Please rotate the screen to Landscape view for best viewing experience.

Speak to an Expert: 01409 254 354

CODE Privacy Notice

CODE aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR) and the guidelines on the Information Commissioner’s website. 

Karen Penfold is the Information Governance Lead.

This privacy notice is available on the company websites at,, by email or by calling 01409 254 354. 

You will be asked to provide personal data when joining as a member.  The purpose of collecting your personal data is to provide the optimum membership services to you. We also process the personal data of our employees and for individuals who have expressed interest in CODE services.

Our lawful basis for processing data 

The lawful basis for processing employees’ data is: 

“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.” 


The lawful basis for processing members’ data is: 

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. 

The lawful basis of processing non-members data is: 

Legitimate interest – see the CODE Legitimate Interests Assessment (P 217S). 


The data subject has given consent to the processing of his or her personal data for one or more specific purposes.

The categories of data we process The categories of data we process are: 

  • Personal data for the purposes of Member management 
  • Personal data for the purposes of Client management 
  • Personal data for the engagement of our own staff 
  • Personal data for to assist members manage the engagement of their employees and self employed contractors 
  • Personal data for direct mail, email and texts to non-members for: compliance updates to the profession, important dentistry news, information about CODE member services, surveys and marketing 
  • Special category data for the processing of dental plan subscriptions 
  • Special category data for employment purposes, which is employees health data and details of criminal record checks

For definitions of Member or Client please see the CODE Contract as Data Processor. 

We never pass personal data to a third party unless it is for processing on behalf of CODE

Where our data is stored 

Personal data is stored in our email applications Constant Contact and Aweber, on the head office networked computers, in the CRM programme at head office called Enterprise MRM/Tribe, on the Brighton Hub computers and on company laptops or mobile phones. Online backups are stored in encrypted format with Data Barracks.

Our data processors store personal data in the EU in digital and hard copy formats. Data processors outside of the EU are only in the USA and are companies who are certified for the EU-US Privacy Shield and have appropriate GDPR compliance terms and conditions. Personal data is obtained when a Member subscribes to a membership, when a Client requests a CODE service and when a non-member subscribes to a CODE email list.

Retention of personal data 

The retention period for members’ data is 10 years as many members re-join after some years. The retention period for staff records and client data is 6 years. The retention period for non-member data is 2 years after it was last processed. 

You have the right to withdraw consent for important compliance notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or texts. You have the right to obtain a copy of your data records within one month of application, for which no fee will be charged.

Privacy Impact Assessment 

We have carried out a Privacy Impact Assessment (P 217Q) and the details of how we ensure security of personal data is in our Physical Security Risk Assessment (P 217M). We have Information Governance Procedures (P 217C) and a Legitimate Interests Assessment (M 217S). Copies of these policies and procedures can be obtained from the contact details below.


Please contact Gill Cox at CODE for a comment, suggestion or a complaint about the processing of your data at or by calling 01409 254 354 or by writing to CODE at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB. If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.

CODE procedures 

  • You can also use the contact details above to request copies of the following CODE policies or procedures: 
  • Data Protection Policy (P 233-DPT), which has a list of all data protection procedures 
  • Consent Policy (P 233-CNS) 
  • Privacy Impact Assessment (P 217S) 
  • Information Governance Procedures (P 217C)

Further information 

CODE Contract as Data Processor 

CODE Cookie Policy 

CODE Privacy Policy

CODE is the trading name of the Confederation of Dental Employers ltd company number 01763779. CODE is also a trading name of Codeplan Ltd company number 03927086. iComply is a trading name of Codeplan ltd. 

Both the Confederation of Dental Employers ltd and Codeplan Ltd are incorporated in and established under the laws of England. Their registered office is at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX 22 6BB.The 

The CODE Privacy Notice can be downloaded as a PDF here