Privacy Policy

Man holding tablet

Who we are

We are DenGro Limited.

We provide a platform for dental practices to attract and convert new patients. Our registered office is: 7a Northumberland Buildings, Bath, BA1 2JB, United Kingdom.
We are registered as a data controller with the Information Commissioner’s Office and our registration number is ZA304057.We (DenGro) primarily act, however, as a data processor on behalf of our customers (dental practices) in providing our services. You (the Dental Practice) are the Data Controller. You own, store and are responsible for data about your patients, and those who may be interested in treatment (your leads).

What person data we collect and why

Name, Email address, Phone number, Address, Usage data , Unique device identifiers (Google Advertiser ID or IDFA, for example)
Details of patient enquiries, Marketing preferences, User login details to set up new users and to provide support to users. To deactivate users and to store lead and patient data on behalf of dental practices for their defined purposes.
To analyse user preferences, advertising and customer retargeting. We also use information about how users interact with DenGro to analyse and improve the platform. We act as a controller for this purpose. This information will be used at an aggregated level wherever possible.

How we use your personal data

The DenGro platform integrates with several third-party providers to help us provide our service, as set out below:
Third party purpose privacy information Amazon Web Services (AWS) Hosting services https://aws.amazon.com/compliance/data-privacy-faq/
CloudFlare CDN services for one icon font library Cloudflare’s Privacy Policy | Cloudflare
Facebook API App integration with account lead ad forms https://www.facebook.com/about/privacy
Google Ads Remarketing Remarketing and behavioural targeting service provided by Google LLC that connects the activity of DenGro with the Google Ads advertising network and the DoubleClick Cookie https://policies.google.com/privacy
Google API Maps and geocoding https://policies.google.com/privacy
Google Analytics 4 User tracking and analytics https://policies.google.com/privacy
Google Tag Manager Tag and script management in a centralised manner. This results in the Users’ Data flowing through these services, potentially resulting in the retention of this Data https://policies.google.com/privacy
Google Workspace Cloud storage, productivity and collaboration tools Google Cloud Privacy Notice
HubSpot Lead Management and Customer relationship management https://legal.hubspot.com/product-privacy-policy
Intercom Support and lead communications https://www.intercom.com/legal/privacy
Linode Hosting services https://www.linode.com/legal-privacy/
Mailgun Email address management and message sending service https://www.mailgun.com/privacy-policy/
Meta Events Manager (Facebook Pixel) Connects data from the Facebook advertising network with actions performed on DenGro. The Facebook pixel tracks conversions that can be attributed to ads on Facebook, Instagram and Audience network https://www.facebook.com/about/privacy
Rollbar Application logging and telemetry https://rollbar.com
PostHog Product analytics suite Privacy policy – PostHog
Productboard Product management platform that helps companies to prioritise their product ‘around a clear strategy informed by user insights https://www.productboard.com/privacy-policy/2021-10-20/
Pusher Push notifications app https://pusher.com/legal/privacy-policy
Slack Business messaging app Privacy policy | Legal | Slack
Trello Project management tool Privacy Policy | Atlassian
Vimeo Video hosting, sharing, and services platform provider Privacy Policy on Vimeo
Vonage Transactional SMS messaging Privacy Policy | Vonage
Access to third party accounts DenGro can also be configured to allow the platform to access data from an account on a third-party service (such as Facebook) and perform actions with it. These services are not activated automatically and require explicit authorisation by the user. We may also be required to comply with a request or legal order to disclose personal data to a third party, for example in relation to a police investigation or insurance claim.

Lawful basis

Under data protection law, we have to identify relevant lawful bases for our use of your personal data.
We primarily rely on:
Legitimate interests – to provide and administer the DenGro platform to users and customers.
Legal obligation – in meeting our legal obligations under financial, health and safety and employment laws (among others).Dental practices (as “controllers”) define their own lawful bases for processing personal data relating to their leads and clients.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

How long do we keep your personal data?

DenGro users: We hold personal data of DenGro users for as long as they are active users.We will delete account data and subscriber data 12 months after an Account was last active (i.e. where an Account has no active subscription).

International transfers

DenGro Ltd is based in the UK and therefore subject to the UK GDPR and related UK data protection legislation.
Our main IT infrastructure (Amazon Web Services) is hosted in Ireland but some of the third parties DenGro integrates with store data outside the UK and the European Economic Area (EEA).Where this is the case, we have arrangements in place to ensure that personal data is afforded the same level of protection as within the UK or EEA, as required by UK GDPR Articles 45-49.

What rights you have over your data

Under data protection legislation, you have rights in relation to your personal data, as below:The right of access (obtaining a copy of your data)The right to rectification (correcting your data)The right to erasure (deleting your data)The right to restrict processing (to stop use of your data for a time limited period)The right to data portability (to move your data to another organisation)The right to object (to object to our use of your data)Rights in relation to automated decision making and profiling (to know if and how we use any technology to make decisions about you).

There are some limited exemptions to these rights, so they may not apply in every scenario. For further information on these rights, please see the Information Commissioner’s Office (ICO) website.If you wish to make a request in relation to any of these rights, please contact us as: data-protection@dengro.com . Where we act as a processor on behalf of our customers, we will pass any requests to the customer to respond to (as a controller).

Information security

We have information security measures in place to reduce the risk of unauthorised access to, misuse or loss of personal data.
These include:
> Appropriate access controls and user authenticationIncident and breach processes
> Appropriate internal IT and network security
> Business continuity processes
> Contracts with our suppliers covering data protection and information security

Queries and complaints

In the first instance, we would hope to resolve any queries or concerns you have in an informal way, if you contact us at: data-protection@dengro.comIf you are not satisfied with our response, you also have a right to complain to the Information Commissioner’s Office (ICO) as the regulator of data protection. For further information, please see: https://ico.org.uk/make-a-complaint/

Updates to this policy

We may sometimes need to update this Policy to reflect changes to the way we provide our services or to comply with updates to data protection law. Please check back regularly to see whether any changes have occurred. This Policy was last updated on 2nd February 2024.