Privacy Policy

HappyTooth Smile Studio
Effective: July 2026 · Version 1.0 · Murukkumpuzha, Thiruvananthapuram, KeralaThis policy explains what personal and health information HappyTooth Smile Studio collects, why we collect it, how we protect it, and what your rights are. We handle all patient data with the care and discretion that medical information requires, and in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA) and the IT (Reasonable Security Practices) Rules, 2011.
1. Who We Are
HappyTooth Smile Studio is a specialist dental clinic at Murukkumpuzha, Thiruvananthapuram, Kerala. The clinic is led by Dr. Thushara Sudhakaran BDS MDS, Clinical Director & Root Canal Specialist. We are the data controller for all patient and visitor information collected through the clinic and our website, happytoothdental.in.
2. What We Collect
We collect and process the following categories of information:
- Personal details: Name, date of birth, address, phone number, and email address.
- Health and clinical data: Medical history, dental examination findings, diagnosis, treatment records, X-rays, and intraoral photographs.
- Financial records: Treatment fees paid, billing history, and mode of payment.
- Appointment history: Visit dates, recall records, and communication logs.
- Website enquiry data: Name, phone, or email submitted through contact or booking forms on our website.
3. Why We Collect It
All information is collected strictly for clinical, administrative, and legal purposes, including:
- To provide dental examination, diagnosis, and clinical treatment.
- To maintain medical and dental charts as required by professional codes and state law.
- To process appointments, send dental recall alerts, and coordinate billing.
- To respond to patient queries, feedback, or complaints.
- To comply with legal tax records, GST verification, and other statutory regulations.
We do not sell your data or use your details for commercial advertising, third-party marketing, or any purpose unrelated to your clinical care.
4. How We Store and Protect Your Data
Patient records, including clinical charts, notes, digital X-rays, treatment plans, and billing summaries, are securely managed through Dentobees, a cloud-based dental practice management software. Dentobees stores data on encrypted, high-security servers and provides role-based access logs that restrict information visibility only to authorized dental and clinical staff.
Paper files, written consent forms, and physical medical questionnaires are stored in locked, fire-resistant cabinets inside the clinic premises. Physical access is restricted strictly to authorized staff, all of whom are contractually bound to maintain strict patient confidentiality.
5. Who We Share Your Information With
We share information with external entities only when necessary for your clinical treatment or required by law:
- Treating Clinicians: Other specialists within the HappyTooth team directly handling your care.
- Dental Laboratories: For custom fabrication of crowns, bridges, aligners, or veneers. Only the technical prescription and a patient ID reference are shared; no personal contact details are provided.
- Referring Specialists or Hospitals: Shared with your consent when referring you for advanced surgical or medical care.
- Dentobees Software: As our practice management platform processing records securely on our behalf.
- Legal Authorities: Only when required to comply with a valid court order, state healthcare regulation, or law enforcement warrant.
We do not sell, rent, or share patient information with marketing brokers, insurance aggregators, or commercial advertisers.
6. How Long We Keep Your Records
| Record Type | Retention Period |
|---|---|
| Clinical records, adult patients | Minimum 5 years from last treatment date |
| Clinical records, minor patients | Until patient turns 25, or 5 years from last visit, whichever is later |
| Billing and financial records | 7 years (Income Tax Act / GST compliance) |
| Website enquiry / contact forms | 12 months from date of submission |
| Appointment and recall records | 2 years from last appointment |
7. Your Rights
Under the Digital Personal Data Protection Act, 2023, you hold the following rights regarding your information:
- Access: You can request a summary copy of your personal and clinical records at any time.
- Correction: You can request updates to outdated or inaccurate contact details. (Note: Medical records are updated with addendums, preserving the original entry for diagnostic integrity).
- Erasure: You can request deletion of non-clinical records. (Note: Mandatory medical and tax records within the legal retention periods cannot be erased).
- Withdraw Consent: You may withdraw your consent for future data processing. This will not affect treatments already completed.
- Grievance: If you feel we have not addressed your privacy concern, you may appeal to the Data Protection Board of India.
To exercise these rights, please submit a request in writing. We respond to all verified written requests within 7 working days.
8. Minor Patients
For patients under the age of 18, clinical consent and medical intake information must be completed by an accompanying parent or legal guardian. Parents/guardians maintain access rights to the clinical record of the minor. Upon turning 18, control of these records transfers directly to the patient. Minor records are retained until the patient turns 25, or 5 years from their last visit, whichever is later.
