top of page
Practice Policies
The important little details for your safety...
We collect information to process your order, deal with your queries, guide and enhance your online experience, supply you with information in which you have expressed an interest and for record keeping. We are committed to protecting your privacy and will only use your information in accordance with the Data Protection Act 2018.

This policy governs the use by TAHA Dental Excellence or one of its subsidiaries (“we/us/our“) of your (“you/your/yourself“) data which is available to us in connection with your use of this website (the “Site“). You have the option to elect not to receive marketing information (from us, our business partners or selected third parties) and to prevent exchange of the data collected with third parties.

By using the Site, you are deemed to have full knowledge of and accept this Privacy Policy. If you do not agree to be bound by the terms of this Privacy Policy, please do not use the Site.

We reserve the right to alter this Privacy Policy at any time. Such alterations will be posted on the Site.

At any time, you can change these options by requesting to edit your details by emailing our team at


The practice cannot be held responsible for any lost, left or assumed stolen items at the clinic. If an item is found and is identifiable with someones name on, management will try to contact said persons. If an item is left and not collected within 7 days from last known visit to the clinic the item will be disposed of unless management have stated directly otherwise. If an item is not identified to belong to any known persons and we are not contacted within 7 days it will be disposed of. There will be no reimbursement for misplaced/stolen/lost items from staff or management. 



When you register as a patient or enquire about treatments at TAHA Dental Excellence, we may request to collect name and address, telephone, email address. This provides us with default details for your patient profile and records and sets up security so that your details are password protected. 

Should you transact on the Site (for example, make a payment to secure an appointment) we may allocate you a customer number, capture transaction details, invoicing address and credit card details to process and fulfil your request.

You acknowledge that the Site uses services provided by third-party service providers and not by us (for example, online booking). You consent to us transferring your information to such third-party service providers for the purposes of dealing with your queries, orders and for record keeping.

When you enter credit card details, you are in communication over a secure link with the Stripe merchant system (or such other financial system as may be used, from time to time). It retains details of the credit card transaction. You must enter the details for each purchase for security reasons.

To assist you with promotions and marketing and to tailor our service to your needs, we will ask you for feedback about you and any products or treatments you may require. Supply of this information is optional and not mandatory. All this data will be stored so we can effectively meet your needs.

You are entitled to ask for a copy of the information held about you at any time by contacting us. We may charge a fee for this to cover the cost of the administration involved.

You consent to us (and our representatives) disclosing information to third parties: (i) if we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and any other contract entered into with us, or to protect the rights, property, or safety of our patients, ourselves or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction; and (ii) if we determine that such disclosure is necessary in connection with any investigation or complaint regarding your use of the Site.

TAHA Dental Excellence complies with the 1998 Data Protection Act and the Freedom of Information Act 2000, and this Policy describes our procedures for ensuring that personal information about patients is processed fairly and lawfully.

In order to provide you with a high standard of dental care and attention, we need to hold personal information about you. This personal data comprises:

  • Personal details such as your name, age, address, telephone numbers, email address and your general medical practitioner;

  • Your past and current medical and dental condition;

  • Radiographs, clinical photographs and study models;

  • Information about the treatment we have provided or propose to provide (and its cost);

  • Notes of conversations or incidents that might occur for which a record needs to be kept;

  • Records of consent to treatment;

  • Any correspondence (relating to you) with other healthcare professionals: such as referrals to specialists, for example.

We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care.

We will process personal data that we hold about you in the following way:

We will retain your dental records while you are a practice patient. If you cease to be a patient, we will continue to hold them for at least another eleven years, or in the case of children until they reach the age of 25, whichever is the longer.

Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer system has secure audit trails and we back up information on every working day.

In order to provide proper and safe dental care, we may need to disclose personal information about you to:

  • Your general medical practitioner;

  • The hospital or community dental services;

  • Other health professionals caring for you;

  • Dental Insurance Companies of which you are a member.

  • Private dental schemes of which you are a member.

Disclosure will take place on a “need-to-know” basis. Information will only be given to those individuals/organisations who need to have it in order to provide care to you and for the proper administration of Government (whose personnel are also covered by strict confidentiality rules). The recipient will only be given the information that they need to know for these purposes.

In very limited circumstances or when required by law or by a court order, personal data may have to be disclosed to a third party not connected with your dental care. In all other situations, disclosure that is not covered by this Policy will occur only when we have your specific consent. Where possible you will be informed of these requests for disclosure.

You have the right to access the data that we hold about you and to receive a copy. Access may be obtained by making a request in writing. We will provide a copy of the record within 40 days of receipt of the request and an explanation of your record should you require it.

If you move to another dental practice we may (at our discretion) loan original x-rays and provide copy notes direct to that practice free of charge on receipt of a written request from them to do so.

If you do not wish personal data we hold about you to be disclosed or used in the way that is described in this Policy, please discuss the matter with your dentist. You have the right to object, but please remember that this may affect our ability to provide you with dental care.



We do take data security very seriously and will use all reasonable endeavours to protect the integrity of the information you provide. The Site has numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures are, or will remain, adequate. 

Access to your patient records and data is password protected. You must keep all passwords confidential and not disclose or share them with anyone. You are responsible for all activities that occur under your passwords. You must notify us in the event you know or suspect someone else knows your passwords. If we have reason to believe there is a breach of security or misuse of the Site, we may require you to change your passwords or we may suspend your account without notice.

Our Site may, from time to time, contain links to and from other websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check such policies before submitting any information to these websites.

Credit card details are processed by a secure server.


We use cookies to personalise your interface with the site, and to remember you when you return to our site. They are small packets of data stored by your browser on your computer’s hard drive to identify yourself to us and help us to keep track of what how you use the Site. Your browser may have a feature to disable cookies or you can delete them if you wish and your interface will not be severely restricted.

Please note that cookies cannot harm your computer. We do not store personally identifiable information such as credit card details in cookies we create, but we do use encrypted information gathered from them to help improve your experience of the site. For example, they help us to identify and resolve errors, or to determine relevant related products to show you when you’re browsing. 

Each browser is different, so check the ‘Managing cookies’ information below of your chosen  browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences.

We’re giving you this information as part of our initiative to comply with relevant legislation, and to make sure we’re honest and clear about your privacy when using our website.


Please note that we cannot be responsible for the content of external websites. We do not control the setting of cookies of other websites, so we suggest you check the third-party websites for more information about their cookies and how to manage them.


If you take the opportunity to ‘share’ content with friends through social networks – such as Facebook, Instagram, TikTok and Twitter – you may be sent cookies from these websites. We do not control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.


If cookies are not enabled on your computer, it will mean that your experience on our Site may be limited to browsing and researching.


For information about the cookie settings and preferences of your browser, please refer to the help files and documentation for it. If you would like to learn more about cookies in general and how to manage them, visit 


This type of advertising is designed to provide you with a selection of products based on what you’re viewing. The adverts may showcase other services and treatments relevant to your browsing history. The technology behind these adverts is based on cookies. Find out more about cookies, and why and how we use them, via the ‘What are cookies’ section above.


We are interested in your comments and will be pleased to answer any questions concerning our privacy policy. Please contact us by emailing our team at




We need to keep a record of the care you receive to ensure that:

  • Professionals involved in your care have accurate and up-to-date information

  • We have all the information necessary for assessing your needs and providing excellent care

  • Your concerns can be properly investigated if you raise a complaint

  • Accurate information about you is available if you:

    • Move to another area

    • Need to use another service

    • See a different healthcare professional.



We have a duty to:

  • Maintain full and accurate records of the care we provide to you

  • Ensure that your records are confidential, secure and accurate

  • Provide a copy at your request that is an accessible format (e.g. in large type if you are partially sighted). Please note that a fee may apply.

  • Your record may include some or all of the following:

    • Your name, address and date of birth

    • Your email address and telephone number

    • Contacts we have had with you, such as appointments

    • Notes and reports on your health

    • Details of treatment and care, images and test results

    • Information on medicines, side effects and allergies

    • Relevant information from people who care for you and know you well, such as health professionals and relatives.

    • The staff who see you may also add notes on their professional opinion.

    • Whether you have had COVID-19 or potentially come into contact with it and a series of risk assessments via an online questionnaire.

If you wish us to, and it is practical, we will discuss and agree with you what we are going to enter on your record and show you what we have recorded.


We have many patients/service users with similar names so it vitally important for all patients/service users to be properly identified as individuals. In order to be absolutely sure that you have been correctly identified we may ask you for a number of pieces of information. Suitable items include:

  • Full name

  • Date of birth

  • Passport as photo ID

  • Driving licence as photo ID

  • Permanent (home, not a temporary) address

  • Email address

  • Contact number


  • Let us know when you change address, telephone number or name

  • Tell us if any information in your record is incorrect

  • Give your consent so that we can share information about you with other health professionals to make sure you receive the right healthcare

  • Tell us if you change your mind about how we share the information in your record.


We take your privacy seriously so please let us know how you want us to contact you.

  • Telephone
    It is important for us to have a valid contact number for you. We may ring, leave a message or text you with information relevant to your treatment such as appointment confirmation, pre-care advice and post-treatment follow-up. Please let us know if you do not wish to be contacted by telephone.

  • Email
    It is important for us to have a valid email address for you. We use this to send information relevant to your treatment such as appointment confirmation, pre-care information and aftercare advice. 

We may also use your email to send you a regular newsletter about the clinic and our services; however, you can opt out of this if you do not wish to receive this.
Please read the following before providing us with your email address.

    • Emails can be quick and convenient and will allow you to keep a record (unlike a phone call). However, although our own systems are secure, it may be possible to intercept your email when it is being sent over the internet.

    • Be aware also that if you share your computer others may read your emails.

    • You could use email to contact staff in relation to a query or to ask about an appointment.

    • Do not give more personal information than we need to process your request.

    • Do not ask us to send you medical details that you would not want seen by other people.

If you have an urgent question or feel unwell after going home after treatment contact the clinic on 01235 550987 (see our opening times on the ‘Contact Us’ page of the website). If you have an emergency, please use 111 NHS emergency service or 999 for life threatening conditions by telephone, do NOT email.



Our guiding principle is that we hold your records in strict confidence, ensuring that the following eight principles governing the processing of personal data are observed;

  • personal data shall be processed fairly and lawfully;

  • personal data shall be obtained only for specified and lawful purposes, and shall not be processed in any manner incompatible with those purposes;

  • personal data shall be adequate, relevant and not excessive in relation to the purposes for which it is processed;

  • personal data shall be accurate and, where necessary, kept up to date;

  • personal data shall be kept for no longer than is necessary for the purposes for which it is processed;

  • personal data shall be processed in accordance with the rights of data subjects under the Act;

  • personal data shall be subject to appropriate technical and organisational measures to protect against unauthorised or unlawful processing and accidental loss, destruction or damage;

  • personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of data protection

Information about you and the services you receive may be held in several formats and will be kept for the specific retention periods outlined by the relevant professional bodies. We use secure electronic systems to store user records, images and details of prescriptions. Patient data held on paper or disk will be processed in accordance with the Data Protection Act and destroyed using secure documented procedures after the time periods set out by the Department of Health.


We use your records to:

  • Ensure that any treatment or advisory services we provide to you are based on accurate information.

  • Send a letter about your care to your GP or other health professional at the end of your treatment, unless you tell us not to do so.

  • Work effectively with other services providing you with treatment or advice.

  • Monitor the quality of our care and help us to understand the outcomes of care.

  • Investigate any concerns or complaints you or your family have about your health care.

  • Provide information that is needed for financial transactions in relation to payment for treatment, such as billing. For private patients/service users this may include details shared with your insurance company. If you have any concerns about this, please contact your insurer.


We may remove your name and other details that could identify you so that we can use the information in your record anonymously to:

  • Monitor and improve the quality of care received by patients/service users.

  • Protect the health of the general public, for example we may share anonymous and aggregated patient information with organisations such as the National Institute for Clinical Excellence and the Cancer Registry for research or statistical purposes.

  • Train and educate staff.

Wherever possible, we anonymise your data or use a quasi- identifier such as a patient number.


To make sure you receive all the care and treatment you need, we may need to share the information in your health record with other staff and organisations. This could include:

  • Other healthcare professionals, such as doctors, pharmacists, and pathology and radiology staff involved in the analysis and reporting of diagnostic tests

  • Other hospitals and private sector organisations involved in your care

  • Local authority departments

  • Voluntary organisations providing on-going support

  • Administrative support staff

Note that anyone who receives information from us also has a legal duty to keep it confidential.

We may also share information that identifies you where:

  • You ask us to do so

  • We ask for specific permission and you agree to this

  • We are required to do this by law

  • We have special permission because we believe that the reasons for sharing are so important that they override our obligation of confidentiality (e.g. to prevent someone from being seriously harmed).

  • We do not give the names and addresses of patients/service users to other organisations except under the circumstances described in this Privacy Notice. Unless you have signed an additional consent, we will not contact you after your visit for purposes other than:

    • Follow up of care

    • Collecting your views about your stay with us

    • Settlement of any account that may be due, if appropriate

    • Complaints and concerns handling.


Sometimes we have a legal duty to provide information about people; examples are reporting some infectious diseases, and when a court order instructs us to do so. Records may also be shared without the patient’s consent in exceptional situations, such as to safeguard adults or children.


If your permanent address is outside the EU, or your treatment is continuing outside the EU, we may send details of your treatment to individuals based outside the EU specifically to promote your ongoing care. This would normally be the doctor who referred you to us for treatment. If you wish, we can give you the documents so that you have physical control over this information.

In the usual course of our business, we may use third parties to process and store your data on our behalf. We normally store your data on secure servers in the European Economic Area (EEA). Such processing is subject to contractual restrictions with regard to confidentiality and security in addition to the obligations imposed by the Data Protection Act 1998.
Exceptionally we may make use our suppliers are based outside the EEA for processing and storing your data. We have strict controls over how and why your data can be accessed. By submitting your personal data, you agree to this.

Where necessary we may transfer personal information overseas for processing to support the long- term effectiveness of treatment and monitor patient outcomes. Personal information will be processed in this way where it is not possible to achieve this purpose with the use of anonymised or pseudonymised information only.


TAHA Dental Excellence acts to provide information principally for other health and social care professionals who have requested this since they require further detailed investigations on their patients/service users. So naturally we will normally need to share this information with your doctor who has referred you to our service.

If you do not want us to share your information with your GP, other healthcare providers or carers, please tell the team looking after you. But please note that not sharing your information may affect the care that can be provided for you.

You have the right to request that your confidential information is not used beyond your own care and treatment and to have your objections considered. Where your wishes cannot be followed you will be told the reasons including the legal basis. You may at any time withdraw any consent you have previously given to us to process information about you.

If you wish to exercise your right to opt-out, withdraw consent to use your information, or to speak to somebody to understand what impact this may have, please discuss your concerns with your professional, or by emailing our team at with ‘Opt Out Request’ in the subject line of the email.


TAHA Dental Excellence is the Data Controller of the data it holds about its patients/service users and staff.

You have the right to confidentiality under the Data Protection Act 2018 (DPA), the Human Rights Act 1998 and the Common Law Duty of Confidentiality. The Equality Act 2010 may also apply.

You have the right to know what information we hold about you, what we use it for and if the information is to be shared, who it will be shared with.

You have the right to apply for access to the information we hold about you. Other people can also apply to access your health records on your behalf. These include anyone authorised by you in writing (such as a solicitor), or any person appointed by a court to manage your affairs where you cannot manage them yourself. Access covers:

  • The right to obtain a copy of your record in permanent form;

  • The right to have the information provided to you in a way you can understand, and explained where necessary, for example where abbreviations have been used. You would not be entitled to see information that:

    • Has been provided about you by someone else if they haven’t given permission for you to see it

    • Identifies another person who has not given permission for you to see the information about them

    • Relates to criminal offences

    • Is being used to detect or prevent crime

    • Could cause physical or mental harm to you or someone else. If you are currently receiving services from us and wish to view the record without obtaining a copy, discuss your request with the professional in charge of your care.



If you wish to apply for access to the information we hold about you:

  • You should send your request in writing to us.

  • You should provide enough information to enable us to correctly identify your records, for example include your full name, address, date of birth, any unique identifier number.

  • We will take every reasonable step respond to you within 40 days of receiving your request

  • You may be required to provide a form of ID before any information is released to you. Once you receive your records, if you believe any information is inaccurate or incorrect, please inform us.

In any request, to cover the cost of the administration involved, we may request a fee. 

This Privacy Policy is effective immediately and will remain in effect until further notice.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.



TAHA Dental Excellence is committed to providing a safe, comfortable environment where patients and staff can be confident that best practice is always being followed and the safety of everyone is of paramount importance.

We recommend that all patients are seen at some point during the consultation process alone with our clinician, to ensure patients are free to express any concerns or worries in their own words and without fear of coercion or threat from any accompanying individual. However, all patients are entitled to have a chaperone present for any consultation, examination or procedure where they feel one is required.  

Regardless of gender of the patient or clinician, you will be offered the option of having an impartial observer (chaperone) present for any intimate examination. Our trained staff routinely undertake this role and will:

 ·    Be sensitive and respect your dignity and confidentiality  

·     Reassure you in the event of distress or discomfort  

·     Be familiar with the procedures involved  

·     Stay for the whole examination and be able to see what the clinician is doing, if practical  

·     Be prepared to raise concerns if they are concerned about the clinician’s behavior or actions. 

Your healthcare professional may also require and request a chaperone to be present for certain consultations in accordance with our chaperone policy.



If you have any further questions about this Privacy Policy, or if anything is not clear, please let us know by emailing our team at

Further information about data protection issues is at:

Information Commissioner’s Office (ICO)
The Information Commissioner’s Office
Wycliffe House

Helpline: 0303 123 1113



In this practice we take complaints very seriously indeed and try to ensure that all our patients are pleased with their experience of our service. When patients complain, they are dealt with courteously and promptly so that the matter is resolved as quickly as possible. This procedure is based on these objectives.

Our aim is to react to complaints in the way in which we would want our complaint about a service to be handled. We learn from every mistake that we make and we respond to customers’ concerns in a caring and sensitive way.

  1. The person responsible for dealing with any complaint about the service which we provide Dr Samantha Heidari, Practice Owner.

  2. If a patient complains on the telephone or in person, we will listen to their complaint and offer to refer him or her to the Practice Owner immediately. If the Practice Owner is not available at the time, then the patient will be informed when they will be able to talk to the Practice Owner and arrangements will be made for this to happen. The member of staff will take brief details of the complaint and pass them on to the Practice Owner. If we cannot arrange this within a reasonable period or if the patient does not wish to wait to discuss the matter, arrangements will be made for someone else to deal with it.

  3. If the patient complains in writing or by email, it will be passed on immediately to the Practice Owner, Dr Samantha Heidari.

  4. If a complaint is about any aspect of clinical care or associated charges it will normally be referred to the dentist concerned, unless the patient does not want this to happen.

  5. We will acknowledge the patient’s complaint in writing and enclose a copy of this code of practice within three working days.

  6. We will seek to investigate the complaint within ten working days of receipt to give an explanation of the circumstances which led to the complaint. If the patient does not wish to meet us, then we will attempt to talk to them on the telephone. If we are unable to investigate the complaint within ten working days we will notify the patient, giving reasons for the delay and a likely period within which the investigation will be completed.

  7. We will confirm the decision about the complaint in writing immediately after completing our investigation.

  8. Proper and comprehensive records are kept of any complaint received as well as any actions taken to improve services as a consequence of a complaint.

  9. If patients are not satisfied with the result of our procedure then a complaint may be made to:

The Parliamentary and Health Service Ombudsman, Millbank Tower, Millbank, London, SW1P 4QP. Telephone: 0345 015 4033

The Dental Complaints Service, The Lansdowne Building, 2 Lansdowne Road, Croydon, Greater London, CR9 2ER. Telephone: 08456 120 540 The General Dental Council, 37 Wimpole Street, London. W1N 8DQ. Telephone: 0845 222 4141


Our practice has a safety culture which means that patient safety is at the forefront of everyone’s minds not only when delivering healthcare but also when setting objectives, developing procedures, purchasing new products and equipment. It is also a culture that is open and fair, where team members can discuss the challenges they face at work for the best interests of our patients. For patient safety we:

  • Follow the latest infection prevention guidelines including those from NHS & CQC England

  • Use dental instruments that are single use or are sterilised after use

  • Decontaminate work areas including the dental chair, hand held equipment and cupboard handles, in between patients

  • Maintain a high standard of personal hygiene including clinical clothing and the restricted wearing of jewellery

  • Monitor practice water for quality. Dental unit waterlines are disinfected and kept clear

  • Handle waste according to current regulations and dispose of it with appropriate carriers

  • Take expert advice if a team member may have a blood borne infection. The team member will have an occupational health examination and follow the advice on their role in treating patients

  • All our team members are trained in safeguarding of children and vulnerable adults and follow the practice safeguarding procedures, which are regularly monitored and reviewed.

We run a clinical governance system which uses integrated risk management to identify, assess, analyse and manager all risks and incidents. The goal is continuous improvement in our care and service to you.

The Practice Manager Dr Samantha Heidari has the overall responsibility at the practice. The team is supported through regular meetings, staff training, personal development and regular appraisals. The practice always welcomes questions, comments and suggestions from patients.

Please contact the practice manager if you have any questions or concerns.

Radiology: Dentistrybythomas ltd (incorporated in 2018, or existing and established under the laws of England and Wales) whose registered office is at 5 The Old Gaol Abingdon OX14 3HE can be deemed both the controller and processor


(A). The Controller processes Personal Data in connection with its business activities.

(B). The Processor processes personal data on behalf of other businesses and organizations.

(C). The Controller wishes to engage the services of the Processor to process and store personal data on its behalf. This may include the use of cloud based software services that include the processing and/or storage of personal data.

(D). The personal data to be processed will include:
a. special category data relating to health  
b. personal data relating to healthcare professionals

(E). In compliance with the GDPR, the Controller and the Processor wish to enter into this Agreement. 




1.1 In this Agreement the following words and phrases shall have the following meanings, unless inconsistent with the context or as otherwise specified:

"GDPR" shall mean the General Data Protection Regulation (Regulation (EU) 2016/679);

"personal data" shall mean any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

"data concerning health" shall mean personal data related to the physical or mental health of a natural person, including the provision of health care services,which reveal information about his or her health status;

"controller" shall mean the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determines by the controller,the law or any applicable UK legislation;

"processing of personal data" or "processing" shall mean any operation or set of operations which is performed on personal data or on sets of personal data,whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

"third party" shall mean a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

"technical and organisational security measures" shall mean measures to protect personal data against accidental or unlawful destruction or accidental loss, alternation, unauthorised disclosure or access and against all other unlawful forms of processing.

"personal data breach" shall mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.


In consideration of the Controller engaging the services of the Processor to process personal data on its behalf, the Processor shall comply with the security, confidentiality and other obligations imposed on it under this Agreement.


3.1 The Processor agrees to implement appropriate technical and organisational security measures to ensure processing meets the requirements of the GDPR and any applicable UK legislation, and is otherwise secure. 

3.2 The Processor agrees to only act on the written instructions of the Controller (unless required by law to act within such instructions).

3.3. The Processor agrees to provide the Controller with whatever information it needs to ensure that it has the technical and organizational security measures required by the GDPR and any applicable UK legislation.

3.4. The Processor agrees to assist the Controller in providing subject access and allowing data subjects to exercise their rights under GDPR and any applicable UK legislation.

3.5 The Processor agrees to assist the Controller in meeting its GDPR obligations (and any obligations under any applicable UK legislation) in relation to the security of processing, the notification of personal data breaches and data protection impact assessments.

3.6 The Processor agrees to submit to reasonable audits and inspections by the Controller.

3.7 The Processor agrees to inform the Controller immediately if it is asked to do something infringing the GDPR.

3.8. Nothing within this Agreement relives the Processor of its own direct responsibilities and liabilities under the GDPR or any applicable UK legislation.


4.1 The Processor agrees that it shall maintain the personal data processed by the Processor on behalf of the Controller in confidence. In particular, the Processor agrees that, save with the prior written consent of the Controller, it shall not disclose any personal data supplied to the Processor by, for, or on behalf of, the Controller to any third party unless required by the law and any applicable UK legislation. 

4.2 The Processor shall not make any use of any personal data supplied to it by the Controller otherwise than in connection with the provision of services to the Controller. 

4.3 The obligations in clauses 4.1 and 4.2 above shall continue indefinitely after the cessation of the provision of services by the Processor to the Controller.

4.4 The Processor confirms that all people processing the data are subject to a duty of confidence.

4.5 Nothing in the Agreement shall prevent either party from complying with any legal obligation imposed by a regulator or court. Both parties shall however, where possible, discuss together the appropriate response to any request from a regulator or court for disclosure of information. 


5.1 The Processor shall not sub-contract any of its rights or obligations to any third party under this Agreement without the prior written consent of the Controller.

5.2 Where the Processor, with the consent of the Controller, sub-contracts its obligations under this Agreement to any third party it shall do so only by way of a written agreement with the Sub-Contractor which imposes the same obligations in relation to the security of the processing on the Sub-Contractor as are imposed on the Processor under this Agreement.

5.3 For the avoidance of doubt, where the Sub-Contractor fails to fulfill its obligations under any sub-processing agreement, the Processor shall remain fully liable to the Controller for the fulfillment of its obligations under this Agreement.


6.1 This Agreement shall continue in full force and effect for so long as the processor is processing personal data on behalf of the Controller.

6.2 The Processor agrees to on receipt of instructions from the Controller to erase, delete or return all personal data unless prohibited from doing so by any applicable UK legislation.


7.1 This Agreement and any dispute or claim arising out of it or in conjunction with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the national law of the England and Wales.

AS WITNESS this Agreement has been signed on behalf of each of the parties by its duly authorised representative on the day and year first above written.

SIGNED on behalf of Dentistrybythomas Ltd Dr Thomas Taha Heidari.

Anchor 1
Anchor 2
Anchor 3
Anchor 4
Anchor 5
Anchor 6
Anchor 7
Anchor 8
© Copyright
© 2022 Site Developed By TAHA™ All Rights Reserved Updated 1.2022 Terms of Use. Complaints Procedure. Data Protection. Privacy & Cookie Policy. Health & Safety Charter.
bottom of page