Legal

Privacy Policy

Last updated: June 2026  ·  We handle your data with the same care you give your patients — with full transparency and zero shortcuts.

GDPR Compliant Data Never Sold Breach Response Plan UK ICO Registered
At Flarxs, we design and build websites for dental practices across the UK. In doing so, we handle personal information on behalf of our clients and their prospective patients. This Privacy Policy explains exactly what data we collect, why we collect it, how it is protected, and the rights you hold over it — in plain, jargon-free English.
Section 01

Who We Are

Flarxs is a dental website design and digital marketing agency registered in England and Wales. We create high-performance websites and online marketing solutions exclusively for dental practices across the United Kingdom.

Data Controller

Flarxs · 54 St James Street, Liverpool, L1 0AB
info@flarxs.com  ·  02030260534

Section 02

Information We Collect

We collect information through three routes: directly from you, automatically when you visit our website or our clients' websites, and occasionally from trusted third-party sources.

Category Examples How collected
Enquiry & Contact Name, email, phone number, practice name Consultation booking form, contact email
Client Onboarding Billing address, company registration, bank details Onboarding questionnaire, signed contract
Website Usage IP address, browser type, pages visited, session duration Cookies, server logs, analytics tools
Marketing Preferences Email subscription status, communication opt-ins Newsletter sign-up, email footer links
Social Media Public profile data when you engage with our posts Meta, LinkedIn, Instagram platforms

We do not collect sensitive personal data (such as health records, financial account numbers, or patient information) through our own marketing channels. Our dental clients are responsible for the privacy policies governing patient data on the websites we build for them.

Section 03

How We Use Your Data

Every use of your data has a specific, lawful basis under UK GDPR. We never use data for purposes incompatible with why it was collected.

Delivering Our Services

To process your consultation request, manage your project, and communicate with you about your dental website or campaign — lawful basis: contract performance.

Improving Our Work

To analyse website traffic, identify UX issues across our own site, and refine our service offering based on aggregated usage patterns — lawful basis: legitimate interests.

Marketing Communications

With your explicit opt-in consent, to send industry insights, case studies, and offers relevant to dental practice growth. You can unsubscribe at any time via the link in any email we send — lawful basis: consent.

Legal & Compliance

To meet our obligations under UK law, respond to lawful requests from regulators, and maintain accurate financial records as required by HMRC — lawful basis: legal obligation.

Section 04

Sharing & Disclosure

We do not sell, rent, or trade your personal information. We share data only in the limited circumstances listed below.

  • Trusted service providers — such as our hosting provider, email platform, CRM, and payment processor. Each is bound by a Data Processing Agreement and may only use your data for the purpose we specify.
  • Legal or regulatory requirements — if required by UK law, a court order, or in response to a lawful request from the Information Commissioner's Office (ICO) or law enforcement.
  • Business transfers — in the event of a merger, acquisition, or asset sale, your data may transfer to the successor entity. We will notify you by email before any such transfer occurs.
  • With your consent — for instance, publishing a client case study or testimonial that mentions your practice, which we will always request your written approval for before publishing.
Section 05

Data Security

We apply appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, or disclosure.

Encryption in Transit & at Rest

All data transmitted between your browser and our servers is encrypted via TLS 1.2+. Sensitive stored data is encrypted at the database level.

Access Controls

Access to personal data is restricted to authorised Flarxs team members on a need-to-know basis. All staff with data access complete annual data protection training.

Security Audits

We conduct periodic reviews of our systems, third-party processors, and access logs to identify and remediate potential vulnerabilities proactively.

Breach Response

In the unlikely event of a personal data breach, we have a documented incident response plan. Where required under UK GDPR, we will notify the ICO within 72 hours and inform affected individuals without undue delay.

Section 06

Your Rights

Under UK GDPR you have a number of enforceable rights regarding your personal information. You can exercise any of these rights by contacting us at info@flarxs.com. We will respond within 30 days.

Access

Request a copy of the personal data we hold about you.

Rectification

Ask us to correct inaccurate or incomplete data.

Erasure

Request deletion of your data where no lawful basis remains.

Portability

Receive your data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interests or for direct marketing.

Restrict Processing

Ask us to pause processing while a dispute is resolved.

Section 07

Cookies & Tracking Technologies

Our website uses cookies to improve performance and understand how visitors engage with our content. You can manage or withdraw cookie consent at any time through your browser settings or our cookie banner.

Essential Cookies

Required for the website to function — page navigation, form submission, and secure areas. These cannot be disabled without breaking core features. No personal data is tracked.

Preference Cookies

Remember choices you make — such as language or region — to personalise your experience on return visits. Set only with your consent.

Analytics Cookies

Collect anonymised data about how visitors interact with our site (pages viewed, time on page, referral source). We use this to improve site structure and content. Powered by Google Analytics with IP anonymisation enabled.

We do not use advertising or retargeting cookies on our own website. If you disable cookies, you may find that some features do not work as expected.

Section 08

Third-Party Services

To deliver and improve our services, we use a carefully selected set of third-party tools. Each is assessed for GDPR compliance before use.

Google Analytics & Google Ads

Used to measure website traffic and campaign performance. Data is processed under a Data Processing Agreement with Google LLC. IP anonymisation is enabled. You can opt out at tools.google.com/dlpage/gaoptout.

Email Marketing Platform

We use a GDPR-compliant email service provider to send newsletters and project communications. All marketing emails include a clear one-click unsubscribe link.

Website Hosting & CDN

Our infrastructure is hosted on UK and EU-based servers. Content delivery is managed via a CDN provider operating under Standard Contractual Clauses approved by the UK ICO.

Social Media Platforms

We maintain business profiles on LinkedIn, Facebook, and Instagram. If you interact with us on these platforms, their respective privacy policies govern how that data is handled. We do not combine social media data with your enquiry data without consent.

Section 09

Data Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by law.

  • Enquiry data — held for up to 12 months from your last interaction if you do not become a client, then securely deleted.
  • Active client data — retained for the duration of the contract plus 7 years, as required for UK tax and accounting purposes (HMRC guidelines).
  • Marketing contact lists — retained until you unsubscribe, or until 24 months of inactivity, whichever comes first.
  • Website analytics data — anonymised data is retained for up to 26 months in Google Analytics, in line with Google's standard retention settings.
Section 10

International Data Transfers

Flarxs is a UK-based agency and we store the majority of your data on UK and EU servers. Where a third-party tool we use processes data outside the UK or EEA (for example, certain US-based SaaS platforms), we ensure that appropriate safeguards are in place — typically UK-approved Standard Contractual Clauses or an adequacy decision — before any transfer occurs.

If you would like details of the specific safeguards applied to any particular third-party transfer, please contact us at info@flarxs.com.

Section 11

Changes to This Policy

We review and update this Privacy Policy periodically to reflect changes in our practices, the services we offer, or applicable law. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Send a notification email to active clients and newsletter subscribers.
  • Display a notice on our website homepage for 30 days following the update.

Your continued use of our website or services after the effective date of a revised policy constitutes your acceptance of the changes.

Section 12

Contact & Complaints

We welcome any questions, concerns, or requests relating to this Privacy Policy or your personal data. Please reach out using the details below and we will respond within 5 working days.

Data Privacy Enquiries info@flarxs.com 02030260534 54 St James Street, Liverpool, L1 0AB
Right to Lodge a Complaint

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113. We would, however, appreciate the chance to resolve any concern directly before you approach the ICO.