Who we are

Our website address is: https://julianescandian.co.uk.

What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact Details

We need to contact you on a regular basis during our practice-patient relationship. Our rules for holding this data depends on decisions made by you on whether to undergo treatment with us.

We store all our patients’ contact details in our practice management software. As such, our legal basis for using your data this way is a legitimate interest.

We also store some contact details in our customer-relations management software, Zoho CRM. We use this to ensure we follow up with you when we need to, as well as to ensure that our communications with you are highly relevant and timely. As such, our legal basis for using your data this way is in our legitimate interests. We must ensure that we follow up with all customers thoroughly.

If you do choose to become a patient with us, your contact details become part of your healthcare records, after which the legal bases and our obligations for storing them, changes, as follows.

Health data

We must store sensitive healthcare data to treat you as a patient. Your treatment may depend on sharing some of this data with a laboratory or an auditor. We are legally obliged to hold this data for 11 years. Depending on the complexity of your treatment, we may choose to retain this data for a longer period upon review after the 11 year period. Otherwise, it is destroyed. As such, our legal bases for holding this data are, at first, to fulfil a contract to you and after that, it becomes a legal obligation.

Technical data

We log your IP address, the pages you visit, information about your web browser (your User-Agent e.g. Google Chrome, Safari, Internet Explorer) and whether you faced an error or not. We use this data to diagnose errors and investigate malicious attacks. Our web servers automatically collect this data and store it on the same server. This data is never shared or used for any purposes beyond diagnostics and investigation. This data is destroyed at six-monthly intervals. As such, our legal basis for holding this data is a legitimate interest.

Financial data

If you are a patient or a customer, we must keep track of your basic financial information (financial transactions made with us) by law for six years from the day you no longer use our services. As such, our legal basis for storing this data is a legal obligation.

Basic financial information includes:

  • Your contact details
  • Identification
  • Transactional and financial data

Usage data

We collect website usage data using Google Analytics, Zoho CRM and Facebook. We use this information to improve our website’s user experience, identify opportunities for business growth and improve and monitor on-going marketing campaigns. This data also allows us to run marketing campaigns that are highly relevant to the individual who can then make a better-informed decision, whether our services are right for them or not. We retain this data for a maximum of 4 years so we have enough data to make meaningful statistical analyses. As such, our legal basis for collecting, storing and using this data is within our legitimate interests. You may use cookie blocking software to disable this tracking to no detriment to this website’s function.

Marketing data

We have a legal obligation to store your preference to receive marketing from us. If by request or by our own data handling rules and obligations, we erase your data, we will lose your marketing preferences. If you contact us again, you will need to state your marketing preferences again.

We may send you information about special offers, competitions, prizes and other deals that are strictly relevant to you as a patient or customer. The period of time in which we do this depends on the treatment you express interest in. At a maximum, this is around 12 months. We will stop and erase your data if you do not respond to our marketing emails. Our legal basis for this is a legitimate interest, our data shows that it takes between 10-15 months for 30% of our enquirers to make a decision on a provider for their treatment. We want to provide our potential customers with the relevant information over that period to make an informed decision. This also enables us to grow our business, examine how our customers use our services and improve marketing activity. We provide a clear means by which you can opt-out of such communications and update your preferences. You may also contact us directly to update your preferences.

We will never sell or provide your personal data to third parties for marketing purposes. We will only ever market our own business to you, depending on your preferences.

We may use a combination of your contact details, usage data and marketing data to display relevant, targeted content to you from our website or through advertising networks i.e Google Ads and Facebook Ads. We use advertising to grow our practice, grow our customer base and also ensure that you only see adverts for products that are relevant to you. As such, our legal basis for doing so is a legitimate interest. You may contact us to stop us from using any of your data this way at any time.

Sensitive data

As stated above, we may hold sensitive data about you in the form of healthcare records. If we don’t collect this data, we will be unable to provide you with healthcare services. We will never process this data outside of our duties as a healthcare provider. If, in the event of one-time processing, we will contact you and request explicit consent. This would be an exception rather than a norm. Our legal basis, as stated previously, is, at first, to allow us to fulfil a contract with you and, after treatment is complete, any legal obligations we may have on the minimum length of time for holding your sensitive data.

We take, at a minimum, in-person in a clinical setting:

  • Dental x-rays
  • Notes on your current dental health condition
  • Relevant notes on your dental history
  • Previous practice details, if relevant, to request your dental records

For more information, please email us on info@luism47.sg-host.com.

We do not use your information to make automated decisions or profile you. We may use your data without your knowledge or consent where this is allowed or necessary by law.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Our Marketing Activities

As stated previously, we may send you relevant marketing communications on the basis of growing our practice, which is within our legitimate interest. Where we wish to send you general and non-specific marketing communications, we will always do this on the basis of your consent. You are within your rights to request that we stop sending you marketing communications entirely. You can do this by contacting us directly.

The Privacy and Electronic Communications Regulations (PECR) permits us to communicate with you for marketing purposes if:

  • You are a patient or expressed interest in becoming a patient
  • You have explicitly opted-in to marketing communications from us and:
  • You haven’t since withdrawn that consent
  • Your consent is still deemed relevant e.g you have been in contact within a certain period of time.

After 12 months of no contact, we will deem your consent ‘expired’. Similarly, we would deem your expression of interest no longer relevant because we would deem that your interest has ‘faded’. Both have the same effect as explicitly withdrawing consent – that is, after which, we will erase any of your data collected.

As stated, you may request that we stop sending you marketing communications outright at any time. Please note this does not affect relevant dental health recalls.

We will never send you unsolicited (non-relevant) marketing emails or texts. All marketing communications are delivered after, and only after, you, the individual, initiates a prospective customer relationship with our practice.

Who we share your data with

To perform all business functions, we may need to share some of your personal data to third-party data processors:

  • Website management agency, Accedor
  • Marketing agency, Accedor
  • Practice management software supplier
  • General advisors for advisory and auditing purposes, such as solicitors and accountants
  • Healthcare regulators for auditing, such as the CQC and the GDC
  • The HMRC for tax and financial reporting
  • Government bodies that legally require us to report on our activities in general
  • Dental laboratories, for manufacturing purposes
  • CRM software supplier, Zoho CRM
  • Analytics software supplier for website usage analysis – Google Analytics
  • Facebook advertising platform, for advertising and marketing measurement
  • Google Adwords for pay-per-click advertising and results measurement
  • Cloud file storage and sharing – Dropbox and OneDrive
  • Email marketing software – MailChimp, Zoho

International processors

Some of our processing requires the transfer of your personal information outside of the European Economic Area (EEA).

Companies within countries that fall outside of the EEA are not obliged to implement the protections of the DPA and GDPR. As such, EU law has banned the transfer of personal information to companies outside of the EEA where those companies do not comply with new data privacy regulations.

As such, all of our data processors that are outside of the EEA have agreed, via a Data Processor Agreement, to comply with the protections of the GDPR, reside in a country that European lawmakers have determined provide strong enough protection of personal data or we use, in the case of a processor in the United States, processors that fall under the EU-US Privacy Shield, guaranteeing the same level of protection of personal data as the GDPR.

We will not use a processor that does not meet these criteria as part of our ongoing activities. If, in the event of one-time processing, we will seek your explicit consent. That consent will only be relevant for that particular request.

Data Security

Our systems have been developed using Privacy by Design. Our business systems, as such, as built to protect your personal data from accidental loss, access, processing and mutation without the authority to do so.

Only those that have a need for a particular piece of your information have access to that information. Your personal data is only processed to our explicit instructions. All processing activity is kept confidential.

We have also proactively built business systems to handle any kind of potential or suspected breach of personal data that we are responsible for. If it is found your personal data has been breached, we will notify you and the appropriate regulator within three days. We will also inform you of the steps we had taken to prevent that and steps we have taken to recover/further protect your personal data.

Holding Your Data

As stated previously, we will hold your personal data for as long as we need it and no longer. Where feasible, we have stated how long we expect to hold the various categories of your personal data and the legal bases for doing so. Where we have been unable to provide a specific time period, we have given a global maximum timeframe for that category of data.

We use evidence from our own business activities, existing law and obligations to determine the appropriate length of time to hold your data. A major factor includes how sensitive a piece of personal data is. That is, how much potential harm this personal information would cause if breached.

Some processors anonymise personal data. We will reduce or eliminate the risk of privacy breaches by using pseudo-anonymisation wherever we can.

Your Rights

Your privacy rights, that existed under the DPA, have been strengthened and amended under the GDPR. You have the right to, in relation to your data:

  • Request access
  • Correct
  • Erase
  • Restrict
  • Transfer
  • Object to processing
  • Portability
  • Withdraw consent

ICO explains your rights in more detail here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

You can contact us using the details at the beginning of this document to exercise any of your rights at any time.

Exercising your rights is free of charge. We can, however, refuse or charge for any requests that are deemed excessive, repetitive and/or unreasonable.

We will need to verify your identity to comply with any request(s) to exercise your rights. We will need some personal information to do so, strictly for the purposes of identity verification. Otherwise, this would leave your personal information vulnerable – something the GDPR aims to resolve. Unless a proxy is stated explicitly in a form that can be used as evidence, we will only ever comply with requests for the excision of rights with regards to your personal data by you only.

All requests should be resolved within one month. This, however, may take longer for requests that require a more complex resolution. We will inform you of any delays that may be required, along with justification.

You have the right to complain to the Information Commissioner’s Office (ICO) if you are unhappy with how we process your personal data. ICO is a body that supervises and enforces privacy laws in the UK. Please visit their website at www.ico.org.uk for more information. We do request that you contact us first with any concerns. We recommend contacting ICO if you are still unsatisfied after attempting to resolve any issues with us directly.

External Hyperlinks

On our website, we may link to other websites that provide more information on a specific topic discussed on this website. By clicking any of those links, the contents of this privacy policy do not apply to your data processing on the websites that we link to. You must refer to the privacy policy on those websites which are out of our control. We will endeavour to link to reputable, well-maintained websites.