Back to Home

Compliance

GDPR Policy

CohandlerAI is fully compliant with the UK and EU General Data Protection Regulation (GDPR).

1. Our Role Under GDPR

Under GDPR, your dental practice is the Data Controller — you determine the purpose and means of processing patient data. CohandlerAI acts as the Data Processor — we process data only on your documented instructions.

We enter into a Data Processing Agreement (DPA) with every UK and EU dental clinic, clearly defining our respective responsibilities and obligations under GDPR Articles 28 and 29.

2. Lawful Basis for Processing

Legitimate Interests

Processing required to provide our core AI receptionist service to your clinic

Contract Performance

Processing necessary to fulfil our subscription service agreement with your practice

Legal Obligation

Processing required to comply with applicable laws and regulatory requirements

Consent

Where patients have explicitly consented to their data being captured and stored during calls or messages

3. Data Subject Rights

Art. 15

Right of Access

Patients can request a copy of their personal data

Art. 16

Right to Rectification

Patients can request correction of inaccurate data

Art. 17

Right to Erasure

Patients can request deletion of their data

Art. 18

Right to Restriction

Patients can request limited processing of their data

Art. 20

Right to Portability

Patients can receive their data in a portable format

Art. 21

Right to Object

Patients can object to processing of their data

4. International Data Transfers

Where data is processed outside the UK or EU, CohandlerAI ensures appropriate safeguards are in place including Standard Contractual Clauses (SCCs) approved by the European Commission, and UK International Data Transfer Agreements (IDTAs) as required by UK GDPR post-Brexit.

5. Data Breach Notification

In the event of a personal data breach, CohandlerAI will notify affected clinics within 24 hours of becoming aware. We will provide full details of the nature of the breach, categories of data affected, likely consequences, and measures taken to address it.

6. Data Protection Officer

CohandlerAI has appointed a Data Protection Officer (DPO). Contact our DPO at Shahzaib111.ms@gmail.com for any GDPR-related queries or Data Processing Agreements.

7. Supervisory Authority

UK clients have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk. EU clients may contact their local data protection supervisory authority.

© 2026 CohandlerAI. All rights reserved.