Legal

Privacy Policy

Last updated: June 2026

This policy explains how Codental ("we", "us"), a product of Zafco Industries Ltd, collects, uses, and protects personal data. We are committed to handling all data lawfully, fairly, and transparently in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Who we are

Codental provides AI-powered services for dental practices. For the personal data of our direct business customers, we act as a data controller. For the personal data of individuals handled when we provide services on behalf of a practice, we act as a data processor, processing that data only on the documented instructions of the practice, which remains the data controller.

What we collect

Business contact data: the name, email, phone number, and practice name you provide when requesting a demo or becoming a customer.
Individuals' contact data: when providing services for a practice, we may capture an individual's name, date of birth, contact details, and the reason they have contacted the practice, together with a record or transcript of the interaction.
Health information: an individual may share details about their symptoms, treatment needs, or medical history when contacting a practice. Information concerning a person's health is "special category" data under UK GDPR and is treated with additional care. We capture only what is necessary to pass the enquiry to the practice and do not request more health detail than the individual chooses to give.
Technical data: basic usage and device information collected automatically when you visit our website.

How we use it

We use business contact data to:

Arrange and deliver product demonstrations you have requested.
Communicate with you about the service and respond to your enquiries.
Operate and improve our website and our service offering.

We use individuals' data and health information only on the instructions of the practice, to:

Provide the service and capture the individual's details and reason for contact.
Pass those details to the relevant practice so they can follow up.

We do not use this data to improve our own products or for any purpose beyond delivering the service to the practice. We also process data where necessary to meet our legal and regulatory obligations.

Lawful basis

We process business contact data on the basis of legitimate interests (responding to your enquiry) and, where applicable, to take steps to enter into a contract with you. Individuals' data handled when providing services for a practice is processed on behalf of that practice under our contract with them; the lawful basis for that processing rests with the practice as controller.

Where the data includes health information (special category data), the practice, as controller, is responsible for ensuring an appropriate condition for processing applies, typically that the data is processed for the provision of health or dental care. We process such data only on the practice's instructions and solely to pass the enquiry to them.

Sharing your data

We do not sell personal data and we do not share it for anyone else's marketing. Personal data is disclosed only in these limited ways:

With the practice: captured details are passed to the dental practice on whose behalf we provided the service, so they can follow up with the individual.
Where legally required: if we are obliged to disclose data by law or a valid request from an authority.

Data retention

We keep personal data only for as long as necessary for the purposes set out above, or as required by law. Data handled on behalf of a practice is retained according to the instructions of that practice and deleted when no longer required.

Security

We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure, including access controls and secure transmission.

Your rights

Under UK GDPR you have rights over your personal data, including the right to access it, to have it corrected or erased, to restrict or object to its processing, and to data portability.

If you are a business contact (for example, you enquired about a demo), you can exercise these rights with us directly using the details below.

If your details were captured when we provided services on behalf of a practice, the dental practice is the controller of your data, so requests should be made to the practice. If you contact us, we will pass your request to the relevant practice and assist them in responding.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Contact

For any questions about this policy or your data, email us at hello@codental.co.