Privacy Policy

Last updated: 23 April 2026

Tower Dental ("we", "us", "our") is the data controller for personal information you provide to us through the website at https://towerdental.uk, by telephone (01253 353759), by email, via WhatsApp, or in person at the practice. This privacy policy explains how we collect, use, store and protect your personal data under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Tower Dental, 302a Devonshire Road, Blackpool, Lancashire FY2 0TW. Telephone 01253 353759. Email info@towerdental.uk. We are regulated by the Care Quality Commission (CQC). All clinicians are registered with the General Dental Council (GDC).

What personal data we collect

We collect the following categories of personal data:

• Identification and contact details: name, date of birth, home address, email address, telephone number
• Medical and dental history: medications, allergies, relevant medical conditions, dental treatment history, x-rays, clinical photographs
• Financial information: payment card details (processed via secure third-party processor — we do not store card numbers), bank details for plan payments, finance agreement details where applicable
• Correspondence: emails, WhatsApp messages, phone call records (practice notes only — we do not record calls)
• Website data: IP address, browser type, pages visited, referring site (via cookies and analytics)

Lawful basis for processing

We process your personal data under the following UK GDPR lawful bases:

• Consent (Article 6(1)(a)) — for marketing communications, non-essential cookies, clinical photography for case studies
• Contract (Article 6(1)(b)) — to provide the dental treatment you have booked
• Legal obligation (Article 6(1)(c)) — for clinical record keeping as required by the GDC, CQC and NHS Business Services Authority
• Legitimate interest (Article 6(1)(f)) — for patient recall reminders, practice administration, fraud prevention
• Health/care data — processed under Article 9(2)(h) UK GDPR (provision of health care)

Who we share data with

We share personal data with:

• Specialist dentists and dental laboratories when referring you for treatment
• Your GP or other healthcare professionals where clinically relevant and with your consent
• Stripe (payment processing — PCI DSS compliant)
• Denplan / Practice Plan (membership administration)
• Google Analytics (anonymised website analytics)
• Our secure cloud backup provider for patient records
• Our indemnity insurer in the event of a claim
• Regulatory bodies (GDC, CQC) where legally required

We do not sell personal data to third parties under any circumstances.

How long we keep data

Dental records are retained for a minimum of 11 years after the last appointment (or until age 25 for paediatric patients), as required by NHS record keeping guidelines, even for private patients. Financial records are kept for 7 years for tax purposes. Marketing consent records are kept while consent is active. Website analytics are anonymised after 26 months.

Third-Party Services Used by This Website

Tower Dental's website uses the following third-party services to operate. Each has its own privacy policy linked below. We share only the minimum data necessary for each service to function.

• Anthropic (anthropic.com) — powers the AI Smile Simulator and AI chat assistant. Photos and chat messages are transmitted to Anthropic's API for processing. Privacy: anthropic.com/legal/privacy
• Stripe (stripe.com) — processes the £40 consultation payment. We never see or store card numbers. Privacy: stripe.com/gb/privacy
• Google Analytics 4 (GA4) — anonymous traffic measurement. IPs are anonymised. Privacy: policies.google.com/privacy
• Web3Forms / FormSubmit — relays your enquiry form submissions to our practice email. Privacy: web3forms.com/privacy
• Zapier (zapier.com) — relays form submissions to our internal practice management system. Privacy: zapier.com/privacy
• JSONBin (jsonbin.io) — temporary storage of enquiry records pending transfer to our practice management system; deleted within 30 days. Privacy: jsonbin.io/privacy-policy
• Netlify (netlify.com) — the hosting provider serving this website. Privacy: netlify.com/privacy
• Google Fonts — typography (Cormorant Garamond, Outfit). Your browser contacts Google's font CDN; Google may log the request IP.

All processors above are GDPR-compliant and process data under appropriate Article 28 contracts or Standard Contractual Clauses.

Your rights

Under UK GDPR, you have the right to:

• Access your personal data (subject access request)
• Have inaccurate data corrected (rectification)
• Request deletion of data we no longer need (erasure — subject to clinical record retention requirements)
• Restrict processing in certain circumstances
• Data portability
• Object to processing based on legitimate interests or for direct marketing
• Withdraw consent at any time
• Not be subject to automated decision-making

To exercise any of these rights, email info@towerdental.uk or write to Tower Dental, 302a Devonshire Road, Blackpool FY2 0TW. We will respond within one calendar month.

Cookies

This website uses essential cookies for basic functionality and Google Analytics cookies (with your consent) to measure site usage. You can control cookies through your browser settings.

Complaints

If you are unhappy with how we handle your personal data, please contact us first at info@towerdental.uk. You also have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.

Changes to this policy

We may update this privacy policy from time to time. The "Last updated" date at the top of this page shows when it was most recently revised.

How to Contact Our Data Controller

If you have questions about how Tower Dental handles your personal data, or wish to exercise any of your UK GDPR rights, our data controller can be reached in several ways. By telephone on 01253 353759 during opening hours (Monday to Friday 8:30am to 5:30pm, Saturday 9:00am to 2:00pm). By email at info@towerdental.uk — subject line "Data Protection Request" helps us route your enquiry quickly. By post to Data Controller, Tower Dental, 302a Devonshire Road, Blackpool, Lancashire, FY2 0TW. In person at the practice during opening hours, though we may ask you to follow up in writing so we have a clear record of your request.

Data Breach Response

In the unlikely event of a data breach affecting your personal information, Tower Dental will notify the Information Commissioner's Office within 72 hours of becoming aware of the breach, as required by UK GDPR Article 33. Where the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay. We maintain detailed incident response procedures and all clinical staff receive annual data protection training.

Your Right to Complain

If you are unhappy with how Tower Dental has handled your personal data, we would encourage you to raise it with us first — we will do everything we can to resolve your concern. However, you also have the right at any time to complain directly to the Information Commissioner's Office, the UK's independent data protection regulator. You can reach the ICO at ico.org.uk, on 0303 123 1113, or by post to Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.