Data protection privacy notice for our patients
We are a Data Controller under the terms of the General Data Protection Regulation. This Privacy Notice explains what personal data we hold, why we hold and process it, who we might share it with and your rights and freedoms under the law.
In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care.
Information that we collect:
We may collect the following information about you:
- Personal details such as your name, date of birth, national insurance number, NHS number, address, telephone number and email address
- Information about your dental and general health, including:
- Clinical records made by dentists and other dental professionals involved with your care and treatment
- X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
- Medical and dental histories
- Treatment plans and consent
- Notes of conversations with you about your care
- Dates of your appointments
- Details of any complaints you have made and how these complaints were dealt with
- Correspondence with other health professionals or institutions
- Details of the fees we have charged, the amounts you have paid and some payment details
Our Data Protection Officer is responsible for ensuring the information we hold about you is kept secure.
The Data Protection Officer ensures that we comply with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly.
Those at the organisation who have access to your information include dentists and other dental professionals involved with your care and treatment and the reception staff responsible for the booking of appointments at the dental surgery. Our Call Centre also has access to your information.
How we use your information
We process your data in order to provide you with high quality, safe and effective dental care and treatment that you need. To do this we require up-to-date and accurate information about you.
It is in our legitimate interest to hold and process your data as without doing this we are unable to effectively provide care. It is a public task to hold data on NHS care and treatment.
We may share your information with the NHS, other Dental Surgeries (for referrals), Dental Laboratories or Insurance Companies in connection with your dental treatment.
We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or text.
If we wish to use your information for dental research or dental education, we will discuss this with you and seek your consent. Depending on the purpose and if possible, we will anonymise your information. If this is not possible we will inform you and discuss your options.
We may use your contact details to inform you of products and services available within the organisation.
We can only share data if it is done securely and it is necessary to do so.
Your information is normally used only by those working within the organisation but there may be instances where we need to share it – for example, with:
- Your doctor
- The hospital or community dental services or other health professionals caring for you
- Dental Laboratories
- NHS payment authorities
- The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
- Private dental schemes of which you are a member
We will only disclose your information on a need-to-know basis and will limit any information that we share to the absolute minimum necessary.
We back up your information for security purposes. We ensure our computer software suppliers also confirm to the General Data Protection Regulation to ensure your information is stored securely.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Keeping your information safe
We store your personal information securely on our practice computer system [and/or] in a manual filing system. Your information cannot be accessed by those who do not work at the dental practice; only those working at the dental practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow explicit procedures to ensure this.
We take precautions to ensure security of the premises, the filing systems and computers. Your information is protected by an adequate firewall, password protection or restricted access to physical filing systems.
We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.
We use cloud computing facilities for storing some of your information. We have a rigorous agreement with our provider to ensure that we meet the obligations described in this policy to ensure we keep your information securely.
We keep your records for 6 years after the date of your last visit
Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. This is called a Subject Access Request. You should submit your request to us in writing or by email. You can also make a request via our website using the ‘Contact Us’ tab. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to:
- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
- Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment)
- Stop using your information – for example, sending you reminders for appointments or information about our service
- Supply your information electronically to another dentist
If you do not agree
If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.
If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist you should contact our Data Protection Officer on 0333 405 0290. If, in the unlikely event we are unable to resolve your concerns, you may also contact The Information Commissioner’s Office (ICO) on 0303 123 1113.
25 May 2018