Data Privacy Notice
We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulations.
This Privacy Notice explains what Personal Data the Practice holds, why we hold and process it, with whom we might share it and your rights and freedoms under the law.
Types of Personal Data
The Practice holds personal data in the following categories:
1. Patient clinical and health data and correspondence.
2. Staff employment data.
3. Contractors’ data.
Why we process Personal Data / what is the purpose?
‘Process’ means we obtain, store, update and archive data.
1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
2. Staff employment data is held in accordance with Employment, Taxation and Pension law.
3. Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The law says we must tell you this:
1. We hold patient data because it is in our legitimate interest to do so. Without holding the data, we cannot work effectively. (Also, we must hold data on NHS care and treatment as it is a Public Task required by law).
2. We hold staff employment data because it is a legal obligation for us to do so.
3. We hold contractors’ data because it is needed to fulfil a contract with us.
With whom might we share your data?
We can only share data if it is done securely and it is necessary to do so.
1. Patient data may be shared with other healthcare professionals who need to be involved with your care (eg. if we refer you to a specialist or request laboratory work for you).
2. Patient data may be stored for back-up purposes with our computer software suppliers, who may also store it securely.
3. Employment data will be shared with government agencies such as HMRC.
You have the right to:
1. Be informed about the personal data we hold and why we hold it;
2. Access a copy of the data we hold by contacting us directly; (we will acknowledge your request and supply a response in 28 days or sooner);
3. Check the information we hold about you is correct and make corrections if not;
4. Have your data erased in certain circumstances;
5. Transfer your data to someone else if you tell us to do so and it is safe and legal todo so.
6. Tell us not to actively process or update your data in certain circumstances.
For how long is Personal Data stored?
1. We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (ie. store without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts.
2. We must store employment data for six years after an employee has left.
3. We must store contractors’ data for seven years after the contract has ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to Dr. Kate Hendrick BDS, who is the Data Protection Officer (DPO) at Sandon Dental Practice and will do her best to resolve the matter.
If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.
Sandon Dental Practice
34, Hoole Road,