We are committed to safeguarding and preserving the privacy of our patients.
We do update this Policy from time to time so please do review this Policy regularly.
THIS POLICY OUTLINES:
– The type of personal data we hold
– How we acquire personal data
– How we process personal data
– With whom we share personal data
– Why we keep personal data
– How we store personal data
– How you can access, update and remove your personal data
– How personal data is maintained & reviewed
The type of personal data we hold
In running and maintaining our dental practice we will collect and process the following personal data:
- Title, first name, surname, DOB, gender
- Physical address, contact telephone numbers, email address
- Medical history, name of GP and next of kin
- Dental history
- Payment reports and PDQ slips
In running and maintaining our website we may collect and process the following personal data:
- Information about your use of our site including details of your visits such as pages viewed and the resources that you access. Such information includes traffic data, location data and other communication data.
- Information provided voluntarily by you. For example, when you register for information or make a booking.
- Information that you provide when you communicate with us by any means.
How we acquire personal data
Personal data must be collected only for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- You give it to us; over the telephone, in person, online submission forms
- It is shared with us when you are referred to our practice
- Cookies collect it when you visit the site
- Cookies, Pixels and Analytics provide information regarding the computer used by a visitor.
- We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer’s hard drive.
- Pixels and analytics track activity on our website. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever.
- You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the “settings” section of your computer. For more information please read the advice at AboutCookies.org.
How we process personal data
Processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract/dental treatment.
- To deliver dental treatments
- To contact patients regarding treatment, appointments & billing
- To manage and analyse our patient database and help us to grow our practice
- To tell patients about our offers, products and services
- Payment reports are used to cash-up
With whom we share personal data
- To other dental clinics/hospitals/medical professionals – to make a referral
- Dental Laboratories
- Insurance companies with whom you have made a claim
- Medical staff such as your GP and/or doctors & paramedics to protect vital interest or in the event of an emergency
- In the event that we sell any or all of our business to the buyers
- Where we are legally required by law to disclose your personal information.
- To further fraud protection and reduce the risk of fraud.
Why we keep personal data
- By law, we have to keep dental records for a minimum of 11years or until you turn 25 years of age, whichever is longer
- Payment reports are held to cross-reference finance discrepancies
- Payment details are collected on a PCI DSS compliant cloud
How we store personal data
- Paper records in a supervised filing cabinet
- Paper records in a lockable storage
- Payment reports in a lockable filing cabinet for 3 months
- Digital records on a password access dental software held on an encrypted server
- Secure icloud external backup
By providing your personal data to us, you agree to this transfer, storing and processing. We do our utmost to ensure that all reasonable steps are taken to make sure that your data is stored securely.
How you can access, update and remove your personal data
Personal data must be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without delay.
Removal of your personal data in contrary to dental law, therefore any request to erase will be limited to ‘removal from recall’ – dental records including personal data will still be stored securely for the appropriate length of time. For further information and indications please contact us for our full GDPR Policy on Storage Limitation
In accordance with the General Data Protection Regulation, you have the right to access any information that we hold relating to you.
You also have the right to object to the processing of your personal data; this is not absolute and there may be instances where;
- We can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the individual; or
- The processing is for the establishment, exercise or defence of legal claims.
- The processing is necessary for the performance of a task carried out for reasons of public interest.
You can request access and object verbally or in writing.
We have one month to comply (able to extend by two months for complex / numerous requests, (but we must inform you within one month of receipt of the request, explaining why the extension is required)).
We can refuse/charge for requests that are manifestly unfounded or excessive, particularly if repetitive. If we refuse, we must inform you without delay (within one month) of why) and that they have the right to complain to the supervisory authority and to a judicial remedy.
- Contemporaneous changes are can be made at each appointment
- SOE dental software prompts personal data updates
- Changes can be made in writing, over the telephone, via email and in person
- Removal request can be made in writing, over the telephone, via email and in person
- Access requests can be made in writing, over the telephone, via email and in person
Unfortunately, the sending of information via the Internet is not totally secure and on occasion, such information can be intercepted. We cannot guarantee the security of data that you choose to send us/we send you electronically, sending such information is entirely at your own risk, you will be asked to consent to transfer of your information in this way.
How personal data is maintained & reviewed
- Medical history forms are reviewed at each appointment and renewed annually
Medical history form includes:
Title, first name, surname, DOB, gender
Physical address, contact telephone numbers, email address
Medical history, name of GP and next of kin
- Annual report to determine ‘inactive’ patients
- 3 monthly secure destruction of enquiries’ data on our dental server, email server and on our website host, WordPress
Third Party Links