Privacy Policy & Cookies

The Grove Practice, operating at 6 Beauchamp Hill, Leamington Spa, Warwickshire, CV32 5NS; is a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation. In providing your dental care and treatment, we will ask you for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care.

The Grove Practice proprietors are responsible for keeping secure the information about you that we hold. Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, including the reception staff responsible for the management and administration of the practice.

We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation. This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.

Types of Personal Data that we hold

We can only keep and use information for specific reasons set out in the law. If we want to keep and use information about your health, we can only do so in particular circumstances. Below, we describe the information we hold and why, and the lawful basis for collecting and using it.

The practice holds patient’s personal data in the following categories

  1. Contact and correspondence details
  2. General medical health data including date of birth
  3. Dental Records, including x-rays, photographs, digital scans, study models, treatment plans and consent and notes of conversations about your care
  4. Details of your appointments
  5. Details of any complaints made and how they have been handled
  6. Correspondence with you and other health professionals or institutions


Why we process Personal Data (what is the “purpose”) “Process” means we obtain, store, update and archive data

Contact details

We hold personal information about you including your name, date of birth, , address, telephone number and email address. This information allows us to fulfil our contract with you to provide appointments. We will also use the information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and to make you aware of our services.  We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes. We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or letter.

Dental Records

We collect and use this information to allow us to fulfil our contract with you to discuss your treatment options and provide dental care that meets your needs. We also use this information for the legitimate interest of ensuring the quality of the treatment we provide

Financial Information:

We hold financial Information about the fees charged, amounts you have paid and some payment details such as receipts. This information forms part of our contractual obligation to you to provide dental care and allows us to meet legal financial requirements.


Only with your expressed, active consent, we may use your contact details to inform you of products and services available at our Practice. The practice will ask permission separately from you, before for using your data for this purpose.


What is the Lawful Basis for processing Personal Data?

The Law says we must tell you this:

  1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
  2. We hold staff employment data because it is a Legal Obligation for us to do so.
  3. We hold contractors’ data because it is needed to Fulfill a Contract with us.

Who might we share your data with?

We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. We will let you know in advance if we send your dental or medical information to another healthcare provider and we will give you the details of that provider at that time.

We will only share data if it is done securely and it is necessary to do so, most commonly in the following circumstances:

  1. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example – your doctor, or if we refer you to a hospital, or a specialist dental or medical service or to dental laboratories). We will seek your permission before writing to a provider, who you have not seen before that may not hold your details.
  2. Patient data may also be stored on secure cloud storage for back-up purposes with our affiliated computer software providers (Software of Excellence, Microminder and Dropbox), who will also store it securely.  
  3. Private dental schemes of which you are a member e.g. Denplan (SimplyHealth Professionals).
  4. In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.


Keeping your information safe

We store your personal information securely on our practice computer system [and/or] in a manual filing system. Those who do not work at the practice cannot access your information. Only those working at the practice and our computer support providers, with our permission, have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice and their organisation procedures to ensure this.

We take precautions to ensure security of the practice premises, the practice filing systems and computers.

Your Rights

You have the right to:

  1. Be informed about the personal data we hold and why we hold it.
  2. Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
  3. Check the information we hold about you is correct and to make corrections if not
  4. Have your data erased in certain circumstances.
  5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
  6. Tell us not to actively process or update your data in certain circumstances.


Data Erasure: For legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). However, we can, if you ask us to, delete some contact details and other non-clinical information.

How long is the Personal Data stored for?

  1. We will store patient data for as long as we are providing care, treatment or recalling patients for further care.
  2. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend.
  3. Currently, this requires us to keep your data for 10 years after the date of your last visit to the Practice or until you reach the age of 25 years, whichever is the longer.


What if you are not happy or wish to raise a concern about our data processing?

You can complain in the first instance to your dentist or our Data protection Officer who can be reached on 01926 423563 and we will do our best to resolve the matter.  If this fails, you can complain to the Information Commissioner at or by calling 0303 123 1113.



We have set out below more information about our cookies, what they are used for and how you can disable them if you wish to do so.

Information we collect

Our Website collects personal information from you at certain points; for example when you fill in forms on our site or participate in any promotions and by doing this we can tailor the site to provide services and products that best meet your needs, and make your online experience easier and quicker.

Information we collect on on our contact forms may include your name, address, telephone number and email address. We take all steps reasonably necessary to ensure your data is treated securely and in accordance with this privacy policy.


Cookies are small text files that are stored on your computer, tablet or mobile device when you visit our Website. We use these cookies to identify when it is you are visiting our Website, which helps us to make your visit to our site quicker and easier.

If you’d prefer to restrict, block or delete cookies from our Website, or any other Website, you can use your browser to do this. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.

You can find more information about cookies and how to restrict, block and delete them at (opens in a new window – please note that we’re not responsible for the content of external Websites).

Cookies we use

Google Analytics (Google Inc.)

Google Analytics is a web analysis service provided by Google Inc. (“Google”).  We use a web analytics tool, Google Analytics, to analyse how the site is used, so other details that we may collect from you include those of your visit such as; how you arrive at the site, what you do on the site and which browser or operating system you use. All of this information is collected anonymously, so is not tied to any personally identifiable information and allows us to complete internal research on our users’ demographics, interests and behaviours in order to better understand and serve you.

Personal Data collected: Cookies and Usage Data.

Place of processing: US – Privacy PolicyOpt Out.

Facebook Ads conversion tracking  and Remarketing (Facebook, Inc.)

Facebook Ads conversion tracking is an analytics service provided by Facebook, Inc. that connects data from the Facebook advertising network with actions performed on our website. Facebook Remarketing is a remarketing and behavioral targeting service provided by Facebook, Inc. that connects the activity of our website with the Facebook advertising network.

Personal Data collected: Cookies and Website Usage .

Place of processing: US – Privacy Policy.

Google reCAPTCHA (Google Inc.)

Google reCAPTCHA is a SPAM protection service provided by Google Inc that we use on our website contact forms.
The use of reCAPTCHA is subject to the Google privacy policy and terms of use.

Personal Data collected: Cookies and Usage Data.

Place of processing: US – Privacy Policy.

Google Tag Manager (Google LLC)

Google Tag Manager is a tag management service provided by Google LLC which helps us manage the tags or scripts needed on our website in a centralized location. This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data.

Personal Data collected: Cookies and Usage Data.

Place of processing: US – Privacy Policy.