For Patients
Sign up / Login
For Patients
Sign up/ Login
For Patients
Sign up / Login

GDPR

Our mission: taking the stress out of aligners

Our GDPR Policy

  1. Introduction

At The ClearOrtho Ltd, we are committed to protecting and respecting your privacy. This GDPR Policy outlines how we collect, use, store, and protect personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

  1. Purpose

The purpose of this policy is to ensure that all personal data is processed in a lawful, fair, and transparent manner. We aim to uphold the rights of individuals whose data we process while maintaining the integrity and security of personal information.

  1. Scope

This policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of the Laboratory. It covers all personal data processed, whether in electronic or paper format, related to our clients, employees, suppliers, and any other individuals.

  1. Definitions
  • Personal Data: Any information that relates to an identified or identifiable individual, including names, contact information, dental records, and health information.
  • Data Subject: An individual whose personal data is processed by The ClearOrtho Ltd.
  • Processing: Any operation performed on personal data, including collection, storage, use, and deletion.
  1. Legal Basis for Processing Personal Data

The ClearOrtho Ltd will only process personal data when we have a lawful basis to do so under the UK GDPR. The legal bases we may rely on include:

  • Consent: We obtain explicit consent from individuals for specific processing activities.
  • Contract: Processing is necessary for the performance of a contract with the individual or to take steps at their request prior to entering into a contract.
  • Legal Obligation: Processing is necessary for compliance with a legal obligation to which the Laboratory is subject.
  • Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided that such interests are not overridden by the rights and interests of the data subject.
  1. Data Subject Rights

Individuals have the following rights under the UK GDPR:

  • Right to Access: Individuals can request access to their personal data and obtain information about how it is processed.
  • Right to Rectification: Individuals can request the correction of inaccurate or incomplete personal data.
  • Right to Erasure: Individuals can request the deletion of their personal data under certain conditions (the right to be forgotten).
  • Right to Restrict Processing: Individuals can request the restriction of processing their personal data under specific circumstances.
  • Right to Data Portability: Individuals can request to receive their personal data in a structured, commonly used, and machine-readable format.
  • Right to Object: Individuals can object to the processing of their personal data where we are relying on legitimate interests.
  1. Data Protection Officer (DPO)

The ClearOrtho Ltd has appointed a Data Protection Officer (DPO) to oversee compliance with the UK GDPR. The DPO is responsible for:

  • Monitoring compliance with this policy and data protection legislation.
  • Acting as a point of contact for data subjects and the Information Commissioner’s Office (ICO).
  • Providing guidance and support to staff regarding data protection issues.
  1. Data Security Measures

To protect personal data, the Laboratory will implement appropriate technical and organizational measures, such as:

  • Access controls to limit data access to authorized personnel only.
  • Encryption of personal data where applicable.
  • Regular data protection training for staff.
  • Conducting privacy impact assessments for new projects or processing activities.
  • Maintaining an incident response plan to address data breaches promptly.
  1. Data Breach Notification

In the event of a data breach that compromises personal data, the Laboratory will take immediate action to mitigate the breach. We will notify affected individuals and the ICO within 72 hours of becoming aware of the breach, where required by the UK GDPR.

  1. Data Retention

The ClearOrtho Ltd,  will retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including any legal, accounting, or reporting requirements. Data retention periods will be defined and documented.

  1. Policy Review

This policy will be reviewed biannually or in response to significant changes in data protection legislation or our data processing activities. Updates to the policy will be communicated to all staff, and necessary training will be provided.

  1. Conclusion

At The ClearOrtho Ltd,  we are dedicated to ensuring that personal data is processed in compliance with UK GDPR. We value the trust of our clients and employees and are committed to safeguarding their personal information.

Policy Adoption Date: 1 January 2025  

Last Reviewed: 1 February 2025  

Next Review Date: 1 February 2027