top of page

GDPR Policy

We are the Data Controller responsible for your personal data under the UK GDPR and EU GDPR where applicable.

For any data protection enquiries, please contact:
Email: the.whiteninghouse0@gmail.com
 

What Personal Data We Collect

We may collect and process the following categories of personal data:

Identity Data

  • Full name

  • Date of birth

Contact Data

  • Email address

  • Phone number

  • Home address

Health Information (Special Category Data)

  • Medical history relevant to teeth whitening treatments

  • Allergy information

  • Oral health disclosures

Payment Data

  • Billing address

  • Transaction details (note: we do not store full card details)

Technical Data

  • IP address

  • Browser type

  • Website usage data (via cookies)

Marketing Preferences

  • Communication preferences

  • Consent to receive promotions or offers

How We Collect Your Data

We collect personal data when you:

  • Book a treatment or training course

  • Complete a consultation or medical form

  • Purchase products

  • Subscribe to our mailing list

  • Contact us via social media, website, phone, or email

  • Visit our website (through cookies)

Lawful Basis for Processing

Under GDPR, we process your data under the following lawful bases:

  • Consent – for marketing communications and health-related information

  • Contractual necessity – to provide booked services or training

  • Legal obligation – for tax, insurance, and regulatory compliance

  • Legitimate interest – to improve services and protect our business

Special category health data is processed strictly for treatment suitability and safety purposes.

How We Use Your Data

We use your information to:

  • Provide teeth whitening treatments safely

  • Assess treatment suitability

  • Process payments

  • Deliver training services

  • Respond to enquiries

  • Maintain appointment records

  • Send marketing communications (if consented)

  • Comply with legal and insurance obligations

We will never sell your personal data.

How We Store and Protect Your Data

The Whitening House takes appropriate technical and organisational measures to protect your data, including:

  • Secure digital storage systems

  • Password-protected devices

  • Restricted access to authorised personnel only

  • Secure disposal of physical documents

We retain client records for as long as legally required (typically 6–7 years for insurance and legal purposes).

Sharing Your Data

We may share your data with:

  • Payment processing providers

  • Insurance companies (if required)

  • Legal or regulatory authorities (if required by law)

  • IT and booking system providers

All third parties are required to process your data securely and in accordance with GDPR.

International Transfers

If any data is transferred outside the UK or EEA (for example, through booking software providers), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses.

Your GDPR Rights

Under GDPR, you have the right to:

  • Access your personal data

  • Request correction of inaccurate data

  • Request erasure (“Right to be Forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

Marketing Communications

We will only send marketing communications where:

  • You have opted in; or

  • You are an existing customer and communications relate to similar services.

You can unsubscribe at any time by clicking the unsubscribe link or contacting us directly.

Cookies

Our website may use cookies to:

  • Improve user experience

  • Analyse website traffic

  • Support booking functionality

You can manage cookie preferences through your browser settings.

Updates to This Policy

The Whitening House reserves the right to update this Privacy Policy at any time. Updates will be posted on our website with a revised effective date.

bottom of page