Home / Privacy notice Legal information

Privacy notice.

How we use and protect personal information when providing dental care and operating this website.

Last reviewed: 13 July 2026

On this page Who we are Information we use Why we use it Who we share it with How long we keep it Your rights Contact and complaints
In plain English

We use the minimum information needed to arrange and provide care, keep accurate clinical records, take payment, meet our legal duties and respond to you. We do not sell patient information.

1. Who we are

King Dental & Associates is the data controller for personal information used by the practice. Our address is 46–48 Market Street, Carnforth, Lancashire LA5 9LB.

For privacy questions or to exercise a data protection right, contact our data protection lead:

  • Email: reception@kingdentalclinic.co.uk
  • Telephone: 01524 733867
  • Post: Data Protection Lead, King Dental & Associates, 46–48 Market Street, Carnforth LA5 9LB

2. Information we collect and where it comes from

Depending on your relationship with us, we may use:

  • identity and contact details, including your name, date of birth, address, telephone number and email address;
  • NHS number and information needed to confirm NHS eligibility, where applicable;
  • health and dental information, medical history, medicines, allergies, diagnoses, radiographs, scans, photographs, treatment plans and clinical notes;
  • appointment, communication, consent, complaint and feedback records;
  • payment, invoice, insurance and finance information; and
  • limited website technical information, such as IP address and request details generated when pages or externally hosted fonts are delivered.

We usually receive information directly from you. We may also receive it from a parent or representative, another healthcare professional, the NHS, a referrer, a dental laboratory, an insurer or finance provider where there is a lawful reason to do so.

Health information is “special category” personal data and receives additional legal protection.

3. Why we use your information

PurposeUK GDPR basis
Arrange appointments, assess your needs, provide private dental care, manage treatment plans and take paymentArticle 6(1)(b), taking steps at your request and performing our contract with you
Provide NHS care and carry out NHS functions where applicableArticle 6(1)(c) and, where applicable, Article 6(1)(e)
Keep clinical, safeguarding, financial and regulatory records and respond to regulators or lawful requestsArticle 6(1)(c), legal obligation
Practice administration, service improvement, security, fraud prevention and establishing or defending legal claimsArticle 6(1)(f), our legitimate interests, balanced against your rights
Optional marketing or another use for which we specifically ask permissionArticle 6(1)(a), consent, which you may withdraw

For health information, we normally rely on Article 9(2)(h), because processing is necessary for health care by or under the responsibility of regulated professionals. We may also rely on Article 9(2)(f) for legal claims, or explicit consent for a genuinely optional use.

We do not use patient information for solely automated decisions that produce legal or similarly significant effects.

4. Who we may share information with

Where necessary and lawful, recipients may include:

  • dentists, therapists, laboratories, specialists and other healthcare providers involved in your care;
  • NHS bodies, commissioners and payment authorities;
  • the Care Quality Commission, General Dental Council and other regulators;
  • insurers, indemnity providers, legal advisers, auditors and debt recovery providers;
  • secure practice-management, imaging, communications, hosting, backup and payment service providers acting under contract, including Netlify when it processes online appointment enquiries on our behalf; and
  • police, courts, safeguarding bodies or other authorities where disclosure is required or permitted by law.

We do not sell personal information. We require service providers to protect it and use it only for authorised purposes.

International transfers

Some website or technology suppliers may process limited information outside the UK. Where UK adequacy regulations do not apply, we require an appropriate safeguard, such as the UK International Data Transfer Agreement or the UK Addendum to approved standard contractual clauses, together with any necessary risk assessment.

5. How long we keep information

We keep information only for as long as needed for care, legal, regulatory, tax, insurance and complaint-handling purposes. Dental records are normally retained for at least 11 years after the end of treatment. Records relating to a child are normally retained until at least their 25th birthday, or for 11 years after the end of treatment if that is later. A longer period may apply where required by current NHS rules, safeguarding needs, an investigation or a legal claim.

Routine enquiries that do not become part of a clinical record are kept only for as long as needed to respond and manage any follow-up.

6. Security and confidentiality

We use access controls, staff confidentiality duties, training, secure systems, backups and supplier contracts to protect information. No internet service can be guaranteed completely secure, so please do not send urgent or unusually sensitive clinical information by ordinary email. Call the practice instead.

7. Your data protection rights

Depending on the purpose and lawful basis, you may have the right to:

  • ask for a copy of your personal information;
  • correct inaccurate or incomplete information;
  • ask us to erase or restrict information;
  • object to processing based on legitimate interests or to direct marketing;
  • receive certain information in a portable format; and
  • withdraw consent where consent is the basis used.

These rights are not absolute. In particular, we may need to keep an accurate clinical record despite an erasure request. We normally respond within one month and may ask for proof of identity.

8. Children and representatives

We provide age-appropriate privacy information and involve a person with parental responsibility where required. A child who has sufficient understanding may exercise their own data protection rights. We verify the authority of anyone acting for another person.

9. This website

The website does not currently use analytics or advertising trackers. When you submit the appointment form, the information is transmitted to and temporarily stored by our website and form-hosting provider, Netlify, so the practice can receive and respond to your enquiry. Netlify acts as a service provider processing this information on our behalf. Please do not include detailed medical information in the free-text field. Routine enquiries that do not become part of a patient record are deleted when no longer needed for the response or follow-up.

Pages displaying the practice location include an embedded Google Map, which connects to Google when the map loads and may share technical information such as your IP address and device details. External links and map services operate under their own privacy notices. See our Cookies policy for the current storage and external-content position.

10. Questions and complaints

Please contact our data protection lead first so we can investigate. You also have the right to complain to the Information Commissioner’s Office:

  • Make a complaint to the ICO
  • Telephone: 0303 123 1113

We may update this notice when our services, suppliers or legal duties change. The review date at the top shows the current version.