Changes to our privacy notice
We have made some changes to our privacy notice that will take effect from 1st August 2026.
If you have any questions or no longer wish to be a patient, please contact our Patient Administration team. Email: student-treatments@bristol.ac.uk
Key changes:
- How we use your data:
We have clarified that, where consent is provided, we may use medical photography, digital images and video recordings for publication in clinical journals and textbooks and, as a result, this information may be made public via these publications. Your consent for us to use images in this manner may be withdrawn by you at anytime.
- Sharing your personal data:
The University has set up a subsidiary company (Temple Quarter Dental Practice Limited) which will allow us to provide more complex treatments undertaken by postgraduates students. Bristol Dental School will provide certain administrative and logistical support to Temple Quarter Dental Practice Limited and personal data will be shared between the University and Temple Quarter Dental Practice Limited. We have identified the reasons that this data may be shared between these entities.
Patient privacy notice
Last updated: July 2026
Effective date: 1st August 2026
The University of Bristol (“The University”) is committed to protecting your personal data and for keeping you informed about how information about you is used.
This notice outlines how the Dental School process your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This notice should be read in conjunction with the University’s top level privacy notices.
This notice applies to our patients, who have registered with us or have received treatment from us at our Dental School. This notice also applies equally to parents, guardians, or carers of patients where applicable.
If you do not understand anything in this notice, please speak to your parent or guardian if appropriate, or your contact at the Dental School.
Types of personal data processed
In order to provide you with dental treatment, we need to process the following type of data about you:
- Contact details - such as your name, address, telephone number, DOB, NHS number, email etc.
- Details of any adjustments that we need to take into account, such as the need for an interpreter.
- Your relevant medical history - this will come from you, or any organisation that has referred you, and we may collect additional information from relevant healthcare practitioners where necessary to provide your treatment.
- Payment information and insurance details where relevant.
We also need to process the following special categories of data:
- Health data – this is collected when you are assessed at each appointment you have with us. This may include medical photography, digital images and video recordings.
How we collect your data and how we use it
The information we process about you is collected from a number of sources. Including directly from you when you register with us, from any organisation that has referred you, and other relevant healthcare practitioners where necessary.
The above information is processed in order to enable us to assess and provide your treatment, to update your medical records, for clinical incident management, and where you consent, to be used for research.
We will also use your information to communicate with you, including to provide you with information and updates relating to your care.
As you will be aware, you may be treated by a dental student at the University’s Dental School. The student may need to use details of your treatment as part of their academic assessments. Where possible, this information will be anonymised, but personal data may be shared within the Dental School to undertake an academic assessment of the student.
When you provide us with consent, we may also use medical photography, digital images, and video recordings for teaching material or publication in clinical journals and textbooks, this information may be made public via these publications. You are under no obligation or pressure to provide consent to this and your decision will not affect your dental treatment. You may subsequently withdraw your consent to this by emailing: bds-information@bristol.ac.uk. Please be aware that, as explained in the consent form, images that have been made available on the internet may be difficult to withdraw from circulation.
Connecting Care is a local electronic patient record that allows health and social care professionals directly involved in your care, to view a summary of your medical record.
Your Connecting Care record will help those caring for you to manage your care better and allow information to be shared quickly and safely. Only authorised staff providing health services at the University of Bristol Dental School can access your record.
For more information about Connecting Care, visit the Connecting Care website which includes information on:
- What Connecting Care is
- Why share information
- How information is protected
- How to Opt-Out/In
- Changes to our policy
We will not use your personal data for automated decision making about you or for profiling purposes.
We will process your personal data either in ways you have consented to, or because it is otherwise necessary for a lawful purpose.
Where we are using your information, including images or videos for the purposes of receiving treatment, the legal basis relied upon is public task carried out in the public interest. We will always seek your agreement to the taking of images or videos, where possible.
For data protection purposes, we do not rely on 'consent' as a legal basis, because there will be situations where this would not be appropriate. However, we will follow best practice and ensure that you are informed about when we are taking such images, and we will seek your agreement to their use for the purposes of your treatment.
If you do not provide the information requested to facilitate your treatment plan, we will not be able to treat you, or continue with your treatment.
When we share information with other healthcare professionals, we may do this where it is required to protect your vital interests. We may also do this when it is in your best interests to do so, and it is a legitimate interest of yours that we share the information.
When information about you is shared for the purposes of assessing a student, this is a public task carried out in the public interest, because the training of dental students is such a task.
The special category data as listed above, specifically health data, is being processed for the above purposes under the following additional lawful basis:
- Article 9(2)(h) – health or social care.
Sharing your personal data
Your personal data will be collected and processed primarily by University of Bristol staff.
In addition to the specific sharing mentioned above, we may share your information with third parties as follows:
- We will share your personal data with third parties where required by law, where it is necessary to administer the working relationship with you or where we have another legitimate interest in doing so.
- If ever in the future, we are considering restructuring University of Bristol, we may share your information with the other parties involved and with the relevant professional advisors. This is for our legitimate interest in ensuring the continuation of the business.
- If we have a legal obligation to do so or for the purposes of fraud protection and credit risk reduction.
- We may need to share information about you to make safeguarding referrals, or onward health referrals as part of continuing care This is a legal obligation, but where it is not, it would be a legitimate interest of the University to comply with best practice.
- We may share your personal data with third party service providers who act on our behalf such as our professional advisers and IT services providers.
- The University provides certain administrative and logistical support to Temple Quarter Dental Practice Limited and personal data will be shared between the University and Temple Quarter Dental Practice Limited to:
- Share care records in relation to your treatment as well as in support of dental education, where relevant
- Send you communications about products and services that might interest you
- Undertake statistical research and analysis to understand more about our services and how to improve them
- Understand and improve clinical outcomes for our patients and customers
- Product and service development
- We may share your personal data with third party credit reference, insurers, and debt collection agencies acting on our behalf in processing financial claims for services we have provided to you. This may include fraud prevention agencies to support detection and prevention of fraud.
- We use third party "cloud computing" services to store some information rather than the information being stored on hard drives located at the Bristol Dental School. If you have any questions about any of the above, please speak to the Data Protection Officer, using data-protection@bristol.ac.uk
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow third party service providers to use your personal data for their own purposes, we only permit them to process your personal data for specified purposes and in accordance with our instructions.
Please note that we may need to share your personal information with a regulator or to otherwise comply with the law, and the list above is not necessarily exhaustive.
Storage and retention of personal data
The University has put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost or used, accessed, altered or disclosed in any unauthorised way.
Access to your personal data is limited to those that have a lawful and legitimate need to access it.
Any personal data that you submit to us will be held on secure cloud-based servers within the UK.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
We will keep your personal data according to the University’s Records Retention Schedule.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. For instance, we retain your medical records for a minimum of 11 years from when the patient last attended the practice, or until age 25 for children (whichever is longer).
Images and videos that are used for teaching, research and publication will be kept as long as they are relevant to the teaching methods, research and publication, and this may be indefinitely.
Your rights
Under certain circumstances, you may have the following rights in relation to the data we process:
- Right to request access to your personal data;
- Right to request correction of your personal data;
- Right to request erasure of your personal data;
- Right to object to processing the of your personal data;
- Right to request restriction of the processing your personal data;
- Right to request the transfer of your personal data; and
- Right to withdraw consent.
If you ask us to restrict our use of your personal data or delete it, we will not be able to provide you with our products or services.
For more information on these rights please visit the University’s guidance here. To exercise any of the above rights please contact the Data Protection Officer via data-protection@bristol.ac.uk
Questions, comments and complaints
If you have any questions or comments regarding this Privacy Notice, please contact: bds-information@bristol.ac.uk
You can also contact the University’s Data Protection Officer at: data-protection@bristol.ac.uk.
You can contact the Information Commissioner’s Office (ICO) if you are unhappy with how we’ve handled your data.