Skip to main content

Privacy Policy: Cherry Trees Dental Redhill

Last Updated: 21 April 2026

At Cherry Trees Dental Redhill, we are committed to protecting the privacy and security of your personal information. This privacy policy describes how we collect and use personal data about you in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.


1. Data Controller Information

Cherry Trees Dental Redhill is the "data controller" for the information we collect. This means we are responsible for deciding how we hold and use personal information about you. You can find our contact details on our Contact page.


2. Information We Collect

We collect and process different types of data depending on whether you are a patient at the practice or a visitor to our website.


Clinical & Patient Data

As a private dental provider, we process "Special Category Data" (sensitive health information). This includes:

Identity and Contact Data: Name, date of birth, gender, address, email, and phone numbers.

Medical & Dental Records: Dental history, clinical notes, X-rays, scans, photographs, and treatment plans.

Health Status: Details of your general health, medications, and allergies.

Financial Data: Details of payments for private treatments and dental plan memberships.


Website & Digital Data

When you interact with our website, we collect:

Technical Data: IP address, browser type, operating system, and time of visit (stored in server log files for security).

Enquiry Data: Information submitted via our online contact or appointment forms (name, contact details, and the nature of your enquiry).

Usage Data: Information about how you use our website, collected via Matomo and Google Analytics.


3. Legal Basis for Processing

Under the UK GDPR, we rely on the following legal grounds:

Provision of Healthcare: Processing is necessary for medical diagnosis and the provision of health or social care or treatment (Article 9(2)(h)).

Contractual Necessity: To provide the private dental services you have requested.

Legal Obligation: To comply with statutory requirements from the Care Quality Commission (CQC) and General Dental Council (GDC).

Consent: For non-essential website cookies and any marketing communications.


4. Website Tools & Cookies

Our website uses various tools to improve your experience. These may set cookies on your device.


Analytics (Matomo & Google Analytics)

Matomo: We use Matomo to gather insights into website usage while prioritising your privacy. This data is used solely for our own statistical purposes and is not shared with third parties. Your IP address will be anonymised.

Google Analytics: This tool tracks visitor behaviour. Information (including your IP address) is transmitted to Google. We use IP anonymisation where possible. These cookies are only activated if you provide consent via our cookie banner.


YouTube Video Embeds

Our website features videos hosted on YouTube. When you view these:

YouTube (owned by Google) may set cookies and receive information about your visit.

We use Privacy-Enhanced Mode (youtube-nocookie.com) to limit tracking until you click play. However, playing the video will trigger YouTube’s standard data processing.


Online Forms

Data submitted via our website forms is stored securely. It is used exclusively to process your request and, if you become a patient, will form part of your confidential clinical record.


5. Data Sharing and Disclosure

We do not sell your data. We only share information with trusted third parties when necessary:

Dental Laboratories: To create custom-made appliances (e.g., crowns or bridges).

Specialist Referrals: If we refer you to another private consultant or specialist.

Indemnity Providers: We may share data with our professional indemnity insurers if required for legal or insurance advice.

Regulatory Bodies: Such as the CQC or GDC if required by law.


6. Data Retention

We retain records in accordance with the Records Management Code of Practice for Health and Social Care:

Adult Records: Minimum of 11 years after the last entry.

Children’s Records: Until the patient reaches age 25 (or 26 if they were 17 at the conclusion of treatment).

Website Enquiries: Form data is deleted after a maximum of 6 years if you do not proceed with treatment.


7. Your Rights

Under the UK GDPR, you have the right to:

Access: Request a copy of your dental records (Subject Access Request).

Rectification: Ask us to correct inaccurate data.

Erasure: Request deletion of data (subject to legal retention requirements for medical records).

Object/Restrict: Object to specific processing, such as marketing or non-essential cookies.


8. Data Security

We have put in place robust technical and organisational measures—including encryption and secure storage—to prevent your personal information from being accidentally lost, used, or accessed in an unauthorised way.


9. How to Complain

If you have any concerns about our data usage, please contact us directly. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s supervisory authority for data protection (www.ico.org.uk).