We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation.
This Privacy Notice explains what Personal Data the surgery holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.
Types of Personal Data
The surgery holds personal data in the following categories:
- Patient clinical and health data and correspondence.
- Staff employment data.
- Contractors’ data.
Personal Information on our website
We collect information from you when you use our enquiry forms or request a ‘new patient voucher’, such as Name, Email, Address, Telephone & mobile number.
By using our enquiry forms you are consenting for us to contact you with regards to our services. Using the website and cookies will show us how to make the website better.
Cookies and Analytics
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Staff employment data is held in accordance with Employment, Taxation and Pensions law.
- Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
- We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
- We hold staff employment data because it is a Legal Obligation for us to do so.
- We hold contractors’ data because it is needed to Fulfil a Contract with us.
Who might we share your data with?
We can only share data if it is done securely and it is necessary to do so.
- Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes with our computer and data software suppliers who may also store it securely.
- Employment data will be shared with government agencies such as HMRC.
All personal information discussed with the Dentists and other practice staff will be treated in strictest confidence. Only members of the team have access to patient details. All of our patient records are securely stored. All staff have received training in the handling of confidential information, and our written and computer records are compliant with the Data Protection Act 1998. Information will not be disclosed to other parties not involved in the patient’s care without the patient’s specific permission in writing.
You have the right to:
- Be informed about the personal data we hold and why we hold it.
- Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
- Check the information we hold about you is correct and to make corrections if not
- Have your data erased in certain circumstances.
- Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
- Tell us not to actively process or update your data in certain circumstances.
How long is the Personal Data stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes.
- We must store employment data for six years after an employee has left.
- We must store contractors’ data for seven years after the contract is ended.
Security of Your Personal Information
We will store all your personal information you provide on our secure servers. Because the internet and email are never fully secure, please be careful with the information you share with us. And please, if you find a flaw or think we can improve what we do, please let us know.
Once we have received your information, we will use strict procedures and security features to reduce the risk of unauthorised access.
If you wish to make a Subject Access Request regarding your personal data, please contact us directly by calling 01953 602753
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to us and we will do our best to resolve the matter. Our Practice Manager, and Data Protection Officer can be emailed:
If this fails, you can complain to the Information Commissioner at:
www.ico.org.uk/concerns or by calling 0303 123 1113.