We are a Data Controller under the terms of the Data Protection Act 2018 and the requirements of the EU General Data Protection Regulation (GDPR).
This Privacy Notice explains what Personal Data (a) this website and (b) the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.
Information that is gathered from visitors
In common with other websites, log files are stored on the web server saving details such as the visitor's IP address, browser type, referring page and time of visit.
Cookies may be used to remember visitor preferences when interacting with the website.
Where registration is required, the visitor's email and a username will be stored on the server.
How the Information is used
The information is used to enhance the vistor's experience when using the website to display personalised content and possibly advertising.
E-mail addresses will not be sold, rented or leased to 3rd parties.
E-mail may be sent to inform you of news of our services or offers by us or our affiliates.
If you have subscribed to one of our services, you may unsubscribe by following the instructions which are included in e-mail that you receive.
You may be able to block cookies via your browser settings but this may prevent you from access to certain features of the website.
Cookies are small digital signature files that are stored by your web browser that allow your preferences to be recorded when visiting the website. Also they may be used to track your return visits to the website. Read more about the cookies we use.
Types of Personal Data
The practice holds personal data in the following categories:
1. Patient personal data (such as used to aid correspondence), and sensitive personal data (such as clinical records).
2. Staff employment data.
3. Contractors’ data.
Why we process Personal Data(what is the “purpose”)
“Process” means we obtain, store, update and archive data.
1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
2. It may be used for marketing and information dissemination purposes if you have expressly allowed us to do so. We will not give or sell your data to third parties for this purpose.
3. Staff employment data is held in accordance with Employment, Taxation and Pensions law.
4. Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot provide you with appropriate and effective care.
2. We hold staff employment data because it is a Legal Obligation for us to do so.
3. We hold contractors’ data because it is needed to Fulfil a Contract with us.
Who might we share your data with?
We can only share data if it is done securely and it is necessary to do so.
1. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes on secure computer servers in UK and/or overseas.
2. Employment data will be shared with government agencies such as HMRC, payroll companies such as Sage, and pension companies such as NEST.
You have the right to:
1. Be informed about the personal data we hold and why we hold it.
2. Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
3. Check the information we hold about you is correct and to make corrections if necessary.
4. Have us stop processing your data or have your data erased. This may affect our ability to provide you with care. We must however keep certain data about you and your health care and treatment to fulfil our legal obligations.
5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
How long is the Personal Data stored for?
1. We will store patient data for as long as we are providing care, treatment or are recalling patients for further care. We will archive your data after a period of 3 years non-usage (that is, store it without further action) for as long as is required for legal purposes (usually a minimum 10 years).
2. We must store employment data for six years after an employee has left.
3. We must store contractors’ data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Data Controller, Dr. Kevin McKelvey, and we will do our best to resolve the matter.
If this fails, you can complain to the Information Commissioner at www.ico.org.uk or by calling 0303 123 1113.