Privacy Policy for Patients

Privacy Policy for Patients – 21D Clinical Limited

Introduction
21D Clinical Limited (“21D”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data lawfully, transparently, and securely.This Privacy Policy explains how we collect, use, store, and protect your personal data when you engage with us for clinical assessment, treatment, or related services.This policy applies to all patients and prospective patients of 21D.

‍Who We Are
21D Clinical Limited is a healthcare provider specialising in full jaw dental implant treatment.For the purposes of UK data protection law, 21D Clinical Limited is the data controller.In some circumstances, data may also be processed by other companies within the 21D Group, including 21D Bioengineering, acting under appropriate contractual and data protection safeguards.
Contact details:
Email: CASE@21d.co.uk
Website: www.21d.co.uk

What Information We Collect
A. Personal information
-Name
-Date of birth
-Contact details (address, email, telephone number)
-Identification details where required
B. Health and clinical information (special category data)
-Medical and dental history
-Clinical notes and assessments
-Treatment plans and progress notes
-Clinical photographs and facial scans
-Radiographic imaging (e.g. X-rays, CBCT scans)
‍C. Audio and visual recordings
-We may record certain conversations or appointments using audio and video equipment, including CCTV and body-worn cameras, for patient safety, staff safety, security, and clinical governance purposes.Where such recordings relate to your care, assessment, or treatment, they form part of your clinical record.
D. Administrative and communications data
-Appointment records
-Correspondence with our team
-Complaints, feedback, or enquiries

How We Collect Your Information
‍We collect information:
- When you complete forms on our website
- When you contact us via phone, email or social platforms
- During your Full Clinical
- Assessment and treatment
- From referring clinicians (with your consent)
- From finance providers (if applicable)
- From cookies and online analytics
- When you provide reviews or feedback voluntarily

Use of Data for Technology, Analytics, and Artificial Intelligence
21D may use patient data to support research, development, testing, and improvement of systems and technologies, including work undertaken by 21D Bioengineering.
This may include the use of artificial intelligence (AI) and similar technologies for purposes such as:
-Service improvement
-System testing and validation
-Clinical workflow optimisation
-Development of tools that support clinicians
Where data is used for these purposes:
-It is not used to make automated clinical decisions about your care
-It does not replace clinical judgement
-It is processed in accordance with UK data protection law
-Data is anonymised or pseudonymised where appropriate
Your clinical care, assessment, or treatment is not dependent on your data being used for these purposes.

Lawful Basis for Processing
We process your personal data under the following lawful bases:
-Provision of healthcare – processing necessary for medical diagnosis, treatment, and management of healthcare systems
-Legal obligation – compliance with healthcare, regulatory, and record-keeping requirements
-Legitimate interests – governance, safety, security, service improvement, and technology development
-Consent – where required for specific optional uses

Access to Your Information
-Access to clinical records and recordings is restricted using role-based access controls and is limited to authorised personnel only, for defined clinical, governance, safeguarding, or regulatory purposes.All staff and contractors are subject to confidentiality obligations and appropriate training.

Sharing Your Information
We may share your information:
-With other healthcare professionals involved in your care
-With other companies within the 21D Group, including 21D Bioengineering, where necessary for the purposes described above
-With regulatory bodies where required by law (e.g. CQC)
-With professional advisers or defence organisations where appropriate
-With trusted service providers acting on our behalf under contractual and confidentiality controls
We do not sell your personal data.Where data is processed outside the UK, appropriate safeguards are in place in accordance with UK data protection law.

‍How Long We Keep Your Information
Clinical records (including relevant clinical images and recordings) are retained for a minimum of 11 years from the date of your last clinical entry, or until age 25 if you were under 18 at the time of treatment, in line with recognised UK clinical record retention requirements.Information that does not form part of the clinical record is retained only for as long as necessary and then securely deleted.

Your Rights
You have the right to:
-Access the personal data we hold about you
-Request correction of inaccurate or incomplete data
-Request restriction of processing in certain circumstances
-Request erasure where legally applicable
-Object to certain types of processing
-Raise concerns or make a complaint
To exercise your rights, please contact us using the details above.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

Data Security
We use appropriate technical and organisational measures to protect your data, including:
-Secure systems and encryption where appropriate
-Access controls
-Staff training
-Regular review of data protection practices

Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, regulation, or our practices.The most current version will always be made available to patients.

‍Contact Us
If you have any questions about this Privacy Policy or how your information is used, please contact:21D Clinical Limited
Email: CASE@21d.co.uk
Website: www.21d.co.uk