Privacy Notice
Balaji Birmingham Ltd T/A B62 Dental
32 Halesowen Road, Halesowen, B62 9AB
Email: reception@b62dental.com · Tel: 0121 422 3834 · Web: www.b62dental.com
Version 1.0 — Last updated: 23 June 2026
1. Important Information and Who We Are
This Privacy Notice explains how Balaji Birmingham Ltd T/A B62 Dental ("we", "us" or "our") collects, uses, stores, shares and protects personal data in connection with our dental practice, patient care and administration, website, enquiries, appointment booking, communications, business operations, recruitment, supplier relationships, regulatory compliance and related activities.
We are committed to protecting personal data in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003 and other applicable data protection and privacy laws ("Data Protection Laws").
For most of the personal data described in this Privacy Notice, Balaji Birmingham Ltd is the controller — meaning we decide how and why that personal data is used.
In some circumstances, we may process personal data on behalf of another organisation, or share information with other controllers such as NHS bodies, laboratories, insurers, regulators or other healthcare providers. Where this applies, the relevant organisation may also provide its own privacy information.
We have not appointed a formal Data Protection Officer unless stated otherwise. Privacy and data protection enquiries should be sent to the contact details in section 17.
2. Whose Personal Data We May Process
- Patients, prospective patients and former patients
- Parents, guardians, carers, emergency contacts and family members of patients
- Visitors to our website and persons who contact us by email, telephone, online form, social media, post or otherwise
- Persons who book, amend or cancel appointments or make enquiries on behalf of patients
- Healthcare professionals, dental laboratories, referral providers, suppliers and business contacts
- Job applicants, employees, workers, contractors and former staff
- Persons whose information is included in complaints, safeguarding, insurance, legal, regulatory or clinical governance records
- Any other individuals whose personal data is provided to us in connection with the operation of the practice
We may process personal data relating to children where they are patients or where their information is provided in connection with dental care, safeguarding, appointment administration, family arrangements or legal requirements.
If you provide personal data about another person, you must ensure that you are lawfully entitled to provide that information and, where appropriate, that the person has been made aware of this Privacy Notice.
3. Types of Personal Data We May Use
- Identity Data: name, title, date of birth, gender, NHS number where relevant, patient reference number and identity documents where required
- Contact Data: address, email address, telephone number and emergency contact details
- Patient and Clinical Data: dental records, medical history, medication, allergies, dental treatment plans, X-rays, clinical photographs, notes, referrals, prescriptions, safeguarding information, consent forms and related communications
- Appointment and Administration Data: appointment bookings, cancellations, reminders, attendance records, call notes, enquiries, complaints and correspondence
- Payment and Billing Data: treatment charges, invoices, payment status, card/payment details where processed through payment providers, insurance details and debt recovery information
- Membership Data: membership plan type, sign-up date, Direct Debit mandate reference, payment history and T&C acceptance records
- Communications Data: emails, letters, telephone notes, online forms, messages, call recordings where used and feedback
- Technical Data: IP address, browser type, device information, website usage data, cookies, analytics data, security logs and related technical information
- Recruitment and Employment Data: CVs, application forms, references, right-to-work information, qualifications, DBS information where applicable, payroll details and employment records
- Supplier and Business Contact Data: names, roles, organisations, contact details, invoices, payment details, contract details and business communications
We will process special category personal data, including health information, where this is necessary and lawful in connection with dental care, patient safety, clinical records, safeguarding, legal obligations, complaints, insurance, employment or other relevant purposes.
4. How We Collect Personal Data
- You directly, when you register, book an appointment, complete a medical history form, receive treatment, sign up for a membership plan, contact us or use our services
- Parents, guardians, carers, family members or persons acting on your behalf
- Other healthcare providers, dentists, doctors, specialists, dental laboratories, NHS bodies, insurers, regulators or public authorities
- Our website, booking systems, email systems, practice management systems, call handling arrangements, payment providers (including GoCardless for Direct Debit membership payments) and other business systems
- Our employees, contractors and outsourced support personnel, including remote virtual receptionists who may assist with appointment administration and patient communications
- Public sources, where relevant and lawful, such as professional registers or official records
5. Legal Basis for Processing
- Contract: where processing is necessary to take steps before entering into a contract or to perform a contract with you, including private treatment arrangements and membership plan agreements
- Legal Obligation: where processing is necessary to comply with legal, regulatory, clinical, tax, employment, safeguarding or other obligations
- Legitimate Interests: where processing is necessary for our legitimate interests or those of a third party and your rights do not override those interests
- Vital Interests: where processing is necessary to protect someone's life or physical safety in an emergency
- Public Task: where applicable to NHS or public healthcare functions
- Consent: where we have asked for and obtained your consent for a specific purpose, such as optional marketing or certain uses of photographs/testimonials
Where we process special category data, we will also rely on an Article 9 UK GDPR condition, which may include processing necessary for healthcare, employment/social protection obligations, substantial public interest, vital interests, legal claims or explicit consent where appropriate.
6. Membership Plans and Direct Debit
Where you sign up for a B62 Dental membership plan via our website, we collect and process your name, email address, phone number, IP address and the date and time of sign-up. This information is used to administer your membership agreement, collect monthly payments by Direct Debit and communicate with you about your membership.
Direct Debit payments are processed by GoCardless Ltd, an authorised payment institution regulated by the Financial Conduct Authority. GoCardless processes your bank details directly and B62 Dental does not store your bank account information. GoCardless has its own privacy policy available at gocardless.com/privacy.
Your IP address and a timestamp of sign-up are retained as an audit record to evidence acceptance of our membership terms and conditions. This is processed on the basis of our legitimate interests in maintaining accurate contractual records and protecting the practice against disputes.
Membership sign-up data is retained for the duration of your membership and for a period of six years following the end of the agreement, in accordance with the Limitation Act 1980 and our legal record-keeping obligations.
7. Virtual Receptionists and Outsourced Support
We may engage remote virtual receptionists and other outsourced support personnel to assist with administrative tasks such as answering calls, booking and amending appointments, handling patient enquiries, relaying messages and supporting practice administration.
Some virtual receptionists may be based outside the United Kingdom, including in South Africa. Where this applies, access to personal data will be limited to what is necessary for the services they provide, and appropriate contractual safeguards are in place.
Virtual receptionists are not authorised to provide clinical advice, diagnose conditions, make treatment decisions or act outside the instructions provided by the practice.
8. Disclosures of Personal Data
- Dentists, hygienists, therapists, nurses, reception staff, administrative staff and contractors working with or for the practice
- Virtual receptionists and outsourced administrative support providers, including where based overseas, where access is necessary and appropriate safeguards are in place
- NHS bodies, private healthcare providers, dental laboratories, referral providers, specialists, GPs, hospitals or other healthcare professionals where necessary for your care
- IT, website, hosting, email, cloud, practice management, telephone, call handling, payment, security and software providers (including GoCardless for Direct Debit processing and Resend for transactional email delivery)
- Payment providers, banks, insurers, debt recovery providers and professional advisers
- The General Dental Council, Care Quality Commission, NHS bodies, HMRC, courts, law enforcement, regulators, safeguarding bodies or other public authorities where required or permitted by law
- A purchaser, successor or reorganisation entity where the practice or its assets are transferred, subject to appropriate safeguards
We do not sell personal data.
9. International Transfers
We are based in the United Kingdom. However, personal data may be accessed, stored or otherwise processed outside the United Kingdom where we use overseas systems, service providers, contractors or virtual receptionists.
In particular, virtual receptionists based in South Africa may access limited patient and practice administration data for the purpose of providing reception and appointment support services.
Where personal data is transferred outside the United Kingdom, we will seek to ensure that appropriate safeguards are in place in accordance with Data Protection Laws. Further details of relevant safeguards may be available on request.
10. Data Security
We take reasonable steps to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. Our measures include access controls, password protection, role-based access, staff and contractor confidentiality obligations, secure systems, audit trails where available, data protection training, breach reporting procedures and periodic review of systems and providers.
No system can be guaranteed to be completely secure. If you believe personal data has been sent to us in error or that there has been a security issue, please contact us promptly.
11. Data Retention
We retain personal data only for as long as reasonably necessary for the purposes for which it was collected, or to meet legal, regulatory, clinical, insurance, safeguarding, accounting, tax, employment, dispute management or legitimate business requirements.
Dental records and clinical information are retained for a minimum of 10 years from the date of your last visit, or until you reach the age of 25 years — whichever is the longer — in accordance with legal, professional and clinical record-keeping requirements.
Membership sign-up records (including IP address, timestamp and T&C acceptance) are retained for six years following the end of the membership agreement, in accordance with the Limitation Act 1980.
We may retain anonymised data indefinitely where it no longer identifies any individual.
12. Marketing Communications
We may send you service-related communications about your appointments, treatment, payments, practice updates or important information. These are not marketing communications.
We will only send electronic marketing communications where we have a lawful basis to do so, such as consent or the soft opt-in rule where applicable. You can ask us to stop sending marketing communications at any time by using any unsubscribe option provided or by contacting us at reception@b62dental.com.
13. Reviews, Testimonials and Social Media
We may invite patients or business contacts to provide reviews, testimonials or feedback. We will only publish identifiable testimonials, photographs or case studies where we have an appropriate lawful basis and, where required, consent.
If you interact with us on social media, your interaction may be visible to others depending on your privacy settings and the platform's terms.
14. Automated Decision-Making
We do not currently carry out automated decision-making or profiling that produces legal or similarly significant effects. If this changes in the future, we will update this Privacy Notice where required by law.
15. Your Legal Rights
- Request access to your personal data
- Request correction of inaccurate or incomplete personal data
- Request erasure of personal data in certain circumstances
- Request restriction of processing in certain circumstances
- Object to processing where we rely on legitimate interests
- Request data portability where applicable
- Withdraw consent where we rely on consent
- Complain to the Information Commissioner's Office (ICO)
These rights are not absolute and may not apply in all circumstances, particularly where we need to retain information for legal, clinical, regulatory, insurance, safeguarding or legal claims purposes.
We aim to respond to legitimate requests within one calendar month, although this may be extended where legally permitted.
16. Children and Persons Acting on Behalf of Patients
Where we provide dental care to children or vulnerable patients, we may process information provided by parents, guardians, carers or persons with legal authority to act on behalf of the patient. We may need to balance confidentiality, consent, safeguarding and legal obligations when handling such information.
17. Contact Details and Complaints
If you have any questions about this Privacy Notice or wish to exercise any of your legal rights, please contact us:
Balaji Birmingham Ltd T/A B62 Dental
32 Halesowen Road, Halesowen, B62 9AB
Email: reception@b62dental.com
Tel: 0121 422 3834
You also have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection matters. We would appreciate the opportunity to address your concerns first and encourage you to contact us in the first instance.
18. Changes to This Privacy Notice
We may update this Privacy Notice from time to time to reflect changes in law, our services, our website, our systems or our processes. Where we make material changes, we will publish the updated version with a revised effective date. The most current version will always be available on this page.
Related policies
- Membership Plan Terms and Conditions — includes details of how membership sign-up data is collected and retained
- Cookie Policy
- Cancellation Policy
Send us a message and we'll get back to you within 2 business days!

