Privacy Policy

Telemedicine applications
latest update: 22/02/2024

TIE CAST Limited's Privacy policy


Welcome to TieCast's Privacy Policy

At TieCast, we recognise the importance of privacy and security for our users. Our platform is specifically designed to provide seamless and secure streamlining of healthcare data collection, processing and storage. It supports patient motivation during orthodontic treatments and facilitates remote communications between dentists and their patients. We cater to a wide array of users, including patients, healthcare providers, and, in certain cases, minors under the age of digital consent under the age of digital consent under the supervision of their parents or legal guardians.

1. Purpose of This Policy

1.1 Purpose of this privacy notice

The purpose of this Privacy Policy is to transparently inform you about how we collect, use, safeguard, and disclose your personal and medical data when you utilise our services. We acknowledge the sensitivity of the information you entrust to us, particularly health-related data, and are committed to managing it with the highest care. Our practices are aligned with the General Data Protection Regulation (GDPR) and other pertinent privacy laws, ensuring we adhere to the strictest standards of data protection and privacy.

1.2 Scope of Data Collection

Our data collection is integral to providing and enhancing the services offered by our platform. This encompasses:

Personal Identification Data: This includes details such as your name, email address, age, and contact details. These are essential for creating and managing your account, facilitating communication, and providing a personalised service experience.

Medical Data: We process the medical information collected by the healthcare practitioner or provided by the user when necessary for the provision of the service. This data is crucial for healthcare providers using our platform to deliver accurate medical advice and treatment.

For minors under the age of digital consent and Parental Consent: We exercise additional caution when it involves minors under the age of digital consent. Our platform enables parental registration and management of minors under the age of digital consent' accounts. This ensures that minors under the age of digital consent use our services properly supervised and consented to by their parents or legal guardians, under GDPR.

1.3 Contact details

Our details are:

Full name of legal entity: TIE CAST LIMITED

Email address:

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues ( We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

1.4 Changes to the privacy notice and your duty to inform us of changes

This version was last updated on 22.02.2024. It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

2. Data Collection and Use

2.1 Personal Data Collection

The data we collect from you will depend on how you interact with us. We collect personal data to ensure we can fully provide our services and enhance the user experience. This data collection is crucial for various operational and communication purposes.

2.1.1 Types of Personal Data Collected for general users

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:

  • Name and Contact Details: To create your account and enable necessary communication for the provision of the services.
  • Email Address and phone number: For account verification, updates, and informational communication.
  • Age: To ensure appropriate service provision, particularly for age-sensitive medical services and for parental control.
  • Sex: For personalising medical consultations and treatments.
  • Country and City: To comply with local regulations and provide location-specific services.
  • Internet activity: Occasionally, we collect unique device identifiers, Mac addresses or general device information to understand the types of users who are utilising our platform.  

2.1.2 Purposes of Collecting Personal Data

  • Identification: To identify you as a unique user on our platform.
  • Communication: To facilitate communication between you, healthcare providers, and our support team.
  • Analytics: To improve our platform and services, and ensure they meet user needs effectively.
  • Legal Basis:  Performance of contract, consent, legal obligation

2.2 Medical Data Collection

Our platform may process medical data for clinical purposes as per the nature of our activities. This data will be collected by a trusted third-party healthcare professional or by TIE Cast and processed and stored on our platform only with your explicit consent and when required for the provision of the requested services.

2.2.1 Types of Medical Data Processed

  • Medical History and Medical Imagery and Documents: To provide healthcare providers with the necessary background for effective treatment and store data such as dental images, 3D scans, X-rays, etc., essential for diagnosis and treatment planning.
  • Telemedicine: When using our platform for telemedicine services, a virtual consult summary will be generated after each virtual visit, initiated autonomously by patients.At the end of a virtual visit, all data are transferred to the healthcare practitioner for review. These consult summaries include medical information, images, and other data a patient might share. All data will be stored in the user Profile.

2.2.2 Purposes of  Processing Medical Data

  • To enable healthcare providers to offer accurate medical advice and treatment and monitor and track your treatment progress over time.
  • Legal Basis:  Performance of contract, legal obligation

2.3 Usage of Collected Data

The data collected on our platform is used exclusively for the purposes mentioned above. At no point is your personal information shared with third parties for marketing or other non-essential purposes without your explicit consent.Additionally, we may use the data collected to:

  • Provide and maintain our services.
  • Internal research: using usage data to estimate audience size and usage patterns and store information about your preferences, expediting searches and recognising your return to our platform.
  • To provide customer support, answer your questions, or manage requests.
  • For our legitimate interests, ensuring that such interests do not override your rights or interests.

Under certain circumstances, we may meticulously anonymise your data to disassociate it from you. In such cases, we may use this anonymised information indefinitely without providing notification. This anonymised data is employed for the analysis of our programs and services.We reserve the right to disclose the data under our control to regulators, authorities, and enforcement agencies when obligated to fulfil legal obligations or enforce our terms and conditions.

3. Data Processing Entities

3.1 Internal Data Processing at TieCast

Our platform, TieCast, processes and stores your data carefully, ensuring compliance with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

  • Data Storage and Security: We employ robust security measures to protect your data from unauthorised access, alteration, disclosure, or destruction. Our storage solutions are compliant with industry standards for data security and privacy.
  • Data Usage: Internally, your data is used solely for the purposes outlined in Chapter 2. This includes providing and enhancing our services, facilitating communication, and conducting necessary analytics.

3.2 Third-Party

We engage with the following third-party entities that help process data. These entities are carefully chosen and must comply with our data protection standards and the GDPR.

  • Payment Processors: For secure processing of payments, we use reputed third-party payment processors. They handle transaction data, ensuring secure and efficient payment services.
  • Cloud Service Providers: Our platform relies on cloud services for data storage and management. These providers are selected based on their commitment to data security and privacy.
  • Healthcare professionals: We supply our services and products to healthcare organisations engaged in your care. The  healthcare entities are responsible for determining how your information is utilised, as the "Data Controller."
  • Healthcare providers: To enhance our services and clinical assessments, we might collaborate with A.I. companies, to perform required clinical assessments that help us serve you better.

In this capacity, we function as a "Data Processor". Our association with the healthcare provider is governed by a transparent agreement delineating the handling and security measures employed for the data.

3.3 Responsibilities of Data Processors

Compliance with Data Protection Laws: All third-party processors must adhere strictly to GDPR and other relevant data protection laws.

Data Security: They must implement adequate security measures to protect data against unauthorised access, loss, or breach.

Limited Access: Access to personal and medical data is restricted to what is necessary to fulfil their services.

3.4 Data Processing Transparency

We are committed to maintaining transparency regarding our data processing practices. This includes providing information about the third parties involved in data processing and the nature of their services.

4. minors under the age of digital consent and Parental Consent

At TieCast, we acknowledge the necessity of extra protective measures when handling minors under the age of digital consent' personal and medical data. Our platform is designed to comply with the relevant laws safeguarding minors under the age of digital consent's privacy rights.

4.1 Parental Registration and Control

We have established specific protocols for parental involvement:

  • Parental Account Creation: Parents or legal guardians must create an account on behalf of the minor under the age of digital consent. This account is linked to the child’s profile, allowing parents to manage and monitor the use of our services.
  • Control Over Minor under the age of digital consent’s Data: Parents have full control over their personal and medical data, including the right to access, review, and request modifications or deletions.
  • Telemedicine Features for minors under the age of digital consent: The platform offers tailored telemedicine features that are accessible only under the supervision of their parents or legal guardians.

4.2 Verification Procedures for Parental Consent

We implement verification procedures to ensure that consent for a minor under the age of digital consent’s use of our services is legitimately provided by a parent or legal guardian. Explicit consent from the parent or legal guardian is obtained before any data processing activities are carried out for minors under the age of digital consent.

4.3 Rights of Parents and Legal Guardians

  • Access and Review: The right to access and review all personal and medical data collected about the minor under the age of digital consent.
  • Data Modification and Deletion: The right to request modifications or delete the minor under the age of digital consent’s data from our platform.
  • Withdrawal of Consent: The right to withdraw consent at any time, leading to the minor under the age of digital consent's cessation of data processing activities.

5. Data Rights and User Control

Our platform is designed to provide you with control over your personal and medical data.

5.1 Access and Rectification

  • Right to Access: You have the right to request access to your personal and medical data that we hold. This includes the right to be informed about the nature of your data, its processing, and disclosure.
  • Right to Rectification: If you find any personal or medical data we hold about you is incorrect or incomplete, you have the right to request that we correct or update it.

5.2 Erasure and Data Portability

  • Right to Erasure (‘Right to be Forgotten’): You may request the deletion of your personal and medical data from our systems, especially when it is no longer necessary for the purposes for which it was collected.
  • Right to Data Portability: You have the right to request a copy of your data in a structured, commonly used, and machine-readable format, and to have this data transferred to another data controller within 30 days from the request.

5.3 Objection and Consent Withdrawal

  • Right to Object: You can object to processing your personal and medical data, particularly for direct marketing purposes or when processing is based on legitimate interests.
  • Right to Withdraw Consent: Where the processing of your data is based on consent, you can withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

5.4 Automated Decision-Making and Profiling

  • Right to be Informed: You have the right to be informed about and to object to any automated decision-making processes or profiling that impacts you significantly.

5.5 Exercising Your Rights

You can submit requests about your data rights through our designated channels (e.g., user dashboard, customer support, website). We commit to responding to your requests promptly and appropriately, following legal requirements.

5.6 Responsibilities and Compliance

TieCast upholds these rights and facilitates user control over personal and medical data. We regularly review our policies and practices to ensure compliance with current data protection laws and to safeguard your rights.

6. Data Security and Integrity

6.1 Security Measures in Place

  • Encryption Technologies: We use advanced encryption technologies to safeguard data during transmission and storage. This ensures that your sensitive information is protected from interception or unauthorised access.
  • Access Controls: Strict access controls are in place to limit data access to authorised personnel only. This minimises the risk of unauthorised data handling and ensures that only necessary staff members can access personal and medical data.
  • Regular Security Audits: Our systems undergo regular internal security audits to identify and rectify potential vulnerabilities.
  • Incident Response Plan: In the event of a data breach, we have an incident response plan to promptly address and mitigate any potential damage and inform affected users in compliance with legal obligations.

6.2 Data Integrity Measures

  • Data Accuracy: We ensure the accuracy of the data we collect and store. Users have the right to rectify any incorrect or incomplete data, as detailed in Chapter 5.
  • Data Update Mechanisms: Regular updates and reviews of the data are conducted to maintain its relevance and accuracy over time.

6.3 Data Retention Policy

  • Retention Period: Personal and medical data are retained only for as long as necessary for the purposes for which they were collected or processed or when in compliance with legal and regulatory requirements.
  • Secure Deletion: Upon the expiry of the retention period or a user's request for data deletion, we ensure that the data is securely and permanently deleted from our systems unless otherwise demanded by law.

6.4 Sensitive Data and Security

TieCast continuously monitors and updates its security practices to align with evolving data protection standards and regulations.

7-A. International Data Transfer and Opt-Out Options - For Users Outside the European Economic Area (EEA)

7-A.1 International Data Transfer

7-A.1.1. Applicability to Non-EEA Users:
This platform primarily serves users within the European Economic Area (EEA). If you're accessing our services outside the EEA, please know that your data will be transferred to and processed in Europe.

7-A.1.2. Data Protection Standards:
All data transferred from outside the EEA is protected according to European data protection standards. We're committed to safeguarding your privacy.

7-A.1.3. Adherence to Legal Standards:
In moving data internationally, we strictly follow GDPR and other relevant data protection laws, ensuring high levels of data protection.

7-A.1.4. Data Transfer Agreements:
We utilise standard contractual clauses approved by the European Commission for international data transfers, guaranteeing EU-equivalent data protection.

7-A.1.5. Opt-Out Options for Data Collection:
You can opt-out or adjust preferences for certain data collections, like analytics or cookies, to align with your privacy needs.

7-A.1.6. Controlled Third-Party Sharing:
Your data is not shared with third parties for marketing without your explicit consent. You have control over your data-sharing preferences.

7-A.1.7. Transparency in Data Transfers:
We're transparent about the international transfer and storage of your data. You'll be informed of any such transfers affecting your data.

7-B. Data Localization and Opt-Out Options - For Users within the European Economic Area (EEA)

7-B.1 Data Localization

At TieCast, we adhere to a data localisation policy, ensuring that all personal and medical data are stored and processed within the jurisdiction of our operation, without international transfer.

  • No International Data Transfer: We do not transfer, store, or process user data outside our operating jurisdiction. This approach complies strictly with data protection regulations, including the General Data Protection Regulation (GDPR).
  • Enhanced Data Security: Local data storage and processing reduce the risks associated with cross-border data transfers.
  • Regulatory Compliance: By localising data, we ensure full compliance with the data protection laws of our jurisdiction.
  • Immediate Legal Recourse: Should any concerns regarding data protection arise, we strongly encourage users to contact us directly for prompt resolution. If an issue cannot be resolved internally and users seek legal recourse, such actions are subject to the laws and regulations within the appropriate jurisdiction. We are committed to complying with all applicable data protection laws and prioritise resolving concerns amicably and efficiently.
  • Data Collection Preferences: For specific data collection processes like analytics or cookies, you can opt-out or adjust your preferences to suit your privacy concerns.
  • Third-Party Sharing: We maintain a strict policy of not sharing your data with third parties for marketing purposes without your explicit consent. You can manage your preferences regarding data sharing in your account settings.

7-B.2 Exercising Your Opt-Out Rights

Through User Account: You can easily manage most opt-out preferences directly within your account settings. Should you need any assistance or have questions about managing your opt-out preferences, our customer support team is readily available to help.

8. Regular Review and Updates

8.1 Review Policy

Annual Reviews: We will comprehensively review our privacy policy annually. This review is designed to assess and incorporate any changes in privacy laws, technological advancements, and best practices in data protection.

Event-Triggered Updates: Our policy may be updated in response to significant events, such as changes in legislation, major corporate changes, or security incidents.

User Feedback: We consider user feedback an integral part of our review process, allowing us to address any concerns or suggestions from our user base.

Expert Consultation: We consult with external legal experts specialising in data protection laws to ensure our policy meets the latest legal requirements.

8.2 Notification of Policy Updates

User Notification: When significant changes are made to our privacy policy, we will notify users through email or notifications within the platform.

Accessibility of the Updated Policy: The most current version of our privacy policy will always be accessible on our website. We encourage users to periodically review it to stay informed about how their personal data is protected.

8.3 Record of Changes

Change Log: We maintain a change log documenting all revisions made to the policy, including the nature of the changes and the dates they were implemented.

9. Contact Information for Exercising Data Protection Rights

9.1 Ensuring Easy Access to Support

  • Contact Points for Data Protection Inquiries: you can contact us for any inquiries about your data protection rights.Our customer support team is trained to handle data privacy and user rights inquiries. They can be reached at , specifying subject ‘privacy enquiry’.
  • Feedback: We welcome and value your feedback on our data protection practices. Your suggestions help us improve our services and policies.
  • Complaints: Please contact us if you have any complaints regarding how we handle your data. We are committed to resolving any issues promptly and fairly.

9.2 Response Time

Commitment to Timely Responses: We aim to respond to all inquiries and requests regarding data protection rights within a reasonable timeframe, at most one month from the date of receipt, under GDPR guidelines.

10. Final Clauses

10.1 Acceptance of Terms

  • Acknowledgement and Consent: By using TieCast's services, users acknowledge that they have read and understood this Privacy Policy. The use of our platform constitutes acceptance of the terms and conditions outlined in this policy.
  • Informed Consent: Our responsibility is to ensure that users are fully informed about how their data is collected, used, and protected. Consent is obtained clearly and unambiguously, in compliance with GDPR and other relevant data protection laws.

10.2 Changes to the Privacy Policy

  • Policy Evolution: We reserve the right to modify or update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or user feedback. Changes are made to enhance data protection and compliance.
  • Notification of Changes: Should there be any significant changes to this policy, users will be notified through our platform, email, or other appropriate channels.
  • Accessibility of Updated Policy: The most current version of our Privacy Policy will always be available on our website.

10.3 User Responsibility

Review of Policy: Users are responsible for regularly reviewing this Privacy Policy. Continued use of our platform after any changes constitutes acceptance of those changes.

10.4 Acceptance of Privacy Policy

By creating an account on TieCast's platform, you acknowledge and agree to the following:

  • Informed Consent: You confirm that you have read, understood, and agree to the terms outlined in our Privacy Policy. This includes our practices regarding collecting, using, processing and sharing your personal and medical data.
  • Active Agreement: Your action of checking the box or clicking on an "Agree" or similar button during the signup process is your active and informed consent to abide by the privacy policy.
  • Continuous Compliance: You agree to comply with the terms of this policy as long as you use our platform. This includes adhering to any updates or amendments made to the policy over time.
  • Regular Review: You commit to reviewing the privacy policy for any changes or updates. Continued platform use after such changes will constitute your acceptance of the new terms.

10.5 Confirmation of Age and Capacity

Legal Age and Capacity: By agreeing to this policy, you represent that you are of legal age in your jurisdiction and have the legal capacity to accept these terms.

Parental Consent for minors under the age of digital consent: if you register an account on behalf of a minor under the age of digital consent as a parent or legal guardian, you consent to the minor under the age of digital consent's use of our platform per this privacy policy.

11. Glossary

11.1 General Definitions

  • Automated Decision-Making: The process of automated decision-making without human involvement.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by clear affirmative action, signify agreement to the processing of personal data relating to them.
  • Data Breach: A security incident in which information is accessed without authorisation.
  • Data Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • Data Portability: The right to receive personal data that a data subject has provided to a controller in a structured, commonly used, and machine-readable format, and the right to transmit that data to another controller.
  • Data Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
  • Data Subject: A natural person whose personal data is processed by a controller or processor.
  • GDPR (General Data Protection Regulation): The regulation in EU law on data protection and privacy in the European Union and the European Economic Area.
  • Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, etc.
  • Processing: Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

11.1 Lawful Basis

  • Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us
  • Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
  • Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.

11.3 Your legal rights

  • Request access to your personal data (commonly known as a ‘data subject access request’). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure (‘Right to be Forgotten’) of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.