Who is the data controller?
We are contracted by dental practices to help them in diagnosis, improving communication with patients and streamlining surgery time by avoiding unnecessary appointments. When you provide information to us for use by your dental practice we are acting as a “data processor” and your dental practice remains the “data controller”. This means that your dental practice exercises overall control over the purposes and means of the processing of your personal data and will have responsibility for your personal data under the Data Protection Act 2018 and UK GDPR. You should contact them directly to exercise any of the rights set out below.
Ouch will be the data controller of any personal data it processes in relation to your preferences and for direct marketing purposes.
What information do we collect from you?
When we talk about personal data or information, we mean any information which we know relates to an identifiable person.
We will collect and process the following data about you:
With regard to your use of our site we will automatically collect the following information to help us understand our users and improve our service:
Why do we collect this information?
We process your personal information for the following reasons:
We will carry out analytics to improve our products and services as set out above.
You have the right to object to processing carried out for our legitimate interests. See the What are your rights? section below for more information.
How long do we keep hold of your information?
Who might we share your information with?
For the purposes set out in the ‘Why do we collect this information?’ section above, we will share your personal and health information with your dental practice.
We may also need to share your personal data with third parties, some of whom we appoint to provide services, including:
These third parties are contractually required to only access personal data for the specific and limited purposes for which they are engaged, and are subject to confidential undertakings.
How is your data stored and kept secure?
We take your safety and security very seriously and we are committed to protecting your personal and health information. All information kept by us is encrypted and stored on our secure servers. We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us.
Where we have given you (or where you have chosen) a password that enables you to access certain parts of our service, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We store your data on servers located in the UK and do not use any IT service providers outside the UK or otherwise transfer your personal data outside of the UK.
What are your rights?
Where processing of your personal data is based on consent, you can withdraw that consent at any time.
You have the following rights when Ouch is acting as a data controller (you should contact your dental practice to exercise your rights where it is the data controller). You can exercise these rights at any time by contacting us at firstname.lastname@example.org. You have the right:
Should you have any issues, concerns or problems in relation to your data, or wish to notify us of data which is inaccurate, please let us know by contacting us at email@example.com. In the event that you are not satisfied with our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/. We ask that you raise any concerns with us first so that we can seek to resolve any issues you may have.
For the purpose of data protection legislation, the data controller is Ouch Medical Limited, whose registered address is 111a High Street, Wealdstone, Middlesex, United Kingdom, HA3 5DL
This section is for professional contacts only and does not apply to our site users.
If you contact us, provide us with a business card or otherwise provide us with your contact details in a professional capacity then we will process your personal information for the purposes of pursuing a potential or actual business relationship with you. We will normally record your name, professional contact details, job and employer information. We may use this information to send you correspondence updating you on our site and services or offering business opportunities appropriate to your role. We do this in our legitimate interests to promote and grow our business.