Privacy Policy

Last updated: 3 February 2025

PracticeLoop (“we”, “us”, “our”) is committed to protecting your personal data. This privacy policy explains how we collect, use, store and protect your information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

Who we are

PracticeLoop provides patient reactivation services to dental practices in the United Kingdom. We act as a data controller in respect of personal data we collect from visitors to our website and from practice staff and contacts who engage with our services. When we process patient data on behalf of dental practices in connection with our reactivation campaigns, we do so as a data processor under instructions from the practice (which remains the data controller for that patient data).

If you have questions about this policy or our use of your data, you can contact us at:

What data we collect and why

2.1 Website visitors

When you visit our website we may collect:

  • Technical data: IP address, browser type and version, device type, time zone, operating system, and how you use our site (e.g. pages viewed, time spent). This is typically collected via cookies and similar technologies.
  • Usage data: Information about how you navigate the site (e.g. clicks, scroll depth) where we use analytics or similar tools.

We use this to run and improve our website, analyse usage, and ensure security. Our legal basis is our legitimate interest in operating and improving our services and protecting our systems.

2.2 Enquiries and consultations

When you contact us (e.g. by email or phone) or book a consultation via Calendly or similar tools, we may collect:

  • Name, email address, phone number, and any other details you provide (e.g. practice name, role, number of patients).

We use this to respond to your enquiry, run consultations, and where relevant to provide our reactivation services. Our legal basis is performance of a contract (or steps prior to contract) and our legitimate interest in managing business relationships.

2.3 Dental practice clients

When you become a client we may collect and process:

  • Contact and role details for practice staff (names, emails, phone numbers).
  • Practice details (name, address, practice management system used).
  • Contract, billing and correspondence related to our services.

We process this to deliver our services, manage the contract, send reports, and for billing. Our legal basis is performance of contract and our legitimate interest in running our business.

2.4 Patient data (processed on behalf of practices)

As part of our reactivation campaigns we may process patient data (e.g. name, contact details, last visit date, appointment history) that dental practices share with us. We do this only as a data processor under a contract with the practice. The practice remains the data controller and is responsible for having a lawful basis and for informing patients. We use the data solely to run the reactivation campaign (calls, SMS, booking links, reporting) and in accordance with the practice’s instructions and our data processing agreement. We do not use patient data for our own marketing or for any purpose other than providing the service.

Legal bases under UK law

We only process personal data where we have a valid legal basis under UK GDPR. We rely on:

  • Contract: Where processing is necessary to perform our contract with you or to take steps at your request before entering a contract.
  • Legitimate interests: Where we have a legitimate interest (e.g. running our website, improving services, security, managing relationships) and your interests and fundamental rights do not override those interests.
  • Legal obligation: Where we must process data to comply with UK law (e.g. tax, regulatory requirements).
  • Consent: Where we ask for your consent for a specific purpose (e.g. marketing). You can withdraw consent at any time.

How we use your data

We use the data we collect to:

  • Provide and improve our patient reactivation services.
  • Communicate with you about enquiries, consultations, and our services.
  • Manage contracts, billing, and reporting.
  • Run and improve our website and analyse usage.
  • Comply with legal and regulatory obligations.
  • Protect our business and systems (e.g. fraud prevention, security).
  • Send marketing only where we have your consent or a soft opt-in that you have not opted out of.

We do not use your data for automated decision-making or profiling that has legal or similarly significant effects.

Sharing your data

We may share your data with:

  • Service providers: For example Calendly (booking), email and hosting providers, analytics providers, and (where applicable) practice management or communication tools we use to deliver reactivation campaigns. These providers act as processors or sub-processors under contract.
  • Professional advisers: Lawyers, accountants or insurers where necessary in the context of our business.
  • Regulators and authorities: Where we are required to do so by UK law (e.g. HMRC, ICO, courts).

We do not sell your personal data. We require processors to keep your data secure and use it only as we instruct.

International transfers

Your data is primarily processed in the United Kingdom. If we transfer data outside the UK (e.g. to service providers in the EEA or USA), we ensure appropriate safeguards are in place, such as:

  • UK adequacy regulations (where the country is deemed adequate).
  • UK International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses.
  • Other mechanisms approved under UK data protection law.

You can request details of the safeguards we use for any specific transfer.

How long we keep your data

We keep personal data only for as long as necessary for the purposes set out in this policy and to meet legal, regulatory, tax or accounting requirements.

  • Website/technical data: Typically for the duration of the session or as required by our analytics/cookie retention settings (often up to 24–26 months for analytics).
  • Enquiries and consultations: For the duration of our relationship and a reasonable period after (e.g. 3–7 years for contract and enquiry records where relevant to legal or tax requirements).
  • Client and contract data: For the term of the contract and for a period after termination as required for legal, tax or regulatory purposes (often up to 7 years).
  • Patient data (as processor): In accordance with the data processing agreement and the practice’s instructions; typically for the duration of the campaign and a short retention period for reporting, then securely deleted or returned.

After the retention period we securely delete or anonymise the data.

Your rights under UK law

Under the UK GDPR and DPA 2018 you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data in certain circumstances (e.g. where it is no longer necessary or you withdraw consent where that was the basis).
  • Restriction: Request that we restrict processing in certain situations.
  • Data portability: Request a copy of your data in a structured, machine-readable format where the legal basis is contract or consent.
  • Object: Object to processing based on legitimate interests, including to marketing.
  • Withdraw consent: Where we rely on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at sebastian@practiceloop.co. We will respond within one month, subject to any extension permitted by UK law. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority: ico.org.uk/make-a-complaint.

Cookies and similar technologies

Our website may use cookies and similar technologies (e.g. local storage) to:

  • Remember your preferences and settings (strictly necessary / essential).
  • Understand how the site is used (analytics).
  • Load third-party content (e.g. Calendly widget).

Where required by law we will obtain your consent for non-essential cookies. You can change your browser settings to block or delete cookies; some features of the site may not work fully if you do so.

Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration or disclosure. These include access controls, encryption where appropriate, and training for anyone who handles personal data. We review our measures regularly and will notify you and the ICO of a personal data breach where we are required to do so by law.

Children

Our website and services are aimed at dental practices and business users. We do not knowingly collect personal data from children under 13. If you believe we have collected data relating to a child, please contact us and we will delete it promptly.

Changes to this policy

We may update this privacy policy from time to time. The “Last updated” date at the top will be revised when we make changes. We encourage you to review this page periodically. Where changes are material we may notify you by email or via a notice on our website.

Contact

For any questions about this privacy policy or our use of your personal data, please contact:

PracticeLoop
Email: sebastian@practiceloop.co
Phone: +44 (0) 7500 941690

← Back to PracticeLoop