skip to main content

University Dental Care website privacy policy

Who are we?

University Dental Care Limited (“we”, “UDC”, “University Dental Care”) are a dental practice based in Swansea. We look after the dental health of both NHS and private patients. We also offer cosmetic dentistry and facial aesthetic services. We are regulated by the General Dental Council (GDC).

We are registered in England and Wales with company number 09578653. We are located at University Dental Care, Horton Residence, Swansea University, Singleton Park, Swansea, SA2 8PP.

For formal enquiries, our registered office address is University Dental Care Limited, 12 Killasser Court Station Approach, Tadworth, England, KT20 5AN. Our data protection registration number is ZA149920.

You can contact us by phone on (01792) 602 222 or by email at

Web browser cookies

Web cookies are small files that websites use to remember things about you. We don’t set tracking cookies or allow third parties to set cookies on our website without asking for your consent first.

For more information, and to update your online preferences, please visit our cookie preferences page.

Your Personal Information

In visiting our website, contacting us, or using our services, we may have to collect and process some information about you. This is explained in detail, below.

When you visit our website

We collect standard web server logs. These record:

  • the page or resource accessed
  • the referring page
  • the time of access
  • your device IP address
  • limited information about your web browser

We only process this to:

  • prevent or investigate misuse of computer resources
  • make sure our website is working correctly and reliably
  • understand how people use our website (in aggregate)

We process this because:

We have a “legitimate interest” to protect our patients, our ability to deliver our services, and our brand, which we have carefully balanced against your rights.

When you book an appointment or make a query through our website, by phone, by email, or through social media

We ask for information, or you may give us information, such as:

  • your name
  • contact details you supply such as email, phone number, or postal address
  • any other personal information contained within your message
  • in the case of social media, any profile information that you have chosen to share publicly (the social media website or application may give us this information automatically, even if we do not use it)

We may also ask you for additional personal information if required.

Please note, we do not recommend sharing sensitive medical information through social media.

We only use this information:

  • to answer your query where possible
  • to help you register with us
  • to book your appointment
  • for quality control and training purposes

This may be combined with existing information we hold on you.

Sometimes, we may need to ask for additional information to confirm your identity.

Email messages may be filtered by automated spam control and virus protection measures. Please contact us by an alternative method if you think your email has been filtered incorrectly.

We process this because:

Processing this information is necessary to provide the service you’ve asked us to provide, or to do things at your request before you’ve registered.

We also have a “legitimate interest” to ensure the quality of our communications with you in order to provide a good service, which we have carefully balanced against your rights.

When you register with us as a patient, including completing the “Electronic communications consent” and “Medical History” patient documents

We record:

  • your name, date of birth, and contact details
  • information about your doctor and existing treatment
  • information about your health

We only use this information to:

  • provide dental health services as regulated by the General Dental Council (GDC)
  • ensure that you are entitled to service
  • ensure you are paying the correct amount
  • ensure our service is as safe as possible for you, our staff, and the public
  • collect outstanding payments

We will also, with your consent and depending on your communication preferences, send you information and reminders by e-mail and text about:

  • appointments
  • outstanding payments
  • services we provide

We process this because:

Processing this data is necessary to provide the service you’ve asked us to provide, or to do things at your request before you’ve registered.

We also have a “legitimate interest” to ensure that the service is safe for you, our staff, and the public.

Where we contact you electronically, we do this only with your informed consent.

Your health information is sensitive data and we process it only as necessary for the purposes of preventive and occupational medicine and for reasons of public health under the responsibility of a medical professional and as regulated by the General Dental Council (GDC).

Electronic communications

Emails and text messages are now an integral part of everyday life for many people and can improve and simplify the way we communicate with our patients. However, we will only send you emails or texts if you give us your permission to do so, for example by completing our “Electronic communications consent” form.

You can opt out from receiving these communications at any time by speaking to a receptionist or to your dentist and asking them to amend your records.

Emails and text messages are not always secure so we will not include personal information about your health, unless you ask us (in writing) to do so.

Information we share

Personal information may require disclosure to:

  • General medical practitioners
  • Hospital or community dental services
  • Other health professionals caring for you
  • NHS payment authorities
  • HMRC
  • DWP and its agencies (where you are claiming exemption or remission from NHS charges)
  • Private dental schemes of which you are a member

Disclosure will take place on a need to know basis only.

Third-party processors

Sometimes we may use third parties to process your information on our behalf, for example to provide email services. These third parties are only permitted to act on our directions and are not permitted to use your personal information for their own business purposes. We ensure this by requiring our data processors to agree a formal data processing contract.

Sometimes, a data processor may transfer your data outside of the European Economic Area (EEA) to a country that does not necessarily ensure an adequate level of data protection. Where this is the case, we provide adequate safeguards by agreeing strict additional contractual clauses with the processor.

Third-party processor: Tawesoft Ltd, England and Wales

For the purposes of:

  • Collection and processing of logs when you visit our website
  • Automated processing of forms you complete on our website
  • Social media account management
  • Email account management
  • Automated email processing

Data processing contract available on request.


Third-party processor: Amazon Web Services EMEA SARL (& certain named subprocessors)

For the purposes of:

  • Delivering automated emails

More info: AWS GDPR Data Processing Addendum

Non-EEA Third-party processor: Linode LLC, USA (& certain named subprocessors)

For the purposes of:

  • Providing website hosting services

More info: Linode Data Processing Addendum

Non-EEA Third-party processor: Google LLC, USA (& certain named subprocessors)

For the purposes of:

  • Providing email and cloud office services

More info: Google Standard Contractual Clauses (processors)

Email security

Whenever possible, we support encrypted emails using at least Transport Layer Security (TLS).

However, you should be aware that end-to-end email encryption can’t always be guaranteed using TLS. Support for encrypted emails will depend on your email provider and the security of intermediary (“in-between”) email servers.

Please bear this in mind if sending sensitive information by email.

Messages sent through forms on our website will always be sent securely over SSL/HTTPS (look for the green padlock in the address bar).

Your rights

Data protection laws give you certain rights when your information is collected and processed.

Please contact us should you require any assistance exercising your rights when we collect or process your personal data. Exercising these rights is normally free of charge. We are required to respond within one month.

Please note that exercising some of these rights, such as objecting to processing, may stop us from being able to provide you with our services.

  • You have the right to be informed about the collection and use of your personal data. If anything in our privacy policy is unclear, confusing or surprising, please contact us for assistance.
  • You have the right to obtain confirmation that your data is being processed and the right to access your personal data (and certain other supplementary information). We may need to verify your identity.
  • You have the right to have inaccurate personal data rectified, or completed if it is incomplete, but this may require evidence.
  • You have the right for personal data to be erased (in some circumstances).
  • You have the right to ask us to stop processing your personal data (in some circumstances).
  • Where you have provided us with personal data, and you exercise your right of access, you usually have the right to request your data in a structured, commonly used, and machine readable format.
  • You have the right to object to your data being processed, even where consent is not required.
  • If we carry out automated decision making, including profiling, we are required to inform you before do this. You will also have the right to request human intervention or challenge an automated decision. We are required to carry out regular checks to make sure that our systems are working as intended.

If you are unhappy with the way we handle your information you have the right to escalate your complaint to an organisation such as ICO (, an independent UK authority.

Updates to our privacy policy

This privacy policy was last updated 1 August 2022.

  • 1 August 2022: we simplified the language and layout of the policy
  • 30 July 2021: we added AWS as a subprocessor for sending emails
  • 19 May 2018: we made minor changes to correct presentation errors
  • 15 May 2018: we published our new privacy policy in line with new GDPR data protection rules