Privacy Policy

Dentago Ltd | Last updated: 20 April 2026 | Version 1.0
Contact: privacy@dentago.co.uk

  Summary: Dentago is a free dental procurement marketplace for UK dental practices. We collect only what we need to operate the platform, we never sell your data, and we comply fully with the UK GDPR and Data Protection Act 2018.

1. Who We Are

Dentago Ltd ("Dentago", "we", "us", "our") operates the dental procurement marketplace available at www.dentago.co.uk and any associated applications (the "Platform").

Dentago acts as a data controller in respect of personal data collected through the Platform. For supplier data shared with dental practice users for the purpose of facilitating procurement, Dentago may act as a data processor. We will be clear in each context which role applies.

If you have any questions about this Privacy Policy or how we handle your data, please contact our Data Protection contact at: privacy@dentago.co.uk.

2. Scope

This Privacy Policy applies to:

Visitors to www.dentago.co.uk
Dental practice users who register for and use the Platform ("Clinics")
Dental suppliers who are listed on, or who register to participate in, the Platform ("Suppliers")
Any individuals who contact us via email, the website, or other channels

It does not apply to the websites or services of third-party suppliers listed on the Platform, who operate their own privacy policies.

3. Data We Collect

3.1 Data You Provide Directly

Category	Data Collected	Who Provides It
Account Registration	Name, email address, practice/business name, GDC number (Clinics), phone number, job title	Clinics and Suppliers
Supplier Credentials	Account numbers, login credentials for supplier portals (encrypted at rest)	Clinics (for price lookup)
Orders & Purchases	Products ordered, quantities, order references, delivery addresses	Clinics
Enquiries & Support	Name, email, message content	Any visitor
Newsletters	Email address	Any visitor
Supplier Onboarding	Company registration details, VAT number, contact name, email, pricing files	Suppliers

3.2 Data Collected Automatically

Category	Data Collected	Purpose
Usage Data	Pages visited, search queries, products viewed, time on site, click patterns	Platform improvement, analytics
Technical Data	IP address, browser type and version, operating system, device type, screen resolution	Security, compatibility, fraud prevention
Session Data	Session identifiers, authentication tokens	Security, keeping you logged in
Cookies	See our Cookie Policy	Various — see Cookie Policy

3.3 Data Received from Third Parties

GDC Register: We may verify GDC registration numbers against the General Dental Council's public register.
Companies House: We may verify dental practice or supplier business registration details.
Supplier Catalogues: Product names, descriptions, prices, and images from dental suppliers (not personal data).

4. How We Use Your Data

Purpose	Legal Basis (UK GDPR)
Creating and managing your account	Contract performance (Art. 6(1)(b))
Providing the Platform and facilitating procurement	Contract performance (Art. 6(1)(b))
Processing and tracking orders	Contract performance (Art. 6(1)(b))
GDC verification of dental professionals	Legal obligation (Art. 6(1)(c)) and legitimate interests (Art. 6(1)(f))
Customer support and communications	Contract performance; legitimate interests (Art. 6(1)(f))
Sending transactional emails (order confirmations, alerts)	Contract performance (Art. 6(1)(b))
Sending marketing emails and newsletters	Consent (Art. 6(1)(a)) — you may withdraw at any time
Security monitoring and fraud prevention	Legitimate interests (Art. 6(1)(f))
Improving the Platform and analytics	Legitimate interests (Art. 6(1)(f))
Complying with legal obligations	Legal obligation (Art. 6(1)(c))
Resolving disputes and enforcing our Terms	Legitimate interests (Art. 6(1)(f))

We will only use your personal data for the purposes for which it was collected, unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose.

5. Marketing Communications

We will only send you marketing emails and newsletters if you have opted in to receive them. You may unsubscribe at any time by:

Clicking the "Unsubscribe" link in any marketing email we send;
Emailing us at privacy@dentago.co.uk; or
Updating your preferences in your account settings.

Withdrawing consent does not affect the lawfulness of any marketing sent prior to withdrawal.

6. Sharing Your Data

We do not sell your personal data. We share it only in the following limited circumstances:

6.1 Suppliers

When you place an order through the Platform, we share your relevant order details (name, delivery address, order reference) with the relevant Supplier(s) to enable fulfilment. Suppliers receive only the information necessary to process your order.

6.2 Service Providers (Data Processors)

We use carefully selected third-party service providers who process data on our behalf, under binding data processing agreements:

Supabase: Database and authentication infrastructure (EU/UK hosted)
Vercel: Platform hosting and content delivery
Email service providers: For transactional and marketing communications
Analytics providers: For Platform usage analytics (data minimised and anonymised where possible)

6.3 Legal Requirements

We may disclose your personal data where required to do so by law, court order, regulatory body (including the Information Commissioner's Office), or to protect the rights, property, or safety of Dentago, its users, or others.

6.4 Business Transfers

If Dentago is acquired by or merged with another business, your data may be transferred as part of that transaction. We will notify you before any such transfer and give you the opportunity to exercise your rights.

7. Supplier Credentials

Where Clinics choose to store supplier account credentials on the Platform (to enable automated price lookup), those credentials are:

Encrypted at rest using industry-standard encryption;
Never shared with third parties other than the specific supplier they relate to;
Used solely for the purpose of retrieving pricing and availability on your behalf;
Deletable by you at any time from your account settings.

You are responsible for ensuring any credentials stored are your own and that you have authority to use them in this way.

8. Data Retention

Data Category	Retention Period
Account data (active accounts)	For the duration of your account
Account data (after deletion)	Up to 12 months (for dispute resolution and legal obligations)
Order records	7 years (UK tax and accounting obligations)
Supplier credentials	Until you delete them or close your account
Marketing consent records	3 years from last consent or last interaction
Support correspondence	3 years
Server logs and technical data	90 days
Analytics data (anonymised)	Up to 26 months

We regularly review the data we hold and securely delete or anonymise data that is no longer required.

9. International Transfers

Dentago is a UK company and our primary data storage is within the UK and European Economic Area (EEA). Where we use service providers that may transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including:

UK International Data Transfer Agreements (IDTAs) or addenda to EU Standard Contractual Clauses;
Adequacy decisions recognised by the UK government; or
Other lawful transfer mechanisms.

10. Your Rights

Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data:

Right	What It Means
Access	Request a copy of the personal data we hold about you (a Subject Access Request)
Rectification	Ask us to correct inaccurate or incomplete personal data
Erasure	Ask us to delete your personal data ("right to be forgotten"), subject to legal retention requirements
Restriction	Ask us to restrict processing of your personal data in certain circumstances
Portability	Receive your personal data in a structured, machine-readable format and transfer it to another controller
Object	Object to processing based on legitimate interests, including direct marketing
Withdraw Consent	Withdraw consent at any time where processing is based on consent
Automated Decisions	Not be subject to solely automated decision-making that produces significant legal effects

To exercise any of these rights, please email privacy@dentago.co.uk. We will respond within one calendar month of receiving your request (extendable by a further two months for complex requests, with notice to you).

We may need to verify your identity before processing certain requests. We will not charge a fee for reasonable requests unless they are manifestly unfounded or excessive.

11. Complaints

If you are unhappy with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk
Telephone: 0303 123 1113
Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, SK9 5AF

We would, however, appreciate the opportunity to address your concerns before you approach the ICO, and ask that you contact us first.

12. Security

We take the security of your personal data seriously. We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration, including:

Encryption of data in transit (TLS/SSL) and at rest;
Strict access controls and role-based permissions;
Regular security reviews and monitoring;
Secure credential storage using industry-standard encryption;
Data minimisation principles — we collect only what we need.

No method of electronic transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the ICO within 72 hours and, where required, notify you directly.

13. Children

The Platform is intended for use by dental professionals and business users only. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us immediately at privacy@dentago.co.uk.

14. Cookies

We use cookies and similar tracking technologies on the Platform. For full details of the cookies we use, their purposes, and how to manage them, please see our Cookie Policy.

15. Links to Third-Party Sites

The Platform may contain links to third-party websites, supplier portals, and external resources. These sites operate independently and have their own privacy policies. We are not responsible for the privacy practices of third-party sites and encourage you to review their policies before providing any personal data.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or Platform functionality. When we make material changes, we will:

Update the "Last updated" date at the top of this page;
Notify registered users by email if the changes materially affect their rights; and
Where required by law, seek fresh consent.

Your continued use of the Platform following any update constitutes acceptance of the revised Privacy Policy. We recommend reviewing this page periodically.

17. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact:

Email: privacy@dentago.co.uk
General enquiries: hello@dentago.co.uk
Website: www.dentago.co.uk