Privacy Policy (February 2021)

We are Ouch Medical Limited. We are committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data we collect will be processed by us. Please read this privacy policy carefully to understand our views and practices and your rights regarding your personal data. By visiting our website (our site) or by otherwise providing us with your personal information, it will be processed as described in this policy.

  • Who is the data controller
  • What information do we collect from you?
  • Why do we collect this information?
  • How long do we keep hold of your information?
  • Who might we share your information with?
  • How is your data stored and kept secure?
  • What are your rights?
  • How can you access information we hold about you?
  • Changes to this Policy
  • Cookies
  • Contact Us
  • Business contacts

Who is the data controller?

We are contracted by dental practices to help them in diagnosis, improving communication with patients and streamlining surgery time by avoiding unnecessary appointments. When you provide information to us for use by your dental practice we are acting as a “data processor” and your dental practice remains the “data controller”. This means that your dental practice exercises overall control over the purposes and means of the processing of your personal data and will have responsibility for your personal data under the Data Protection Act 2018 and UK GDPR. You should contact them directly to exercise any of the rights set out below.

Ouch will be the data controller of any personal data it processes in relation to your preferences and for direct marketing purposes.

What information do we collect from you?

When we talk about personal data or information, we mean any information which we know relates to an identifiable person.

We will collect and process the following data about you:

  • Information you give us. This is information about you that you give us by entering information into our website or by otherwise corresponding with us. This may include your name, date of birth, contact details, occupation, Doctor’s details, National Insurance Number, medical symptoms and history (including Covid history), smoking/alcohol habits, and signature. As noted above, we process this information on behalf of your dental practice.
  • Video-conferencing between you and your dentist. We will not record any conversations between you and your dentist without the express consent of both parties, which will be sought at the time that any such meeting is arranged.
  • Information we collect from your use of our site. With regard to each of your visits to our site we will collect the following information:
    • technical information, such as the Internet protocol (IP) address used to connect your device to the Internet, whereabouts you connected to our service, your internet service provider (ISP), and what type of device and browser you are using to access our service;
    • Profile information such as your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.

    With regard to your use of our site we will automatically collect the following information to help us understand our users and improve our service:

    • how regularly you use the site and how long the sessions are;
    • which features of the site you use.
  • Information we collect when you use our chatbot service. We do not collect or retain your name or contact details when you use our chatbot service (this information is only collected by your dental practice). Any other information you enter when using the chatbot service will be collected and held anonymously by us to be used for analytical purposes only.
  • Special Category personal data. This is data which reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, data concerning health or a person’s sex life or sexual orientation and biometric data used for identification purposes. We will ask you to provide health data when you update your patient record, when booking an appointment or using our chatbot function. We will not process this data for any purposes other than to provide it your dental practice, store it on behalf of your dental practice, or retain it anonymously for analytical purposes.
  • Information provided by our contractual partners. This is information the Dental Practice provides us in connection with the services we provide to them and may include the names and contact details of staff.

Why do we collect this information?

We process your personal information for the following reasons:

  • On the basis of your consent:
    • To enable your personal and health data to be provided to your dental practice in connection with the dental services they provide to you.
    • We will only contact you with direct marketing communications if you consent to us doing so and you have the right to withdraw consent at any time. See the What are your rights? section below for more information.
  • To provide dental practices with our services as part of our contractual agreement with them in order to:
    • process information at their request to take steps to enter into an agreement with them for the provision of services;
    • provide them with our services;
    • process payments;
    • make deliveries;
    • test and update essential software;
    • maintain business and service continuity; and
    • send service communications so that they receive a full and functional service and so we can perform our obligations to them. These will include notifications about changes to our service.
  • In our legitimate interests of providing the best service and improving and growing our business we will process information in order to:
    • provide you with a personalised experience;
    • improve our site and our services;
    • sell products to you
    • keep our site and systems safe and secure;
    • understand our customer base and usage trends;
    • test our software and develop new functionality;
    • anonymise and aggregate data to use for further analytics purposes;
    • defend against or exercise legal claims and investigate complaints; and
    • understand the effectiveness of our marketing.

    We will carry out analytics to improve our products and services as set out above.

    You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.

  • To comply with legal requirements relating to:
    • the provision of products, apps and services;
    • data protection;
    • health and safety;
    • anti-money laundering;
    • fraud investigations;
    • assisting law enforcement; and
    • any other legal obligations placed on us from time to time.

How long do we keep hold of your information?

  • Once you complete any forms this is immediately sent to your Dental Practice and deleted from our site as soon as notification of delivery is established (no later than the end of each business day).
  • Any personal data that we do hold as a data processor on behalf of your Dental Practice will be retained by us in accordance with the terms of the data processing agreement entered into with the Dental Practice.
  • As indicated above, any information provided during use of our Chatbot service will be retained anonymously and used by us for analytical purposes only.
  • Any personal data belonging to our contractual partners (such as Dental Practices and their staff) will be retained no longer than 6 years after the contract is terminated.

Who might we share your information with?

For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal and health information with your dental practice.

We may also need to share your personal data with third parties, some of whom we appoint to provide services, including:

  • suppliers and sub-contractors to provide you with our site and services;
  • analytics and search engine providers that assist us in the improvement and optimisation of our site, app and services; and
  • customer survey providers in order to receive feedback and improve our services.

These third parties are contractually required to only access personal data for the specific and limited purposes for which they are engaged, and are subject to confidential undertakings.

How is your data stored and kept secure?

We take your safety and security very seriously and we are committed to protecting your personal and health information. All information kept by us is encrypted and stored on our secure servers. We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.

Where we have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

International Transfers

We store your data on servers located in the UK and do not use any IT service providers outside the UK or otherwise transfer your personal data outside of the UK.

What are your rights?

Where processing of your personal data is based on consent, you can withdraw that consent at any time.

You have the following rights when Ouch is acting as a data controller (you should contact your dental practice to exercise your rights where it is the data controller). You can exercise these rights at any time by contacting us at You have the right:

  • to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes;
  • to ask us not to process your personal data where it is processed on the basis of legitimate interests provided that there are no compelling reasons for that processing;
  • to ask us not to process your personal data for scientific or historical research purposes, where relevant, unless the processing is necessary in the public interest.
  • to request from us access to personal information held about you;
  • to ask for the information we hold about you to be rectified if it is inaccurate or incomplete;
  • to ask for data to be erased provided that the personal data is no longer necessary for the purposes for which it was collected, you withdraw consent (if the legal basis for processing is consent), you exercise your right to object, set out below, and there are no overriding legitimate ground for processing, the data is unlawfully processed, the data needs to be erased to comply with a legal obligation or the data is children’s data and was collected in relation to an offer of information society services;
  • to ask for the processing of that information to be restricted if the accuracy of that data is contested, the processing is unlawful, the personal data is no longer necessary for the purposes for which it was collected or you exercise your right to object (pending verification of whether there are legitimate grounds for processing);
  • to ask for data portability if the processing is carried out by automated means and the legal basis for processing is consent or contract.

Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us at In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time. The ICO’s contact details are available here: We ask that you raise any concerns with us first so that we can seek to resolve any issues you may have.


Our site uses cookies as set out in our cookie policy.

Changes to our privacy policy

This policy may be updated from time to time. Please check back frequently to see any updates or changes to our privacy policy.

Contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be emailed to or submitted through our website page.

For the purpose of data protection legislation, the data controller is Ouch Medical Limited, whose registered address is 111a High Street, Wealdstone, Middlesex, United Kingdom, HA3 5DL

Business information

This section is for professional contacts only and does not apply to our site users.

If you contact us, provide us with a business card or otherwise provide us with your contact details in a professional capacity then we will process your personal information for the purposes of pursuing a potential or actual business relationship with you. We will normally record your name, professional contact details, job and employer information. We may use this information to send you correspondence updating you on our site and services or offering business opportunities appropriate to your role. We do this in our legitimate interests to promote and grow our business.