Privacy Policy - Dovers Dental Clinic

Contents

1. About This Policy
2. Information We Collect
3. Legal Basis for Processing
4. How We Use Your Information
5. Cookies & Log Data
6. Data Security
7. How Long We Keep Your Data
8. Third-Party Services
9. Your Rights
10. Data Breach Notification
11. Updates to This Policy
12. Contact & Complaints

Effective Date: June 2026 | Last Reviewed: June 2026

1 About This Policy

At Dovers Dental Clinic, we are committed to protecting your personal information and being transparent about how we use it. This Privacy Policy explains what data we collect, why we collect it, how it is used and stored, and what rights you have over your information.

This policy applies to all patients, website visitors, and anyone who contacts us by any channel — in person, by phone, WhatsApp, email, or through our website at doversdental.com.

It should be read alongside our Terms and Conditions and Refund & Cancellation Policy.

Governing Law This policy is governed by the Nigeria Data Protection Act 2023 (NDPA) and its implementing regulations issued by the Nigeria Data Protection Commission (NDPC). We process your data lawfully, fairly, and transparently in accordance with those requirements.

2 Information We Collect

We collect only the information we need to provide safe, effective dental care and to operate our practice responsibly.

a) Personal & Contact Information

Full name, date of birth, gender
Phone number, email address, residential address
Next of kin or emergency contact details

b) Health & Clinical Information

Medical and dental history, current medications, allergies
Clinical notes, X-rays, photographs, and treatment records
HMO or health insurance details where applicable

c) Financial Information

Payment records (amounts paid, payment method used)
We do not store full card numbers or bank account details

d) Website & Device Usage Data

Browser type and version, operating system
Pages visited, time spent, referring URL
IP address (collected automatically by our web server and analytics tools)

e) Communications

Enquiries, complaint records, and feedback submitted via email, WhatsApp, or our website contact form

3 Legal Basis for Processing

Under the NDPA 2023, we must have a lawful basis for processing your personal data. The bases we rely on are:

Type of Data	Legal Basis
Appointment booking & clinical care	Performance of a contract / Vital interests (health data)
Clinical records & treatment notes	Legal obligation (Nigerian health regulations)
Payment processing	Performance of a contract
Marketing emails & health tips	Your explicit consent
Website analytics (Google Analytics)	Legitimate interest / Consent via cookies
Complaint handling	Legitimate interest & Legal obligation

Where we rely on your consent, you have the right to withdraw it at any time — see Section 9 for how to do this.

4 How We Use Your Information

We use your information to:

Book, confirm, and manage your dental appointments
Provide safe and appropriate clinical treatment
Send appointment reminders by SMS, WhatsApp, or email
Process payments and manage billing records
Respond to your enquiries and handle complaints
Send health tips and promotional offers — only with your consent
Monitor and improve our website performance
Comply with applicable Nigerian health and data protection law

We do not sell your data. We will never sell, rent, or share your personal or health information with third parties for their marketing purposes.

5 Cookies & Log Data

Our website uses cookies — small text files stored on your device — to improve your browsing experience, remember your preferences, and analyse how our site is used.

Types of cookies we use

Cookie Type	Purpose
Essential cookies	Required for the website to function correctly
Analytics cookies	Help us understand how visitors use our site (Google Analytics)
Marketing cookies	Used by Facebook Pixel to measure ad performance

You can control or disable cookies in your browser settings at any time. Disabling essential cookies may affect your ability to use some features of our website.

Our web server also automatically records log data — including your IP address, browser details, and pages visited — for security and diagnostic purposes. This data is not linked to your personal identity.

6 Data Security

We take the security of your information seriously and apply appropriate technical and organisational measures to protect it against unauthorised access, loss, alteration, or disclosure. These measures include:

Encrypted data transmission (HTTPS) across our website
Password-protected and access-controlled clinical record systems
Limited staff access to personal data on a need-to-know basis
Regular review of our data handling and storage practices

Please note No method of electronic data transmission or storage is 100% secure. While we do everything practicable to protect your data, we cannot guarantee absolute security. We encourage you not to share sensitive information (such as passwords or full financial details) through email.

7 How Long We Keep Your Data

We retain your personal and clinical data only for as long as necessary for the purposes set out in this policy, or as required by law.

Data Type	Retention Period
Clinical and treatment records	Minimum 6 years from last treatment (or until age 25 for minors, whichever is longer), as required under Nigerian health regulations
Financial and billing records	7 years (in line with tax and accounting requirements)
Appointment and communication records	3 years
Marketing consent records	Until consent is withdrawn, plus 1 year
Website analytics data	26 months (Google Analytics default)

When data is no longer needed, we securely delete or anonymise it.

8 Third-Party Services

To operate our clinic and website, we work with certain trusted third-party service providers. These providers may process your data on our behalf, and we ensure appropriate data protection safeguards are in place with each.

Service	Purpose	Data Shared
Google Analytics	Website traffic analysis	Anonymised usage data, IP address
Meta (Facebook Pixel)	Advertising performance measurement	Anonymised browsing behaviour
LatePoint (booking software)	Appointment scheduling	Name, phone, email, appointment details
WhatsApp Business	Patient communication	Name, phone number, messages
WPForms	Contact form submissions	Name, email, enquiry content

We do not authorise any third party to use your personal data for their own marketing purposes.

Our website may also contain links to external websites. We are not responsible for the privacy practices of those sites and encourage you to read their own privacy policies before sharing any information.

9 Your Rights Under NDPA 2023

Under the Nigeria Data Protection Act 2023, you have the following rights regarding your personal data:

Right of access — request a copy of the personal data we hold about you
Right to rectification — ask us to correct inaccurate or incomplete information
Right to erasure — request deletion of your data, subject to our legal record-keeping obligations
Right to restrict processing — ask us to limit how we use your data in certain circumstances
Right to data portability — receive your data in a structured, machine-readable format
Right to object — object to processing based on legitimate interests or for direct marketing
Right to withdraw consent — where we rely on consent, withdraw it at any time without affecting the lawfulness of prior processing

How to withdraw marketing consent or exercise any right Email us at care@doversdental.com with the subject line "Data Rights Request", or call 0805 516 2585. We will respond within 30 days. To unsubscribe from marketing messages, you can also reply "STOP" to any SMS or WhatsApp message we send.

10 Data Breach Notification

In the unlikely event of a personal data breach that poses a risk to your rights or freedoms, we will:

Notify the Nigeria Data Protection Commission (NDPC) within 72 hours of becoming aware of the breach, where required by law
Notify affected individuals without undue delay if the breach is likely to result in a high risk to their rights or freedoms
Provide clear information on what data was affected, what steps we are taking, and what you can do to protect yourself

If you believe your data may have been compromised, please contact us immediately at care@doversdental.com.

11 Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data handling practices. When we make material changes, we will update the effective date at the top of this page and, where appropriate, notify existing patients by email or SMS.

We encourage you to review this page periodically. Continued use of our services after any update constitutes acceptance of the revised policy.

12 Contact & Complaints

For any questions, concerns, or requests relating to this Privacy Policy or your personal data:

Dovers Dental Clinic 📍 60a Akintunde Adeyemi Drive, Lekki Phase 1, Lagos, Nigeria
📞 0805 516 2585 | 0805 515 8148
📧 care@doversdental.com
💬 WhatsApp: 0805 515 8148
🌐 doversdental.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC):

🌐 ndpc.gov.ng
📧 info@ndpc.gov.ng
📍 No. 1 Zochukwu Street, Asokoro Extension, Abuja, Nigeria

This Privacy Policy was last reviewed and updated in June 2026. Previous versions are available on request.