Gidea Park Dental Practice
We are a Data Controller under the terms of the Data Protection Act 2018 and the requirements of the EU General Data Protection Regulation.
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law. This may include the use of cloud based software services that include the processing and/or storage of personal data.
Types of Personal Data
The practice holds personal data in the following categories:
1. Patient clinical and health data and correspondence.
2. Staff employment data.
3. Contractors’ data.
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data.
1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
2. Staff employment data is held in accordance with Employment, Taxation and Pension law.
3. Contractors’ data is held for the purpose of managing their contracts.
The Law says we must tell you this.
1. We hold patients’ data because it is in our legitimate interest to do so. Without
holding the data we cannot work effectively. Also, we must hold data on
dental care and treatment as it is a Public Task required by law.
2. We hold staff employment data because it is a legal obligation for us to do so.
3. We hold contractors’ data because it is needed to fulfil a contract with us.
1. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need Laboratory work undertaken).
2. Patient data is stored for back-up purposes with our dedicated computer dental Software supplier.
3. Patient data is held by our telecommunications supplier and used for appointment Reminder text messaging.
4. Patient data is held by our website hosting provider where patient contact is made via a web form to make appointment enquiries.
5. Employment data will be shared with government agencies such as HMRC and the Department of Work and Pensions.
1. Be informed about the personal data we hold and why we hold it.
2. Access a copy of your data that we hold by contacting us directly; we will acknowledge your request and supply a response within one month or sooner.
3. Check the information we hold about you is correct and to make corrections if not.
4. Have your data erased in certain circumstances.
5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
6. Tell us not to actively process or update your data in certain circumstances.
You have a right to withdraw your consent at any time; however this will not be retrospective.
2. We must store employment data for six years after an employee has left.
3. We must store contractors’ data for seven years after the contract is ended.
Data Erasure Right: the law requires you to tell Data Subjects about this right, but there are a number of compelling and legitimate reasons not to grant this request.
You can complain in the first instance to us and we will do our best to resolve the matter. If this fails, you can complain to the
Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your dentist. You have the right to object; however, this may affect our ability to provide you with dental care.