DATA PROTECTION PRIVACY STATEMENT

We value your privacy and want you to be clear about the data we collect, how and why we use it and your rights to control that information. We have therefore issued this privacy statement to reflect the high standards established by the General Data Protection Regulation (GDPR), a set of laws effective in the European Union from 25th May 2018.

What personal data do we hold?

To provide you with a high standard of dental care and attention, we need to hold personal information about you. This personal data comprises:

Why do we hold information about you?

We need to keep comprehensive and accurate personal data about our patients to provide them with safe and appropriate dental care. We also need to process personal data about you to provide care under NHS arrangements and to ensure the proper management and administration of the NHS.

How we process the data – Legal Basis and Purpose

We will use personal data that we hold about you:

As necessary to perform our contract with you. This is to fulfil our contractual obligations to you or if you have asked us to do something for you before entering into a contract.
As necessary to comply with legal obligations. This is to comply with statutory obligations such as NHS regulations or General Dental Council (GDC) standards.
As necessary for our legitimate interests. This would include the process of sending out reminder letters or texts for future appointments.
We also use sensitive personal information with regards to your health to provide you with the highest standard of dental healthcare customised to your needs and wishes.

Retaining information

We will retain your dental records while you are a practice patient and after you cease to be a patient, for at least eleven years or for children until age 25, whichever is the longer.

Sharing of information

To provide proper and safe dental care, we may need to share personal information about you to:

Disclosure will take place on a ‘need-to-know’ basis, so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information. Only that information that the recipient needs to know will be disclosed.

Your rights under GDPR law

You have certain rights with regards to the information we hold about you which are as follows:

Right to be Informed

You have the right to know what information we hold about you and how it is being used by being issued with this privacy notice.

Right of Access

You have the right of access to the data that we hold about you and to receive a copy. Access may be obtained by making a request in writing. We will provide a copy of the record within 30 days of receipt of the request, free of charge and an explanation of how we use your data should you require it.

Right to Rectification

You have the right for information to be corrected if it is inaccurate or incomplete.

Right to Erasure

You have the right to ask for personal information to be deleted unless there is a lawful basis for it to be retained such as a statutory obligation.

Right to Restrict Processing

You can ask us to stop using your personal information if you think for instance it is inaccurate.

Right to Data Portability

You have the right to move, copy or transfer your personal information to another practice in a safe and secure manner within 1 month of the request.

Right to Object

You have the right to object your personal information being used for direct marketing, profiling and research.

Right not to be subject to automated decision making including profiling

You have the right to request human intervention or challenge a decision made by automated means.

How your Data is Protected

Personal data about you is held in the practice’s computer system and/or in a manual filing system. The filing system is locked outside surgery hours and the building made secure by the use of intruder alarms, lockable windows and doors.
Access to computerised data is protected by the use of passwords for authorised members of staff and encryption. Our computer system has full, secure audit trails preventing the erasure or overwriting of data. Data is backed up daily and anti-virus software is used.

Data Breaches

We have systems in place to protect your personal information but in the unlikely event that a data breach occurs that could result in discrimination, reputational damage, financial loss, loss of confidentiality or other significant economic or social disadvantage then we will notify the Information Commissioner’s Office (ICO) as well as yourself.

Data Protection Officer

The person in this practice who is responsible for data protection compliance is Dr Anis Jaleel and all such enquiries should be addressed to him in the first instance.
You have the right to complain to the ICO if you think for example there is a problem with the way we handle your data. They have enforcement powers and can investigate compliance with data protection law. Their web address is https://ico.org.uk/