Please read this Privacy Notice. It relates to how Boutique Whitening Limited (”us” / “we” / “our”) hold and process your information (data) and your rights in relation to that data.
We are registered with the Information Commissioners Office. Our registration number is ZA392695. We are a limited company. Our company registration number is 09132758 and our registered office is at Market Street, Hebden Bridge, HX7 8AD. The person responsible for data protection at Boutique Whitening Limited is Jessica Ryder (“Data Compliance Manager”) who can be contacted by email at email@example.com or in writing to our registered office address above.
Our website is www.boutiquewhitening.com (“website”)
We are a “data controller”. This means that we are responsible for deciding how we hold and use data about individuals in some circumstances. We are required under data protection legislation to notify you of the information contained in this privacy notice. We have a duty to keep data secure and maintain confidentiality and we will do so.
We are also a “data processor” of data.
The data that we process as a Data Controller
We obtain and hold data about from our clients who are dentists and dental practitioners (Dentists). They refer their patients to us to undertake work upon their patients’ behalf. The Dentist data includes details of the business name, contact details (such as names, email addresses and direct and mobile telephone numbers), and addresses. We also obtain details of Dentists’ bank accounts and payment information and details of work we have carried out for Dentists and the cost of that work.
We obtain this data for the purpose of carrying out work for the Dentists.
This data is processed by us as it is necessary for us to do so to perform our contract with the Dentist or in anticipation that we will enter into a contract. We then continue to hold the data as we consider that is necessary for us to do so both in the legitimate interests of our business but also in the legitimate interests of the Dentists as the information we hold assists with future business relationships with our Dentist clients.
The Dentist data we hold is shared with our associated companies. Please see the section below relating to Data Sharing.
In the case of other companies, businesses, organisations or associations with whom we have a professional relationship or potentially common interest, we may also hold data comprising the contact details including names, company / business name, email address/es, contact telephone numbers, and postal address.
The purpose we hold this data is for the professional relationship or in common interest with the other organisation. We consider that it is necessary for us to process this data on the lawful basis that it is in the legitimate interests of our business to enhance and preserve those relationships.
We believe it is necessary for these cookies to use your data on the lawful basis that it is in the legitimate interests of our business for the purpose that we need to use these cookies to monitor use of our website, track the use of our website, to keep our website updated and relevant, to develop our business, to inform our marketing strategy and to improve and develop website performance. It is also necessary for us to use these cookies to enhance and assist a visitor’s experience when using our website.
We will only use the cookies for these purposes.
The data that we process as a Data Processor
Dentists provide personal data relating to their patients (Patients) when we are to carry out work for the Patient. The personal data of Patients [is limited] to their names.
Patients’ data is processed by us as data processors. We have agreements in place between us and our Dentists relating to our processing of Patients’ data as data processors.
The data of Patients never comes into our possession but is sent straight by Dentists to the subcontractor who undertakes the required work upon our behalf. It is also passed to our contractors who undertake the work. Please see the section below relating to this (Data Sharing).
Retention of data
We may retain your data indefinitely, except that:
(A)We will delete and destroy any bank or payment details once payment has been processed;
(B)We regularly review the data that we hold, at least annually, and if we hold data about a Dentist with whom we have not had any dealings for over TWO
years then we will destroy some of the data we no longer need but will retain Dentists’ names and contact details as we consider it is in the legitimate interests of our business to retain a database of these names and in doing so we do not believe that this will affect the rights and freedoms of the individuals concerned.
2. Dentists’ Patients
The data relating to Patients s held by our sub-contractor for seven years in line with British Dental Association guidelines. The data will then be deleted.
3. Third Parties
We retain the information under paragraph 3 above indefinitely. This is because it is in the legitimate interests of our business to retain a database of such third parties and in doing so we do not believe that this will affect the rights and freedoms of the individuals concerned.
4. Visitors to our website
We instruct a third party who is based in the United Kingdom to undertake work carried out upon our Dentists and Patients’ behalf. We have a written agreement in place with this third party which regulates the purpose for which they hold and process the data as sub-contractor data processors for us.
This third party is S4S DENTAL LABORATORY whose address is 151 Rutland Road, Kelham Island, Sheffield, S3 9PT
In addition, the data may be stored on a cloud based computer system. This is hosted and owned by a company based in Canada. We have a written agreement in place with this third party which regulates the purpose for which they hold and process the data and ensures that security measures are in place.
We share the data we hold relating to Dentists with our associated companies. These are Academy of Clinical Excellence Limited (company registration number 06254493), Quick Straight Teeth Limited (company registration number 08106819), and BDS Laboratory LLP (LLP registration number OC367793). All of these companies are registered in England and Wales and with the Information Commissioner’s Office to process personal data. The information is shared as we consider that this may be of benefit to the Dentists as all of these companies undertake work for Dentists in differing fields of dentistry.
The data taken by cookies will also be shared with our website provider / host Fablr. Our relationship with them is that they are a data processor upon our behalf and we have a written agreement in place with them which regulates this processing and which ensures that your data is kept secure.
We may also share data with our legal advisers and accountants where we deem it necessary to do so.
Your data will not otherwise be shared with any other third party without your consent.
Data will not be held or processed outside the EEA.
We do not deal with the automated processing of data.
We are obliged to ensure that the data we hold about you is correct. You have the right to ask for the data to be rectified if it is not and we will then take appropriate action to do so.
You have the right to seek to restrict the processing of your data in some circumstances.
Where we rely on legitimate interests as the basis for processing, you may ask for the data to be erased and if there is no overriding legitimate interest for us to continue the processing then we will do so.
You can also object to the processing of your data where we rely on legitimate interests as the basis for processing.
You have the right to seek confirmation of the fact that we are processing your data, to ask what that data comprises, and also to ask for copies of your data.
How to exercise your rights
If you would like to exercise any of your rights, please write to us at the registered address given at the top of this Notice. We will then consider your request and action the same as necessary although in some circumstances we may have a legitimate reason for not being able to action your request. If this should be the case then we will notify you of the reason why.
If you have cause for complaint
If you have any cause for complaint, or do not believe that we are processing your data fairly or in line with our obligations as a data controller or a data processor, then we would ask that you contact us in the first instance with your concerns although you are not obliged to do so and you may contact the Information Commissioner’s Office whose details can be found at www.ico.org.uk