Privacy Policy for OrthodonticLounge.com

Last updated: 14 May 2026

This Privacy Notice explains how we collect, use, store and share personal data when you use our website, contact us, or receive care from any Orthodontic Lounge clinic operated by Lockerbie Dental. It applies to patients, website visitors, staff, contractors and suppliers.

  1. Who We Are

Orthodontic Lounge clinics are operated by Lockerbie Dental, which acts as the Data Controller for the personal data described in this notice.

Lockerbie Dental

80 High Street

Lockerbie

DG11 2EU

Telephone: 01576 204724

Email: info@lockerbiedental.com

ICO Registration reference: ZB906375

If you have any questions about this Privacy Notice or how we use your information, please contact us using the details above.

  1. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Patient identification details, contact details and appointment information.
  • Clinical records, treatment history, referrals, correspondence and imaging relevant to your care.
  • Financial and billing information.
  • Staff, recruitment and employment records.
  • Contractor and supplier details.
  • Website usage data, including cookie and device information.
  1. How We Use Your Information

We use personal data only where we have a valid legal basis to do so. Typical uses include:

  • Providing safe, appropriate and effective dental and orthodontic care.
  • Managing appointments, treatment plans, payments and patient communications.
  • Meeting employment, tax, pension, accounting and legal obligations.
  • Managing supplier and contractor relationships.
  • Operating, improving and securing our website and systems.
  • Analysing website traffic and measuring marketing performance where consent has been provided.
  1. Lawful Bases for Processing

We rely on the following lawful bases under UK data protection law:

  • Consent – for marketing communications and non-essential cookies.
  • Contract – where we need your data to provide treatment or fulfil a service agreement.
  • Legal obligation – where we must keep or disclose information to comply with law.
  • Legitimate interests – for internal administration, practice management, security and certain website operations, provided these interests do not override your rights.
  • Public task – where we provide NHS treatment or otherwise act under a legal duty.

Because health information is special category data, we also rely on additional conditions under UK GDPR and the Data Protection Act 2018 when processing clinical records and other sensitive health information.

  1. Special Category Data and Health Records

Dental and orthodontic records may include information about your health, treatment and medical history. We process this information only where it is necessary for your care, clinical governance, legal compliance or other lawful healthcare purposes. We apply appropriate confidentiality and security safeguards at all times.

  1. Cookies, Analytics and Google Services

Our website uses cookies and similar technologies to support essential website functions, improve performance, understand how visitors use the site and, where permitted, support analytics and marketing activities.

We may use services such as Google Analytics, Google Ads, Google Tag Manager, Meta Pixel, online booking systems, cookie consent platforms and other website or marketing tools.

These services may collect information such as device identifiers, browser information, IP-related data, page interactions and advertising identifiers, depending on your consent settings.

Where required, we will ask for your consent before placing non-essential cookies or using analytics and advertising tools. You can change or withdraw your cookie preferences at any time through the cookie settings on our website or through your browser settings.

If you provide consent on our website or application, Google may process personal data in accordance with its business and advertising services policies.

For more information about how Google uses and processes data, please refer to:

Google’s Business Data Responsibility Site.

  1. Who We Share Information With

We only share personal data where it is necessary, lawful, proportionate and secure. This may include:

  • Dental specialists, hospitals, laboratories and other healthcare professionals involved in your care.
  • NHS bodies and relevant government agencies.
  • Payment, finance and dental plan providers where applicable.
  • IT, website, hosting, analytics and security providers acting on our instructions.
  • Regulators, insurers, legal advisers, law enforcement agencies and public authorities were required by law.

We do not sell personal data to third parties.

  1. International Transfers

Some technology providers, including Google and other cloud-based service providers, may process personal data outside the United Kingdom. Where this happens, we use appropriate safeguards permitted by law, such as approved contractual protections and recognised transfer mechanisms.

  1. Data Retention

We keep personal data only for as long as necessary for the purpose for which it was collected and to meet legal, clinical, regulatory and accounting obligations.

Typical retention periods include:

  • Patient records – normally 11 years after the last entry, or longer where legally required.
  • Staff records – normally 6 years after employment ends, subject to legal requirements.
  • Contractor and supplier records – normally 7 years after completion of the relevant contract.
  • Website and analytics data – retained for a period appropriate to the purpose and consent settings in place.
  1. Security

We use appropriate technical and organisational measures to protect personal data. These measures may include secure systems, access controls, encryption, secure backups, password protection, audit trails and staff confidentiality obligations.

Although no online system can be guaranteed to be completely secure, we regularly review our safeguards and take reasonable steps to reduce risk.

  1. Your Rights

Subject to legal limits, you have the right to:

  • Request access to your personal data.
  • Request correction of inaccurate or incomplete information.
  • Request erasure of data in certain circumstances.
  • Request restriction of processing in certain circumstances.
  • Object to processing in certain circumstances.
  • Request data portability where applicable.
  • Withdraw consent at any time where processing is based on consent.

To exercise your rights, please contact us using the details above. We may need to verify your identity before responding. We aim to respond within one month unless the request is particularly complex.

  1. Complaints

If you have concerns about how we use your personal data, please contact us first so that we can try to resolve the matter promptly.

Data Protection Officer: Asad Iqbal

Contact via: Lockerbie Dental, 80 High Street, Lockerbie, DG11 2EU

Email: info@lockerbiedental.com

You also have the right to complain to the Information Commissioner’s Office (ICO):

Website: www.ico.org.uk

Telephone: 0303 123 1113

  1. Updates to This Notice

We may update this Privacy Notice from time to time to reflect changes in our services, systems or legal obligations. Any updated version will be published on our website with a revised effective date.