Privacy Policy
Effective Date: 15th March 2026
Smile High operates exclusively as a dental tourism agency and patient facilitation service. We act solely as an intermediary between patients (primarily residents of the United Kingdom and Ireland) and independently licensed dental clinics in Albania. We do not provide medical advice, medical diagnosis, clinical treatment, or healthcare services. All clinical decisions, examinations, diagnoses, treatment plans, procedures, and aftercare are the sole responsibility of the treating dental clinic and its licensed dental professionals.
This Privacy Policy explains in full detail how we collect, process, store, transfer, and protect your personal data in accordance with applicable data protection laws, including but not limited to:
The UK General Data Protection Regulation (UK GDPR)
The EU General Data Protection Regulation (EU GDPR), where applicable
The UK Data Protection Act 2018
By using our website or services, you acknowledge that you have read and understood this Privacy Policy.
We collect personal data that is necessary, proportionate, and relevant to the purpose of facilitating dental tourism services. We apply the principle of data minimisation and only request information that is required to connect you with appropriate dental clinics and assist with travel coordination.
When you contact us, submit an enquiry, or engage our services, we may collect:
Full legal name
Date of birth (if required for booking or clinic identification purposes)
Email address
Telephone number (mobile and/or landline)
Country of residence
City of residence
Nationality (where relevant for travel purposes)
Preferred method of communication
Travel availability and preferred travel dates
Accommodation preferences
Emergency contact information (if voluntarily provided)
Any information included in your direct communications with us
This information allows us to respond to your enquiry and coordinate consultations efficiently.
Because we operate within the dental tourism sector, you may voluntarily provide health-related information in order to receive preliminary treatment assessments from partner clinics. This may include:
Dental history
Existing dental conditions
Description of symptoms
Previous dental treatments
X-rays
Photographs of teeth
CT scans (if voluntarily shared)
Treatment goals or preferences
Relevant medical conditions (if disclosed by you)
This data is classified as special category data under UK GDPR and EU GDPR.
We:
Collect such information only with your explicit consent
Do not interpret or medically evaluate your data
Do not provide clinical recommendations
Transmit your information securely to partner clinics solely for consultation and quotation purposes
Smile High does not act as a healthcare provider and does not determine medical suitability for treatment.
When you access our website, certain information may be collected automatically through cookies or analytics tools, including:
IP address
Device type
Browser type and version
Operating system
Time zone setting
Website pages visited
Date and time of access
Referring website
Clickstream data
Session duration
This information is used for:
Website performance monitoring
Security protection
Fraud prevention
Service improvement
Statistical analysis
Smile High Dental Tourism Agency processes personal data strictly in accordance with applicable data protection legislation, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, and the UK Data Protection Act 2018.
We do not process personal data arbitrarily. Every category of data collected and every processing activity undertaken by Smile High is supported by at least one recognised lawful basis under Article 6 of the UK/EU GDPR. Where health-related information is involved, we additionally rely on conditions under Article 9 for special category data.
Below is a detailed explanation of the lawful bases upon which we rely.
We process personal data where such processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.
When you contact Smile High to request information, obtain a quotation, or arrange dental tourism services, you are asking us to take steps on your behalf. In order to do so, we must process certain personal information.
Processing under this lawful basis may include:
Responding to your initial enquiry
Collecting contact details
Forwarding your case to partner clinics
Coordinating appointment scheduling
Communicating travel dates
Assisting with accommodation arrangements
Managing administrative follow-up
Without processing this information, we would be unable to provide the facilitation services you have requested.
This lawful basis applies strictly to services we provide as a dental tourism facilitator. It does not extend to medical treatment itself, which is governed by the independent clinic’s contractual relationship with you.
Where we process health-related information (special category data), we rely on your explicit consent.
Health data includes:
Dental history
X-rays
Photographs
Medical disclosures relevant to treatment
Treatment objectives
Because this data is sensitive in nature, we require a clear and affirmative indication that you consent to us transmitting this information to partner clinics for consultation and quotation purposes.
Your consent must be:
Freely given
Specific
Informed
Unambiguous
Provided through a clear affirmative action
You have the right to withdraw your consent at any time by contacting us in writing. If consent is withdrawn:
We will cease processing your health-related data
We will stop transmitting your information to clinics
We may not be able to continue facilitating your case
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Smile High does not rely on implied consent for medical data. Explicit consent is always required.
We may process personal data where it is necessary for our legitimate business interests, provided that such interests are not overridden by your fundamental rights and freedoms.
Legitimate interests may include:
Improving our website functionality
Enhancing customer service
Maintaining internal records
Ensuring IT security and system integrity
Preventing fraud or misuse of services
Managing business operations
Responding to complaints or disputes
Conducting internal audits
Before relying on legitimate interests, we carry out an internal balancing test to ensure:
The processing is necessary
The impact on your privacy is minimal
Your rights are not unfairly compromised
Where appropriate, we implement safeguards such as data minimisation, access restrictions, and encryption.
You have the right to object to processing based on legitimate interests at any time.
We may process personal data where necessary to comply with legal obligations to which Smile High is subject.
This may include compliance with:
Tax and accounting regulations
Anti-fraud requirements
Court orders
Regulatory investigations
Law enforcement requests
Consumer protection laws
In such cases, processing is limited strictly to what is required by law.
Where necessary, we may process personal or health-related data for the establishment, exercise, or defence of legal claims.
This may arise in situations involving:
Contractual disputes
Complaints
Regulatory investigations
Claims relating to services facilitated
Such processing will be proportionate and limited to what is necessary to protect legal rights.
Given that Smile High facilitates treatment in Albania for patients primarily located in the United Kingdom and Ireland, personal data may be transferred internationally.
Where personal data is transferred outside the UK or EU, we ensure that at least one of the following safeguards applies:
Contractual data protection clauses
Confidentiality agreements
Secure encrypted transmission methods
Data minimisation practices
Controlled access limitations
International transfers are conducted only for the purpose of fulfilling your request for dental tourism facilitation.
Smile High does not engage in:
Automated decision-making producing legal effects
Algorithmic medical assessments
Profiling for clinical conclusions
All treatment decisions are made solely by licensed dental professionals at independent clinics.
Regardless of the lawful basis relied upon, Smile High adheres to the core GDPR principles of:
Lawfulness
Fairness
Transparency
Purpose limitation
Data minimisation
Accuracy
Storage limitation
Integrity and confidentiality
We process only the personal data that is necessary for clearly defined purposes and do not retain data longer than required.
Smile High Dental Tourism Agency treats all personal data with strict confidentiality. We do not sell, rent, lease, trade, or commercially distribute your personal information under any circumstances.
We share personal data only where it is necessary, proportionate, and directly related to the facilitation of dental tourism services, or where we are legally required to do so.
Because we operate as an intermediary between patients in the United Kingdom and Ireland and licensed dental clinics in Albania, certain information must be shared to fulfil our coordination role. However, we limit all disclosures to the minimum data necessary for the intended purpose.
Below is a detailed explanation of when, why, and how information may be shared.
In order to obtain treatment assessments, quotations, and appointment availability, we may share relevant personal and medical information with selected partner dental clinics in Albania.
This may include:
Full name
Date of birth (where required by the clinic)
Contact details
Dental history
X-rays
Photographs
Treatment objectives
Relevant medical disclosures voluntarily provided by you
The purpose of this sharing is strictly to:
Enable clinics to review your case
Prepare preliminary treatment plans
Provide cost estimates
Assess scheduling availability
Communicate directly with you where appropriate
Each partner clinic operates as:
An independent healthcare provider
An independent data controller
A licensed medical entity under its own regulatory framework
Once your data is lawfully transferred for consultation purposes:
The clinic becomes independently responsible for how it processes medical data
The dentist assumes clinical responsibility
A direct medical relationship is formed between you and the clinic
Smile High does not:
Control the clinical decision-making process
Interfere with treatment planning
Supervise medical procedures
Guarantee treatment outcomes
Our role remains administrative and facilitative only.
If you request assistance with travel coordination, we may share limited personal information with third-party service providers, such as:
Hotels
Airport transfer services
Transportation providers
Accommodation partners
The information shared may include:
Full name
Contact number
Travel dates
Arrival/departure times
We share only the information strictly required to secure reservations or coordinate logistics.
Smile High is not responsible for the independent privacy practices of travel or accommodation providers. We encourage clients to review the privacy policies of those providers separately.
We may disclose limited personal data to trusted professional advisers where necessary, including:
Legal advisers
Accountants
Insurers
Compliance consultants
Such disclosures may occur for:
Legal compliance
Contractual disputes
Insurance claims
Regulatory matters
Risk management
All professional advisers are subject to confidentiality obligations.
We may disclose personal information where required by law or where we believe disclosure is necessary to:
Comply with a legal obligation
Respond to court orders or lawful requests
Cooperate with law enforcement authorities
Protect our legal rights
Prevent fraud or unlawful activity
Defend against legal claims
Any such disclosure will be limited strictly to what is legally required.
Due to the cross-border nature of dental tourism, personal data may be transferred internationally, including from:
The United Kingdom to Albania
EU Member States to Albania
Where international transfers occur, we implement appropriate safeguards, which may include:
Contractual data protection clauses
Confidentiality agreements
Secure encrypted communication channels
Access controls
Data minimisation measures
Such transfers are conducted solely for the purpose of fulfilling your request for facilitation services.
In certain circumstances, we may use trusted third-party service providers who process data on our behalf, such as:
Website hosting providers
Email service providers
IT support services
Cloud storage providers
CRM systems
These providers are contractually obligated to:
Process data only on our instructions
Maintain confidentiality
Implement appropriate security measures
Comply with applicable data protection laws
They are not permitted to use your data for their own independent purposes.
Smile High Dental Tourism Agency explicitly confirms:
We do not sell personal data.
We do not monetise personal data.
We do not share data with advertising networks.
We do not allow third parties to use your data for marketing unrelated services.
Your information is used exclusively for the facilitation of dental tourism services and lawful operational purposes.
Once personal data has been lawfully transferred to an independent dental clinic or service provider at your request:
The receiving entity assumes responsibility for its own data protection compliance.
Smile High is not responsible for independent actions taken by third-party data controllers.
Any medical data subsequently created during treatment is governed by the clinic’s own privacy policy and regulatory obligations.
We strongly encourage all patients to review the privacy policies of partner clinics before proceeding with treatment.
Due to the nature of our services as a dental tourism facilitation agency connecting patients primarily located in the United Kingdom and Ireland with licensed dental clinics in Albania, the transfer of personal data across international borders is an essential component of our operations.
Smile High Dental Tourism Agency recognises that international transfers of personal data carry additional legal and security considerations. We are committed to ensuring that any such transfers are conducted lawfully, securely, and in compliance with applicable data protection legislation, including the UK GDPR and EU GDPR where relevant.
When you engage our services, your personal data may be transferred:
From the United Kingdom to Albania
From an EU Member State to Albania
Between service providers operating in different jurisdictions
Through secure cloud-based systems hosted in approved jurisdictions
These transfers occur strictly for the purpose of:
Facilitating communication with partner dental clinics
Obtaining treatment quotations
Coordinating appointments
Assisting with travel arrangements (if requested)
International data transfers are limited to what is necessary to fulfil your request for facilitation services.
International transfers are carried out under one or more of the following lawful mechanisms:
Your explicit consent to transmit medical documentation to clinics abroad
Contractual necessity for the performance of services requested by you
Implementation of appropriate safeguards as required under UK and EU data protection laws
Where required, we ensure that appropriate contractual or organisational measures are in place to safeguard personal data.
To ensure that your personal data remains protected when transferred internationally, Smile High implements reasonable and proportionate safeguards, which may include:
Secure encrypted email transmission
Password-protected documentation
Secure file-sharing platforms
Access restrictions within our organisation
Confidentiality agreements with partner clinics
Contractual data protection clauses where appropriate
Limitation of data to what is strictly necessary
We apply data minimisation principles to ensure that only relevant information required for consultation or booking purposes is transferred.
It is important to clarify that once personal data has been transmitted to a licensed dental clinic in Albania at your request:
The clinic acts as an independent data controller.
The clinic assumes responsibility for processing medical data in accordance with its own legal and regulatory framework.
The dentist establishes a direct clinical relationship with you.
Smile High does not control the internal data handling policies of independent clinics once the transfer has occurred lawfully and at your request.
We strongly encourage patients to review the privacy policies of the treating clinic before proceeding with treatment.
Certain service providers used by Smile High (such as email platforms, cloud storage providers, CRM systems, and website hosting providers) may process data in jurisdictions outside the UK and Ireland.
Where this occurs:
We use reputable providers that implement appropriate security standards.
We ensure contractual safeguards are in place where required.
We take reasonable steps to confirm that adequate technical and organisational measures are implemented.
Such transfers are limited to administrative and operational data required to deliver our services.
To reduce the risks associated with international transfers, we implement technical security measures such as:
Secure communication channels
Password-protected attachments
Limited access controls
Internal data handling procedures
Staff confidentiality obligations
However, no method of electronic transmission over the internet can be guaranteed to be completely secure. While we take reasonable precautions, you acknowledge that cross-border electronic communication carries inherent risks.
By voluntarily submitting your personal and medical information to Smile High for the purpose of obtaining treatment assessments abroad, you acknowledge and consent to the international transfer of your data to selected partner clinics and service providers as necessary to fulfil your request.
If you do not wish for your data to be transferred internationally, we may be unable to facilitate your dental tourism enquiry.
Once personal data has been lawfully transferred to an independent clinic or service provider at your request:
Smile High is not responsible for the independent data handling practices of that third party.
Any further processing of medical data is governed by the clinic’s own privacy policy.
Clinical records created during treatment fall under the responsibility of the treating clinic.
Our responsibility remains limited to the secure and lawful facilitation of the initial transfer.
Smile High Dental Tourism Agency takes the security of personal data extremely seriously and implements a combination of technical, organisational, and administrative measures designed to protect personal information against unauthorised access, accidental loss, alteration, disclosure, or destruction.
We recognise that the data we handle includes not only basic personal information but also sensitive health-related documentation such as dental records, X-rays, and medical histories. For this reason, we apply enhanced safeguards appropriate to the nature and sensitivity of the data processed.
However, while we implement robust security measures, no system, method of transmission, or electronic storage environment can be guaranteed to be completely secure. By using our services, you acknowledge this inherent limitation.
We maintain strict internal policies and procedures to ensure that personal data is handled responsibly and securely by all staff members and contractors.
These measures include:
Confidentiality obligations for all staff and collaborators
Access control policies restricting data access to authorised personnel only
Role-based access permissions (staff only access data necessary for their role)
Internal training on data protection and GDPR compliance
Procedures for handling sensitive medical documentation securely
Clear internal reporting channels for data security concerns or breaches
Access to personal data is granted strictly on a “need-to-know” basis.
We implement a range of technical safeguards designed to protect personal data in electronic form, including but not limited to:
Secure Socket Layer (SSL) encryption on website communications where applicable
Encrypted email communication for sensitive documentation where available
Password-protected files for medical records such as X-rays and scans
Secure cloud storage solutions provided by reputable service providers
Multi-factor authentication for internal systems where possible
Firewalls and intrusion detection systems to protect against unauthorised access
Regular system updates and security patch management
Malware and antivirus protection on company devices
These measures are regularly reviewed and updated in line with evolving cybersecurity standards.
We reduce security risks by limiting the amount of personal data stored and restricting access:
Only necessary data is collected for service provision
Medical files are shared only with relevant partner clinics
Access to sensitive documents is restricted to authorised coordination staff
Data is not stored longer than required for operational purposes
Unnecessary copies of documents are not retained
This significantly reduces exposure in the event of a security incident.
When transmitting personal or medical data, especially across borders, we apply enhanced security measures such as:
Encrypted email services where available
Secure file-sharing platforms with restricted access links
Password-protected attachments sent separately from files
Verification of recipient identity before data transfer
Controlled distribution of medical documentation to approved clinics only
We take reasonable steps to ensure that data is not intercepted, altered, or accessed by unauthorised parties during transmission.
Personal data is stored using secure systems designed to prevent unauthorised access or data loss. These may include:
Secure cloud-based storage providers with industry-standard certifications
Access-restricted databases
Encrypted storage environments where appropriate
Regular backups to prevent accidental data loss
Secure deletion protocols for obsolete data
Data storage systems are selected based on their compliance with recognised security standards.
Once personal data has been securely transmitted to a partner dental clinic in Albania:
That clinic becomes independently responsible for securing the data
The clinic applies its own technical and organisational measures
Smile High has no control over the internal systems of the clinic
Clinics are expected to comply with applicable healthcare and data protection regulations
We only engage with clinics that are expected to maintain appropriate professional standards.
In the unlikely event of a personal data breach, Smile High has procedures in place to:
Identify and assess the nature of the breach
Contain and mitigate the impact
Restore system security
Notify affected individuals where legally required
Report breaches to relevant supervisory authorities where applicable
Review and improve security practices to prevent recurrence
All breaches are treated seriously and investigated promptly.
All personnel involved in processing personal data receive appropriate training covering:
GDPR principles and obligations
Secure handling of sensitive medical data
Phishing and cybersecurity awareness
Data breach prevention and reporting procedures
Confidentiality requirements
Training is updated periodically to reflect changes in legislation and best practice.
While we take all reasonable steps to protect personal data, you acknowledge and accept that:
No internet-based transmission is completely secure
Email communication may carry inherent risks
External systems and networks may be vulnerable to interception
Absolute security cannot be guaranteed
We therefore encourage users to share sensitive information only when necessary and through recommended secure channels.
Smile High Dental Tourism Agency retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, in accordance with the principles of storage limitation and data minimisation under the UK GDPR and EU GDPR.
We do not retain personal data indefinitely, and we implement structured retention periods based on the nature of the data, the purpose of processing, and any applicable legal or regulatory obligations.
Once data is no longer required for its original purpose, it is securely deleted, anonymised, or permanently de-identified.
As a general rule, Smile High retains personal data only for the duration necessary to:
Provide dental tourism facilitation services
Manage ongoing communication with patients
Coordinate consultations and clinic interactions
Assist with travel arrangements (if applicable)
Maintain internal administrative records
Comply with legal and regulatory obligations
Resolve disputes or enquiries
Retention periods are determined based on operational necessity and legal compliance requirements.
If you make an enquiry but do not proceed with our services, we may retain your personal data for a limited period in order to:
Respond to follow-up questions
Maintain business communication records
Analyse service demand trends
Improve customer service quality
Prevent duplicate or fraudulent enquiries
Typically, such data is retained for a reasonable period not exceeding what is necessary for administrative follow-up and service improvement purposes, after which it is securely deleted or anonymised.
Where you proceed with Smile High services, we may retain your personal and case-related information for the duration of the facilitation process, including:
Initial enquiry stage
Clinic matching and referral stage
Consultation stage
Travel coordination stage (if applicable)
Post-consultation communication
Once your case is completed, we retain relevant records for a limited period to:
Support customer service enquiries
Resolve disputes or complaints
Maintain business records
Comply with legal obligations
Retention of completed case files is limited to what is necessary and proportionate under applicable law.
Health-related information (including dental records, X-rays, photographs, and scans) is treated as special category data and is subject to stricter retention controls.
We retain such data only:
For the duration required to facilitate consultation with partner clinics
For as long as necessary to support ongoing treatment coordination (if applicable)
For dispute resolution or legal protection purposes where required
Once the facilitation process is completed and no further communication with clinics is required, medical data is securely deleted unless:
You request continued storage
Legal obligations require retention
A dispute or claim is ongoing
Medical data is never retained for longer than necessary without a clear lawful basis.
We may retain personal data for longer periods where required to comply with:
Tax regulations
Accounting obligations
Legal claims or litigation
Regulatory investigations
Contractual enforcement
In such cases, data will be retained only for the minimum duration required by law.
We may retain records of communications (emails, messages, calls, and enquiries) for:
Customer service purposes
Quality assurance
Training and internal review
Dispute resolution
These records are stored securely and access is restricted to authorised personnel only.
When personal data is no longer required, we ensure it is either:
Permanently deleted from active systems, or
Anonymised so that it can no longer identify an individual
Anonymised data may be retained for statistical, analytical, or service improvement purposes.
Once anonymised, data is no longer considered personal data under GDPR.
We apply secure deletion methods appropriate to the type of data and storage system, including:
Permanent digital deletion from secure systems
Removal from cloud storage environments
Overwriting or secure erasure of stored files
Secure disposal of physical records (if any exist)
We take reasonable steps to ensure that deleted data cannot be recovered or reconstructed.
You have the right to request deletion of your personal data at any time, subject to legal and operational limitations.
Upon receiving a valid request, we will:
Review whether continued retention is legally required
Delete data that is no longer necessary
Inform you of any data we are required to retain for legal purposes
Where deletion is not immediately possible, we will securely restrict processing until deletion becomes permissible.
Once your data has been transferred to a partner dental clinic:
That clinic is independently responsible for its own retention policies
Clinical records created during treatment are subject to the clinic’s legal obligations
Smile High does not control retention periods within third-party clinical systems
We recommend that patients review the retention policies of their treating clinic directly.
Smile High Dental Tourism Agency fully recognises and respects your rights as a data subject under applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and the UK Data Protection Act 2018. These rights are fundamental to ensuring transparency, accountability, and control over your personal data.
We are committed to facilitating the exercise of your rights in a clear, accessible, and lawful manner. Any request made by you in relation to your personal data will be handled carefully, securely, and in accordance with statutory requirements.
You may exercise any of the rights set out below at any time by contacting us using the details provided in Section 13. In order to protect your privacy and the security of your personal data, we may require you to verify your identity before we can respond to your request.
You have the right to obtain confirmation as to whether or not we are processing your personal data. Where such processing is taking place, you are entitled to access your personal data and receive supplementary information regarding its use.
This includes the right to request:
A copy of all personal data we hold about you
The purposes of processing your data
The categories of personal data concerned
The categories of recipients to whom data has been or will be disclosed (including partner clinics)
The envisaged retention period or criteria used to determine retention
The source of the data, where it has not been collected directly from you
Information about your rights under data protection law
Whether your data is subject to automated processing (if applicable)
We will provide this information in a structured, commonly used, and machine-readable format where feasible.
This right allows you to understand exactly what information is held about you and how it is being used within the scope of our services.
You have the right to request that we correct any inaccurate personal data or complete any incomplete personal data we hold about you.
This includes corrections to:
Personal identification details (name, contact information, etc.)
Travel or booking-related information
Communication records
Any voluntarily provided medical or dental information
We take reasonable steps to ensure that all personal data we process is accurate and up to date. Where appropriate, we may also communicate rectified data to relevant third parties, such as partner dental clinics, where they have received the original data.
You have the right to request the deletion of your personal data in certain circumstances.
This right applies where:
The personal data is no longer necessary for the purpose for which it was collected
You withdraw consent (where consent is the lawful basis)
You object to processing and there are no overriding legitimate grounds
The data has been unlawfully processed
The data must be erased to comply with a legal obligation
However, this right is not absolute. We may retain personal data where:
We are required to do so by law
Retention is necessary for legal claims, disputes, or defence of legal rights
We are obliged to retain records for regulatory or accounting purposes
Where full deletion is not possible, we will ensure that the data is securely restricted and no longer actively processed except where legally required.
You have the right to request that we temporarily suspend the processing of your personal data in specific circumstances.
This may apply where:
You contest the accuracy of the personal data
Processing is unlawful but you oppose erasure
We no longer need the data, but you require it for legal claims
You have objected to processing and verification is pending
When processing is restricted:
Your data will be stored securely
No further processing will take place except with your consent or for legal reasons
We will inform you before lifting any restriction
You have the right to object to the processing of your personal data where such processing is based on legitimate interests.
Upon receiving an objection, we will:
Assess whether our legitimate grounds for processing override your rights and freedoms
Stop processing your data unless we can demonstrate compelling legitimate grounds
Always respect your right to object to direct marketing (where applicable)
You also have the absolute right to object to the use of your personal data for marketing purposes at any time.
Where processing is based on consent or contractual necessity and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
You also have the right to request that we transmit your personal data directly to another data controller where technically feasible.
This right applies only to data you have provided directly to us.
Where we rely on consent—particularly for the processing of special category (health-related) data—you have the right to withdraw your consent at any time.
If consent is withdrawn:
We will immediately stop processing the relevant data where no other lawful basis applies
We will cease transmitting medical documentation to partner clinics
We may be unable to continue facilitating your dental tourism enquiry
Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
You have the right not to be subject to decisions based solely on automated processing, including profiling, where such decisions produce legal or similarly significant effects.
Smile High Dental Tourism Agency confirms that:
We do not use automated decision-making systems to evaluate your eligibility
We do not use algorithms to determine treatment suitability
We do not make clinical or financial decisions based on automated profiling
All assessments and case handling are carried out by human personnel and/or independent dental professionals at partner clinics.
If you are dissatisfied with how your personal data has been handled, you have the right to lodge a complaint with a supervisory authority.
If you are based in the United Kingdom, you may contact:
Information Commissioner’s Office (ICO)
If you are based within the European Union, you may contact your local Data Protection Authority.
We strongly encourage you to contact us first so that we may attempt to resolve any concerns directly and efficiently.
We are committed to responding to all valid data subject requests without undue delay and in any event within one calendar month from receipt.
This period may be extended by up to two additional months where:
The request is particularly complex
Multiple requests have been submitted
Additional identity verification is required
Where an extension is necessary, we will inform you within the initial one-month period, together with the reasons for the delay.
To protect your personal data and prevent unauthorised access, we may request reasonable verification of identity before fulfilling any rights request.
Verification may include:
Confirmation of registered email address
Matching personal identifiers
Verification of previous communication history
We will only request the minimum information necessary for verification purposes.
Where requests are manifestly unfounded, excessive, or repetitive, we reserve the right to:
Charge a reasonable administrative fee, or
Refuse to act on the request
In such cases, we will clearly inform you of the reasons for our decision in accordance with applicable law.
Smile High Dental Tourism Agency uses cookies and similar tracking technologies on our website to ensure proper functionality, enhance user experience, analyse website performance, and support the secure operation of our digital services.
This Cookies Policy explains what cookies are, how we use them, what types of cookies we use, and how you can manage your cookie preferences.
By continuing to use our website, you agree to the use of cookies in accordance with this policy, unless you disable them through your browser settings.
Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit a website. These files allow the website to recognise your device and store certain information about your preferences or past actions.
Cookies are widely used to ensure websites function efficiently and to provide a better browsing experience.
Cookies do not typically contain personally identifiable information, but they may be linked to personal data that we process in accordance with this Privacy Policy.
We use cookies for several purposes, including:
Ensuring the website functions correctly
Improving website performance and speed
Remembering your preferences and settings
Analysing how users interact with our website
Monitoring website traffic and usage patterns
Enhancing security and preventing fraudulent activity
Supporting basic functionality of enquiry forms
Cookies help us understand how visitors use our website so we can improve the quality of our services and user experience.
We may use the following categories of cookies:
These cookies are essential for the operation of our website. Without them, certain services cannot be provided.
They are typically used for:
Website navigation
Secure access to forms
Basic functionality of pages
Protection against security threats
These cookies do not require user consent as they are strictly necessary for website operation.
These cookies help us understand how visitors use our website by collecting information such as:
Pages visited
Time spent on pages
Navigation patterns
Error messages encountered
Website performance metrics
This information is aggregated and used to improve website functionality and user experience. It does not directly identify individual users.
Functionality cookies allow the website to remember choices you make and provide enhanced features, such as:
Language preferences
Contact form inputs
User settings and preferences
These cookies improve usability but are not essential for basic website operation.
Security cookies are used to:
Detect and prevent fraudulent activity
Protect forms from spam submissions
Maintain website integrity
Monitor suspicious behaviour
These cookies contribute to safeguarding both user data and website systems.
In some cases, we may use third-party services that place cookies on your device when you visit our website. These may include:
Website analytics providers
Hosting and security providers
Embedded content services (if applicable)
Third-party cookies are governed by the respective third party’s privacy and cookie policies. We do not control how third parties use their cookies.
We encourage users to review the privacy policies of these providers for more information.
Cookies may be:
Session cookies: These are temporary and are deleted when you close your browser
Persistent cookies: These remain on your device for a set period or until manually deleted
The duration of each cookie depends on its purpose and configuration.
You have full control over cookies and can manage them in several ways:
Accept or reject cookies via your browser settings
Delete existing cookies stored on your device
Set your browser to notify you before cookies are stored
Block cookies entirely (though some website features may not function properly)
Please note that disabling certain cookies may affect the functionality and performance of our website.
Where required by law, we will request your consent before placing non-essential cookies on your device.
By continuing to use our website after being presented with our cookie notice, you consent to the use of cookies as described in this policy, unless you adjust your settings to disable them.
We may update this Cookies Policy from time to time to reflect changes in technology, legal requirements, or our operational practices.
Any updates will be posted on this page with a revised effective date.
Smile High Dental Tourism Agency’s website may contain links to external websites operated by third parties. These links are provided solely for your convenience and informational purposes, particularly in relation to:
Partner dental clinics in Albania
Travel and accommodation providers
Transportation services
External informational resources relevant to dental tourism
By clicking on these links, you may be redirected to websites that are not operated, controlled, or maintained by Smile High Dental Tourism Agency.
We do not control, endorse, or assume responsibility for the content, accuracy, security, or privacy practices of any third-party websites.
Once you leave our website:
You are subject to the terms and privacy policies of the external website
We are not responsible for how third parties collect or use your data
We do not guarantee the accuracy or reliability of third-party content
We are not liable for any loss or damage arising from your use of external websites
We strongly encourage you to review the privacy policy and terms of any third-party website before providing personal information.
Third-party websites, including partner dental clinics, operate as independent data controllers. This means that:
They determine how and why your personal data is processed once you engage with them directly
They are responsible for their own compliance with applicable data protection laws
Their privacy policies govern any information you submit directly to them
Smile High Dental Tourism Agency has no control over the independent processing activities of these organisations once you interact with them outside of our facilitation services.
Although we carefully select partner dental clinics based on professional standards, accreditation, and reputation, we do not:
Operate or manage these clinics
Provide medical services on their behalf
Supervise clinical procedures
Control clinical decisions or treatment outcomes
Any interaction between you and a dental clinic is an independent professional and medical relationship.
All treatment decisions, clinical advice, and medical responsibility rest solely with the treating clinic and its licensed dental professionals.
We do not guarantee that information contained on external websites is:
Accurate
Up to date
Complete
Free from errors
Any reliance you place on external content is strictly at your own risk.
We cannot guarantee the security of any external website linked from our platform. Third-party websites may:
Use different security standards
Collect additional personal data
Use cookies or tracking technologies independently
We are not responsible for any data breaches or security incidents that occur on external platforms.
Where third-party services are integrated into our website or used in connection with our services (such as booking systems, payment processors, or communication tools), those services may collect and process personal data independently.
In such cases:
Their own privacy policies will apply
They may act as independent data controllers or processors
We are not responsible for their data handling practices beyond our contractual obligations
The inclusion of any third-party link does not imply:
Endorsement
Recommendation
Guarantee of quality
Partnership beyond facilitation purposes
Links are provided strictly to support the dental tourism facilitation process.
It is your responsibility to:
Review third-party privacy policies
Understand how your data may be used externally
Make informed decisions before submitting any personal information
By choosing to interact with third-party websites, you accept that their policies govern your use of their services.
Smile High Dental Tourism Agency operates strictly as a dental tourism facilitation and coordination service. We are not a healthcare provider, do not operate a dental clinic, and do not employ licensed dentists to provide clinical treatment. Accordingly, we do not provide medical services, medical advice, dental diagnosis, or treatment planning.
All clinical services are provided exclusively by independent, licensed dental professionals at partner clinics in Albania. Any decision regarding diagnosis, treatment, procedures, suitability, risks, or outcomes is made solely by the treating dentist or clinic.
This section explains the legal limitation of responsibility between Smile High, partner clinics, and patients.
Smile High explicitly confirms that:
We do not provide dental or medical advice
We do not diagnose dental conditions
We do not recommend specific clinical treatments
We do not perform any dental procedures
We do not supervise clinical care
We do not guarantee medical outcomes
Any information we provide is strictly for administrative and coordination purposes only.
All medical decisions must be made in consultation with a licensed dental professional at the treating clinic.
When you proceed with a partner dental clinic:
You enter into a direct professional and clinical relationship with that clinic
The clinic becomes solely responsible for your treatment
The treating dentist assumes full responsibility for medical decisions
The clinic determines suitability, risks, procedures, and aftercare
Smile High is not a party to the clinical contract between you and the dental provider.
To the maximum extent permitted by law, Smile High Dental Tourism Agency shall not be held liable for:
Medical or dental treatment outcomes
Clinical decisions made by partner dentists
Complications arising from treatment
Misdiagnosis or clinical error by third-party providers
Dissatisfaction with treatment results
Post-treatment complications or side effects
Failure or success of dental procedures
Recovery outcomes or healing processes
All liability for medical care rests solely with the treating clinic and its licensed professionals.
Smile High does not guarantee:
Specific treatment outcomes
Cosmetic results
Treatment success rates
Healing times
Long-term dental results
Patient satisfaction outcomes
All dental treatments carry inherent medical risks, which are explained and managed solely by the treating clinic.
It is your responsibility as a patient to:
Provide accurate medical and dental history
Ask questions directly to the treating dentist
Review treatment plans provided by the clinic
Understand risks and benefits before consenting
Sign informed consent forms issued by the clinic
Informed consent is obtained solely by the treating dental clinic, not by Smile High.
Smile High’s role is strictly limited to:
Connecting patients with partner clinics
Forwarding information and documentation
Assisting with travel coordination (if requested)
Facilitating communication between parties
We do not act as:
A medical provider
A healthcare consultant
A regulatory authority
A clinical decision-maker
All partner dental clinics are:
Independent legal entities
Independent healthcare providers
Fully responsible for their clinical services
Any claim relating to medical negligence, treatment error, or clinical dissatisfaction must be directed to the relevant clinic, not to Smile High.
Where Smile High assists with travel or accommodation arrangements:
We are not responsible for airline, hotel, or transport service performance
We are not liable for delays, cancellations, or service disruptions
These services are provided by independent third-party providers
Any claims relating to travel services must be made directly to the provider.
To the fullest extent permitted by law:
Smile High shall not be liable for indirect, incidental, or consequential damages
We shall not be liable for financial loss arising from treatment outcomes
We shall not be liable for loss of enjoyment, travel disruption, or personal dissatisfaction
We shall not be liable for actions or omissions of third-party providers
Our total liability, if any, is strictly limited to the facilitation services provided directly by us.
All services provided by Smile High are offered on an “as is” and “as available” basis.
We do not provide warranties or guarantees regarding:
Clinic performance
Treatment results
Availability of services
Accuracy of third-party information
Nothing in this Privacy Policy or service arrangement creates:
A medical partnership between Smile High and partner clinics
An employment relationship with dentists
A joint healthcare responsibility structure
A fiduciary clinical obligation
All parties operate independently under their own legal and professional frameworks.
Smile High Dental Tourism Agency reserves the right to update, modify, or amend this Privacy Policy at any time in order to reflect changes in legal requirements, operational practices, technological developments, or service structures.
We are committed to maintaining transparency and ensuring that any changes made to this Privacy Policy continue to comply with applicable data protection laws, including the UK GDPR and EU GDPR.
We may revise this Privacy Policy from time to time for reasons including, but not limited to:
Changes in applicable data protection or privacy legislation
Updates to regulatory guidance or enforcement practices
Changes in our business model or service structure
Introduction of new services or operational processes
Changes in data processing activities or technologies used
Updates to security measures or technical infrastructure
Changes in third-party providers or partner clinic arrangements
All updates are made to ensure continued compliance and operational transparency.
Where material changes are made to this Privacy Policy, we will take reasonable steps to notify users by appropriate means, which may include:
Posting an updated version on our website
Updating the “Effective Date” at the top of the policy
Providing notice through email communication (where applicable)
Displaying prominent notices on relevant webpages
Non-material changes, such as clarifications or formatting updates, may be made without direct notification but will always be reflected in the latest published version.
By continuing to use our website or services after any updates to this Privacy Policy become effective, you acknowledge and accept the revised terms.
If you do not agree with any changes made to this Privacy Policy, you should discontinue use of our services and contact us if you wish to request deletion of your personal data, subject to legal retention obligations.
We maintain internal version control of this Privacy Policy to ensure transparency and accountability. Each updated version will replace the previous version and will include a revised effective date.
Only the most recent version published on our official website shall be considered the active and legally applicable version.
We remain committed to continuously reviewing and improving our privacy practices to ensure that:
Your personal data is handled lawfully and fairly
Processing remains transparent and limited to necessary purposes
Security measures remain appropriate and up to date
Your rights under data protection law are fully respected
If you have any questions about this Privacy Policy, or if you wish to exercise any of your rights under data protection law, you may contact Smile High Dental Tourism Agency at any time.
We handle all requests relating to personal data in accordance with applicable data protection laws, including the UK GDPR and EU GDPR. This includes requests for access, correction, deletion, restriction of processing, withdrawal of consent, or any general enquiries regarding how your data is used.
We are committed to responding to all legitimate requests in a timely and lawful manner. In some cases, we may need to verify your identity before processing your request to ensure the security and confidentiality of your personal data.
If you are not satisfied with our response, you also have the right to lodge a complaint with the relevant data protection authority in your country of residence, including the UK Information Commissioner’s Office (ICO) if you are based in the United Kingdom, or your local Data Protection Authority if you are located within the European Union or European Economic Area (EEA)
Contact Details:
Email: info@smile-high.co.uk
WhatsApp: +44 7735 775344
Website: smile-high.co.uk
