RUH DENTAL Privacy Notice
Your privacy matters to us
We are Ruh Dental. This privacy notice relates to personal data used by Ruh Dental (KBH) Limited (registered company number 15751992) , Ruh Dental (Fleet Street) Limited (registered company number 09473949), Ruh Dental (Notting Hill Gate) Limited (registered company number 10288078), Ruh Dental (Manchester) Limited (registered company number 11669648).
We provide dentistry services and aesthetic treatments. We are registered with the Information Commissioners Office under each of the following registration numbers: Ruh Dental (Fleet Street) Limited: ZA208919, Ruh Dental (Kbh) Limited: ZB747454, Ruh Dental (Manchester) Limited: ZA56377, and Ruh Dental (Notting Hill Gate) Limited: ZA263053.
We are the data controller for the personal data we process about our patients, enquirers, subscribers, job applicants, employees, contractors and website users. This privacy notice explains how we collect, use and store your personal data.
Our privacy promise to you
Transparency
We are committed to protecting and respecting your privacy. We will always tell you what data we are collecting about you and how we use it and will never ask for more information than we need to. We will not share your data with any third parties, unless you have consented to this; they are a trusted partner working on our behalf; or the laws allow us to, and we will never sell your data.
Security
We are committed to following industry best practices to ensure your data is stored safely and securely. We will protect the information we process about you from accidental or unlawful access, disclosure, loss, damage or destruction.
Control
We will always give you control over the communications you receive from us and you can stop or tell us you no longer wish to receive these, at any time, by emailing
How we obtain your personal data
Personal data means any information that can be used to identify you directly or indirectly, for example by your name, an identification number, your location data, an online identifier or any factors relating to your physical, physiological, genetic, mental, economic, cultural or social identity.
Most of the personal data we process is provided to us directly by you, for example when you:
- make an enquiry about our services through social media, our website, by telephone or email
- book or change an appointment with us
- attend an appointment
- provide us with feedback
- purchase our treatments, services or products
- sign up to receive information about our services, special offers and promotions (subscribers)
We may also collect personal information about you indirectly, for example through:
- friend referrals
- your use of our website
What information we collect and why
Enquiries
When you contact us to enquire about our products or services, we may ask for your name, email address, telephone number and the nature of your enquiry. We need to collect this information so we can respond to your enquiry and keep a record of our communications with you. When you make an enquiry with us, we will contact you via telephone, email and WhatsApp. If we do not receive a reply, we will attempt to contact you the following day, and again a week later. If you do not reply at this time we will no longer attempt to contact you.
Booking an appointment
When you book an appointment with us, you will be asked to provide your name, email address, date of birth and details of the treatment or procedure you want to receive. We also ask information about what you hope to achieve from your appointment or treatment plan and whether there’s anything we can do to make your appointments with us more comfortable, such as providing you with a blanket or playing your preferred music. We need this information so we can arrange the appointment for you, send you the appropriate consent forms, appointment reminders and verify your age
The chatbot on our website allows you to make enquiries and book appointments at any time of day. When engaging with our chatbot, as in some circumstances it allows you to write your responses, we ask that you limit the information you provide only to that which is necessary to your enquiry or booking.
We do not provide treatments or procedures to children under 18 years old without parental or guardian consent. Patients who are under 25 years old may be asked to verify their age when they attend the clinic by showing identification, such as their driver’s licence, birth certificate or passport. These documents will only be viewed by our staff for age verification purposes; we will not take a copy of or store this information.
When booking your appointment, you are asked to pay a £50 deposit, which is redeemable against your consultation or treatment fee. We do not receive or store your card payment details. All payments online and in clinic are made through our patient management system, Dentally using Stripe Payments Europe Limited (SPEL). For more information on our data processors, please see ‘Who we share information with’ below.
If you need to cancel or reschedule your appointment, please contact us at your earliest convenience. For full details about our cancellation and no-show policy, please see our terms and conditions https://ruhdental.com/terms/
For our legitimate business interests to ensure that our online advertisements reach the most relevant audience, we ask meta to show our advertisements to the social media accounts of people who are similar to our existing customers. We share email address and phone number of our customers so that meta identifies their social media accounts and shows our advertisements to similar accounts within the meta platforms. You can opt-out of this at any time by emailing compliance@ruhdental.com
Attending an appointment
Medical questionnaires and consent forms
Prior to your appointment, you will be required to complete a medical questionnaire and a consent to treatment form. We need to know about your health and medical history so we can assess the suitability of your treatment or procedure, tailor it to meet your specific health and wellbeing needs and delivery it safely. At least once a year, you will be asked to confirm that your medical history form is accurate. Following review of your answers, treatment may be refused if it is not considered to be in your best interests to proceed. Failure to provide health and medical information may result in your treatment or procedure being cancelled, as we cannot perform these services without this information.
You will also be asked to provide the contact details of an emergency contact. We will only use these details to make contact in the event you are involved in an emergency.
X-Rays, Photographs and Videos
During the course of your treatment it may be necessary to take x-ray images so that we can assess your dental health and recommend the appropriate course of treatment. It may also be necessary for us to take photographs or videos of your teeth, mouth and face so that we can deliver the most appropriate treatment for you and ensure that you receive the best possible results. Where photographs are required to deliver your treatment you will be informed during your appointment.
We sometimes take photographs and videos of patients before, during and after treatments and procedures, to show them their great results and to enable us to evidence, train, evaluate and where necessary further enhance the effectiveness of our treatments and services.
We are proud of the results we achieve through our treatments and may ask for your permission to display your before and after photographs and/or videos within our promotional materials or on our social media channels. We respect your right to privacy and understand that you may not be comfortable with sharing your image publicly. Where we would like to share your before and after photographs within our promotional material or on our social media channels, we will ask for your explicit consent before using them.
CCTV
Closed Circuit Television (‘CCTV’) operates at all of our sites. CCTV is in use for the prevention and detection of crime for the purposes of our legitimate business interests. We keep CCTV images for at least 3 months. Where a legal reason is identified to retain them for a longer timeframe, images will be retained until there is no longer a need to keep them.
Use of Dental Labs
If you have opted to receive a treatment that involves the fixing of a crown, bridge or other synthetic dental material, we will appoint a specialist dental laboratory to create this for you. Similarly, if you opt to receive removable aligners, your personal data will be shared with the aligner provider to create these for you. The personal data we share with these providers is kept to a minimum. Please see ‘Who we share information with’ below for more information on specific third parties that we work with.
After your appointment
Purchases
During your appointment you may choose to take advantage of Ruh Dental products available exclusively within our clinics. Should you choose to make a purchase, we will also collect your name and payment details for the purposes of completing the sale.
Feedback
After your visit in clinic, we will contact you by email to thank you for attending and to ask for feedback about your patient experience. This information is really useful to us so we can evaluate our services and continue to improve our patient experience. Your feedback may be shared with your dentist and the team working with you for their own personal development and any specific requests you make for future treatments or procedures, may be added to your file so we can tailor your next appointment accordingly.
Aftercare instructions
Following your appointment, we will email you aftercare instructions for you to follow to optimise the results of your treatment. This is to ensure that you do not engage in any activity that could impact the final result of your treatment. Providing you with a copy via email allows you to revisit the guidance at your convenience. If you have visited us for a dental check-up, we will contact you at regular intervals to remind you of when your next check-up is due. You can unsubscribe from these emails at any time.
Patient file
Your patient file includes the information that we hold that relates to you. We store your name, and the contact details you have shared with us as well as a record of the communications that take place between us and you. Your patient file also contains information relating to your treatment/s including the answers you provide to our medical questionnaires, copies of the consent you have provided to receive your treatment/s, details of the treatment given, and your before and after photographs. To provide you with a more personalised experience, we also make a note of any other information we deem relevant to your treatment or patient experience.
Friend referrals
We sometimes run promotions to encourage patients to refer our services to their friends. Patients are required to provide their friend’s name so that we may recognise them when they make a booking. Please ensure that you have your friend’s consent prior to sharing their name with us.
Using our website
When you visit our website, simple Cookies are used to help you navigate around our site and to tell us how well our website is performing. Cookies are small text files placed on the devices of visitors to websites. They are used to enhance the visitor’s experience and to allow us and other third parties to understand more about how the website is being used.
Subscribers
Ruh Dentals may use your email address, postal address or telephone number to send you information about our special offers, promotions, products or services. We will only send these marketing communications to you if you have consented (opted-in) to us using your contact details for these purposes. You can stop receiving these communications at any time by clicking the ‘unsubscribe’ link within the email or emailing us at compliance@ruhdental.com
Who we share information with
Your personal data may be shared with other healthcare professionals who need to be involved in your care.
We respect your privacy and confidentiality and will not share your personal data with third parties, unless you have consented to this; the recipient is a trusted partner working on our behalf (a data processor); or the UK laws allow us to.
Where we use ‘data processors’ to help us manage and store our patient data, we have Data Processing Agreements in place to protect any personal data they may have access to on our behalf. To find out who are data processors are, see section ‘Where we store your data’.
Our data processors only act on our instructions and are carefully selected to ensure they have robust security measures in place and comply with the UK data protection legislation when processing personal data.
There may be times when we need to disclose personal data to other data controllers, for example:
- If you suffer a medical issue and it is within your vital interests for us to share your information
- In the event that we sell our company or its assets
- If you provide us with your consent
- If we are under a duty to disclose your personal data, for example in response to a court order, request from law enforcement agencies or where we consider sharing to be in your vital interests
- To enforce or apply our terms and conditions and other agreements.
- To protect the rights, property, or safety of our company and its employees, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection.
We will never sell your personal data or share it in ways you would not reasonably expect.
Our lawful basis and data retention
Personal data
When we collect, use and retain personal data, the data protection laws require us to have a valid lawful basis for doing so. These are set out in Article 6 of the UK GDPR and relate to consent; contracts; legal obligations; vital interests; public tasks and legitimate interests. When we process more sensitive information (Special Category Data) such as health information, we are required to have additional lawful bases to handle that information. These are set out in Article 9 of the UK GDPR.
The table below outlines which lawful bases we rely on when we process your personal data and Special Category Data (health data) and how long we keep your information for:
|
Categories of data |
Lawful bases |
Retention period |
|
General enquiries: Name, email address, telephone number, nature of the enquiry |
Legitimate Interests (Article 6(1)(f)) |
1 Year for enquiries made that do not lead to a patient consultation or treatment. Where an enquiry leads to a consultation or treatment, the enquiry information will form part of your patient file and will be held for 11 years after your last treatment. |
|
Appointment bookings: Name, email address, date of birth, treatment/treatment plan |
Legitimate Interests (Article 6(1)(f)) |
11 years after your last treatment. |
|
Attending an appointment: Dental records including medical questionnaire and consent form |
Contract (Article 6(1)(b)) Defence of Legal Claims (Article 9(2)(f)) |
11 years after your last treatment. |
|
Photographs and video images before, during and after treatment/procedures for clinical purposes |
Contract (Article 6(1)(b)) Legitimate Interests (Article 6(1)(f)) Defence of legal claims (Article 9(2)(f)) |
11 years after your last treatment or if the patient is under the age of 18 at the time of treatment, until the patient’s 25th birthday. |
|
Photographs and video images before, during and after treatment/procedures for promotional purposes (where patient is identifiable) |
Consent (Article 6(1)(a)) Explicit Consent (Article 9(2)(a)) |
Duration of our business operations or until consent is withdrawn. |
|
After appointments: Purchase information, address and payment details |
Legitimate Interests (Article 6(1)(f)) |
11 years after your last treatment. |
|
Feedback emails |
Legitimate Interests (Article 6(1)(f)) |
Duration of our business operations. |
|
Aftercare instructions |
Contract (Article 6(1)(b)) |
11 years after your last treatment. |
|
Patient file |
Legitimate Interests (Article 6(1)(f)) Defence of legal claims (Article 9(2)(f)) |
11 years after your last treatment. |
|
Subscribers: Name, email address |
Legitimate Interests (Article 6(1)(f)) |
We keep subscriber data until you unsubscribe; if the email address becomes invalid, or if we no longer believe you want to hear from us. We retain the contact details of those who have unsubscribed indefinitely, so we know not to contact them again. |
|
Friend referrals: Name |
Legitimate Interests (Article 6(1)(f)) |
See ‘Subscribers’ |
|
Using our website: Information including referral source, part of the webpage clicked, number of web pages visited and the length of time spent on each page. Please see our Cookie Policy for full details on how we use cookies and tracking technologies. |
Legitimate Interests (Article 6(1)(f)) |
Please see our Cookie Policy for specific retention periods. |
Where we store your data
We store your data in the UK or the European Economic Area (EEA), however some of our service providers may store personal data outside these areas. Where this is the case, we have UK International Data Transfer Agreements with these service providers, which ensures they process our data securely and in line with our data protection laws.
We work with the following service providers on a regular basis:
We use Google Workspace as our practice management software and email provider. More information about Google and the security it provides can be found here.
- Dentally (patient platform and dental software provider)
All information that you provide to us is securely stored within our patient management system, Dentally. For more information about Dentally, please visit www.dentally.com
- Pipedrive (patient relationship management platform)
Your contact details and all communications that we have with you are stored within our patient relationship management platform, Pipedrive. For more information about Pipedrive please visit www.pipedrive.com
- Better Proposals (email generation tool)
We use Better Proposals to create email communications that we then send to you. For more information about Better Proposals please visit www.betterproposals.com
- Intercom (website chatbot)
For a personalised and efficient patient experience, our website also operates a live-chat feature provided by Intercom. Our online chatbot that allows you to find out more about specific treatments and understand the treatments that best suit your concerns. Information provided to the Chatbot is passed to our receptionist team. For more information about our live-chat feature, please visit https://www.intercom.com/
- Stripe Payments Europe Limited (payment services provider)
We use Stripe Payments Europe Limited to process payments on our behalf. For more information about SPEL, please visit Privacy Policy (stripe.com)
- Align Technology
We use Align Technology to provide Invisalign treatment to our patients. Align Technology provides us with the devices to take high resolution images of your teeth as well as the aligner trays that are a necessary component of the treatment. If you are a patient receiving Invisalign treatment from us, you can find out more about Align Technology by visiting www.aligntech.com
Please contact us for a full list of our sub-processors by emailing compliance@ruhdental.com
How we protect your data
We take our security responsibilities very seriously and have put in place robust measures to protect our data and our customers’ personal data from accidental or unlawful access, disclosure, loss, damage or destruction.
Here are some examples of how we achieve this:
- Data is held on encrypted servers. In the event that personal data is stored outside the UK or EEA, contracts (International Data Transfer Agreements) will be in place to ensure the data is secure and protected in line with the UK GDPR.
- Access to our data and systems is on a strict need to know basis and we ensure our employees and contractors are under an obligation of confidentiality.
- Employees receive mandatory data protection training and sign up to our Data Protection Policy.
- We have robust procedures in place to manage and report personal data security breaches, in the unlikely event of a breach occurring.
- Where we use companies who process personal data on our behalf, we carry out due diligence checks on these companies and have written contracts in place (Data Processing Agreements) which require them to handle personal data in line with the UK data protection laws.
- We use up to date virus and malware protection software, encryption and we back up data regularly.
Your data protection rights
You have the following rights under the data protection laws:
Right to know
You have the right to be told how your personal data is being processed. This privacy notice tells you how we handle your personal data.
Right of access
You have the right to ask us for a copy of your personal data.
Right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure
You have the right to ask us to erase your personal data in certain circumstances.
Right to restriction of processing
You have the right to ask us to restrict the processing of your personal data in certain circumstances.
Right to object to processing
You have the right to object to us processing your personal data where we consider this is necessary for our legitimate interests or those of a third party.
Right to data portability
You have the right to ask that your personal data is transferred (ported) from us to another organisation or given to you. This applies to information you have given to us where we are processing your information based on your consent or for contractual purposes and the processing is automated.
Right to complain
We work to high standards when it comes to processing your personal data. We hope you will always be happy with the way we handle your information, however if we have not met your expectations, please let us know so we can put things right. If you remain dissatisfied, you have the right to complain to the Information Commissioner’s Office. Further information about your data protection rights, can be found on the Information Commissioner’s Office website at www.ico.org.uk
To exercise these rights, please contact us by emailing . You are not usually required to pay a fee and can expect to receive a response within one calendar month. Further information about your data protection rights can be found on the Information Commissioner’s Office website at www.ico.org.uk
Contact us
If you have any queries about this privacy notice or the services we offer, please email us at compliance@ruhdental.com
Changes to this privacy notice
We may need to update this privacy notice periodically, so we recommend that you revisit this information from time to time. This version was last updated on 14/05/2025
