Legal — Last updated 7 June 2026

Privacy Policy.

How Boston Dental HQ collects, uses, and protects your personal information. We've written this notice to be as plain and clear as we can manage — please get in touch if anything is unclear.

i.

About this notice.

This privacy notice explains how Boston Dental HQ Limited ("Boston Dental HQ", "we", "us", "our") collects, uses, and protects information about you when you visit our website, register your interest in becoming a patient, or — once we are open — receive care from us.

We are committed to protecting your personal information and to being transparent about what we do with it. This notice should be read alongside our other practice policies, which will be published in full when the practice opens.

A note on our current stage. Boston Dental HQ is currently in its pre-launch phase. The practice is due to open in Autumn 2026. Until we open, the only personal information we collect is what you choose to submit through the Register your interest form on bostondentalhq.com. This notice covers both that current activity and how we will handle information once the practice is operating.

ii.

Who we are.

Boston Dental HQ Limited is the data controller for the personal information we collect.

Company
Boston Dental HQ Limited
Company no.
16943791
Practice address
14–16 Strait Bargate, Boston, Lincolnshire, PE21 6LW
Website
bostondentalhq.com
iii.

ICO and CQC registration.

Boston Dental HQ Limited is registering with the Information Commissioner's Office (ICO) and the Care Quality Commission (CQC) in advance of opening. Registration numbers will be added to this notice when they are issued.

v.

What information we collect.

Currently (pre-launch)

When you register your interest on bostondentalhq.com, we collect:

  • Your name
  • Your email address
  • Your phone number
  • A record of your consent to be contacted
  • The date and time you submitted the form

Once the practice opens

We will collect additional information from patients in the course of providing care, which will typically include:

  • Contact and identification details (address, date of birth, next of kin)
  • Medical and dental history
  • Clinical records, dental images, radiographs and treatment plans
  • Payment information (we do not store full card details)
  • Records of correspondence with you
vi.

Why we collect this information.

Currently (pre-launch)

  • To contact you when the practice opens to invite you to book an appointment.
  • To respond to any questions you send us through the website.

Once the practice is operating

  • To provide safe and effective dental care.
  • To maintain accurate clinical and administrative records.
  • To respond to your queries and any concerns.
  • To meet our regulatory and legal obligations (to the GDC, CQC, ICO, HMRC and others).
  • To audit and improve the quality of our care.
  • To send you appointment reminders and service-related information.
  • To send you, with your consent, information about our services that we think may interest you. You can opt out of these communications at any time.
vii.

Who we share information with.

Currently

Two third-party service providers process information on our behalf:

  • Web3Forms — a form-processing service based in the United States. When you submit the form on our website, your information is transmitted via Web3Forms to our practice email inbox. Web3Forms acts as a data processor under our instructions. Their privacy policy is at web3forms.com/legal/privacy-policy.
  • Netlify — our website hosting provider, based in the United States. Netlify processes server logs in the course of delivering the website to your browser.

Once the practice is operating, we may also share information with:

  • Other dental and medical professionals involved in your care, including referrals to specialists and dental laboratories.
  • The General Dental Council (GDC), Care Quality Commission (CQC), and Information Commissioner's Office (ICO) where required by law or regulation.
  • HM Revenue & Customs and other government bodies where required.
  • Our practice-management software provider, our IT support provider, and our accountancy/payroll provider — each acting as a data processor under formal written agreements.
  • Our indemnity insurance provider, in the event of a complaint or claim.

We do not sell your information to third parties for marketing purposes, and we never will.

viii.

International transfers.

Some of the services we use — specifically Web3Forms and Netlify — are based in the United States. This means that personal information you submit through our website is transferred outside the United Kingdom.

These transfers are protected by appropriate safeguards in line with UK GDPR, including the UK International Data Transfer Agreement (IDTA) and Standard Contractual Clauses (SCCs) where applicable. The services we use publish their own data-protection commitments and have implemented technical and organisational measures consistent with UK and EU standards.

ix.

How long we keep information.

Registration form data (pre-launch)

We will keep your registration details until the practice opens and you either become a patient or tell us you no longer wish to be contacted. If you have not engaged with us within 12 months of our opening, we will delete your details.

Patient records (once operating)

We will retain clinical records in line with General Dental Council and UK legal guidance:

  • Adult patients: at least 11 years from the date of the last entry in your record.
  • Patients who were minors at any time: until your 25th birthday, or 11 years from the last entry, whichever is later.

Financial and tax records are retained for 6 years in line with HMRC requirements. Other records (e.g. correspondence, complaints) are kept for the period appropriate to their purpose.

x.

Your rights.

Under UK GDPR, you have the following rights in relation to your personal information:

  • Right of access — to obtain a copy of the personal information we hold about you.
  • Right to rectification — to ask us to correct inaccurate or incomplete information.
  • Right to erasure — to ask us to delete your information where there is no compelling reason for us to continue holding it.
  • Right to restrict processing — to ask us to limit how we use your information in certain circumstances.
  • Right to data portability — to receive a copy of your information in a structured, portable format.
  • Right to object — to processing for direct marketing, or where we are relying on legitimate interests.
  • Right to withdraw consent — at any time, where we are processing your information on the basis of your consent.
  • Right not to be subject to solely automated decision-making.

To exercise any of these rights, please contact us using the details in section 15. We will normally respond within one calendar month.

xi.

How we keep information secure.

We take the security of your personal information seriously. The measures we have in place include:

  • Encrypted (HTTPS) transmission of all data submitted through our website.
  • Restricted access — only staff who need to use your information for their role can see it.
  • Staff training on data protection and confidentiality, refreshed at least annually.
  • A written data protection policy, secure password practices, and clear breach-response procedures.
  • Written data processing agreements with all third-party service providers requiring equivalent security standards.
  • Confidentiality clauses in all staff contracts.
xii.

Personal data breaches.

If we suffer a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner's Office within 72 hours of becoming aware of it. If the breach is likely to result in a high risk to you, we will notify you directly without undue delay.

We keep a written record of all personal data breaches, regardless of whether they are reportable.

xiii.

Cookies and analytics.

The bostondentalhq.com website does not currently use cookies for tracking, analytics, or advertising. The website does not run third-party analytics scripts.

Typefaces on the website are loaded from Google Fonts. Doing so involves your browser making a request to Google's font servers (fonts.googleapis.com), which may log your IP address. See Google's privacy policy for details of how this is handled.

We will update this section if we introduce cookies or any other tracking technology.

xiv.

For job applicants.

If you apply for a role at Boston Dental HQ through the careers page on our website (bostondentalhq.com/careers.html), we collect and process information specifically for the purposes of recruitment.

What we collect

  • Your name, email address, and phone number.
  • The role you've applied for, and your GDC registration number if you've chosen to provide it.
  • Your CV.
  • Any cover note you've chosen to include.
  • A record of your consent and the date and time you applied.

Your CV may include additional information that you've chosen to share — for example, employment history, qualifications, references, or personal interests. Some of this may fall into what UK GDPR calls "special category" data (such as health, ethnic origin, or trade union membership). We do not ask for any of this, and where it appears we use it only for the assessment of your application.

Legal basis

We process your information on two bases:

  • Article 6(1)(a) UK GDPR — your consent (you tick the box when you submit the form).
  • Article 6(1)(f) UK GDPR — our legitimate interest in recruiting suitable people for our team. We have considered the impact on your privacy and believe this is proportionate; you can object at any time.

Who sees it

  • Members of our internal hiring panel — the company directors and, where appropriate, the practice manager.
  • Web3Forms, our form-processing service (see section 7), which transmits your application to our inbox.

We do not share applications with any other third party. Your CV is not stored on the website itself.

How long we keep it

  • If your application is unsuccessful, we will keep your details for up to 12 months from the date you applied, in case a suitable role comes up. After that, we will delete them.
  • If we hire you, your application becomes part of your employment record and is kept in line with employment law (typically 6 years after employment ends).
  • You can ask us to delete your application at any time using the contact details in section 16.

Your rights

All the rights set out in section 10 of this notice apply to your application data.

xv.

Complaints.

If you are unhappy with how we have handled your personal information, please contact our data protection lead first (section 16). We will investigate your concern and respond.

If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner's Office:

ICO
Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Telephone
0303 123 1113 (local rate)  or  01625 545 745 (national)
Website
https://ico.org.uk/
xvi.

Contact us.

For any data-protection queries — including requests to access, correct, or delete your information, or to withdraw consent — please contact:

By post
Data Protection Lead
Boston Dental HQ Limited
14–16 Strait Bargate
Boston, Lincolnshire
PE21 6LW
xvii.

Changes to this notice.

We will review this notice regularly and update it when there are material changes to the way we process your information, when we add new services or third-party processors, or when guidance from the ICO or other regulators changes.

The current version will always be available at bostondentalhq.com/privacy.html. The "Last updated" date at the top of this notice reflects when it was most recently revised.