Privacy Policy

Oceanhouse Solutions ltd

Last updated: 09-06-2026

Privacy Policy

1. Who we are

This website is operated by Oceanhouse Solutions Ltd ("we", "us", "our"), a company registered in England and Wales under company number 16731221.


Registered office address: 71-75 Shelton Street, London, England, WC2H 9JQ


Email: [email protected]


Phone: +44 7367 016329


We provide marketing and automation services to UK dental practices and other businesses.


We are a Data Controller for personal data we collect about visitors to this website and dentists / business contacts who interact with us. When we handle patient enquiry data on behalf of our dental clients, we act as a Data Processor; in that case, the clinic is the Data Controller.



2. Personal data we collect

We may collect and process the following types of personal data:


When you contact us or request a call:


Name

Email address

Phone number

Practice / business name

Website name

Role or job title

Any information you choose to include in messages or form fields


Website usage data:


IP address

Browser type and version

Pages visited and time spent

Referring websites or campaigns (e.g. UTM parameters)

Device and technical information


Communication data:


Emails you send us and our replies

SMS or WhatsApp messages to our business numbers

Call logs and, if applicable, call recordings with our team


For patient enquiries handled on behalf of clinics (processor role):


Name, contact details, preferred appointment times

Interest in clear aligner or other dental services

Basic suitability / screening answers (non-clinical where possible)

Appointment status (booked, rescheduled, cancelled, attended/no-show)


For patient data, please see section 7.



3. How we use your personal data (and legal bases)

We use your personal data for the following purposes:


To respond to enquiries and provide our services


To respond when you contact us via forms, email, phone or social media

To schedule and run discovery / clear aligner growth calls

Legal basis: performance of a contract or steps taken at your request before entering a contract; and legitimate interests in running our business


To send you relevant B2B marketing


To send dentists and business contacts information about our services, content, and offers that may be relevant to them

Legal basis: legitimate interests (B2B marketing to existing or likely business customers). You can opt out at any time.


To improve our website and services


To analyse how visitors use our website and campaigns

To test and improve our funnels and content

Legal basis: legitimate interests in improving and promoting our services


To measure advertising performance


To understand which advertising campaigns drive enquiries and bookings

To send conversion data to Meta via the Conversions API for advertising measurement and optimisation purposes, where you have consented to marketing cookies

Legal basis: consent (for advertising measurement tracking)


To comply with legal obligations and defend our rights


To keep appropriate records for tax, accounting, and regulatory purposes

To handle complaints, disputes, or legal claims

Legal bases: legal obligation, legitimate interests



4. How we collect your data

We collect data:


Directly from you when you fill out a form, book a call, email us, message us, or speak with us

Automatically via cookies and similar technologies when you use our website, managed through Google Tag Manager

From marketing platforms (e.g. Meta) when you respond to our ads and submit lead forms

Via server-side tracking tools where you have consented to marketing cookies (see Cookie Policy, section 5)


When we act as a processor for a clinic, we receive patient enquiry data from:


Forms and funnels we set up for that clinic

Call and message interactions through our integrated systems

The clinic's own systems where integrated



5. Who we share your data with

We use a number of trusted service providers ("processors") to help us run our business and deliver services. These include:


GoHighLevel — CRM and marketing automation platform

Google (Tag Manager and Analytics) — tag management and website analytics. Google may process data in the United States

Stape — server-side hosting provider used to route conversion events to Meta's Conversions API. Stape processes data in the EU (France) and does not retain event data beyond routing purposes

Meta (Facebook) — advertising platform. Where you have consented to marketing cookies, conversion event data (including hashed personal information) is sent to Meta for advertising measurement and optimisation purposes. Meta may process data in the United States

Cookiebot / Usercentrics — consent management platform used to record and manage your cookie preferences


These providers only process your data on our instructions and are bound by data protection terms.


We may also share your data where:


Required by law, regulation, or court order

Necessary to establish, exercise or defend legal claims

We sell or transfer part of our business (your data may be transferred as part of that transaction)


We do not sell your personal data.



6. International transfers

Some of our service providers may process personal data outside the UK/EEA (for example, in the United States). This includes Google and Meta.


Where this occurs, we ensure appropriate safeguards are in place, such as:


UK / EU Standard Contractual Clauses, or

Other transfer mechanisms recognised by UK data protection law


You can contact us if you would like more information about these safeguards.



7. Patient data we process on behalf of clinics

When we handle patient enquiries and appointment data for a dental clinic:


The clinic is the Data Controller

We act as a Data Processor, using tools such as GoHighLevel on their behalf


We process patient data to:


Capture enquiries submitted via ads, forms and landing pages

Contact patients (by phone, SMS, email) to answer basic questions, qualify interest, and book or reschedule consultations

Send reminders and follow-ups about booked appointments

Provide performance reporting to the clinic


We do not provide clinical advice or make clinical decisions. Any health-related information is used only to support booking and managing appointments.


For information about how your data is used in that context, and your rights, please refer to the privacy notice of the clinic you enquired with. If you contact us directly about your data and we are only a processor, we will pass your request to the relevant clinic.



8. How long we keep your data

We retain personal data only for as long as necessary for the purposes set out in this policy, including:


Enquiry and contact data: typically up to 2 years from last meaningful contact, unless you ask us to delete it sooner or we need to keep it longer for legal reasons

Website analytics data: in line with our analytics provider's default retention periods

Patient data processed for clinics: in line with the instructions of each clinic and our agreements with them


We may keep some information longer where required for legal, accounting or regulatory purposes.



9. Your rights

Under UK data protection law, you have the following rights in relation to your personal data we control:


Right of access — to obtain a copy of your personal data

Right to rectification — to correct inaccurate or incomplete data

Right to erasure — to ask us to delete your data in certain circumstances

Right to restriction — to ask us to restrict processing in certain circumstances

Right to data portability — to receive your data in a structured, commonly used format and have it transmitted to another controller where technically feasible

Right to object — to object to processing based on legitimate interests, including B2B marketing

Right to withdraw consent — where we process your data on the basis of consent (such as marketing cookie tracking), you may withdraw that consent at any time without affecting the lawfulness of processing before withdrawal


You can exercise these rights by contacting us at [email protected]. We may need to verify your identity before acting on your request.


If we are processing your data on behalf of a clinic (as a processor), we may need to forward your request to that clinic to handle.


You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you are unhappy with how we use your data: ico.org.uk.



10. Marketing communications

If you are a dental professional or business contact, we may send you information about our services that we believe may be relevant to you, based on our legitimate interests in B2B marketing.


You can opt out at any time by:


Clicking the "unsubscribe" link in our emails, or

Replying "STOP" to SMS, or

Contacting us at [email protected]


We will then stop sending you marketing communications, though we may still contact you about services you are receiving or other non-marketing matters.



11. Security

We take reasonable technical and organisational measures to protect personal data, including:


Encrypted connections (HTTPS) on our website and core systems

Use of reputable, security-conscious service providers

Access controls and role-based permissions

Multi-factor authentication on key systems

Regular review of user access and credentials


However, no method of transmission or storage is completely secure. We cannot guarantee absolute security of your data.



12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website and will show the date it was last updated.





Cookie Policy

Last updated: 09/06/26



1. About this policy

This Cookie Policy explains how Oceanhouse Solutions Ltd ("we", "us", "our") uses cookies and similar tracking technologies on our website and landing pages. For more information about how we use personal data more broadly, please see our Privacy Policy above.



2. What are cookies?

Cookies are small text files stored on your device when you visit a website. They help the site work properly and can also be used to remember preferences or understand how visitors use the site. We also use similar technologies such as tracking pixels and server-side data collection, which we refer to collectively as "cookies" in this policy.



3. How we manage your consent

We use a consent management tool called Cookiebot to manage your cookie preferences. When you first visit our website or landing pages, a banner will appear giving you the option to accept or decline non-essential cookies. You can change your preferences at any time by clearing your browser cookies and revisiting the site, which will re-trigger the consent banner.


Only strictly necessary cookies are set before you make a choice. All other cookies require your explicit consent before they activate.


We use Google Tag Manager (GTM) to manage all tracking and analytics tags on our website. GTM is configured to read Cookiebot's consent signals — when you accept or decline cookie categories, GTM uses those signals to determine which tags are permitted to fire. No marketing or analytics tags will fire without the relevant consent being granted.



4. The cookies we use

a) Strictly necessary cookies

These are essential for our website and landing pages to function correctly. They include Cookiebot's own consent record cookie, which stores your cookie preferences so we do not ask you again on every visit.


Cookie

Provider

Purpose

Expiry

CookieConsent

Cookiebot

Stores your cookie consent preferences

12 months


You cannot opt out of strictly necessary cookies. They do not store information used for marketing purposes.

b) Analytics / performance cookies (non-essential)

These help us understand how visitors use our pages so we can improve them. We only set these cookies with your consent. These cookies are managed through Google Tag Manager and will not be set if you decline analytics cookies.


Cookie

Provider

Purpose

Expiry

_ga

Google Analytics 4

Assigns an anonymous identifier to distinguish unique visitors and track usage patterns

2 years


If you decline analytics cookies, we will not track your individual browsing behaviour.

c) Advertising / marketing cookies (non-essential)

We use Meta (Facebook) advertising tools to measure the performance of our ads and build audiences for marketing. These tools are managed through Google Tag Manager and will only activate if you consent to advertising cookies.


Cookie

Provider

Purpose

Expiry

_fbp

Meta

Identifies browsers for advertising measurement and audience building

3 months

_fbc

Meta

Stores click information from Meta ads you clicked before visiting our site

3 months


These cookies help us understand which ads led to enquiries and avoid showing irrelevant advertising to people who have already contacted us.



5. Google Tag Manager

We use Google Tag Manager to manage the loading of all tracking and analytics scripts on our website. GTM itself does not set any cookies directly. It acts as a container that controls when other tools (such as Meta Pixel and Google Analytics) are allowed to load, based on the consent signals received from Cookiebot.


All tags within GTM are configured to require the appropriate consent category before firing. Marketing tags require advertising consent. Analytics tags require analytics consent. No tags fire before consent is given.


Google Tag Manager may process data in the United States. For more information, see Google's privacy policy at policies.google.com/privacy.



6. Server-side conversion tracking (Meta Conversions API)

In addition to the browser-based Meta Pixel above, we use Meta's Conversions API (CAPI) to send conversion event data directly from our servers to Meta.


How consent works with CAPI: CAPI is only triggered when a visitor has consented to advertising/marketing cookies via our Cookiebot banner. If a visitor declines marketing cookies, no data is sent to Meta via CAPI. This is enforced through our Google Tag Manager server container, which checks the consent signal before firing any outgoing requests to Meta.


Event data sent via CAPI may include:


Hashed versions of contact information submitted through our forms (such as name, email address, and phone number)

Event data such as the fact that an enquiry was submitted or an appointment was booked


This data is used solely for advertising measurement and optimisation purposes. We do not send sensitive health or clinical data via this tool.


Stape: Our server-side GTM container is hosted by Stape, a server infrastructure provider based in the EU (France). Event data passes through Stape's servers en route to Meta. Stape processes data solely for the purpose of routing events and does not retain or use event data for its own purposes.


For more information about how Meta handles conversion data, see Meta's Privacy Policy at facebook.com/privacy/policy.



7. Cookies on GoHighLevel-hosted pages

Some of our landing pages and booking forms are hosted on GoHighLevel, a third-party marketing platform. GoHighLevel may set its own strictly necessary cookies to keep forms and booking flows functioning correctly. These are operational cookies and do not require consent.



8. Your choices

You can manage your cookie preferences in the following ways:


Via our consent banner — accept or decline non-essential cookies when you first visit

Via your browser settings — most browsers allow you to view, delete, or block cookies from specific sites. Note that blocking cookies may affect how our pages function

Via Cookiebot — to withdraw consent, clear your browser cookies and revisit the site to re-trigger the banner


Please note that declining advertising cookies does not affect whether you see ads from us on Meta platforms — it only affects our ability to measure and optimise those ads.


For general information about cookies, visit www.allaboutcookies.org.



9. Changes to this policy

We may update this Cookie Policy from time to time, for example if we introduce new tools or tracking methods. The "Last updated" date at the top reflects when it was last changed. Significant changes will be reflected in an updated consent banner.

Cookie Declaration

Oceanhouse Solutions Ltd.

71-75 Shelton Street, London, England, WC2H 9JQ

16731221 Registered in England and Wales

ICO Registration No:  ZC019145

© Copyright 2026. Oceanhouse Solutions Ltd. All Rights Reserved.