Privacy Policy (UK GDPR)

Last updated: 26 January 2026

This Privacy Policy explains how Dr. Nikolas Vourakis (“we”, “us”, “our”) collects and uses personal data when you visit www.drnikvourakis.co.uk or contact us.

1) Data controller and contact details

ICO Registration Number: ZA432966
Data Controller: Dr. Nikolas Vourakis
Address: 80 Harley Street, London, W1G 7HL, United Kingdom
Email: info@drnikvourakis.co.uk

Where you book or receive treatment at a specific clinic/practice, that clinic may also act as a separate data controller for patient administration and clinical record-keeping. You may also receive that clinic’s privacy information.

2) The personal data we collect

We may collect:

A) Data you provide

  • Name, email, phone number, preferred clinic/location

  • Enquiry content and correspondence

  • Patient self-referrals: information you choose to provide about your dental/oral concerns, which may include health information and uploaded files (e.g., photos or scans)

  • Professional referrals: referrer details (name, practice, email/phone) and patient details shared in the referral, including health information, clinical notes, and supporting files

  • Mentoring/speaking enquiries: professional role, organisation, and related details you provide

B) Data collected automatically

  • IP address, device type, browser, approximate location (derived from IP)

  • Website usage data (pages viewed, time on site, referral source)
    This is typically collected through logs and cookies (see Cookie Policy).

3) Special category data (health information)

Health information is “special category data” under UK GDPR and is handled with additional care and confidentiality. Access is restricted to those who need it for legitimate clinical/admin purposes.

4) How we use your personal data

We use personal data to:

  • Respond to enquiries and requests

  • Triage and arrange consultations

  • Manage self-referrals and professional referrals

  • Communicate with you (and where appropriate, with the referring clinician)

  • Improve our Website and services (where permitted by cookie choices)

  • Maintain Website security and prevent misuse

  • Comply with legal and regulatory obligations

5) Lawful bases for processing

We process personal data under one or more lawful bases including:

  • Contract / steps before contract (e.g., handling consultation requests)

  • Legitimate interests (e.g., responding to professional enquiries, running our practice, improving services, maintaining security)

  • Legal obligations (where applicable)

  • Consent (e.g., marketing communications; non-essential cookies)

For special category health data, we rely on an appropriate UK GDPR condition for healthcare-related processing and/or explicit consent where required in the circumstances.

6) Referrals – responsibilities

If you are a dental professional submitting a referral, you confirm you have an appropriate lawful basis to share the patient’s information with us and that the patient has been provided suitable privacy information about the referral.

7) Who we share data with

We may share data with:

  • Clinics/practices where Dr. Nik provides consultations/treatment (for booking/admin and care delivery)

  • Referring clinicians (case updates where appropriate and clinically relevant)

  • Dental laboratories, imaging providers, and other clinical partners involved in care

  • Website/IT providers and hosting platforms (including Squarespace)

  • Professional advisers (insurers, legal/accounting) where necessary

  • Regulators/authorities where we are legally required

We do not sell personal data.

8) International transfers

Some suppliers may process data outside the UK. Where international transfers occur, appropriate safeguards are used (such as contractual protections).

9) Retention (how long we keep data)

We keep data only as long as necessary:

  • Enquiries that do not proceed: typically 12–24 months

  • Referral/self-referral data: if it becomes part of clinical documentation, it may be kept in line with clinical record retention expectations and legal/professional requirements

  • Marketing preferences: until you unsubscribe/withdraw consent, plus minimal suppression to respect your choice

10) Your rights

You may have rights to:

  • Access your data

  • Correct inaccurate data

  • Request erasure (where applicable)

  • Restrict or object to processing

  • Data portability (in certain circumstances)

  • Withdraw consent (where processing is based on consent)

To exercise rights, email: info@drnikvourakis.co.uk

11) Complaints

If you have concerns, contact us first. You can also complain to the Information Commissioner’s Office (ICO).

12) Changes to this policy

We may update this policy occasionally. The “Last updated” date will show the latest version.