Privacy Policy

HEY PRESTO LTD – PRIVACY POLICY

Last updated: 2026-05-17

1. INTRODUCTION

HEY PRESTO LTD (“Presto”, “we”, “us”, “our”) is committed to protecting personal data and respecting privacy rights.

This Privacy Policy explains how we collect, use, process, store, and protect personal data when you use:

  • the Presto platform;

  • our website;

  • payment workflows;

  • and related services.

2. WHO WE ARE

HEY PRESTO LTD
Company Number: 14860154
Registered in England and Wales

Website:
https://heypresto.dental

Contact:
support@heypresto.dental

Registered Office:
Spark, Maindy Rd, Cardiff, Wales, CF24 4HQ

3. OUR ROLE

Depending on the circumstances, Presto may act as:

  • a data controller;

  • a data processor;

  • or both.

Presto acts as a controller for:

  • account management;

  • billing;

  • payment administration;

  • security monitoring;

  • fraud prevention;

  • analytics;

  • support;

  • and operational administration.

Presto may act as a processor where:

  • dental practices or laboratories upload patient-related or workflow-related information to the Platform;

  • and Presto processes such data solely on behalf of those customers.

Dental practices and laboratories remain responsible for ensuring they have appropriate lawful grounds to submit patient-related information to the Platform.

4. TYPES OF DATA WE COLLECT

We may collect and process:

Account and Organisation Data

  • names

  • email addresses

  • phone numbers

  • organisation information

  • login/account details

Workflow and Operational Data

  • laboratory quote requests

  • pricing information

  • communications

  • workflow activity

  • transaction records

Patient-Related Information

Where submitted by Practices or Laboratories:

  • patient names

  • contact information

  • appliance/workflow details

  • treatment-related administrative information

  • payment references

Presto is not intended to store comprehensive medical records or extensive clinical histories.

Technical Data

  • IP addresses

  • browser/device information

  • timestamps

  • authentication logs

  • usage analytics

Payment Information

Payments are processed by Stripe and other payment providers.

Presto does not store full payment card details.

5. PURPOSES AND LAWFUL BASES

We process personal data for purposes including:

Purpose

Categories of Data

Lawful Basis

Providing platform services

Account, workflow, operational data

Contractual necessity

Managing accounts

Account and organisation data

Contractual necessity

Facilitating payments

Payment and transaction data

Contractual necessity

Security and fraud prevention

Technical and usage data

Legitimate interests

Service improvement and analytics

Technical and usage data

Legitimate interests

Legal and regulatory compliance

Relevant operational and transaction data

Legal obligation

Communications and support

Account and workflow data

Legitimate interests / contractual necessity

Where we rely on legitimate interests, those interests generally include:

  • operating and improving the Platform;

  • maintaining security;

  • preventing misuse or fraud;

  • supporting customers;

  • and maintaining operational integrity.

6. DATA SHARING AND SUBPROCESSORS

We may share personal data with trusted third-party service providers and subprocessors that help us operate, secure, and improve the Platform, including:

  • payment processing providers;

  • cloud hosting and infrastructure providers;

  • database and workflow service providers;

  • communications and notification providers;

  • form and onboarding providers;

  • analytics and monitoring providers; and

  • professional advisers, legal advisers, and compliance providers.

These providers may include services such as Stripe, Twilio, and other operational software providers used to support the Platform.

We require such providers to process personal data only in accordance with applicable data protection laws and appropriate contractual safeguards.

7. INTERNATIONAL TRANSFERS

Presto aims to store and process data within the United Kingdom wherever reasonably practicable.

Where personal data is processed outside the UK, we implement appropriate safeguards in accordance with UK data protection laws.

8. DATA RETENTION

We retain personal data only for as long as reasonably necessary:

  • to provide services;

  • comply with legal obligations;

  • maintain records;

  • resolve disputes;

  • and enforce agreements.

Retention periods may vary depending on:

  • the type of data;

  • operational requirements;

  • legal obligations;

  • and the nature of customer relationships.

9. SECURITY

We implement reasonable technical and organisational measures designed to protect personal data against:

  • unauthorised access;

  • misuse;

  • loss;

  • disclosure;

  • or destruction.

10. YOUR RIGHTS

Depending on applicable law, individuals may have rights to:

  • access personal data;

  • correct inaccurate information;

  • erase personal data;

  • restrict processing;

  • object to processing;

  • and request portability of certain data.

Individuals may also:

  • withdraw consent where consent is relied upon;

  • and lodge complaints with the UK Information Commissioner’s Office (ICO).

Rights requests may be submitted to:
support@heypresto.dental

11. COOKIES AND ANALYTICS

We may use cookies and analytics technologies for:

  • authentication;

  • functionality;

  • security;

  • performance monitoring;

  • and service improvement.

Further information is available in our Cookie Policy.

12. CONTACT

Privacy-related enquiries may be sent to:
support@heypresto.dental

You also have the right to complain to the UK Information Commissioner’s Office:
https://ico.org.uk

‹ Patient Payment Terms

Data Processing Addendum ›