Privacy Policy
Important Information & Who We Are
Purpose of this Privacy Notice
This privacy notice aims to give you information on how Ocean Orthodontic Clinic collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter or request information on our services.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.
Controller
Ocean Orthodontic Clinic is the controller and responsible for your personal data (collectively referred to as “we”, “us” or “our” in this privacy notice).
Contact Details
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Changes to This Privacy Notice
This version was last updated on May 2026. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-Party Links
The Ocean Orthodontic Clinic website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
The Data We Collect About You
Personal data means any information about an individual from which that person can be identified. We may collect, use, store and transfer different kinds of personal data about you:
- Identity data — first name, last name, username or similar identifier, title and job title.
- Contact data — postal address, email address and telephone numbers.
- Technical data — IP address, login data, browser type and version, time zone setting and location, operating system and platform.
- Profile data — your interests, preferences, feedback and survey responses.
- Usage data — information about how you use our website, products and services.
- Marketing and communications data — your preferences in receiving marketing from us and your communication preferences.
We do not collect any special categories of personal data about you — this includes details about your race, ethnicity, religious beliefs, sex life, political opinions, health data, genetic or biometric data, or criminal convictions.
If You Fail to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract. We will notify you if this is the case at the time.
How Is Your Personal Data Collected?
We use different methods to collect data from and about you including through:
- Direct interactions — when you fill in forms, apply for services, subscribe to publications, request marketing or give us feedback.
- Automated technologies — as you interact with our website, we may automatically collect technical data using cookies and similar technologies.
- Third parties — analytics providers such as Google; advertising networks; data brokers or aggregators; publicly available sources such as Companies House.
How We Use Your Personal Data
We will only use your personal data when the law allows us to. Most commonly we will use it where we need to perform a contract with you, where it is necessary for our legitimate interests, or where we need to comply with a legal obligation.
| Purpose / Activity | Type of Data | Lawful Basis |
|---|---|---|
| To register you as a new customer | Identity; Contact | Performance of a contract with you |
| To manage our relationship with you — notifying you of changes, asking for reviews | Identity; Contact; Profile; Marketing | Performance of contract; Legal obligation; Legitimate interests |
| To administer and protect our business and website | Identity; Contact; Technical | Legitimate interests; Legal obligation |
| To deliver relevant website content and measure advertising effectiveness | Identity; Contact; Profile; Usage; Technical | Legitimate interests |
| To use data analytics to improve our website and services | Technical; Usage | Legitimate interests |
| To make suggestions and recommendations about services of interest | Identity; Contact; Technical; Usage; Profile | Legitimate interests |
Marketing & Opting Out
You will receive marketing communications from us only if you have requested information from us or subscribed to updates, and have not opted out. You can ask us to stop sending marketing messages at any time by following the opt-out links in any marketing message, or by contacting us at info@oceanorthodonticclinic.co.uk.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
Disclosures of Your Personal Data
We may have to share your personal data with internal third parties, external third parties, or third parties to whom we may choose to sell or transfer parts of our business. We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
International Transfers
Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- Transfer only to countries deemed adequate by the UK government.
- Use of providers covered by the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU Standard Contractual Clauses, or providers located in countries with UK ‘adequacy’ status.
Please contact us at info@oceanorthodonticclinic.co.uk if you want further information on international transfer mechanisms.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those who have a business need to know.
We have procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
In some circumstances we may anonymise your personal data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your Legal Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
- Request access — receive a copy of the personal data we hold about you.
- Request correction — have any incomplete or inaccurate data corrected.
- Request erasure — ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- Object to processing — where we are relying on a legitimate interest or processing for direct marketing purposes.
- Request restriction — ask us to suspend the processing of your personal data in certain scenarios.
- Withdraw consent — at any time where we are relying on consent to process your personal data.
To exercise any of these rights, please contact us at info@oceanorthodonticclinic.co.uk. We try to respond to all legitimate requests within one month. No fee is usually required.
Glossary
Lawful Basis
- Legitimate interest — the interest of our business in conducting and managing our business to give you the best service and most secure experience.
- Performance of contract — processing your data where it is necessary for the performance of a contract to which you are a party.
- Comply with a legal obligation — processing where it is necessary for compliance with a legal or regulatory obligation.
Third Parties
- Internal third parties — other companies in the business acting as joint controllers or processors providing IT and system administration services.
- External third parties — service providers, professional advisers (lawyers, auditors, insurers), and regulators based in the United Kingdom.