Privacy Notice
Who We Are
We are BBLHD Ltd, trading as 01Health, which provides the underlying operating system and technology platform through which we deliver our 32Co (which makes custom clear aligners) and Aerox Health (which makes custom sleep apnoea and snoring devices) service & products. Should you have any queries regarding how we collect and use your personal data please contact us, as set out below.
If you are a dentist or dental practice head to “A) When dentists/dental practices use our platform”. If you are an individual/patient, head to “B) When patients use our platform”.
If you have a complaint, head to “How you can complain”. For more details of your rights head to “What are your rights?”.
Our contact details
Privacy Manager: Sagar Chandaria
Email: sagar.chandaria@32co.com
Address: BBLHD Ltd, 210 Brickfields Business Centre, 37 Cremer Street, London, E2 8HD
What is this notice about?
We want to be completely transparent about how we collect and use your personal data and this privacy notice exists to tell you exactly how we do this.
It covers the personal data we collect, store and process when you use our services.
Our privacy notice tells you the journey of your personal data from the moment we receive it and it enters our systems up until you have decided that you no longer want to use our services, as well as the various stops it makes along the way.
The different ways we process personal data
A) When dentists/dental practices use our platform
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.
We generally collect information directly from you. If you create your own account and dashboard, we will collect any other information you may wish to add to your profile.
We'll also need some information about you as a matter of course, such as:
your name/name of your dentists;
contact details;
previous treatment experience and professional goals;
education details;
current and previous employers and work experience, including details of the dental practices you have worked for and your job titles
General Dental Council (GDC) membership details, including registration number;
Payment or bank details;
Order, purchase and account history;
Customer enquiries/complaints.
We require this information in order to fulfil our contractual obligations with you and this is the legal basis upon which we are relying in order to collect and process this personal data.
We also have a legal obligation to store data relating to your order/purchase/payment history for legal, financial and accounting purposes.
We are always striving to improve our products and services and believe we have a legitimate interest to do so, therefore, when you use our platform, we may use your personal data for the purposes of analytics, reporting and using AI in relation to improving our products and services (however, this data will be anonymised).
We also have a legitimate interest in doing marketing and business development to grow and expand our business, which can include sending you direct marketing emails and updates with e.g. special offers and promotions.
If you would like to learn more about how we anonymise and analyse your personal data for these purposes and/or how we use it for our marketing and business development purposes, you may request to see a copy of our Legitimate Interests Assessment – please email Sagar Chandaria: sagar.chandaria@32co.com.
Please note that this Privacy Notice relates to the personal data we collect, store and process relating to our relationship with you and providing you with our goods and services. In relation to the personal data you provide regarding your patients, as we are processing this on your behalf as a data processor (because you need to provide us with such personal data in order to make the customised aligners and sleep devices), and this processing will be done in accordance with our standard terms.
Who do we share your personal data with?
Please see the table below which sets out the organisations with whom we share personal data and why.
Type | Reason and examples |
Aligner manufacturing partners | We share patient data (including scans, photos and treatment details) with the labs who manufacture customised aligner products on our behalf |
Sleep device manufacturing partners | We share patient data (including scans, photos and clinical details) with the labs who manufacture customised sleep devices on our behalf |
Payment Services Provider | We use 3rd party providers to process certain payments (e.g. Stripe) |
Platform Hosting (within the EU) | We host our platform on cloud infrastructure (e.g. AWS, GCP) which stores patient data on our behalf |
Database provider | We store patient records using third-party database providers (e.g. MongoDB) |
Communications provider | We use third-party services to send push notifications to your device, for example to alert you to updates on your treatment or account (e.g. Twilio, Google Firebase Cloud Messaging) |
CRM | We use a customer relationship management platform to manage our relationships with dentists and dental practices, which may hold contact and account information (e.g. HubSpot) |
Information repositories and productivity tools | We use third-party tools to store, manage and collaborate on information which may contain personal data (e.g. Notion, Google Workspace) |
Analytics and reporting tools | We use third-party tools to analyse platform usage and business performance, using anonymised or aggregated data where possible (e.g. Metabase) |
Contractors and freelancers | We work with contractors and freelancers who may require access to personal data in order to deliver their services for us (e.g. specialist orthodontists, software developers, clinical support staff) |
HMRC | We are legally required to share certain financial and payroll data with HMRC for tax and statutory reporting purposes |
Legal and Accounting Professionals | We share personal data with our legal advisers, auditors and accountants where necessary to obtain professional advice or comply with our legal and financial obligations |
How long do we keep it for?
As a general principle, we keep the personal data for the duration of your account with us and for legal, financial and accounting data we keep this for 6 years after you left us, in line with the statutory retention periods for contractual claims.
If you would more information about how long we keep your personal data, you can request a copy of our Data Retention Policy by sending an email to Sagar Chandaria: sagar.chandaria@32co.com
When we share it outside the UK
As mentioned above, some of the organisations with whom we share personal data are located outside of the UK. Before transferring any personal data internationally, we carry out appropriate due diligence to ensure that the recipient organisation and the country in which they are based provide adequate protections for your personal data, in accordance with UK data protection law.
If you would like more information about how we transfer personal data outside of the UK please contact Sagar Chandaria: sagar.chandaria@32co.com.
What measures do we have in place to protect your personal data?
We are certified as being ISO 27001 which means that we have put in place systems to manage risks related to the security of data owned or handled by us, and that this system respects all the best practices and principles enshrined in accordance with international standards.
We ensure that all of our employees receive regular training regarding data protection and are bound by contractual obligations of confidentiality.
We also ensure that any third parties with whom we share personal data are also legally bound by obligations of confidentiality.
B) When patients use our platform
What personal data do we collect, why do we collect it, and what legal basis do we rely on?
Personal data is anything that can identify an individual, either on its own or through combining it with other factors that could eventually identify an individual.
We generally receive your personal data from dentists or dental practices. This may include:
Your name;
Your contact details, including your home address, email address and phone number;
Photos of the inside of your mouth photos of your face;
Scans, radiographs and impressions;
Diagnostic questionnaires and your treatment goals;
Treatment plans; and
Any concerns you may have.
We require this information in order to fulfil our contractual obligations with your dentist / dental practice and this is the legal basis upon which we are relying in order to collect and process this personal data.
We also have a legal obligation to store data relating to your order/purchase/payment history for legal, financial and accounting purposes.
We are always striving to improve our products and services and believe we have a legitimate interest to do so, therefore when you use our platform, we may use your personal data for the purposes of analytics, reporting and using AI in relation to improving our products and services (however, this data will be anonymised).
If you would like to learn more about how we anonymise and analyse your personal data for these purposes you may request to see a copy of our Legitimate Interests Assessment – please email Sagar Chandaria: sagar.chandaria@32co.com
Who do we share your personal data with?
Please see the table below which sets out the organisations with whom we share personal data and why.
Type | Reason and examples |
Your dentist and dental practice | We share your treatment data with the dentist and dental practice who are clinically responsible for your care and submitted your case to us |
Aligner manufacturing partners | We share patient data (including scans, photos and treatment details) with the labs who manufacture customised aligner products on our behalf |
Sleep device manufacturing partners | We share patient data (including scans, photos and clinical details) with the labs who manufacture customised sleep devices on our behalf |
Payment Services Providers | We use 3rd party providers to process certain payments (e.g. Stripe) |
Platform Hosting (within the EU) | We host our platform on cloud infrastructure (e.g. AWS, GCP) which stores patient data on our behalf |
Database providers | We store patient records using third-party database providers (e.g. MongoDB) |
Communications providers | We use third-party services to send push notifications to your device, for example to alert you to updates on your treatment or account (e.g. Twilio, Google Firebase Cloud Messaging) |
CRM | We use a customer relationship management platform to manage our relationships with dentists and dental practices, which may hold contact and account information (e.g. HubSpot) |
Information repositories and productivity tools | We use third-party tools to store, manage and collaborate on information which may contain personal data (e.g. Notion, Google Workspace) |
Analytics and reporting tools | We use third-party tools to analyse platform usage and business performance, using anonymised or aggregated data where possible (e.g. Metabase) |
Contractors and freelancers | We work with contractors and freelancers who may require access to personal data in order to deliver their services for us (e.g. specialist orthodontists, software developers, clinical support staff) |
HMRC | We are legally required to share certain financial and payroll data with HMRC for tax and statutory reporting purposes |
Legal and Accounting Professionals | We share personal data with our legal advisers, auditors and accountants where necessary to obtain professional advice or comply with our legal and financial obligations |
Couriers and delivery partners | We share your name and delivery address with couriers in order to deliver your aligners or sleep devices to you (e.g. Royal Mail, DHL) |
How long do we keep it for?
As a general principle, we keep the personal data on our platform for the duration of your account with us and for legal, financial and accounting data we keep this for 6 years after you left us, in line with the statutory retention periods for contractual claims.
If you would more information about how long we keep your personal data, you can request a copy of our Data Retention Policy by sending an email to Sagar Chandaria: sagar.chandaria@32co.com
When we share it outside the UK
As mentioned above, some of the organisations with whom we share personal data are located outside of the UK. Before transferring any personal data internationally, we carry out appropriate due diligence to ensure that the recipient organisation and the country in which they are based provide adequate protections for your personal data, in accordance with UK data protection law.
If you would like more information about how we transfer personal data outside of the UK please contact Sagar Chandaria: sagar.chandaria@32co.com.
What measures do we have in place to protect your personal data?
We are certified as being ISO 27001 which means that we have put in place systems to manage risks related to the security of data owned or handled by us, and that this system respects all the best practices and principles enshrined in accordance with international standards.
We ensure that all of our employees receive regular training regarding data protection and are bound by contractual obligations of confidentiality.
We also ensure that any third parties with whom we share personal data are also legally bound by obligations of confidentiality.
What are your rights?
Your personal data is yours and you have rights in relation to it granted by the UK GDPR, which include:
The right to be informed
You have the right to be informed about the collection and use of your personal data, the purposes for processing, retention periods for that personal data and who it will be shared with. We have set this information out in this privacy notice.
The right of access
You have the right to ask us for copies of the data we hold about you. If you ask us, we’ll confirm whether we’re processing your personal information and, if so, provide you with a copy of that personal information (along with certain other details). We have 30 days within which to respond to your request. If you would like to request a copy of your personal data please contact Sagar Chandaria: sagar.chandaria@32co.com
The right to object
You have the right to ask us to stop processing your personal information in some circumstances, such as when we are relying on our own (or someone else’s) legitimate interests to process your personal information or when we are processing your personal information to improve and develop the products and services we provide, including the use of automated tools to improve the accuracy and quality of our aligner products and sleep devices.
The right to rectification
You have the right to ask us to rectify the personal information you think is inaccurate or to complete information you think is incomplete. When you ask us to rectify your information, if we’ve shared your personal information with others, we’ll let them know about the rectification where possible.
The right to erasure
You have the right to ask us to erase your personal information, in some circumstances, such as where we no longer need it or you withdraw your consent (where applicable).
The right to restrict processing
You have the right to ask us to restrict the processing of your personal information for a period of time in some circumstances, such as where you contest the accuracy of that personal information or object to us processing it. This right is separate from the right to object and will only stop us from using your personal information further, not from processing it. If we’ve shared your personal information with others, we’ll let them know about the restriction where possible.
The right to data portability
You have the right to ask that we transfer the personal information you gave us to another organisation, or to someone else, in some circumstances.
Do you need to pay us to exercise your rights?
You don't have to pay anything in order to exercise your rights. Please contact us by sending an email to sagar.chandaria@32co.com if you wish to make a request under your rights; we have a calendar month to get back to you with a response.
How you can complain
If you have any concerns about our use of your personal information, please let us know by:
Emailing us at sagar.chandaria@32co.com, or
Writing to us at BBLHD Ltd, 210 Brickfields Business Centre, 37 Cremer Street, London, E2 8HD
If you are not satisfied with our response or you are unhappy with how we have used your data, you can complain to the Information Commissioner's Office (ICO). You can find the ICO contact details below:
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Helpline number: 0303 123 1113.
ICO Website: https://www.ico.org.uk