Privacy Policy

Last updated: February 2026

ClinicSpark (“we”, “us”, “our”) is a UK-based online directory that helps users discover dental-led facial aesthetics providers. We take privacy seriously and aim to handle personal data fairly, lawfully, and transparently in line with UK GDPR and the Data Protection Act 2018. This policy explains what we collect, why we collect it, how long we keep it, and what rights you have.

1) Who we are and how to contact us

ClinicSpark is the controller for the personal data described in this policy, except where we clearly state that a third party acts as an independent controller. If you have any privacy questions, requests, or complaints, contact:

• Email: team@clinicspark.co.uk
• Subject line recommendation: “Data Protection Request”

2) What data we collect

We collect only the data needed to operate, secure, and improve the directory.

a) Browsing and technical data

• IP address (or truncated/anonymised equivalent where configured)
• Browser type, operating system, device information
• Pages viewed, referring pages, time on page, and basic interaction events
• Date/time access logs and coarse location derived from IP

b) Form submission data

• Name and contact details you submit (for example email and phone)
• Message content in contact, listing claim, and listing interest forms
• Practice information and supporting details submitted for listing updates

c) Directory listing data

Most provider listing information is business information or publicly available professional information (for example practice address, website, and public registration indicators). We may also process information provided by clinics to keep listings accurate.

3) Special category data disclaimer

ClinicSpark does not request, require, or intentionally process patient medical records or other health data as part of normal directory use. Users should not submit personal health information through general contact forms. If health-related personal data is sent to us accidentally, we will minimise use, restrict access, and delete it where appropriate and lawful to do so.

4) Cookies and analytics

We use cookies and similar technologies for core site functionality, traffic measurement, and performance monitoring.

• Essential cookies: support site delivery and basic security.
• Analytics cookies: help us understand usage trends and improve content quality.

Where required, we seek consent before setting non-essential analytics cookies. You can usually control cookies via your browser settings and withdraw consent through available consent tools.

5) Third-party processors and services

We use trusted third parties to deliver core functionality. These providers may process personal data on our behalf under contractual safeguards:

• Google Analytics – website analytics and aggregated usage reporting.
• Formspree – secure form handling and delivery of contact submissions.

These services may process data in jurisdictions outside the UK. Where transfers occur, we rely on recognised safeguards (for example adequacy regulations or approved contractual clauses) as applicable.

6) Lawful bases for processing

Under UK GDPR, we rely on one or more of the following lawful bases:

• Legitimate interests – operating and improving the directory, fraud prevention, and service security.
• Consent – where required for non-essential cookies or certain communications.
• Contract – where processing is necessary to respond to a request you initiated (for example listing claim support).
• Legal obligation – where we must retain or disclose data to comply with law.

7) How we use personal data

• Respond to enquiries and support requests
• Review and process listing claims and corrections
• Monitor service quality, reliability, and abuse risks
• Analyse traffic and improve user experience
• Maintain records needed for governance, compliance, and dispute handling

8) Data retention

We keep personal data only as long as necessary for the purposes described above. Typical retention periods:

• Contact and support submissions: up to 24 months from last meaningful interaction.
• Listing claim/verification correspondence: up to 36 months to maintain audit trail and listing integrity.
• Basic analytics data: generally 14–26 months depending on analytics configuration.
• Security and server logs: typically up to 12 months unless needed longer for incident investigation.

We may retain data longer where required for legal claims, regulatory requests, or fraud prevention.

9) Your rights

You may have the following rights under UK GDPR, subject to legal limits:

• Access: request a copy of personal data we hold about you.
• Rectification: ask us to correct inaccurate or incomplete data.
• Erasure: ask us to delete personal data in certain circumstances.
• Restriction: ask us to limit processing in certain cases.
• Portability: request your data in a structured, machine-readable format where applicable.
• Objection: object to processing based on legitimate interests.
• Withdraw consent: where processing relies on consent, you can withdraw it at any time.

To exercise these rights, email team@clinicspark.co.uk. We may request identity verification before actioning requests.

10) Data security

We use reasonable technical and organisational measures to protect personal data against unauthorised access, misuse, loss, or disclosure. No internet service is completely risk-free, but we continuously work to improve safeguards in line with proportionate risk.

11) Complaints

If you are unhappy with how we handle your data, please contact us first so we can try to resolve your concern. You also have the right to complain to the UK Information Commissioner’s Office (ICO).

12) Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or business changes. The latest version will always be published on this page with the revised “Last updated” date.