University Dental Care website privacy policy

Who are we?

University Dental Care Limited (“we”, “UDC”, “University Dental Care”) are a dental practice based in Swansea. We look after the dental health of both NHS and private patients. We also offer cosmetic dentistry and facial aesthetic services. We are regulated by the General Dental Council (GDC).

We are registered in England and Wales with company number 09578653. We are located at University Dental Care, Horton Residence, Swansea University, Singleton Park, Swansea, SA2 8PP.

For formal enquiries, our registered office address is University Dental Care Limited, Redwood Court Tawe Business Village, Swansea Enterprise Park, Swansea, SA7 9LA. Our data protection registration number is ZA149920.

You can contact us by phone on (01792) 602 222 or by email at hello@udc.wales.

Web browser cookies

Web cookies are small files that websites use to remember things about you. We don't set tracking cookies or allow third parties to set cookies on our website without asking for your consent first.

For more information, and to update your online preferences, please visit our cookie preferences page.

Your Personal Information

In visiting our website, contacting us, or using our services, we may have to collect and process some information about you. The following table explains how this works. (On a mobile device, you may have to scroll the table horizontally).

Activity Scope Purpose Lawful Basis

When you visit our website

We collect standard web server logs, which we keep indefinitely.

These record:

  • the page or resource accessed
  • the referring page
  • the time of access
  • your device IP address
  • limited information about your web browser

We process this to:

  • prevent or investigate misuse of computer resources
  • make sure our website is working correctly and reliably
  • understand how people arrive at our website (in aggregate)

We have a "legitimate interest" to protect our patients, our ability to deliver our services, and our brand, which we have carefully balanced against your rights.

GDPR Article 6(1)(f) and GDPR Recital 49.

When you book an appointment or make a query through our website, by phone, by email, or through social media

We may record, indefinitely:

  • your name
  • contact details you supply such as email, phone number, or postal address
  • any other personal information contained within your message
  • in the case of social media, any profile information that you have chosen to share publicly

We may also ask you for additional personal information if required.

Please note, we do not recommend sharing sensitive medical information through social media.

We use this information:

  • to answer your query where possible
  • to help you register with us
  • to book your appointment
  • for quality control and training purposes

This may be combined with existing information we hold on you.

Sometimes, we may need to ask for additional information to confirm your identity.

Email messages may be filtered by automated spam control and virus protection measures. Please contact us by an alternative method if you think your email has been filtered incorrectly.

We process this because it's necessary to provide the service you've asked us to provide, or to do things at your request before you've registered.

GDPR Article 6(1)(b).

We also have a "legitimate interest" to ensure the quality of our communications with you in order to provide a good service, which we have carefully balanced against your rights.

GDPR Article 6(1)(f).

When you register with us as a patient, including completing the Electronic communications consent and Medical History patient documents

We record:

  • your name, date of birth, and contact details
  • information about your doctor and existing treatment
  • information about your health

We keep computerised medical records indefinitely.

We use this information to:

  • provide dental health services as regulated by the General Dental Council (GDC)
  • ensure that you are entitled to service
  • ensure you are paying the correct amount
  • ensure our service is as safe as possible for you, our staff, and the public
  • collect outstanding payments

We will also, with your consent and depending on your communication preferences, send you information and reminders by e-mail and text about:

  • appointments
  • outstanding payments
  • services we provide

We process this because it's necessary to provide the service you've asked us to provide, or to do things at your request before you've registered.

GDPR Article 6(1)(b).

We also have a "legitimate interest" to ensure that the service is safe for you, our staff, and the public.

GDPR Article 6(1)(f).

Where we contact you electronically, we do this only with your informed consent.

GDPR Article 6(1)(a) and PECR Regulation 22.

Your health information is "special category data" and we process it only as necessary for the purposes of preventive and occupational medicine and for reasons of public health under the responsibility of a medical professional and as regulated by the General Dental Council (GDC).

Article 9(2)(h) and Article 9(2)(i).

Electronic communications

Emails and text messages are now an integral part of everyday life for many people and can improve and simplify the way we communicate with our patients. However, we will only send you emails or texts if you give us your permission to do so.

You can opt out from receiving these communications at any time by speaking to a receptionist or to your dentist and asking them to amend your records.

Emails and text messages are not always secure so we will not include personal information about your health, unless you ask us (in writing) to do so.

Information we share

Personal information may require disclosure to:

Disclosure will take place on a need to know basis only.

Third-party processors

Sometimes we may use third parties to process your information on our behalf, for example to provide email services. These third parties are only permitted to act on our directions and are not permitted to use your personal information for their own business purposes. We ensure this by requiring our data processors to agree a formal data processing contract.

Sometimes, a data processor may transfer your data outside of the European Economic Area (EEA) to a country that does not necessarily ensure an adequate level of data protection. Where this is the case, we provide adequate safeguards by agreeing strict additional contractual clauses with the processor.

Third-party processor: Tawesoft Ltd, England and Wales

For the purposes of:

  • Collection and processing of logs when you visit our website
  • Automated processing of forms you complete on our website
  • Social media account management
  • Email account management

Non-EEA subprocessors: Linode LLC, USA (EU model contract available on request)

Non-EEA Third-party processor: Google LLC, USA (& certain named subprocessors)

For the purposes of:

  • Providing email and cloud office services

Model contract: gsuite.google.com/terms/mcc_terms.html

Email security

Whenever possible, we support encrypted emails using at least Transport Layer Security (TLS).

However, you should be aware that end-to-end email encryption can't always be guaranteed using TLS. Support for encrypted emails will depend on your email provider and the security of intermediary ("in-between") email servers.

Please bear this in mind if sending sensitive information by email.

Messages sent through forms on our website will always be sent securely over SSL/HTTPS (look for the green padlock in the address bar).

Your rights

Data protection laws give you certain rights when your information is collected and processed.

Please contact us should you require any assistance exercising your rights when we collect or process your personal data. Exercising these rights is normally free of charge. We are required to respond within one month.

Please note that exercising some of these rights, such as objecting to processing, may stop us from being able to provide you with our services.

If you are unhappy with the way we handle your information you have the right to escalate your complaint to an organisation such as ICO (https://ico.org.uk/), an independent UK authority.

Updates to our privacy policy

This privacy policy was last updated 19 May 2018.

Appointments

Phone (01792) 602 222
Registered Patients Only

8:30am-4:30pm Monday to Thursday
8:30am-3:30pm Fridays
9:30am-12:30pm Saturday by appointment only

Urgent Treatment

Ring us directly at the number above

For out of hours click here

Request an Appointment Online

Registered Patients Only

Between
and
* required field
Find Us

We're located in building number 23 on the campus map, at Singleton Park campus, Swansea University.

Map and directions

Contact

(01792) 602 222
hello@udc.wales