Privacy Policy

Privacy Policy

Last updated: [1 December 2025]

This privacy policy explains how UPOD Medical (“UPOD”, “we”, “us”, or “our”) collects and uses personal data when you visit our website at https://upodmedical.com/ (the “Site”) and when you submit your details to request a demo or trial of our dental practice management software.

This policy applies to information collected via the Site. If you are a customer using UPOD Medical within your dental practice, our data protection obligations in relation to patient and clinic data will be covered in separate agreements with your organisation.

This policy is intended to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Important: This document is a template and does not constitute legal advice. You should review and adapt it to your specific circumstances and have it reviewed by a legal professional before publishing.

1. Who we are and how to contact us

The data controller for personal data processed via this Site is:

UPOD Medical Ltd
23 Gloucester Road
Coleford
Gloucestershire
GL16 8BH
info@upodmedical.com

If you have any questions about this policy or how we handle your personal data, please contact us using the details above.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection (www.ico.org.uk).

2. Personal data we collect

When you use our Site, we may collect and process the following categories of personal data:

2.1 Information you provide directly

When you complete the “Book a demo” or other contact forms on the Site, or communicate with us by email or phone, we collect:

  • Name

  • Job title and role

  • Clinic or organisation name

  • Contact details (email address, phone number)

  • Practice details (e.g. size, location, number of chairs, or other information you choose to share)

  • Any other information you include in free-text fields or messages

2.2 Information collected automatically

When you visit the Site, we use cookies and similar technologies (including Google Analytics) to collect:

  • IP address

  • Device type, operating system and browser type

  • Approximate location (based on IP address)

  • Pages visited, time and date of visits

  • Time spent on each page, click paths and other usage data

  • Referring website or marketing campaign that directed you to the Site

For more detail about cookies, please see our Cookie Policy.

3. How we use your personal data and legal bases

We use your personal data for the following purposes and under the following legal bases:

a) To respond to enquiries and provide demos or trials

  • To process demo requests submitted via the Site

  • To contact you to arrange and deliver an online or in-person demonstration

  • To follow up on your interest in UPOD Medical and answer questions

Legal basis:

  • Performance of a contract or to take steps at your request prior to entering into a contract (UK GDPR Article 6(1)(b))

  • Legitimate interests in responding to business enquiries (Article 6(1)(f))

b) To manage our relationship with you and your organisation

  • To send information about UPOD Medical relevant to your enquiry (e.g. pricing, product updates, trial information)

  • To maintain records of interactions and communications

Legal basis:

  • Legitimate interests in developing and growing our business and providing relevant information to prospective customers (Article 6(1)(f))

You can opt out of marketing communications at any time by using the unsubscribe link in our emails or by contacting us.

c) To operate, secure and improve our Site

  • To monitor website performance, usage and traffic

  • To understand which content is most useful to visitors and improve our Site and marketing

  • To maintain the security and integrity of the Site

Legal basis:

  • Legitimate interests in operating and improving our Site and services (Article 6(1)(f))

  • For non-essential analytics cookies, your consent via our cookie banner (Article 6(1)(a) and PECR)

d) To comply with legal obligations

  • To maintain appropriate records

  • To respond to requests from law enforcement or regulatory authorities where required

Legal basis:

  • Compliance with a legal obligation (Article 6(1)(c))

4. Who we share your personal data with

We do not sell your personal data to third parties.

We may share your personal data with:

  • Service providers who help us operate our Site and run our business, such as:

    • Website hosting and infrastructure providers (including Framer)

    • Analytics providers (e.g. Google Analytics)

    • Email and CRM tools used to manage enquiries and follow-ups

  • Professional advisers, such as lawyers, accountants or IT security consultants, where necessary for our legitimate interests

  • Authorities or regulators, where required by law or to protect our legal rights

These third parties act as processors or sub-processors and may only process your personal data according to our instructions, subject to appropriate confidentiality and security obligations.

5. International data transfers

Some of our service providers (including Google and possibly Framer) may be located outside the UK and European Economic Area (EEA), for example in the United States.

Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place, such as:

  • An adequacy regulation issued by the UK government; or

  • Standard Contractual Clauses (SCCs) and any UK addendum, or equivalent legal mechanisms.

You can contact us for more information about international transfers and the safeguards we use.

6. Data retention – how long we keep your data

We keep personal data only for as long as necessary for the purposes described in this policy, including to meet any legal, accounting or reporting requirements. In general, we apply the following guidelines:

  • Enquiry and demo request data: kept for up to [e.g. 2 years] after our last meaningful interaction with you or your organisation, unless you ask us to delete it sooner.

  • Marketing contact details: retained until you unsubscribe or we identify that your details are no longer accurate or active.

  • Website analytics data: retained in accordance with our Google Analytics settings (typically [e.g. 14 or 26 months], or as otherwise configured).

In some cases, we may need to retain personal data for longer where required by law or to establish, exercise or defend legal claims.

7. How we protect your personal data

We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These measures include:

  • Secure hosting of our Site and data

  • Access controls and authentication for systems containing personal data

  • Use of encryption where appropriate

  • Staff awareness and confidentiality obligations

However, no internet transmission or storage system can be guaranteed to be 100% secure.

8. Your data protection rights

Under UK data protection law, you have the following rights in relation to your personal data, subject to certain conditions and exemptions:

  • Right of access – to obtain a copy of your personal data and information about how it is used

  • Right to rectification – to have inaccurate personal data corrected and incomplete data completed

  • Right to erasure – to request deletion of your personal data in certain circumstances

  • Right to restriction – to request restriction of processing of your personal data in certain circumstances

  • Right to data portability – to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller where technically feasible

  • Right to object – to object to processing based on our legitimate interests, including profiling, and to object to direct marketing at any time

  • Right to withdraw consent – where processing is based on your consent, you can withdraw it at any time (this will not affect the lawfulness of processing before withdrawal)

To exercise any of these rights, please contact us using the details in section 1.

You also have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk) if you are unhappy with how we have used your data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO.

9. Cookies and similar technologies

We use cookies and similar technologies on our Site for essential functionality and for analytics purposes. For more information about the cookies we use and how you can control them, please see our Cookie Policy.

10. Third-party links

Our Site may contain links to third-party websites, plug-ins or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party sites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

11. Changes to this privacy policy

We may update this privacy policy from time to time. Any changes will be posted on this page with an updated “Last updated” date. We encourage you to review this policy periodically to stay informed about how we are using your personal data.

Discover the
power of UPOD

Seamless booking. Intelligent automation.
Everything your clinic needs in one platform.

Book a demo

Discover the
power of UPOD

Seamless booking. Intelligent automation. Everything your clinic needs in one platform.

Book a demo

Discover the
power of UPOD

Seamless booking. Intelligent automation.
Everything your clinic needs in one platform.

Book a demo