top of page

D-Restricted Ltd ®
Privacy & Cookies Notice:

Introduction

D-Restricted Ltd provides clinical tongue-tie (frenulotomy) services for infants and supports the parent–infant dyad throughout assessment, treatment, and follow-up care. In order to provide safe, effective, and appropriate clinical care, D-Restricted Ltd is required to collect and process personal information relating to service-users and their infants.

D-Restricted Ltd only uses personal information where it is necessary for clinical care, administration, continuity of care, safeguarding, and legal or professional obligations.

D-Restricted Ltd does not sell personal information, provide details to marketing companies, or subscribe service-users to mailing lists without explicit consent.

Where appropriate, D-Restricted Ltd may contact service-users following consultation or treatment within an agreed timeframe to provide follow-up support, clinical guidance, or review of care. This communication may be by secure email, telephone, or text message depending on the nature of the communication.

This privacy policy applies to D-Restricted Ltd websites, including www.tongue-tie.info and associated services. It does not apply to external websites or platforms accessed through links provided by D-Restricted Ltd. Service-users are encouraged to review the privacy notices of any external websites or services they choose to access.

 

Purpose
This policy explains how D-Restricted Ltd collects, uses, stores, shares, and protects personal data.

The purpose of collecting personal information is to:

  • provide safe and effective clinical assessment, treatment, and support;

  • maintain accurate clinical records;

  • ensure continuity of care;

  • communicate with service-users regarding their care;

  • meet safeguarding responsibilities;

  • comply with legal, professional, and regulatory obligations.

D-Restricted Ltd processes personal data fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy also explains service-users’ rights regarding their personal information, including how to access records, request corrections, withdraw consent for non-essential communications, and raise concerns.

Scope
This policy applies to all personal and sensitive information collected and processed by D-Restricted Ltd.

This includes information provided:

  • during consultations;

  • through online booking systems and forms;

  • through emails, telephone calls, or messages;

  • through clinical assessments and treatment records;

  • through consent documentation;

  • through photographs or videos taken for clinical purposes;

  • through feedback or review systems;

  • through website usage and cookies.

Information processed may include personal details, contact information, medical history, feeding information, clinical observations, treatment details, photographs, correspondence, and other information necessary to provide appropriate care.

This policy also covers information relating to website use, including cookies and online services connected with D-Restricted Ltd.

GDPR and Data Protection

D-Restricted Ltd collects, stores, and processes personal information in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Diana Warren, as Director and practitioner of D-Restricted Ltd, is the Data Controller and is responsible for ensuring that personal data is handled lawfully, securely, and confidentially.

The information collected is limited to what is necessary to provide safe and effective care for the service-user and infant. This may include clinical records, consent forms, correspondence, treatment information, and relevant photographs or videos where required.

The lawful basis for processing personal data includes:

  • providing contracted clinical services;

  • maintaining appropriate clinical records;

  • complying with legal and professional obligations;

  • protecting the health and safety of service-users and infants;

  • safeguarding where concerns arise.

Health information is classed as special category data under UK GDPR. D-Restricted Ltd processes this information only where necessary for healthcare provision, safeguarding, or other lawful purposes.

D-Restricted Ltd uses secure systems for clinical record keeping. Jane.app is used as a clinical management and record-keeping platform. Service-users can securely access their patient profile portal to view relevant information held about them and their infant.

Electronic records are protected using appropriate security measures, including password protection, encryption, and restricted access. Paper records and physical storage devices are securely stored to prevent unauthorised access.

Personal information will not be shared with third parties unless:

  • it is necessary for continuity of care;

  • there is a legal requirement;

  • there is a safeguarding concern;

  • consent has been provided.

Where safeguarding concerns arise, or where D-Restricted Ltd believes a child or adult may be at risk, information may be shared with appropriate professionals or authorities. This may include a GP, Health Visitor, Social Worker, or emergency services where required.

In the event of a personal data breach, D-Restricted Ltd will assess the situation promptly and take appropriate action. Where required, the Information Commissioner’s Office (ICO) will be notified in accordance with UK GDPR requirements.

Collection and Use of Personal Data
D-Restricted Ltd collects only the information required to provide safe, appropriate, and effective clinical care.

This may include:

  • parent/carer contact details;

  • infant details;

  • relevant medical history;

  • feeding history and observations;

  • clinical assessment findings;

  • treatment details;

  • consent records;

  • correspondence relating to care;

  • clinical photographs or videos where appropriate.

All clinical records are made accurately and securely as part of professional record keeping.

Where required for continuity of care, D-Restricted Ltd may provide relevant information to other healthcare professionals. This may include sending a clinical letter to the infant’s General Practitioner (GP) following assessment or treatment. Only the minimum necessary identifiable information is included.

Information may also be shared where there is a safeguarding concern, a risk of harm, or where additional medical assessment is required outside D-Restricted Ltd’s scope of practice. This may include contacting healthcare professionals, safeguarding teams, emergency services, or other appropriate authorities where legally required.

 

Online Submissions and Third-Party Services
Information submitted through D-Restricted Ltd websites, online booking systems, forms, or electronic communications is processed securely.

D-Restricted Ltd uses third-party providers to support clinical administration and payment processing. These providers act as Data Processors where applicable and are required to process information securely.

Clinical records and appointment management are managed through Jane.app. Their privacy information can be found at:

https://jane.app/legal/privacy-notice

Website services are provided through Wix. Information submitted through the website is processed through Wix systems and transferred securely to D-Restricted Ltd for the purpose of responding to enquiries, managing bookings, and providing care.

Payment processing is completed through Stripe. D-Restricted Ltd does not store card payment details. Stripe processes payments using secure payment systems and maintains PCI DSS compliance.

External websites, services, and social media platforms linked from D-Restricted Ltd websites have their own privacy policies. D-Restricted Ltd is not responsible for how external platforms process information submitted directly by service-users.

 

Confidentiality, Storage and Security
D-Restricted Ltd maintains appropriate technical and organisational measures to protect personal information.

Electronic records are stored securely using password-protected and encrypted systems. Access is restricted to authorised personnel only.

Active records may be stored through secure clinical software and encrypted backup systems. Physical records and storage devices are kept securely within locked storage.

The clinic premises are protected using appropriate security measures, which may include CCTV monitoring and alarm systems.

CCTV is used for security purposes only. Images capture activity around the premises and are retained for a limited period before secure deletion.

Clinical photographs and videos are only taken where necessary for clinical assessment, documentation, or treatment purposes. Any use beyond clinical care, including education, training, website use, or social media, requires separate explicit consent.

Where service-users provide photographs or videos electronically for clinical advice or follow-up support, these are treated as confidential clinical information and stored securely within the appropriate record system.

Photographs

D-Restricted Ltd may take photographs of an infant’s mouth area as part of clinical assessment, documentation, and treatment records.

Photographs are taken with the knowledge of the parent/carer and form part of the infant’s clinical record.

Photographs will only be used for additional purposes such as teaching, training, demonstrations, publications, or online educational content where separate written consent has been obtained.

 

Data Retention
D-Restricted Ltd retains clinical records for an appropriate period in line with professional guidance, regulatory expectations, and clinical record-keeping requirements.

Records are retained for 25 years following the last contact where required for ongoing accountability and access to clinical information.

Once the retention period has expired, records are securely destroyed through methods such as confidential shredding, secure electronic deletion, or disposal of storage devices.

 

Access to Personal Data
Service-users have the right to request access to personal information held about themselves and their infant.

Many records can be viewed directly through the secure patient portal provided through the clinical management system.

Where a formal request for copies of records is made, D-Restricted Ltd will verify identity before releasing information to ensure confidentiality is maintained.

Requests will be handled within the timeframe required by UK GDPR.

If D-Restricted Ltd ceases trading, arrangements will be made to ensure that clinical records remain accessible in accordance with legal requirements. The ICO may provide guidance regarding the appropriate data controller if required.

Your Right to Withdraw

Service-users may withdraw consent for non-essential communications at any time.

This includes follow-up messages, feeding support communications, or optional updates.

Withdrawal of consent for communications does not affect the lawful retention of clinical records or information required for care, safety, or legal obligations.

 

Cookies and Website Use
D-Restricted Ltd websites use cookies and similar technologies to support website functionality, improve user experience, and understand how visitors interact with the website.

Cookies are small text files stored on a user’s device. Some cookies are necessary for the website to function correctly, while others may be used for analytics purposes.

Where required, appropriate consent will be obtained before non-essential cookies are placed on a user’s device.

Users can manage or disable cookies through their internet browser settings. Please note that disabling certain cookies may affect website functionality.

Links to external websites or services provided by D-Restricted Ltd may have their own privacy and cookie policies, and users are advised to review these separately.

 

Complaints and ICO Contact
If you have concerns about how D-Restricted Ltd manages your personal information, please contact D-Restricted Ltd directly in writing.

If your concern is not resolved, you have the right to contact the Information Commissioner’s Office (ICO), the UK regulator responsible for data protection.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Website: www.ico.org.uk
Telephone: 0303 123 1113

D-Restricted Ltd is registered with the ICO.

 

Changes to the Policy
This privacy policy may be updated periodically to reflect changes in legislation, professional guidance, technology, or the way D-Restricted Ltd operates.

The most recent version will be made available through D-Restricted Ltd websites. Where significant changes affect how personal information is processed, service-users will be informed where appropriate.

bottom of page