Dentsy - Data Protection Policy

Effective Date: October 2025
Last Reviewed: October 2025



1. Purpose

Dentsy, part of Expand Group AI Ltd (“we”, “us”, “our”) is committed to protecting the privacy, security, and rights of individuals whose personal data we process.

This Data Protection Policy sets out how we comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, and how we ensure that all personal data is handled lawfully, transparently, and securely.



2. Scope

This policy applies to:

  • All employees, contractors, and partners of Dentsy.
  • All personal data processed by Dentsy in any format (digital, paper, voice, or image).
  • All systems and processes where personal data is stored or used.


3. Our Data Protection Principles

Dentsy adheres to the following seven key principles of data protection:

  1. Lawfulness, fairness, and transparency – We process data lawfully and explain clearly how and why data is used.
  2. Purpose limitation – Data is collected for specific, explicit, and legitimate purposes.
  3. Data minimisation – We collect only the data necessary for our business purposes.
  4. Accuracy – We ensure data is accurate and kept up to date.
  5. Storage limitation – We retain data only for as long as necessary.
  6. Integrity and confidentiality – We protect data with appropriate security measures.
  7. Accountability – We take responsibility for how we handle personal data and demonstrate compliance with data protection laws.


4. Lawful Basis for Processing

Dentsy processes personal data under one or more of the following lawful bases:

  • Contractual necessity – To fulfil obligations under a contract (e.g., providing telecommunications services).
  • Legal obligation – To comply with legal or regulatory requirements.
  • Legitimate interests – For business operations where individuals’ rights are not overridden.
  • Consent – Where the individual has clearly agreed to the processing (e.g., marketing communications).
  • Vital interests – To protect someone’s life (rare but possible in emergency communication scenarios).


5. Data We Process

We may collect and process the following types of data:

  • Client data: contact details, account information, billing details, communication records, and service usage.
  • Employee data: HR records, payroll information, contact details, and performance data.
  • Supplier data: contact information, contracts, and payment records.
  • Call and system data: recordings, logs, and metadata required for telecom and CRM operations.


6. Data Security

Dentsy implements robust security measures to safeguard personal data, including:

  • Secure servers and encrypted databases.
  • Role-based access controls and multi-factor authentication.
  • Regular security audits, monitoring, and penetration testing.
  • Encryption for data in transit and at rest.
  • Secure disposal of physical and digital data when no longer required.

All staff receive data protection and cybersecurity training to maintain awareness and compliance.



7. Data Retention

Personal data is kept only for as long as necessary for the purpose it was collected, or as required by law.

When no longer needed, data is securely deleted or anonymised according to Dentsy’s Data Retention Schedule.



8. Data Sharing and Third Parties

Dentsy only shares personal data with trusted third parties where necessary to provide our services - such as technology partners, payment processors, or support providers.

All third parties are subject to strict data processing agreements that ensure compliance with the UK GDPR.

We do not sell or share personal data with third parties for marketing purposes without explicit consent.



9. International Transfers

If personal data is transferred outside the UK or EEA, we ensure that:

  • The destination country has an adequate level of protection, or
  • Appropriate safeguards (such as Standard Contractual Clauses) are in place.


10. Individual Rights

Under the UK GDPR, individuals have the following rights:

  • Right to access – Obtain a copy of personal data held.
  • Right to rectification – Correct inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) – Request deletion of data under certain circumstances.
  • Right to restrict processing – Limit how data is used.
  • Right to data portability – Receive data in a machine-readable format.
  • Right to object – Stop data being processed for certain purposes (e.g., marketing).
  • Rights related to automated decision-making – Challenge decisions made solely by automated processes.

Requests can be made by emailing info@dentsy.ai
We aim to respond to all requests within one month.



11. Data Breaches

Dentsy takes all data breaches seriously.
If a personal data breach occurs:

  • It will be reported immediately to the Data Protection Officer (DPO).
  • The DPO will assess the risk and, where required, notify the Information Commissioner’s Office (ICO) within 72 hours.
  • Affected individuals will be informed without undue delay if their data or privacy could be at risk.


12. Data Protection Officer (DPO)

Dentsy has appointed a DPO to oversee data protection compliance:

Data Protection Officer
Linda Tigrine
Dentsy

Email: info@dentsy.ai
Address: Dentsy, 1-2 Melbourne Street, Southampton, SO14 5FB, United Kingdom



13. Policy Review

This policy is reviewed annually or sooner if required by changes in regulation, business practices, or security incidents.



Dentsy – Protecting Your Data. Powering Your Communication.

Dentsy logo

The smartest AI phone system designed specifically for dental practices.

LinkedIn iconInstagram icon
Product
FeaturesIntegrations
Support
Book a DemoFAQsContact Us
Contact
Email iconinfo@dentsy.ai
Phone icon03330 570038
Location icon
London, UK
Copyright ©2025 Dentsy
Expand Group AI Limited
Privacy PolicyCookiesData Protection Policy