This Privacy Policy explains how we collect, use, store, andprotect your personal data when you visit our website www.mcrimplantcentre.com,make an enquiry, book an appointment, or receive dental implant or relatedtreatment from us. It also describes your rights regarding your personal data.

1. Who we are

MCR Implant Centre is a specialist dental implant centrelocated at 10 Commercial Street, Manchester, M15 4PZ.

  • Data Controller: MCR Implant Centre
  • Contact details: info@mcrimplantcentre.com, 0161 359 7548
  • ICO     Registration: ZA331354

If you have any questions about this Privacy Policy or howwe handle your data, please contact us using the details above.

2. What personal data we collect

We collect different types of personal data depending on howyou interact with us.

From website visitors and enquirers:

  • Contact information (name, email address, phone number)
  • Enquiry or message details
  • Marketing preferences

From patients and those receiving treatment:

  • Identification and contact details (name, date of birth, address, email, phone number, next of kin/emergency contact)
  • Health and dental information (medical history, dental history, treatment plans, X-rays, clinical photographs, scans, consent records)
  • Financial and payment information (for private treatment)
  • Any other information relevant to providing safe and effective dental implant care

We may also process special category personal data(sensitive data relating to your health). This is necessary for providinghealthcare services.

3. How we collect your personal data

We collect your data when:

  • You visit or use our website (including forms and chat features)
  • You contact us by phone, email, WhatsApp, or in person
  • You register as a patient or attend an appointment
  • We receive information from third parties (e.g., referring dentists, laboratories, or your GP where relevant and lawful)

4. Why we process your personal data (purposes and lawfulbasis)

We only process your personal data where we have a lawfulbasis to do so.

For patients:

  • Performance of a contract or to take steps prior to entering a contract (e.g., providing dental implant treatment and related services)
  • Legal obligation (e.g., maintaining clinical records as required by law, CQC/GDC standards, or tax/financial regulations)
  • Legitimate interests (e.g., running our business efficiently, improving services, or defending legal claims)
  • Health  or social care (Article 9(2)(h) UK GDPR) – processing special category health data is necessary for the provision of healthcare

For website users and marketing:

  • Legitimate interests (e.g., responding to enquiries, analysing website use)
  • Consent (where we rely on it for marketing communications or non-essential cookies)

We will only use your personal data for the purposes forwhich we collected it, unless we reasonably consider that we need to use it foranother reason and that reason is compatible with the original purpose.

5. Who we share your personal data with

We may share your personal data with:

  • Our carefully selected service providers and processors (e.g., website hosting, email providers, payment processors, dental laboratories, IT support)
  • Referring dentists or your GP (where necessary for your care)
  • Regulatory bodies (e.g., General Dental Council, Care Quality Commission) where required by law
  • Legal advisors, courts, or law enforcement where we have a legal obligation or legitimate interest

We require all third parties to respect the security of yourpersonal data and to treat it in accordance with the law. We do not sell yourpersonal data to third parties.

6. International transfers

We do not routinely transfer your personal data outside theUK. Where any transfer occurs (e.g., to cloud service providers), we ensureappropriate safeguards are in place, such as Standard Contractual Clauses oradequacy decisions, in line with UK GDPR requirements.

7. How long we keep your personal data

We retain your personal data only for as long as necessaryto fulfil the purposes we collected it for, including satisfying any legal,accounting, or reporting requirements.

For dental patient records (including special categoryhealth data), we typically retain records for a minimum of 10 yearsafter the last treatment or until you reach a certain age (whichever islonger), in line with dental retention guidelines and legal obligations.Website enquiry data is usually kept for a shorter period unless it leads totreatment.

8. Your legal rights

Under UK GDPR, you have the following rights:

  • Right to be informed — about how we use your data (this policy)
  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — correct inaccurate or incomplete data
  • Right to erasure ("right to be forgotten") — in certain circumstances
  • Right to restrict processing — in certain circumstances
  • Right to data portability — receive your data in a structured,     machine-readable format
  • Right to object — to processing based on legitimate interests or for direct     marketing
  • Rights relating to automated decision-making and profiling (we do not     currently use these in ways that significantly affect you)

You can exercise these rights by contacting us. We willrespond within one month (or longer if legally permitted in complex cases).There is usually no charge, though we may charge a reasonable fee or refusemanifestly unfounded or excessive requests.

For health data, some rights may be limited where they couldadversely affect your care or others' rights.

9. Security of your personal data

We have appropriate technical and organisational measures inplace to protect your personal data against accidental loss, unauthorisedaccess, alteration, or disclosure. These include secure storage of clinicalrecords, encrypted communications where appropriate, and staff training on dataprotection.

10. Cookies and website tracking

Our website uses cookies and similar technologies. For fulldetails, please see our separate Cookie Policy [link to your cookiepolicy page].

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. We willnotify you of any significant changes by posting the new policy on our websiteand updating the "Last updated" date.

12. How to complain

If you have any concerns about how we handle your personaldata, please contact us first. You also have the right to complain to theInformation Commissioner's Office (ICO), the UK supervisory authority for dataprotection issues:

We would appreciate the chance to address your concernsbefore you approach the ICO.

Important notes for implementation:

  • Add a clear link to this policy in your website footer, contact forms, and patient information.
  • Create a separate, simple Cookie Policy if you use non-essential cookies (analytics, marketing, etc.).
  • If you send marketing emails or newsletters, ensure you have proper consent/opt-in mechanisms and include an easy unsubscribe option.
  • Consider a layered approach: a short summary on key pages with a link to the full policy.
  • Register (or confirm registration) with the ICO if you process personal data as a data controller.

This template draws on standard UK dental practice privacynotices and ICO guidance for health and social care. It is provided forinformational purposes and is not a substitute for professional legal advicetailored to your exact practices.

If you need any customisations (e.g., adding specificthird-party processors, changing retention periods, or including apatient-specific notice), just provide more details and I can refine itfurther.