Privacy Policy
Welcome to Cotswold Dental Laboratory Ltd’s Privacy Policy which describes the information that we collect about you; how we use and protect this information; and the choices you can make about how we use it.
Cotswold Dental Laboratory Ltd is a company registered in England and Wales. Our company registration number is 4884560 and our registered address is First Floor, 22 Suffolk Road, Cheltenham, Gloucestershire GL50 2AQ
For the purposes of the General Data Protection Regulation (GDPR) Cotswold Dental Laboratory Ltd acts as a Controller and Processor.
We hope the following sections will answer any questions you have. If not, please do get in touch with us.
Lawful grounds for processing your data
​
When collecting your personal data, we will always make clear which data is necessary in connection with a service. We may process your data for more than one lawful ground.
The law on data protection sets out several different reasons why we may collect and process your personal data, including;
​
Consent
In specific situations, we can collect and process your data with your consent. For example, when you contact us about our products or services either by phone, email or via our website.
​
Contractual Obligations
If you are a customer, patient of a customer or a supplier, we need your personal data to comply with our contractual obligations. For example, if you ask us to undertake a denture repair we will need you name, address and telephone number along with some basic dental record details. If your dentist instructs us via a prescription to make a custom-made device for you, we need your name, age, sex, so that we complete the work to the prescription.
​
Legal Compliance
If the law requires us to, we may need to collect, process and store your data. For example, we need to store personal data to support our regulatory reporting to HMRC, Companies House but also to comply with our GDC and MDD regulations.
​
Legitimate Interest
We will use your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.
​
​
When do we collect your personal data?
​
We may collect personal data under any of the following circumstances. It will always be clear what we are collecting and why.
-
When you purchase goods from us.
-
When we provide our denture repair service to you at your request.
-
When a controller enters into a contract to fulfil a prescription on your behalf.
-
When you’ve given a third party permission to share with us the information they hold about you.
-
When you deliver a service or a product to us as a supplier.
-
When you seek employment within our company.
​
We may collect data from publicly available sources when you have given your consent to share information or where the information is made public as a matter of law.
We will never insist on having your consent in order for you to receive any of our services or information
​
What personal data do we collect?
​
-
For Customers (Dentists and Dental Practices) where we act as processor
-
Name, Business Address, Email, Telephone and Mobile Numbers
-
-
For Patients of our customers when completing contractual obligations
-
Name, Reference Number, Patient's Dentist's name and Dental Practice, Age (Not Date of Birth), Sex, Dental Records only associated with the making or repairing of dentures. Photographs to complete contract from controller
-
-
For Patients asking us to undertake a denture repair.
-
Name, Address, Telephone Numbers, Dental Records only associated repairing of dentures
-
-
For Customers purchasing goods directly from us
-
Name. Address. Email. Telephone Numbers
-
-
For Social Media interaction and testimonials
-
Social Media username, to help us respond to your comments, questions or feedback, Photographs on testimonials.
-
How and why do we use your personal data?
​
Here’s how we’ll use your personal data and why. (If you wish to change how we use your data, you’ll find details in the ‘What are my rights?’ section below)
If you are a customer or past customer, then we will use your personal data to:
-
Deliver our contractual obligations
-
To keep you informed about new developments within our industry and our company
-
Send you our newsletters with product updates and promotions
If you are yet to become a customer but have expressed an interest in what we can offer, then we will use your personal data to:
-
To keep you informed about new developments within our industry and our company
-
Send you our newsletters with product updates and promotions
If you are a patient or past patient of a controller we are contracted to, then we will use your personal data to:
-
Deliver our contractual obligations
-
Occasionally we see patients directly for shade taking, this means we fulfil the role of the data controller; therefore, we must protect any additional patient data that we receive in accordance with the requirements of GDPR. For a shade taking appointment, Cotswold Dental Laboratory will collect the following personal data from either the patient’s dental practice or the directly from the patient. This information is for the sole purpose of delivering a dental appliance that complies with the requirements of the patient’s prescription.
If you deliver a service or a product to us as a supplier or are a past deliverer a service or a product to us as a supplier, then we will use your personal data to:
-
Deliver our contractual obligations
-
To keep you informed about new developments within our industry and our company
-
Send you our newsletters with product updates and promotions
If you are patient and past patient that has visited us directly for denture repairs, this means we fulfil the role of the data controller, not the data processor, then we will use your personal data to:
-
Deliver our contractual obligations
-
Send you our newsletters with product updates and promotions
Protecting your personal data
​
We will treat your data with the utmost care and take all appropriate steps to protect it. Our website is secured with ‘https’ technology and access to your personal data is password-protected on the various applications we use. Data is regularly backed up and virus software kept up to date.
We have a procedure in place to handle any data breaches if they should occur.
How long will we keep your personal data?
​
We will only keep your personal data for as long as is necessary for the purpose for which it was collected or as specified by HMRC or similar regulatory authorities.
At the end of that retention period, your data will either be deleted completely or anonymised (so that it can still be used for management information analysis).
​
Who do we share your personal data with?
​
We will share your personal data with trusted third parties who act as data processors. We check that they are GDPR compliant and have processing agreements in place with each of them.
We provide only the information they need to perform their specific services and they may only use your data for the exact purposes we specify in our contract with them. If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.
We do not sell your data to any third party nor do we share your data with any third party for their own direct marketing purposes
We currently use the following companies, who will process your personal data as part of their contracts with us:
-
Microsoft Office 365
-
We use Microsoft Office 365. We use Outlook to handle all our incoming and outbound emails. We store name, address, telephone numbers and email addresses of our controllers, suppliers, sub-contractors and business contacts in the address book. Our cloud storage is currently in One drive. No patient data is held in outlook. For more information, please see Microsoft’s privacy notice.
-
-
Sage Accounting and Payroll
-
We use Sage Accounting and Payroll for all our accounts and payroll management therefore holding the personal data we need to process invoices and to properly account for the transactions. No patient data is held in Sage. For more information, please see Sage’s privacy notice.
-
-
Xero
-
We use Xero Accounting and Payroll for all our accounts and payroll management therefore holding the personal data we need to process invoices and to properly account for the transactions. No patient data is held in Xero. For more information, please see Xero’s privacy notice.
-
-
Dropbox
-
Dropbox is used occasionally when customer’s (controllers) wish to share pictures or documents relating to patient cases. Only the lab and dentist involved have access to the folder in question. For more information, please see Dropbox’s privacy notice.
-
-
Transactor
-
Transactor is a bespoke programme used by dental labs to manage and store cases and for the account management of customer accounts. We store our contractual information from our controllers for customers and for our own customers within this system which is backed up daily.
-
Google
-
When someone visits www.cotswolddentallab.com or www.cotswolddentallab.co.uk we use Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. The way this information is processed does not allow us to identify an individual
-
-
Wix
-
We use Wix as our website hosting platform. Data can only be loaded on our website currently via the contact page which is sent via info@cotswolddentallab.com or via our shop page (please see PayPal). No data is stored on our website. For more information, please see Wix’s privacy notice.
-
We use cookies on our website for further details please refer our cookies policy on our website.
-
-
Facebook
-
We only use Facebook to share information, tips and to keep you informed about new developments within our industry and our company. We do not use any of the personal data outside of Facebook.
-
-
Twitter
-
We use Twitter to share information, tips and to keep you informed about new developments within our industry and our company. We do not use any of the personal data outside of Twitter.
-
-
LinkedIn
-
We use LinkedIn to share information, tips and to keep you informed about new developments within our industry and our company. As well as contacting with our connections via the platform. Email addresses may also be used outside of LinkedIn.
-
-
PayPal
-
We use PayPal for purchases made via our website. No payment information is transferred to us. We only store name, address and email along with purchase information. For more information, please see PayPal’s privacy notice
-
-
Pitney Bowes Send Pro
-
We use the Pitney Bowes Send pro software for sending and tracking our outward mail. This database holds Names, Addresses and parcel tracking information. For more information, please see Pitney Bowes’s privacy notice
-
In the event that we sell Cotswold Dental Laboratory Ltd and its assets are acquired by a third party then the personal data we hold may be one of the transferred assets.
Where your personal data may be processed
​
Several of the data processors we use are outside of the EEA. The EEA includes all EU Member countries as well as Iceland, Liechtenstein and Norway. Where the processor is outside of the EEA we ensure that they have appropriate privacy policies in place and that the processing agreement with them includes appropriate protection for your data.
What are your rights over your personal data?
You have the right to request:
-
Access to the personal data we hold about you
-
The correction of your personal data when incorrect, out of date or incomplete.
-
That we stop using your personal data for direct marketing (either through specific channels, or all channels). You can click the ‘unsubscribe’ link in any email communication we send you or send an email to enquiries info@cotswolddentallab.com subject ‘UNSUBSCRIBE’ Please note that you may continue to receive communications for a short period after changing your preferences while our systems are fully updated
-
That we stop any consent-based processing of your personal data after you withdraw that consent.
-
That we erase all data that we hold about you
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any data subject access request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.
Links to other websites
This privacy notice does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.
Please check the terms of the third-party website’s privacy policy before submitting any personal data to such a website.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113 or
go online to www.ico.org.uk/concerns
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.