Privacy Policy

Wyndcott Dental Centre is committed to protecting your personal information and uses physical, technological and operational measures to ensure that it is not damaged, stolen or lost. You have rights under the General Data Protection Regulations (GDPR) and Freedom of Information act to know what information we hold, to have access to that information, and to know how we use it.

Who is the data controller

Wyndcott Ltd

Our information commissioner’s office registration is: Z9608552

How can I contact Wyndcott Ltd

You can write to Wyndcott Ltd at:

Wyndcott Dental Centre, Birchwood Park Avenue Swanley, Kent. BR8 7AT

Or call us on:

01322 662 493

Who is the Data Protection Officer

John Mills

How can I contact the Data Protection Officer?

You can write to him at:

Wyndcott Dental Centre, Birchwood Park Avenue,




Or call on:

01322 662 493

What information is collected and what we do with it

We need several kinds of information in order to treat you as a patient, to contact you about your appointments, and in order to refer you for specialist treatment.For each type of information collected we have a legal basis for its use which is included in italics.

Name, date of birth, gender and address are used to identify you. This is also required in order to claim NHS dental treatment.

Provision of health care

Contact details (address, telephone, email) are used to contact you about appointments. This is also used if you are referred to other services. If you make an enquiry via our website, or by email, we will respond to your enquiry using the information you have provided.

Provision of health care

Contact preferences are used to determine how we should normally contact you.

Provision of health care

Marketing preferences (may we send information about offers) is used to determine if we can send information about new services or offers on existing services that may be of interest to you.


Occupation (what you do) is used to help in diagnosing any problems found or reported.

Provision of health care

Emergency contact details are used in case something happens to you while you are at the practice.

Provision of health care

GP details are used if we need to contact your GP if we need to coordinate treatment we plan with them, or to pass on a finding we make during an examination which may be relevant to them. We also need this information if we refer you to an NHS service as NHS funding is often based on the location of your GP.

Provision of health care

Hospital or GP visits in the last two years is used to tell us if there are any problems you may be having that could be affected by, or which could affect your dental health. This may also be used to determine if any treatment we plan is safe for you.

Provision of health care

Medication information is used to determine if medications we might use or treatment we plan will be safe. Even if you no longer take some medications, the effects can be permanent, so we sometimes ask if you have ever taken some types of medication.

Provision of health care

Allergy infomation is used to determine if medications we might use, equipment we use, or treatment we plan will be safe.

Provision of health care

Information about conditions or diseases you may have had are used to determine if medication we may use, or treatment we plan is safe for you.

Provision of health care

Information about Prosthetics (replacement parts) you may have had is used to determine if if any equipment we use or treatment we plan will be safe.

Provision of health care

Pregnancy information is used to determine if treatment we plan or diagnostic processes such as xrays will be safe for you and your unborn child.

Provision of health care

HIV information is used to help in diagnosis of any oral conditions that may be more likely if your immune system is affected. It is also used in the unlikely event of an injury to staff either while you are at the practice, or while processing the instruments used to treat you after you have left. We need to know if it will be necessary to take additional steps to treat an injury if there is a risk of infection.

Provision of health care

Your concerns (crooked, discoloured, or missing teeth, fillings or snoring) are all used to guide the advice you may be given as part of your examination.

Provision of health care

Smoking and vaping information are used as part of the process of diagnosing symptoms found during your examination, and affect advice given as both will increase your risk of oral cancer and reduce your body’s ability to heal.

Provision of health care

Alcohol consumption information is used as part of the process of diagnosing symptoms found during your examination, and affect advice given.

Provision of health care

Your weight is used to determine if it is safe to examine you in our surgeries. Equipment is rated at 21 stones (135Kg), so we may have to refer you for treatment elsewhere if you weigh more than our equipment can support.

Provision of health care

The NHS requests information about your ethnic origin in order to carry out statistical analysis into treatment needs. This may later be used to advise dentists to be more vigilant for certain conditions or expect different outcomes where it is found that some groups are more likely to have a particular condition or were more likely to experience difficulty in undergoing treatment. For example, jaw bone density can vary between different groups, which can cause extractions to be more difficult.

Public interest, Provision of health care

Information about exemptions from paying NHS charges is needed in order to provide free NHS treatment. The NHS business services authority requires that certain information is collected to confirm that you are eligible for free treatment so we may need to collect your current educational institution, Exemption Card details, National Insurance Number. We may also ask to see proof that you receive a benefit.

Provision of health care

Information about your entitlement to reduced NHS charges is used to process your payment where the NHS does not provide free treatment, but will pay for more of your treatment than it would normally.

Provision of health care

During your examination, a dentist will also collect clinical information including

  • The condition of your teeth, and any fillings or other restorations
  • The condition of your gums and any pockets between the gums and teeth
  • The condition of your soft tissues and palateWhether your temporomandibular joint (jaw hinge) is functioning smoothly
  • The condition of your salivary glands
  • Xrays of your teeth
  • The colour of your teeth
  • The amount of sugar or acid in your diet

This information is used to record the status of your teeth, gums, other soft tissues, and any restorations. This makes it possible to note change over time, and is used to diagnose and treat any symptoms found.

Provision of health care

Details of your appointments are recorded including their dates, times and duration, who you were treated by, what treatment was recommended, what treatment was carried out, what materials were used, whether any appointments were missed. This information is used to record the history of your treatment and may be subsequently be used to investigate a complaint, diagnose a symptom, to audit the use of materials and treatment outcomes or determine whether further NHS or private appointments can be offered.

Provision of health care

Non-clinical notes may be recorded to capture a wide range of non-clinical information which may be used to indicate your preference for clinician, comments you have made to reception staff, actions or behaviour that may later become part of a complaint investigation, or to enable different members of staff to cooperate in providing your dental service. The above is not an exclusive list of information.

Provision of health care

A full or summary copy of your signed treatment plan is used to confirm your written consent to the treatment proposed, and its cost.

Provision of health care

Letters to and from other services are stored as part of your record. This will include letters referring you to other services for further treatment, letters from those services about the treatment they have carried out, results of tests or advice requested from the services.

Provision of health care

We may share some of your data in order to:

Process your NHS treatment at the practice with

  • NHS Business Services

Refer you for further treatment with

  • Community Dental Service (Medway)
  • NHS Hospitals (Darent Valley, Queen Victoria, Kings College, Guys)
  • Green Street Green Dental Practice
  • Kent Endo
  • Simply Orthodontics
  • Chapel Road Orthodontics
  • Grove House Orthodontics
  • Bupa (Oasis) Orthodontics 
  • Our implantologist; Dr Pedro Neto
  • Our Oral Surgeons; Dr Naveed Syed, Dr Alexander Rickart, Dr Radhika Chopra 
  • If you or your GP are not within the NHS Kent boundaries, we may have to identify an NHS service within your area. Some services base this on your address, while others base this on the address of your GP. We cannot list all possible services in this privacy notice.

Engage a dental laboratory to make a dental prosthetic for you with

  • Costech Dental Laboratory
  • M J Underhay Dental Laboratory
  • Nimrodental Laboratory
  • Medimatch Dental Laboratory
  • Invisalign

Request advice from or to notify your GP about findings we have made with

  • Your GP practice

Comply with legal requirements or where the greater public good is at risk with

  • The HMRC
  • Security Services

Report concerns about your health or wellbeing with

  • Child protective servicesSocial services

Request aid from the emergency services with

  • Ambulance service
  • Police

At your request, to order a taxi with

  • Swantax
  • All night cars

Is data sent overseas

The data that is shared, described above, is sent within the UK by us to the service.

We will use secure means to do so – either by post, by courier, or using a secure messaging service such as encrypted email. Encrypted email will only be stored in Switzerland and will be transmitted and stored in encypted form. Our contract with other services mandates that we are informed if your data will be sent overseas or shared with another party, and this may only be done as part of the requirement to provide the service requested and with the same requirement to protect your information that we require from them.

We send to and receive email from you. Our email is stored at our service provider in Canada. Your service provider may store your email anywhere in the world. We do not recommend that you send any sensitive information by email to us as we cannot guarantee that your information is protected either by our service provider or yours.

We send to and receive encrypted email from our treatment providers, and may also use this method to send referrals to non-NHS referral services. Our encrypted email is stored at our service provider in Switzerland. NHS email is stored in the UK. If we send you an encrypted message, you may use the same service to respond to us which will ensure your response can only be read by our staff.

We make backup copies of all electronic data, which are strongly encrypted before storing locally. Another copy of the encrypted data is also stored offsite in Ireland, and it is a condition of the contract with our storage provider that the data cannot be stored in any other location for any reason.

Contact though our website

If you use the contact form on our website, your enquiry is processed via our online providers in London and Ireland so it can be delivered to our secure email service in Switzerland. We have third party Data Processing Agreements in place with these providers to protect the information you send us.

If you use the Chat service on our website, your enquiry is processed via the chat service provider in Amsterdam and France. We have a third party Data Processing Agreement in place with the chat service that includes its providers to protect the data you send us.

Both methods are configured to keep your data within the EU, and use encryption to protect your information from the moment it leaves your device.

How long we retain data for

Your data is retained continuously while you are a patient, and for 11 years after you cease to be a patient at the practice. For children, data is retained until the age of 25 or 11 years after leaving, whichever is the longer. It may take up to a year longer for data to be purged from all backups.

Rights of access, rectification and erasure


You have the right to access to the data we hold about you and to receive a copy. The first copy of your record is free. For subsequent copies a fee will be charged. You may also request access to the data of a person you are legally responsible for, and you may give written authority for a 3rd party to receive a copy of your record. We may require evidence of your identity before releasing your record.


You have the right to correct information held in your record, but in some cases we may only permit a difference of opinion to be recorded. This might occur if you disagree with clinical notes. You can update your records by telephone, in person, or by completing the appropriate form. You should not update your record by email unless you accept that we cannot guarantee the security of email.


You have the right to be forgotten, however, Patient records will not be deleted even at the request of a patient for the following reasons:

  • Records are required by the NHS contract to be kept as part of both patient and care provider records for a minimum of 2 years post-treatment.
  • Records may be used as evidence in respect of a claim under the consumer protection act 1998 which supports claims in respect of defective products for up to 10 years.

Patients requesting their records be deleted will be informed of the reasons above, and:

  • their right to make a complaint to the ICO or another supervisory authority; and
  • their ability to seek to enforce this right through a judicial remedy.

Individual data items will not be deleted as they form part of the patient record. However, where a patient identifies a point of contention – for example if they disagree with a statement made in a record – then it will be recorded that the patient disagrees with the record at that point.

If you request that your records are erased, we will treat this as a request to de-register.

Your data will be put beyond practical use by marking your record as inactive. No further communications will be sent. Data will not be sent to the NHS or any other treatment bodies. We will also be unable to provide any further service.

Rights of restriction on processing

You have the right to object to automated processing and decision making.This applies where:

  • processing is for direct marketing
  • processing is for for scientific, historical or statistical reasons. In this case you must demonstrate grounds for your objection and these must outweigh the public interest.
  • processing is for legitimate interests. In this case we may demonstrate compelling grounds that outweigh your objection. An example of this is that NHS patients must have a summary record of treatment sent to the NHS business services division in order to receive NHS treatment.

Right to data portability

You have the right to request your data in a common machine-readable format. We will endeavour to supply your information in a plain text format, or as jpeg images, PDF, or standard word-processor compatible files as appropriate to the type of information.

Right to withdraw consent

You have the right to withdraw consent, which will usually mean that you no longer wish to receive marketing information from us. This can be done by requesting a change by telephone, email, SMS, in person, or by leaving the marketing consent section of the medical history form empty or by ticking the NO box.

You may also register the wish to withdraw consent for other kinds of processing, including transmission of your details to a third party service such as a hospital, specialist clinic, or dental laboratory. This may mean that treatment cannot be carried out.

If you are an NHS patient, you may register your wish not to have your data processed by the NHS. This will mean we are unable to provide NHS treatment to you.

You may also separately contact the NHS to assert your right to opt out from the use of your data for research or planning purposes. More information is available here: Note that Wyndcott does not send or use your data for research or planning purposes so we are informing you about the NHS’ wider use of data collected through all its services. There is no need to ask us to apply this right locally.

Right to complain to the ICO

You have the right to complain to the Information Commissioners Office about the information we hold about you.

Whether we are oblighed by statute or contract to provide information

We are obliged by contract to provide information to:

  • the NHS in regard to NHS patients
  • referral services which we have discussed as part of your treatment
  • dental laboratories which will make prosthetics or models required as part of your treatment

Consequences for failure to provide information

If we fail to provide information to the parties above, your treatment will may not be possible at all, or may only be possible as a private patient.

If you fail to provide up to date information to us, this may:

  • put your life at risk
  • result in delays or failures in your treatment as we or other services involved in your treatment are unable to contact you
  • prevent us from treating you and lead to your de-registration

Rights in relation to automated decision-making, what the logic is, and consequences of purely automated decision making.

Automated decision making is used where:

Automated reminders of appointments or the need to book an examination are sent.

  • If you have provided your email or mobile telephone number:You will be sent an automated reminder of a booked appointment 4 days before the appointment.
  • We initiate monthly checks to send reminders to book a dental examination.
  • Your dentist sets the interval between examination appointments.
  • If the date is after the interval since your last last appointment, then you will be sent a reminder by email if we have your email address, by SMS if we have your mobile number and no email, or by post if we have no email or mobile number.
  • Toothache or other urgent appointments will not normally count as the “last” appointment.
  • If you have contacted us to say that you cannot attend dental examinations for a reasonable period of time, we may reset the reminder interval so you do not receive unwanted reminders.
  • You have the right to refuse reminders, or to request reminders be sent via a particular method. You may do this by telephone, SMS, email or in person. 

Referrals are sent through NHS referral pathways.

  • Referrals that we send are checked to determine the most appropriate type of service. We do not have control over this process but the intention is to direct referrals that require a hospital setting to hospitals, and to direct referrals that can be managed by other services to the appropriate service. The aim is to reduce waiting times for treatment by sending patients who do not require a hospital setting to services with shorter queues.
  • You may refuse to have your referral processed but this may mean there are no other pathways available to request treatment, which could lead to treatment becoming impossible to carry out. You may do this by telephone, SMS, email, or in person.

How else do you protect my information

There are a number of methods used to ensure that information is held safely at the practice. They can be divided into two categories: security for paper records, and security for electronic records.

Paper records

The practice keeps as little paper as possible. Letters, forms that you or we complete, and any other paper records that contain identifiable information are securely shredded as soon as possible. We transfer all current paper-based information into our computer system before destroying the original, and any paperwork that has not yet been transferred is held securely.

Dental Records which were created prior to the establishment of our computer system are held in an archive under lock and key. These records will be securely shredded as they reach the end of their retention period.

Electronic records

In line with Cyber Essentials advice and general good practice, our computer system uses all of the following methods to secure the data we hold on site:

  • The computer system is connected to the internet via a firewall, not directly.
  • Computers require an individual login before use – they are not left “open”.
  • Users have individual accounts with restricted access
  • No default passwords – all software and hardware is configured specifically and passwords are changed from default settings. This includes not using the same password for multiple accounts or devices.
  • Applications and user accounts are selected and configured on the basis of only allowing the features or access necessary for the task.
  • Computers are encrypted – in the event of theft, data on a computer stolen from the practice cannot be accessed because the entire computer is encrypted. Even if the disk is removed and put in a different computer, it cannot be read.
  • Only authenticated software from approved sources is used.
  • Antivirus software is used on all computers and is updated frequently. Full scans are run regularly and reports monitored.
  • Updates are tested and applied regularly to both the computer operating systems and applications used. Vulnerability scans are run to identify known weaknesses.
  • Regular offsite backups are taken to protect against data loss for any reason