the COVID-19 pandemic, telephone consultations were used for triage.
You will be notified of any call recording via a pre-recorded message.
Recordings are stored securely in a restricted-access portal.

Sensitive information

You may choose to share sensitive information with us, including:

  • Ethnic origin
  • Gender
  • Underlying health conditions

We only collect and use this information where it is relevant and lawful, such as for
employment, diversity monitoring, or personalised care.

Third-party personal information

If you provide information about others, such as dependants or emergency contacts,
you must have their consent to do so.

Approved by: Ravi Patel
Date published: 29/01/2026
Next review date: 29/02/2027

Sharing your information

We may share your information securely with:

  • Your GP or referring clinicians
  • NHS bodies and payment authorities
  • Hospitals, community services, and specialist care providers
  • Dental laboratories
  • Private insurers or dental plans
  • DWP and HMRC
  • Debt collection agencies
  • Regulators such as the GDC, CQC, and ICO
  • Law enforcement, legal bodies, or during a business sale

All data sharing is limited to what is necessary. NHS communications are conducted
using NHS-encrypted email systems.

National data opt-out

We comply with the NHS National Data Opt-Out policy. You may opt out of your confidential
data being used for purposes beyond your care, such as research or planning.

Visit https://www.nhs.uk/your-nhs-data-matters

Use of our website

  • Data you provide via forms, patient portals, or email
  • Browsing behaviour, IP address, device type, and user agent
  • Interaction data via cookies and analytics tools
  • Social media interactions via embedded platforms

This data is used to improve your experience, respond to enquiries, customise content,
and track service usage. Cookies can be controlled via browser settings.

Anonymous, aggregated data

We may collect anonymised data for analytics, service improvement, and marketing
strategy. This data does not identify individuals.

Controlling your information

  • You only need to complete required fields on forms
  • You can set communication preferences
  • You can opt out of non-essential communications
  • You can request access, correction, or deletion of your data

Keeping your information safe

  • Password-protected systems and secure servers
  • Locked rooms and cabinets for paper records
  • CCTV for premises security
  • Virus protection and firewalls
  • Encrypted backups and secure cloud storage
  • Access restricted to authorised staff

While safeguards are in place, online data transmission carries inherent risk.
HTTPS encryption protects data in transit, but online submission is at your own risk.

Social media and public spaces

Please do not share personal data via comments or posts on our digital platforms.
Content posted publicly may be accessed or reused by others.

Staff training and confidentiality

All team members receive regular training on confidentiality, secure data handling,
and regulatory compliance.

Retention of records

  • Adults: 11 years from the date of last visit
  • Children: until age 25, or 26 if last treated at age 17
  • NHS PR forms: minimum of 2 years

Your rights

  • Access your personal data
  • Correct inaccurate or incomplete data
  • Request deletion where legally permissible
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent at any time

Requests should be directed to
ravi@thecurvedental.co.uk
or 01271 500050.

Children’s data

If you are under 13, parental or guardian consent is required. From age 13,
you may manage your own data choices depending on your understanding.

If you have concerns

If you have concerns about how we handle your data, please contact our team.
You may also contact the Information Commissioner’s Office (ICO):

  • Website: www.ico.org.uk
  • Phone: 0303 123 1113
  • Address: Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF