Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Heritage Smile Group collects, uses, stores, and protects your personal data when you visit our website, make an enquiry, or become a patient. It also sets out your rights under UK data protection law and how to exercise them.
We take your privacy seriously, particularly because as a dental group we handle health information, which the law treats with extra care. Please read this policy carefully so you understand how your information is handled.
Who we are
Heritage Smile Group operates two dental practices in Cheshire:
Croft Dental and Implant Practice, 64 Manchester Road, Wilmslow, SK9 2JY. Telephone 01625 523 524.
Brunner Court Dental and Implant Practice, 95 Witton Street, Northwich, CW9 5DR. Telephone 01606 440 394.
For the purposes of UK data protection law, the data controller responsible for your personal data is [INSERT REGISTERED ENTITY NAME AND COMPANY NUMBER]. We are registered with the Information Commissioner’s Office under registration number [INSERT ICO REGISTRATION NUMBER].
If you have any questions about this policy or how we handle your data, please contact us at [INSERT DATA PROTECTION CONTACT EMAIL].
The information we collect
Depending on how you interact with us, we may collect the following.
- Information you give us directly
When you complete an enquiry form, request a free 3D Smile Assessment, or contact us by phone, email, or WhatsApp, we collect details such as your name, email address, phone number, your preferred practice, and any information you choose to share about your dental situation or the treatment you are interested in.
- Health information
As a dental group, we collect and hold information about your oral health, medical history, and treatment. This is special category data under UK GDPR and is given a higher level of protection. We only collect health information that is relevant to providing you with safe and appropriate dental care.
- Information we collect automatically
When you use our website, we collect certain technical information through cookies and similar technologies, such as your device type, browser, IP address, and how you navigate the site. Our Cookie Policy explains this in detail.
- Information from third parties
If another dentist refers you to us, we may receive your details and relevant clinical information from them. We may also receive information from advertising platforms about how you found our website.
How we use your information
We use your personal data for the following purposes.
To respond to your enquiry and arrange your free 3D Smile Assessment or appointment.
To provide dental treatment and care, and to keep accurate clinical records as we are required to do.
To communicate with you about your treatment, including appointment reminders and aftercare.
To discuss finance options with you, where relevant, including treatment funded through our finance provider, Tabeo. Where you apply for finance, your application is handled by the finance provider under their own terms.
To improve our website and understand how visitors use it.
To measure and improve our marketing and advertising.
To meet our legal, regulatory, and professional obligations, including those set by the General Dental Council and the Care Quality Commission.
Our legal basis for using your data
Under UK GDPR, we must have a lawful basis for processing your personal data. Depending on the situation, we rely on the following.
- Consent, for example when you submit an enquiry form or agree to receive marketing communications. You can withdraw consent at any time.
- Contract, where processing is necessary to provide the dental treatment you have asked us to provide.
- Legal obligation, where we are required to keep records or share information to comply with the law or our professional regulators.
- Legitimate interests, where we process data to run and improve our practices in a way you would reasonably expect and which does not override your rights.
For health information specifically, we rely on the additional condition under UK GDPR that processing is necessary for the provision of health care and treatment by or under the responsibility of a health professional.
Who we share your information with
We do not sell your personal data. We share it only where necessary, with the following.
- Our clinical and administrative team, who need access to provide your care and manage your enquiry.
- Our CRM and IT providers, including the system we use to manage enquiries and route them to the correct practice, who process data on our behalf under written agreements.
- Our finance provider, Tabeo, where you choose to explore or apply for finance. Heritage Smile Group is a credit broker, not a lender.
- Other healthcare professionals, such as a referring dentist or your GP, where this is relevant to your treatment and done with the appropriate basis.
- Analytics and advertising providers, including Google and Meta, in connection with website performance and advertising, as described in our Cookie Policy.
- Regulators, authorities, and professional bodies, where we are legally required to share information.
Where a provider processes data on our behalf, they act only on our instructions and are bound by obligations to keep your data secure.
How long we keep your information
We keep your personal data only for as long as necessary. Clinical records are retained in line with the retention periods required for dental records under UK guidance and our professional obligations. Enquiry and marketing data is kept for as long as needed for the purpose it was collected, after which it is securely deleted or anonymised.
If you would like more detail on our retention periods, please contact us using the details above.
How we protect your information
We take appropriate technical and organisational measures to keep your personal data secure and to protect it against unauthorised access, loss, or misuse. Access to your information is limited to those who need it, and our clinical records and systems are protected accordingly.
While we take security seriously, no method of transmission over the internet is completely secure, and we cannot guarantee absolute security of data sent to us online.
Your rights
Under UK data protection law, you have the following rights.
The right to be informed about how we use your data, which this policy provides.
The right of access to the personal data we hold about you.
The right to rectification if your data is inaccurate or incomplete.
The right to erasure of your data in certain circumstances, though this is limited where we are legally required to retain clinical records.
The right to restrict or object to certain processing.
The right to data portability in certain circumstances.
The right to withdraw consent at any time, where we rely on consent.
To exercise any of these rights, please contact us at [INSERT DATA PROTECTION CONTACT EMAIL]. We will respond within the timeframes required by law, normally within one month.
Cookies
Our website uses cookies and similar technologies. Full detail on the cookies we use and how to manage them is set out in our Cookie Policy.
Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and regulatory reasons. When we do, we will update the date at the top of this page. We encourage you to review this page periodically.
How to contact us or make a complaint
If you have any questions about this policy, or you wish to exercise your rights, please contact us.
Croft Dental and Implant Practice, 64 Manchester Road, Wilmslow, SK9 2JY. Telephone 01625 523 524.
Brunner Court Dental and Implant Practice, 95 Witton Street, Northwich, CW9 5DR. Telephone 01606 440 394.
Data protection enquiries: [INSERT DATA PROTECTION CONTACT EMAIL].
If you are not satisfied with how we have handled your data, you have the right to complain to the Information Commissioner’s Office, the UK regulator for data protection. You can contact the ICO at ico.org.uk, by calling 0303 123 1113, or by writing to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF.
The placeholders to fill before this goes live are the registered entity name and company number, the ICO registration number, the data protection contact email, and the confirmed retention periods if the client wants them stated explicitly rather than referenced. One detail worth noting with a small smile: the ICO’s own head office is in Wilmslow, the same town as Croft Dental, so that address is correct as written.
Two things I’d recommend before publishing this and the Cookie Policy together. First, have the client or their data protection adviser verify the data flows and bases, since health data raises the stakes. Second, make sure the dead Privacy Policy and T&Cs links inside the website forms get fixed, because a form that collects health data while linking to a broken privacy notice is exactly the kind of GDPR gap that needs closing before any campaign drives traffic to those forms. Want me to do the Complaints Procedure or T&Cs next?