EduStack
Privacy Policy

First Principles Dental Training UK - Privacy Policy

Effective Date: 7/18/2025

1. Introduction and Our Commitment

First Principles Dental Training UK ("First Principles," "we," "us," or "our") is committed to protecting the privacy and security of personal data. This Privacy Policy explains how we collect, use, share, and protect personal data in connection with the services we provide to dental practices ("Customers") through our call recording, training, and analytics platform (the "Services").

We comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

If you have any questions about this Privacy Policy or wish to exercise your data protection rights regarding information First Principles processes as a Controller, please contact our Data Protection Contact at:

Email: privacy@edustack.co.uk

Address: 

FIRST PRINCIPLES DENTAL TEAM TRAINING UK LIMITED

Belfry House Bell Lane

HERTFORD

SG14 1BP

2. First Principles UK as a Data Processor

When providing our Services to Customers (dental practices), First Principles acts as a Data Processor. Our Customers act as Data Controllers for the personal data processed through our Services.

  • What this means: We process personal data, including call recordings which may contain patient information and staff information, on behalf of and under the instruction of our Customers.
  • Customer Data: The personal data processed in this context is "Customer Data" as defined in our Agreement with the Customer and includes information relating to the Customer's patients and staff members captured during recorded telephone calls or inputted into the Services by Authorised Users of the Customer. This may include Special Categories of Personal Data, such as data concerning health, if discussed during recorded calls.
  • Lawful Basis and Purpose: Our Customers (the Dental Practices) are responsible for determining the lawful basis and purpose for collecting and processing this Personal Data through our Services. We process this data based on the contractual agreement (including the Data Processing Addendum) we have with our Customers.

3. What Services Does First Principles UK Provide?

First Principles UK provides a software-as-a-service platform designed to help dental practices improve staff performance and patient communication. Our Services include:

  • Call recording and secure storage of telephone conversations (as configured by the Customer).
  • Playback functionality for authorised Customer staff for training and quality assurance.
  • Automated transcription of call recordings.
  • AI-driven call analysis, feedback, and role-play simulations for training purposes.
  • Analytics and reporting related to call handling and staff performance.

4. What Information Do We Process as a Processor?

On behalf of our Customers, the Services may process the following categories of Personal Data, primarily derived from call recordings and service usage:

  • Categories of Data Subjects:
    • Patients and prospective patients of the Customer.
    • Staff members of the Customer.
    • Other individuals interacting with the Customer via recorded calls.
  • Categories of Personal Data:
    • Call Audio Recordings.
    • Call Metadata: (e.g., phone numbers, call date/time/duration, staff identifiers).
    • Transcription Data.
    • Service Usage Data: (e.g., evaluation scores, notes added by Customer's users).
    • Information Voluntarily Provided During Calls: Any personal details discussed during the call.
  • Special Categories of Personal Data: Call recordings and transcriptions may contain data concerning health and potentially other special category data if disclosed during a call.

First Principles does not typically collect Personal Data directly from patients. We process Personal Data that our Customers (the Dental Practices) make available through their use of our Services.

5. Who Does First Principles Share Information With (as a Processor)?

When acting as a Data Processor, First Principles will only share Customer Data (which may include Personal Data of patients and staff) in the following circumstances:

  • With the instructing Controller (our Customer): The Customer and its Authorised Users have access to their own Customer Data through the Services as per their access rights.
  • With our authorised Sub-processors: We engage Sub-processors to provide specific components of our Services (e.g., call ingestion, cloud hosting, transcription services). These Sub-processors are contractually bound to protect the data and only process it according to our instructions and for the purposes of providing their services to us. A list of our Sub-processors is provided in our Data Processing Addendum with our Customers.
  • As required by law: If legally compelled to do so by a court order, subpoena, or other legal process from a body with proper jurisdiction. We will aim to notify the Customer before such disclosure unless legally prohibited.
  • To enforce our rights, prevent fraud, and for safety: To protect and defend the rights, property, or safety of First Principles, our Customers, or others.

First Principles does not sell Customer Data or Personal Data processed on behalf of our Customers.

6. Data Subject Rights

Data Subjects (e.g., patients or staff of our Customers) have certain rights under the UK GDPR regarding their Personal Data. These rights include:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (right to be forgotten)
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

The applicability of these rights may depend on the lawful basis for processing determined by the Controller.

Since First Principles primarily acts as a Data Processor for patient and staff call data, Data Subjects should direct any requests to exercise their rights to the relevant Dental Practice (the Data Controller). First Principles is committed to assisting our Customers in fulfilling Data Subject Rights requests in accordance with our DPA.

7. Automated Decision Making and Profiling

First Principles' Services may involve AI-driven analysis and scoring of calls for training and quality assurance purposes as directed by the Customer. However, First Principles does not use the Personal Data processed on behalf of its Customers to make automated decisions that produce legal effects concerning Data Subjects or similarly significantly affect them without human intervention, outside the scope of the Services provided to the Customer. Any such decision-making remains the responsibility of the Controller. * [Annotation: This clarifies your use of AI. Ensure it accurately reflects how your AI features work and what kind of "scoring" or "feedback" is generated and for what purpose.]

8. How Does First Principles Protect Information?

First Principles is committed to ensuring the security and confidentiality of Personal Data. We implement and maintain appropriate technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include, but are not limited to:

  • Regular training for our staff on data protection and security.
  • Internal policies and procedures for data handling, reviewed regularly.
  • Access controls to ensure only authorised personnel access Personal Data on a need-to-know basis.
  • Encryption of Personal Data in transit (e.g., TLS) and at rest (e.g., AES-256).
  • Secure system design and infrastructure (details are provided in Annex II of our DPA).
  • Procedures for managing and reporting security incidents.
  • Due diligence and contractual agreements with our Sub-processors requiring them to maintain appropriate security measures.
    • [Annotation: This should be a summary that aligns with your detailed TOMs in Annex II of the DPA.]

9. Cookies and Tracking Technologies (For First Principles' Website/Platform) * [Annotation: The VoiceStack DPA had a cookies section. This is relevant if you have a website or if your platform (web portal for admins, potentially the mobile app if it uses web views or similar tech) uses cookies or similar tracking technologies for functionality, analytics, or marketing. You need to customize this based on YOUR actual use of cookies.]

When you visit our website (https://www.edustack.co.uk/) or use our platform, we may use cookies and similar tracking technologies (like pixels or web beacons) to enhance your user experience, analyze usage, and for other legitimate purposes.

  • What are Cookies? Cookies are small text files stored on your device (computer, tablet, mobile) when you visit websites.
  • How We Use Cookies: We may use cookies for:
    • Essential Operations: To enable core site functionality, like remembering login details or session information.
    • Performance and Analytics: To understand how visitors interact with our website and services, which helps us improve them (e.g., using Google Analytics).
    • Functionality: To remember your preferences and provide enhanced features.

10. Data Breaches

In the event of a Personal Data Breach affecting Personal Data for which we are a Processor, we will notify the relevant Controller (our Customer) without undue delay, in accordance with the terms of our DPA. We will provide reasonable assistance to the Controller in investigating and mitigating the breach. Where a breach affects Personal Data for which First Principles is a Controller, we will take appropriate steps to notify affected individuals and the Information Commissioner’s Office (ICO) if required by UK GDPR.

11. International Data Transfers

Personal Data processed by First Principles is primarily stored and processed within the United Kingdom or the European Economic Area (EEA). Where Personal Data is transferred to Sub-processors located outside the UK/EEA to countries not deemed adequate by the UK Secretary of State, such transfers are governed by appropriate safeguards, typically the UK IDTA, as detailed in our DPA.

12. Data Retention

First Principles retains Personal Data processed on behalf of Controllers for the periods specified in our DPA and Annex I (Details of Processing) therein, or as otherwise instructed by the Controller. For Personal Data where First Principles is the Controller (e.g., our own business contacts), we retain it for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. If we make material changes, we will notify you by revising the date at the top of this policy and, where appropriate, by other means (such as posting a notice on our website or sending you a direct notification). We encourage you to review this Privacy Policy periodically to stay informed about our information practices.

14. How to Raise Issues or Make Complaints

If you have any concerns about how First Principles handles Personal Data, or if you wish to make a complaint, please contact our Data Protection Contact in the first instance:

Data Protection Contact First Principles Dental Training UK Email: privacy@edustack.co.uk Address: 

FIRST PRINCIPLES DENTAL TEAM TRAINING UK LIMITED

Belfry House Bell Lane

HERTFORD

SG14 1BP

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues: Information Commissioner’s Office Wycliffe House, Water Lane Wilmslow, Cheshire SK9 5AF UK Website: www.ico.org.

Get In Touch

Sign Up Today