We are a Data Controller under the terms of the Data Protection Act 2018 and the requirements of the EU General Data Protection Regulation.
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.
Types of Personal Data
The company holds personal data in the following categories:
- Patient clinical and health data and correspondence. This includes:
- Personal details such as names, dates of birth, addresses, telephone numbers and e- mail addresses;
- Clinical records made by the dentist and other dental care professionals involved in patient care;
- Radiographs, clinical photographs, study models, medical and dental histories;
- Treatment plans and consents;
- Notes of conversations with patient about their care;
- Details of appointments;
- Details of complaints and how they were dealt with;
- Correspondence with other health care professionals, such as referrals
- Details of fees charged, amounts paid and membership of dental plans.
- Staff employment data. This includes:
- Documentation relating to recruitment and induction;
- Data for employment, taxation and pensions purposes;
- Annual leave, sickness and absence records;
- Appraisal documents;
- Records of Continuing Professional Development
- Notes of meetings with staff.
- Contractors’ data.
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
- We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. [Also, we must hold data on NHS care and treatment as it is a Public Task required by law].
- We hold staff employment data because it is a Legal Obligation for us to do so.
- We hold contractors’ data because it is needed to Fulfil a Contract with us.
Who might we share your data with?
Staff within D Gregory Ltd who have access to patient information include the dentists and other dental care professionals involved in patient care, and the reception and administration staff responsible for the management of the practice.
We can only share data if it is done securely, and it is necessary to do so.
- Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes with our IT contractors. Patient data may also be shared with private dental schemes of which you may be a member.
- Employment data will be shared with government agencies such as HMRC.
Your Rights
You have the right to:
- Be informed about the personal data we hold and why we hold it.
- Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
- Check the information we hold about you is correct and to make corrections if not
- Have your data erased in certain circumstances.
- Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
- Tell us not to actively process or update your data in certain circumstances.
Keeping Your Information Safe
We store patient’s personal data on our practice computer system and in a manual filing system. Patient information cannot be accessed by anyone who does not work at the practice. Employees understand their contractual and professional responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to secure the building, filing and computer systems.
How long is the Personal Data stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by trusted experts. This is usually for a minimum of 11 years from the date of the patient’s last visit, or until they reach the age of 25, whichever is the later.
- We must store employment data for six years after an employee has left.
- We must store contractors’ data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Information Governance and Data Protection Lead , who is Mrs Tracey Gregory and we will do our best to resolve the matter. Mrs Gregory can be contacted at the practice. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.