MDConnect Privacy Policy
MDBUDDY UK LTD
Effective date: 1 January 2026
Last reviewed: 4 April 2026
Next review due: 4 April 2027
1. Who We Are
MDBUDDY UK LTD ("we", "us", "our") is a company registered in England and Wales. Our registered address is 427 Kings Road, Stretford, Manchester, M32 8LN.
We operate MDConnect, a digital platform purpose-built for managing supervised toothbrushing programmes in schools, nurseries, early years settings, and care settings across the United Kingdom. MDConnect is accessible at healthbymd.com/mdconnect.
We are registered with the Information Commissioner's Office (ICO) under registration number ZB894415.
For the purposes of UK data protection law (the UK General Data Protection Regulation and the Data Protection Act 2018), MDBUDDY UK LTD is the data controller for all personal data collected, processed, and stored through MDConnect. The data compliance lead responsible for data protection matters is Dr Ramzan Mohammed, who can be contacted at mdconnect@mydentalbuddy.com.
2. Definitions
In this Privacy Policy, the following terms have the meanings set out below.
Admin User: A member of staff employed by or acting on behalf of a Local Authority or Programme Provider who accesses MDConnect to manage a supervised toothbrushing programme. Admin Users have programme-wide access to settings, reports, stock management, and other administrative functions.
Aggregated Data: Data that has been combined from multiple sources and presented in summary form such that no individual person or institution can be identified from it.
Anonymised Data: Data that has been processed in such a way that it can no longer be attributed to a specific individual, whether directly or indirectly, by any means reasonably likely to be used.
Children's Data: Aggregate, non-identifiable information about children participating in supervised toothbrushing programmes, as described in section 8 of this policy. MDConnect does not collect or process individually identifiable data about children.
Customer: A Local Authority (LA) or Programme Provider (PP) that has entered into a subscription agreement with us to use MDConnect.
Local Authority (LA): A council or local government body in England, Wales, Scotland, or Northern Ireland that commissions or delivers public health programmes.
MDConnect: The web-based SaaS platform operated by MDBUDDY UK LTD for managing supervised toothbrushing programmes, accessible at healthbymd.com/mdconnect.
Personal Data: Any information relating to an identified or identifiable natural person, as defined by Article 4(1) of the UK GDPR.
Programme Provider (PP): An organisation commissioned by a Local Authority to deliver a supervised toothbrushing programme on its behalf.
Setting: A school, nursery, early years provider, care setting, or other institution participating in a supervised toothbrushing programme managed through MDConnect.
Setting User: A member of staff at a Setting (such as a headteacher, teaching assistant, or nursery manager) who accesses MDConnect to log brushing sessions, request stock, report incidents, access resources, and complete training.
Special Category Data: Sensitive personal data as defined by Article 9 of the UK GDPR, including data concerning health, racial or ethnic origin, and data relating to children's safeguarding.
UK GDPR: The United Kingdom General Data Protection Regulation, as defined by section 3(10) of the Data Protection Act 2018.
3. About This Policy
This Privacy Policy explains how we collect, use, store, and share personal data in connection with MDConnect. It applies to all individuals whose personal data we process through the platform, including Admin Users, Setting Users, and visitors to the MDConnect website.
This policy does not cover the MDBuddy children's app, the MDPassport product, or clinical service delivery. Those products and services are governed by their own privacy documentation.
We may update this policy from time to time to reflect changes in our processing activities, legal requirements, or ICO guidance. When we make material changes, we will notify affected users through the MDConnect platform. The current version of this policy is always available at healthbymd.com/mdconnect.
4. Data We Collect
We collect and process the following categories of personal data through MDConnect.
4.1 Admin User Account Data
When a Customer's staff are set up as Admin Users, we collect their name, email address, role or position, and login credentials. We also record login timestamps and maintain an audit trail of actions performed within the platform. This data is necessary to provide access to the platform and to maintain a record of who has made changes to programme data.
4.2 Setting User Account Data
When Setting staff are registered on MDConnect, we collect their name, email address, role or position at the Setting, login credentials, and login timestamps. We record which Setting each user belongs to and maintain an audit trail of their actions, including session logging, stock requests, and incident reports.
4.3 Setting Institutional Data
For each Setting enrolled in a programme, we collect the Setting name, address, email address, phone number, contact name and role, website, Setting type and category, ownership type, region, Index of Multiple Deprivation (IMD) score (derived from postcode), SEND provision status, and pipeline status within the programme. We also record the number of children aged 3 to 5 at the Setting, the number of other children, and the number of children actively participating in brushing. These are aggregate counts at the Setting level and do not identify individual children.
4.4 Session and Brushing Data
When a Setting logs a brushing session, we capture the date and time, total duration and duration breakdown (setup, brushing, cleanup), the number of children present (as an aggregate count), the staff member who ran the session, the class identifier, and the Setting identifier. Individual children are not identified in session data.
4.5 Stock Request Data
When a Setting requests programme supplies, we capture the items and quantities requested, free-text notes from the Setting User, the date and identity of the submitting user, fulfilment status and status change history, assigned admin team member, internal admin comments (not visible to Setting Users), and expected and actual delivery dates.
4.6 Contact Log Data
When Admin Users record interactions with Settings, we capture the contact method, free-text notes (which may include names of individuals spoken to at the Setting), date and time, the identity of the Admin User who logged the contact, and the Setting identifier.
4.7 Feedback and Incident Data
Settings can report issues through MDConnect, including equipment problems, staffing changes, general feedback, and safeguarding concerns. We capture the issue type, a free-text description, the date and identity of the reporting user, resolution status and history, internal admin notes, and the assigned admin team member.
Important: Safeguarding concern reports may contain sensitive personal data about children or staff. Where this occurs, such data constitutes Special Category Data under Article 9 of the UK GDPR and is processed under the conditions set out in section 6 of this policy. We apply enhanced security measures to all safeguarding data, including restricted access and immediate escalation protocols.
4.8 Audit and Quality Assurance Data
When Admin Users conduct site audits, we capture the audit date and type, observations (free text), follow-up requirements, uploaded evidence files (photographs, PDFs, documents), file descriptions, and the identity of the submitting admin user.
4.9 Training Data
We record each user's name, training module completion status and dates, certification status (such as Oral Health Champion certification), and certificate generation records.
4.10 Reporting Data
MDConnect generates reports from data already captured through the features described above. No additional personal data is collected for reporting purposes. Reports include OHID quarterly returns (aggregated programme data for government submission), custom filtered reports, and Setting-level summaries.
5. How We Collect Data
We collect personal data in the following ways.
Directly from users. Admin Users and Setting Users provide their account details when they are registered on MDConnect. Setting Users enter session data, stock requests, incident reports, and other operational information through the platform during normal programme delivery.
From Customers. Admin Users enter Setting institutional data into MDConnect, either individually through the platform interface or by bulk upload via an Excel template. Admin Users also create Setting User accounts and enter contact log records.
Automatically. We automatically record login timestamps, audit trails of user actions, and system-generated data such as calculated participation rates and pipeline status change histories.
From publicly available sources. IMD scores are derived from Setting postcodes using publicly available Index of Multiple Deprivation data published by the UK Government.
6. Why We Process Data and Our Legal Basis
We process personal data for the purposes and under the legal bases set out below. Where more than one legal basis applies, we rely on the most appropriate basis for the specific processing activity.
PurposeLegal BasisProviding and operating MDConnect for Customers and their SettingsPerformance of a contract (Article 6(1)(b) UK GDPR) with our CustomersManaging user accounts, authentication, and access controlsPerformance of a contract (Article 6(1)(b)) and our legitimate interests in platform security (Article 6(1)(f))Generating programme reports, including OHID quarterly returns for government submissionPerformance of a contract (Article 6(1)(b)) and our legitimate interests in supporting public health programme delivery (Article 6(1)(f))Recording and resolving incidents, including safeguarding concerns reported by SettingsSubstantial public interest (Article 6(1)(e) and Article 9(2)(g) UK GDPR, read with Schedule 1 Part 2 paragraph 18 of the Data Protection Act 2018 for safeguarding data)Maintaining audit trails and quality assurance recordsLegitimate interests (Article 6(1)(f)) in maintaining programme integrity and accountabilityPlatform improvement, bug fixing, and technical supportLegitimate interests (Article 6(1)(f)) in maintaining and improving the serviceProducing aggregated, anonymised, and de-identified data for research, public health analysis, health intervention programmes, policy development, and service commissioningLegitimate interests (Article 6(1)(f)) in contributing to public health evidence and improving oral health outcomes. See section 9 for full details.Compliance with legal obligations, including responding to lawful requests from regulatory bodies or law enforcementLegal obligation (Article 6(1)(c))
Legitimate interests balancing test. Where we rely on legitimate interests, we have carried out a balancing test to ensure that our interests do not override the rights and freedoms of individuals. Our legitimate interests in platform operation, programme support, and public health research are balanced against the minimal privacy impact of the data we process, the reasonable expectations of users in a professional healthcare context, and the safeguards we apply (including role-based access controls, encryption, and anonymisation of research data). Records of these assessments are available on request.
7. Website Visitors
If you visit the MDConnect marketing website at healthbymd.com/mdconnect without logging in, we may collect limited data through cookies and similar technologies. This is described in our Cookie Policy, which is available as a separate document and at healthbymd.com/mdconnect.
8. Children's Data
MDConnect is used in the delivery of supervised toothbrushing programmes for children, predominantly aged 3 to 5. It is important to understand what data MDConnect does and does not hold about children.
8.1 What MDConnect Collects About Children
MDConnect collects only aggregate, non-identifiable data about children. This consists of the number of children aged 3 to 5 at each Setting, the number of other children, the total number of children actively participating in brushing, and the number of children present at each brushing session. These are numerical counts at the Setting level. Individual children are not identified, named, or tracked within MDConnect.
IMD deprivation data is associated with Settings (based on the Setting's postcode), not with individual children. Reporting on children in deprived areas is derived from the Setting's IMD classification, not from any data about individual children's circumstances.
8.2 What MDConnect Does Not Collect About Children
MDConnect does not collect children's names, dates of birth, individual health data, photographs, individual behavioural or developmental data, parent or guardian contact details, or individual brushing performance data. No child interacts directly with MDConnect. All data about children is entered by Setting staff or calculated from session logs.
8.3 Safeguarding Exception
The incident reporting feature includes a safeguarding concern category. Free-text descriptions submitted under this category may contain individually identifiable information about children or staff, including information that constitutes Special Category Data. Where this occurs, we process it under the substantial public interest condition (Article 9(2)(g) UK GDPR, read with Schedule 1 Part 2 paragraph 18 of the Data Protection Act 2018, which covers the safeguarding of children and individuals at risk). Safeguarding reports are subject to restricted access within the platform and immediate escalation protocols.
8.4 ICO Age Appropriate Design Code
Because MDConnect does not provide a service directly to children and does not process individually identifiable children's data (except in the limited safeguarding scenario above), the ICO's Age Appropriate Design Code does not apply to MDConnect in the same way it applies to services directed at or likely to be accessed by children. However, we have regard to the Code's principles when designing features that relate to children's data, and we apply a high standard of data minimisation to ensure that only the minimum data necessary for programme delivery is captured.
9. Aggregated and Anonymised Data
All data collected, processed, and stored by MDConnect is owned by MDBUDDY UK LTD. Customers are granted access to data relevant to their programme deployment through the platform. Customers do not own the data.
MDBUDDY UK LTD reserves the right to produce and share aggregated, anonymised, and de-identified data derived from MDConnect for the following purposes:
(a) Academic and clinical research into children's oral health outcomes and programme delivery effectiveness.
(b) Public health analysis to support local, regional, and national understanding of oral health programme impact.
(c) Health intervention and targeted intervention programmes, including informing the design and commissioning of future preventive services.
(d) Policy development and service commissioning by government bodies, NHS organisations, and public health agencies.
Data shared under this provision is fully anonymised and cannot be linked back to any individual child, staff member, or institution. Because anonymised data is not personal data under UK GDPR, its sharing does not require individual consent and is not subject to data subject rights. We apply robust anonymisation techniques to ensure that re-identification is not reasonably likely by any means.
This provision is also stated in the MDConnect Terms and Conditions (section relating to data ownership) and the MDConnect Data Processing Agreement (section relating to anonymised data use). The language is consistent across all documents.
10. Who We Share Data With
We do not sell, rent, or trade personal data to any third party. We share personal data only in the limited circumstances described below.
10.1 Service Providers (Sub-processors)
We use a limited number of third-party service providers to operate MDConnect. These providers process personal data on our behalf and under our instructions. We maintain data processing agreements with each provider that meet the requirements of Article 28 of the UK GDPR.
Our current sub-processors are:
Service ProviderPurposeData LocationAmazon Web Services (AWS)Cloud hosting and data storageEurope (Ireland and London regions)Firebase (Google Cloud)Cloud servicesEurope
We will update this list if we engage additional sub-processors. Material changes to sub-processors will be communicated to Customers through the platform or by email.
10.2 Government Reporting
Admin Users generate OHID quarterly returns within MDConnect and export them manually for submission to government. MDConnect does not transmit data directly to OHID or any other government body. The exported reports contain aggregated, non-identifiable programme data.
10.3 Legal and Regulatory Disclosure
We may disclose personal data where required to do so by law, regulation, or court order, or where disclosure is necessary to protect our legal rights, to comply with a judicial proceeding, or to respond to a lawful request from a regulatory body or law enforcement authority.
10.4 Business Transfers
In the event that MDBUDDY UK LTD is acquired, merged with another organisation, or undergoes a restructuring, personal data held through MDConnect may be transferred to the successor organisation. We will notify affected users of any such transfer and the successor will be bound by the terms of this Privacy Policy until a replacement policy is issued.
11. International Data Transfers
All personal data processed through MDConnect is stored and processed within the United Kingdom and the European Economic Area, using AWS Europe (Ireland and London regions) and Firebase Google Cloud Europe. We do not transfer personal data outside the UK or EEA.
If our sub-processor arrangements change in the future and an international transfer becomes necessary, we will ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement or UK Addendum to the EU Standard Contractual Clauses, and we will update this policy accordingly.
12. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law. The following retention periods apply.
Data CategoryRetention PeriodAdmin and Setting User account dataDuration of the Customer's subscription plus 12 months, unless the user or Customer requests earlier deletionProgramme operational data (sessions, stock, contact logs)Duration of the Customer's subscription plus 3 years, to support longitudinal programme analysis and government reporting requirementsIncident and safeguarding reportsDuration of the Customer's subscription plus 6 years, in line with UK limitation periods for safeguarding-related claimsAudit and quality assurance recordsDuration of the Customer's subscription plus 3 yearsConsent documentation6 years, in accordance with UK legal requirementsTraining and certification recordsDuration of the Customer's subscription plus 3 yearsAggregated and anonymised dataRetained indefinitely, as it does not constitute personal data
12.1 When a Customer's Subscription Ends
When a Customer's subscription ends, we will offer the Customer an opportunity to export their programme data within 30 days of termination. After this 30-day period, operational data will be retained in accordance with the retention periods above and then securely deleted. Aggregated and anonymised data derived from the Customer's programme will be retained indefinitely. Full details of data handling on termination are set out in the MDConnect Terms and Conditions.
12.2 When a Setting Leaves a Programme
If a Setting is removed from a programme or disengages, its historical data (session logs, stock requests, incident reports, audit records) is retained within the Customer's programme records for the retention periods stated above. This ensures historical reporting accuracy and audit trail integrity. The Customer may request export of a Setting's data where the Setting transfers to a different provider.
13. Data Security
We take the security of personal data seriously and have implemented technical and organisational measures appropriate to the risks involved. These measures include:
Encryption. All data stored within MDConnect is encrypted at rest using AES-256 encryption. All data transmitted to and from MDConnect is encrypted in transit using TLS 1.3.
Access controls. MDConnect operates role-based access controls following the principle of least privilege. Admin Users can only access data within their own programme. Setting Users can only access data relating to their own Setting. MDBUDDY UK LTD's internal access to customer data is restricted to authorised personnel for technical support and platform maintenance purposes only.
Multi-tenancy. Each Customer's data is logically isolated within MDConnect. Admin Users from one Customer cannot access another Customer's data.
Hosting. MDConnect is hosted on AWS Europe (Ireland and London regions) and Firebase Google Cloud Europe. All data is processed and stored within the UK and EEA. There is an absolute prohibition on processing data outside UK and EU jurisdictions.
Personnel. All MDBUDDY UK LTD staff with access to data that includes information about children hold enhanced DBS clearances. Staff receive comprehensive data protection training on induction and on an ongoing basis.
Incident response. We maintain documented incident response procedures. In the event of a personal data breach, we will notify the ICO within 72 hours where the breach is likely to result in a risk to individuals' rights and freedoms, and we will notify affected individuals directly where the breach is likely to result in a high risk to their rights and freedoms. Enhanced procedures apply specifically to incidents involving children's data or safeguarding information.
Further detail on our security measures is provided in the MDConnect Data Security Overview document, available on request.
14. Your Rights
Under UK data protection law, you have the following rights in relation to your personal data. These rights apply to Admin Users, Setting Users, and any other individuals whose personal data we process.
Right of access. You have the right to request a copy of the personal data we hold about you.
Right to rectification. You have the right to request that we correct any personal data that is inaccurate or incomplete.
Right to erasure. You have the right to request that we delete your personal data in certain circumstances, such as where it is no longer necessary for the purposes for which it was collected.
Right to restriction of processing. You have the right to request that we restrict the processing of your personal data in certain circumstances, such as where you contest its accuracy.
Right to data portability. You have the right to receive a copy of your personal data in a structured, commonly used, and machine-readable format, where our processing is based on consent or contract and is carried out by automated means.
Right to object. You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Right to withdraw consent. Where we process personal data based on your consent, you have the right to withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.
To exercise any of these rights, please contact us at mdconnect@mydentalbuddy.com. We will respond to your request within one month. If your request is complex or we receive a large number of requests, we may extend this period by a further two months, in which case we will inform you of the extension and the reasons for it within the first month.
Important note regarding children's data. Because MDConnect holds only aggregate, non-identifiable data about children (counts, not individual records), it is generally not possible to identify or extract data relating to a specific child. If a parent or guardian contacts us with a data subject request relating to their child, we will explain what data MDConnect holds and confirm that no individually identifiable data about their child is present on the platform. The exception is safeguarding incident reports that may contain identifiable information; requests relating to such reports will be handled on a case-by-case basis in consultation with the relevant Customer.
14.1 Complaints
If you are not satisfied with our response to a data protection request, or if you believe we are processing your personal data unlawfully, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). The ICO can be contacted at ico.org.uk or by telephone on 0303 123 1113. We would appreciate the opportunity to address your concerns before you contact the ICO, and we encourage you to contact us at mdconnect@mydentalbuddy.com in the first instance.
15. Cookies and Similar Technologies
MDConnect uses cookies and similar technologies to operate the platform and to improve the user experience. Full details of the cookies we use, including their purpose, duration, and how to manage your cookie preferences, are set out in our Cookie Policy, which is available as a separate document. See the MDConnect Cookie Policy for full details.
16. Links to Third-Party Services
MDConnect may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policy of every website or service you visit.
17. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our processing activities, applicable law, or ICO guidance. When we make material changes, we will notify Admin Users and Setting Users through the MDConnect platform and update the effective date at the top of this document. We encourage you to review this policy periodically.
18. Contact Us
If you have any questions about this Privacy Policy, about how we process your personal data, or if you wish to exercise your data protection rights, please contact us.
Data Compliance Lead: Dr Ramzan Mohammed
Email: mdconnect@mydentalbuddy.com
Address: MDBUDDY UK LTD, 427 Kings Road, Stretford, Manchester, M32 8LN
ICO registration number: ZB894415
© MDBUDDY UK LTD 2026. All rights reserved.