Privacy Policy
Last updated: 23 March 2026
1. Who we are
OpenWide (“we”, “us”, “our”) operates the website www.openwide.clinic and related services. We are a UK-based dental clinic directory and booking platform.
For the purposes of UK data protection law (the UK GDPR and the Data Protection Act 2018), OpenWide is the data controller for personal data collected through this website. Where we process data on behalf of a dental practice (for example, when facilitating a booking), the dental practice is the data controller and we act as a data processor.
Contact: privacy@openwide.clinic
2. What data we collect
We collect and process the following categories of personal data:
2.1 Account information
- Full name, email address
- Google account profile data (if you sign in with Google)
- Account type (patient or clinic administrator)
2.2 Health and dental data
When you book an appointment or submit a care request, we may collect:
- Treatment type required (e.g. dental implants, emergency care)
- Date of birth, sex assigned at birth
- Dental notes or clinical information you choose to provide
- NHS or private patient preference
This data is classified as special category data under UK GDPR Article 9. We process it on the basis of your explicit consent (Article 9(2)(a)) and where necessary for the provision of health care (Article 9(2)(h)).
2.3 Booking and contact data
- Phone number, postal address, postcode
- Appointment date, time, practitioner, and booking reference
- Payment information (processed by Stripe; we do not store card numbers)
2.4 Search and usage data
- Search queries, location searches, filter preferences
- Saved clinics (shortlist) and saved searches
- Pages visited, time spent, browser and device information
- IP address (anonymised for analytics)
2.5 Matching request data
- Treatment needs, budget range, timeline, location preferences
- Contact details submitted through the “Get Started” form
3. How we use your data
| Purpose | Legal basis |
|---|---|
| Provide the directory and search service | Legitimate interest |
| Process appointment bookings | Contract performance |
| Process health/dental data for bookings | Explicit consent |
| Match you to suitable dental clinics | Consent / Legitimate interest |
| Save your shortlisted clinics and searches | Contract performance |
| Process deposit payments | Contract performance |
| Send booking confirmations | Contract performance |
| Improve the platform and fix bugs | Legitimate interest |
| Detect fraud and protect security | Legitimate interest |
4. Who we share your data with
- Dental practices — when you book an appointment or submit an enquiry, we share your contact and booking details with the relevant practice
- Dentally (practice management system) — appointment and patient data is transmitted to Dentally's API to create bookings on the practice's behalf
- Stripe — payment processing for booking deposits. Stripe acts as an independent data controller for payment data
- Supabase — cloud database hosting (data stored in the EU/UK)
- Netlify — website hosting
- Google — authentication (if you use Google sign-in) and analytics
We do not sell your personal data to third parties. We do not share your data with advertisers.
5. International transfers
Your data is primarily stored in the UK and EU. Where data is processed outside the UK (for example, by Stripe in the US), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or UK adequacy decisions.
6. How long we keep your data
- Account data: retained while your account is active, deleted within 30 days of account deletion
- Booking records: retained for 7 years for legal and regulatory compliance
- Health data: retained for the duration necessary to fulfil the booking, then deleted within 12 months unless required by law
- Search and usage data: anonymised after 24 months
- Matching requests: retained for 12 months then deleted
7. Your rights
Under UK GDPR, you have the right to:
- Access your personal data (Subject Access Request)
- Rectify inaccurate data
- Erase your data (“right to be forgotten”)
- Restrict processing in certain circumstances
- Port your data to another service
- Object to processing based on legitimate interest
- Withdraw consent at any time (this does not affect lawfulness of prior processing)
To exercise any of these rights, email privacy@openwide.clinic. We will respond within 30 days.
8. Children's data
Our service is not directed at children under 16. Where a parent or guardian books an appointment on behalf of a child, the parent or guardian provides consent for the processing of the child's data.
9. Security
We protect your data using:
- Encryption in transit (TLS/HTTPS) and at rest
- Row-level security policies on our database
- API keys stored encrypted server-side (never exposed to browsers)
- Role-based access control for admin functions
- Regular security reviews
10. Cookies
We use cookies and similar technologies. For full details, see our Cookie Policy.
11. Complaints
If you are unhappy with how we handle your data, you have the right to complain to the Information Commissioner's Office (ICO):
- Website: ico.org.uk
- Helpline: 0303 123 1113
12. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via email or a notice on the website. The “last updated” date at the top reflects the most recent revision.