Information about Bamboo Dental

In this privacy policy, ‘we’, ‘us’ and ‘our’ mean Bamboo Dental. For company contact details, click here.


This privacy policy sets out how “Bamboo Dental” uses and protects any information that you give “Bamboo Dental” when you use this website.


“Bamboo Dental” is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.


“Bamboo Dental” may change this policy occasionally by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from May, 2018.

Coverage of our privacy policy

This privacy policy applies to those who interact with us about our products and services in any way (e.g. by email, our website, phone, verbal communication). 


This privacy policy applies to you if you ask us about, buy or use our products and services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone, and so on).

If you have any questions about this, please contact us at [email protected]

How we collect personal information

We collect personal information from you and from third parties (anyone acting on your behalf, for example, brokers, health-care providers and so on). Please see below for more information.


Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.


We collect personal information from you:

  • through your contact with us, including by phone (we may record or monitor phone calls, to ensure we are following codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by post, by filling in application forms, by entering competitions, through social media or face-to-face communication.


For all our customers, we may collect information from:

  • your parent or guardian, if you are under 18 years old;
  • a family member, or someone else acting on your behalf;
  • any service providers who work with us in relation to your product or service, if we don’t provide it to you direct, such as providing you with apps, medical treatment, dental treatment or health assessments;
  • fraud-detection and credit-reference agencies;
  • and sources which are available to the public, such as the edited electoral register or social media.


If we provide you with insurance products and services, we may collect information from:

  • the main member, if you are a dependant under a family insurance policy;
  • your employer, if you are covered by an insurance policy your employer has taken out;
  • brokers and other agents (this may be your broker if you have one, or your employer's broker if they have one);
  • and other third parties we work with, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, solicitors, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies (including health-insurance counter-fraud groups), regulators, data-protection supervisory authorities, health-care professionals, other health-care providers and medical-assistance providers.


If we provide you with health-care, dental or care-home services, we may collect information from:

  •  your employer, if you are covered by a contract for services your employer has taken out or if we are providing occupational health services;
  • brokers and other agents (this may be your broker if you have one, or your employer's broker if they have one);
  • and those paying for the products or services we provide to you, including other insurers, public-sector commissioners and embassies.

Types of personal information

We process your personal information in two categories:

  • regular personal information (information we use to contact you, identify you or manage our relationship together);
  • special categories of information (health information, information about your race, ethnic origin and religion that allows us to tailor your care, and information about crime in connection with checks against fraud or anti-money-laundering registers).


For more information about these categories of information, see below.


Standard personal information includes:

  • any contact information, for example your name, address, email address and phone numbers;
  • country of habitation, age, date of birth, national insurance number and passport number;
  • employment information;
  • details of previous contact contact (such as any complaints or incidents);
  • financial details, such as details about your payments and bank details;
  • results of any credit or any anti-fraud checks;
  • information about how you use our products and services, such as insurance claims; and
  • information about how you use our website, apps or other technology, including IP addresses or other device information (please see our Cookies Policy for more details).


Special category information includes:

  • information about your physical or mental health, including genetic information or biometric information (we may get this information from application forms you have filled in, from notes and reports about your health and any treatment and care you have received or need, or it may be recorded in details of contact we have had with you such as information about complaints or incidents, and referrals from your existing insurance provider, quotes and records of medical services you have received);
  • information about your race, ethnic origin and religion (we may get this information from your medical or care-home preferences to allow us to provide care that is tailored to your needs);
  • and information about any criminal convictions and offences (we may get this information when carrying out anti-fraud or anti-money-laundering checks, or other background screening activity.


Clinical Photography:

At times we may take clinical photography to document your treatment progress. This photography may also be used on our website and social media in some cases. Before using any clinical photography for these purposes we will always contact you personal to ask for explicit consent of which you are able to opt in or out of at any point in time.


Clinical photography is stored on our encrypted servers with sufficient cyber protection.

What we use your personal information for

We use your personal information for the reasons set out in this privacy policy. We have also set out some legal reasons why we may use your personal information. We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies. Please see below for more information about this and the reasons why we may need to process special category information.


By law and GDPR regulations, we must have a lawful reason for processing your personal information. We process standard personal information about you if this is:

  • necessary to provide the services set out in a contract − if we have a contract with you, we will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with our products and services);
  • in our or a third party’s legitimate interests − details of those legitimate interests are set out in more detail below;
  • required or allowed by law.


We process special category information about you because:

  • it is necessary for the purposes of treating dentistry, to assess whether you are able to work, medical diagnosis, to provide dental treatment, or to manage dental-care systems;
  • it is necessary for an insurance purpose (for example providing or managing an insurance contract, dealing with a claim made under an insurance contract, or in connection with an insurance contract or law);
  • it is necessary to establish, make or defend legal claims;
  • it is necessary for the purposes of preventing or detecting an unlawful act in circumstances where we must carry out checks without your permission so as not to affect the outcome of those checks (for example, anti-fraud and anti-money-laundering checks or to check other unlawful behaviour, or carry out investigations with other insurers and third parties for the purpose of detecting fraud);
  • it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a member's complaint or a regulator (such as the General Dental Council) telling us about an issue);
  • it is in the public interest, in line with any laws that apply;
  • it is information that you have made public; or
  • we have your permission. As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for, and ask you to confirm your choice to give us that permission. If we cannot provide a product or service without your permission (for example, we can’t manage and run a health trust without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.
Legitimate interest

We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims. More detailed information about our legitimate interests is set out below.


Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:

  • to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a service that you’re covered for, to validate invoices and so on);
  • to provide dental-care services on behalf of a third party (for example, your employer);
  • to make sure that claims are handled efficiently and to investigate complaints (for example, we may ask your treatment provider for information to make sure we receive accurate information and to monitor the quality of your treatment and care);
  • to keep our records up to date and to provide you with marketing as allowed by law;
  • to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences (we combine information you give us with information we receive about you from third parties to help us understand you better);
  • for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
  • to contact you about market research we are carrying out;
  • to monitor how well we are meeting our clinical and non-clinical performance expectations in the case of dental-care providers;
  • to enforce or apply our website terms of use, our policy terms and conditions or other contracts, or to protect our (or our customers’ or other people’s) rights, property or safety;
  • to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with
Marketing and preference

We may use your personal information to send you marketing by post, by phone, through social media, by email and by text.


We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.


If you don’t want to receive emails from us, you can click on the ‘unsubscribe’ link that appears in all emails we send. If you don’t want to receive texts from us you can tell us by contacting us at any time. Otherwise, you can always contact us here to update your contact preferences.


You have the right to object to direct marketing and profiling (the automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests) relating to direct marketing. Please see the section about your rights for more details.


Processing for profiling and automated decision-making

Like many businesses, we sometimes use automation to provide you with a quicker, better, more consistent and fair service, and marketing information we think will be of interest to you (including discounts on our products and services). This will involve evaluating information about you and, in some cases, using technology to provide you with automatic responses or decisions (automated decisions). You can click below for more information about this.


You have the right to object to direct marketing and profiling relating to direct marketing. You may also have the right to object to other types of profiling and automated decision-making set out below. In these cases, you have the right to ask us to make sure that one of our advisers reviews an automated decision, to let us know how you feel about it and to ask us to reconsider the decision. You can contact us to exercise these rights here.


By law, we must tell you about:

  • automated decision-making (making a decision using technology, without any person being involved); and
  • profiling (automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests).


This is because you have certain rights relating to both automated decision-making and profiling. You have the right to object to profiling relating to direct marketing. If you do this, we will no longer carry out profiling for direct marketing purposes. You also have the right to object to profiling in other circumstances set out below.


When we make decisions using only automated processing which produce legal effects which concern you or which have a significant effect on you, we will let you know. You then have 21 days to ask us to reconsider our decision or to make a new decision that is not based only on automated processing. If we receive a request from you, within 21 days of receiving your request, we will:

  • consider the request, including any information you have provided that is relevant to it;
    meet your request; and
  • let you know in writing what we have done to meet your request, and the outcome.
    You can contact us here to ask about these rights.


Profiling and automated decision-making


The processes set out below involve both profiling and automated decision-making.


  • Depending on the type of health-insurance product that you want to benefit from, to help us decide what level of cover we can offer you, we will ask you to provide information about your medical history. We may use software to review this information to find out whether you have any previous or existing health conditions which we cannot cover you for and which will be excluded from your policy.
  • We may use software to help us calculate the price of products and services based on what we know about you and other customers. For example, our technology may analyse information about your claims history and compare it with the information we hold about previous claims to evaluate how likely you are to need to make a claim. We may also evaluate your age, where you live and other details relating to your health (such as existing health conditions and whether you smoke) to calculate prices for community-rated products which are based on predefined groups with similar risk profiles.



The processes set out below involve profiling.


  • In order to improve outcomes and be more efficient, and allow us to offer advice about different treatment paths (for example, alternatives to surgery or other invasive treatments), we may use software to evaluate medical history and information about the general population in an area to identify customers who are likely to need that advice most.
  • When your policy is due for renewal, our software tells us this and may also evaluate your payment and claims history, information about the general information in a particular area, and other information from third parties to automatically provide you with information about what incentives we can offer you and the marketing messages you will receive. 
  • We may use information about the products you have bought, and information about what other customers who have bought the same products you have bought, to make sure we send you information about the products you are most likely to be interested in.
  • We may share your personal information (including your name, date of birth, sex and the country you live in) with third-party companies who we use to carry out anti-fraud checks. We will review any matches from this process. (We will not use automated decision-making for this.)
Sharing your information

We share your information within the Bamboo Group, with funders arranging services on your behalf, with people acting on your behalf (for example, brokers and other agents) and with others who help us provide services to you or who we need information from to allow us to handle or confirm claims or entitlements (for example, professional associations). We also share your information in line with the law. For more information about who we share your information with, please see below.


We sometimes need to share your information with other people or organisations for the purposes set out in this privacy policy.


For all our customers, we share your information with:

  • other members of the Bamboo Group;
  • other organisations you belong to, or are professionally associated with, in order to confirm your entitlement to claim discounts on our products and services;
  • doctors, clinicians and other health-care professionals;
  • suppliers who help deliver products or services on our behalf;
  • people or organisations we have to, or are allowed to, share your personal information with by law;
  • the police and other law-enforcement agencies to help them perform their duties, or with others if we have to do this by law or under a court order;
  • if we (or any member of the Bamboo group) sell or buy any business or assets, the potential buyer or seller of that business or those assets; and
  • a third party who takes over any or all of the Bamboo Group’s assets (in which case personal information we hold about our customers or visitors to the website may be one of the assets the third party takes over).


If we provide dental services we share your information with:

  • your employer, if your employer is paying for the services we are providing;
  • our insurance partners, for example, brokers, reinsurers, actuaries, auditors, solicitors, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies, regulators, data-protection supervisory authorities;
  • those paying for the products or services we provide to you, including insurers, public-sector commissioners and embassies;
  • those providing your treatment and other benefits;


If we share your personal information, we will make sure appropriate protection is in place to protect your personal information in line with data-protection laws.

Transferring information outside the European Economic Area

We deal with many international organisations and use global information systems. As a result, we transfer your personal information to countries outside the EEA (the EU member states plus Norway, Liechtenstein and Iceland) for the purposes set out in this privacy policy. Not all countries outside the EEA have data-protection laws that are similar to those in the EEA and if so, the European Commission may not consider those countries as providing an adequate level of data protection.


We take steps to make sure that, when we transfer your personal information to another country, appropriate protection is in place, in line with data-protection laws. Often, this protection is set out under a contract with the organisation who receives that information. For more information about this protection, please contact us at [email protected]

How long we keep your personal information

We keep your personal information in line with set periods calculated using the following criteria.

  • How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
  • How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
  • Any time limits for making a claim.
  • Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
  • Any relevant proceedings that apply.


If you would like more information about how long we will keep your information for, please contact us at [email protected]


We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Your rights

You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you.


For more information, see below.


You have the following rights (certain exceptions apply).


Right of access: the right to make a written request for details of your personal information and a copy of that personal information

  • Right to rectification: the right to have inaccurate information about you corrected or removed
  • Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
  • Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
  • Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
  • Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
  • Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of Bamboo Dental's use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen product or service
  • Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.


Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.


If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.


In order to exercise your rights please contact [email protected]

Data protection contacts

If you have any questions, comments, complaints or suggestions in relation to this notice, or any other concerns about the way in which we process information about you, please contact our  Privacy Team at [email protected]


You also have a right to make a complaint to your local privacy supervisory authority. Bamboo Dental's main establishment is in the UK, where the local supervisory authority is the Information Commissioner:

Information Commissioner's Office
Wycliffe House
Water Lane
Cheshire, United Kingdom
Phone: 0303 123 1113 (local rate) or 01625 545 745 (national rate)


You can also lodge a complaint with another supervisory authority which is based in the country or territory where:

  • you are living,
  • you work, or
  • the alleged infringement took place.