top of page

GDPR & Data Protection Policy

At Pristine Smile, we are committed to protecting your personal information and handling all patient data securely, responsibly, and in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy explains how we collect, use, store, and protect your personal information when you visit our practice or use our website.

Who We Are

Pristine Smile
24–27 Brandon Terrace
Edinburgh
EH3 5DZ

Email: info@pristinesmile.co.uk
Phone: 0131 297 3654

Pristine Smile is responsible for processing and protecting patient information collected through our dental services and website.

Information We Collect

We may collect and process the following information:

  • Full name

  • Date of birth

  • Address and postcode

  • Telephone number

  • Email address

  • Medical and dental history

  • Treatment records and appointment history

  • Payment and billing information

  • Website enquiry form submissions

  • Marketing preferences where consent has been provided

How We Use Your Information

We use your personal information to:

  • Provide safe and appropriate dental care

  • Manage appointments and patient records

  • Communicate regarding treatment and services

  • Respond to enquiries submitted through our website

  • Process payments and maintain financial records

  • Meet legal, regulatory, and NHS obligations

  • Improve our services and patient experience

  • Send marketing communications where consent has been given

We only process personal information where there is a lawful basis to do so.

Lawful Basis for Processing

Under UK GDPR, we process patient information based on:

  • Consent

  • Legitimate interests

  • Contractual obligations

  • Legal and regulatory requirements

  • Provision of healthcare services

Special category health information is processed only where necessary for dental care and healthcare management.

How We Store & Protect Your Information

We take appropriate technical and organisational measures to protect patient information against unauthorised access, misuse, loss, disclosure, or alteration.

Patient records are securely stored and accessed only by authorised individuals involved in patient care or practice administration.

Our systems, website, and third-party providers are selected with security and confidentiality in mind.

Sharing Your Information

We may share patient information where necessary with:

  • Dental laboratories

  • Referral specialists and healthcare professionals

  • NHS services and regulatory bodies

  • Secure dental software providers

  • Payment processing providers

  • Legal or regulatory authorities where required by law

We do not sell or share patient information for third-party marketing purposes.

Website Forms & Online Enquiries

Information submitted through our website forms is securely processed and used only for the purpose of responding to enquiries, arranging appointments, or managing patient care.

Please avoid submitting sensitive medical information through general website contact forms unless specifically requested.

Marketing Communications

Where consent has been provided, we may send updates regarding services, practice news, or appointment reminders.

You may withdraw consent for marketing communications at any time by contacting the practice directly.

Cookies & Website Analytics

Our website may use cookies and analytics tools to improve website functionality, performance, and user experience.

For further information, please view our Cookie Policy.

Your Rights Under UK GDPR

Under data protection legislation, you have the right to:

  • Request access to your personal information

  • Request correction of inaccurate information

  • Request deletion of information where legally permitted

  • Withdraw consent for marketing communications

  • Request restriction of processing in certain circumstances

  • Object to certain types of data processing

  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Information Commissioner’s Office (ICO)

The ICO is the UK’s independent authority for data protection and privacy rights.

Website: https://ico.org.uk

Data Retention

Patient records are retained in accordance with NHS, healthcare, legal, and regulatory requirements.

Information is only kept for as long as necessary to provide dental care and fulfil legal obligations.

Third-Party Services

Our website or practice systems may include secure third-party services for:

  • Appointment management

  • Website hosting

  • Analytics

  • Marketing tools

  • Online forms

  • Payment processing

These providers are expected to comply with applicable data protection regulations.

Contact Regarding Data Protection

If you have any questions regarding this policy or your personal information, please contact:

Email: info@pristinesmile.co.uk

Policy Updates

This GDPR & Data Protection Policy may be updated periodically to reflect changes in legal requirements, practice procedures, or website functionality.

Please check this page regularly for the latest version.

bottom of page