The Data Protection team at the practice includes Dr. Chandni Pancholi & Mr. Ishan Tiwari. You can reach us at firstname.lastname@example.org
In this privacy notice, ‘we’, ‘us’ and ‘our’ mean Practice in the Park Dental Surgery.
The practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR], the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.
We are committed to protecting your privacy when dealing with your personal information. This privacy notice provides details about the information we collect about you, how we use and protect it. It also provides information about your rights.
If you have any questions about how we handle your information, please contact us at email@example.com
Scope of our privacy notice
This privacy notice applies to anyone who interacts with us about our dental services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone).
You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you.
This privacy notice applies to you if you ask us about, buy or use our dental services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone). We will provide you with further information or notices if necessary, depending on the way we interact with each other.
If you have any questions about this, please contact us at firstname.lastname@example.org
How we collect personal information
We collect your personal information:
- From you through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, by post, by filling in application or other forms, by entering competitions, through social media or face-to-face (for example, in dental consultations, diagnosis, and treatment).
- From your parent or guardian, if you are under 18 years old;
- From a family member, or someone else acting on your behalf;
- From doctors, other clinicians and health-care professionals, hospitals, clinics, and other health-care providers;
- From other dental practices when they refer you to us.
The categories of data we process are:
- Personal data for the purposes of staff and self-employed team member management
- Personal data for the purposes of direct mail/email/text/ marketing
- Special category data including health records for the purposes of the delivery of health care
- Special category data including health records and details of criminal record checks for managing employees and contracted team members
Standard personal information stored with us includes:
- contact information, such as your name, address, email address, and phone numbers;
- the country you live in, your age, your date of birth, and National Insurance number (in case of processing exempt patients);
- Passport copy and number for employees and self-employed team working at the practice.
- financial details, such as details about your payments and your bank details;
- the results of any credit checks we have made on you;
- information about how you use our website, although there are not actual names included here (please see our Cookies Policy for more details).
We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared.
- Personal data is stored in the EU whether in digital or hard copy format
- Personal data is stored in the US in digital format when the data storage company is certified with the EU-US Privacy Shield
- Personal data is obtained when a patient joins the practice, when a patient is referred to the practice and when a patient subscribes to an email list
The lawful basis for processing special category data such as patients’ and employees’ health data is:
- Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional to enter into a contract
The lawful basis of processing personal data such as name, address, email, or phone number is:
- Consent of the data subject
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
The retention period for special data in patient records is a minimum of 10 years and maybe longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention period for other personal data is 2 years after it was last processed.
Sharing Your Information:
We share your information with relevant third parties to provide various services to you, useful in providing you the best experience in your dental treatments and giving all the latest updates about the practices and any dental offers which may benefit you. However, we make sure the third parties which we deal with, are GDPR compliant as well, so the data stays as confidential as possible. You can contact us to know more about these third parties by emailing us on email@example.com
Only adequate and relevant information is shared as is needed and lawfully allowed and permission taken from the patient/team member.
- Dental Laboratories – We use dental laboratories for dental treatments which include City Dental Lab, Smile Studio Lab, Dentech Lab. We will be updating the list as and when there are any changes.
- Marketing and Communications – Software of Excellence,
- Credit Card PCI compliance – Lloyds
- Works and Pensions Dept – For accessing benefits and exemptions
- NHS hospital for referring patients
- NHS PCT
- Payroll for Employees – FMP Bond Payroll
- HR Services – Peninsula
- Hardware Support – Comart IT Support
- Software Support – Comart IT Support
Marketing and preferences
We may use your personal information to send you marketing by post, by phone, through social media, by email and by text.
We can only use your personal information to send you marketing material if we have your permission or a legitimate interest.
If you don’t want to receive emails from us, you can click on the ‘unsubscribe’ link that appears in all emails we send. If you don’t want to receive texts from us you can tell us by contacting us at any time.
You have the right to object to direct marketing and profiling (the automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests) relating to direct marketing. Please see the section about your rights for more details.
You have the following personal data rights:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (clinical records must be retained for a certain time period)
- The right to restrict processing
- The right to data portability
- The right to object
Further details of these rights can be seen at the Information Commissioner’s website.
Here are some practical examples of your rights:
– If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient r ecords within one month.
– If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.
Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.
- to track how you use our website
- to record whether you have seen specific messages we display on our website
- to record your answers to surveys and questionnaires on our site while you complete them
- to record the conversation thread during a live chat with our support team
Personal identifiers from your browsing activity:
Requests by your web browser to our servers for web pages and other content on our website are recorded.
We record information such as your geographical location, your Internet service provider and your IP address. We also record information about the software you are using to browse our website, such as the type of computer or device and the screen resolution.
We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.
If combined with other information we know about you from previous visits, with such statistical data does not identify you personally or for that matter any personal details
Commonly used third party companies used are Google Analytics and Facebook Pixel.
Our Use Of Re-Marketing:
Re-marketing involves placing a cookie on your computer when you browse our website in order to be able to serve to you an advert for our products or services when you visit some other website.
Comments, Suggestions and Complaints
You can contact the practice for any comment, suggestion, or complaint about your data processing at firstname.lastname@example.org or call us on 02392486660
We take all your comments and complaints seriously.
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.