Main Ridge West Dental Practice treats patient confidentiality very seriously and is committed to protecting your privacy. We aim to meet the requirements of the Data Protection Act 1998 the general Data Protection Regulation (GDPR) and the general Dental Council (GDC).
You will only be asked, by this website, to provide personal data by which you can be identified, if you wish to contact us via this website. You can be assured your data will only be used in accordance with this privacy statement.
Personal Data is obtained when a person makes an enquiry through the website, when a patient joins our practice and when a patient is referred from another dental care professional.
The person responsible for data protection is M F Soonthornsaratoon
What Data do we hold?
- Personal data: - Name, Address, Date of Birth, Telephone Numbers, E-mail
- Your past & current medical and dental condition
- Radiographs, photographs and study models
- Information about the treatment we have proposed/provided and their cost/payments
- Notes of conversations/incidents about your care for which a record needs to be kept
- Correspondence relating to any referrals to other health care professionals
- Staff personal data, health records, (e.g. immunisation records) and criminal records
Why do we hold the Data?
- We need to keep comprehensive and accurate data about our patients to provide safe and appropriate dental health care
- We hold staff data to manage staff employment contracts
- It is essential your personal data is up to date and accurate. Always check your details are correct when you visit us and please inform us of any changes as soon as possible
How do we process the Data?
- To keep up to date and accurate dental health records
- To contact patients to remind them of their appointments
- To make referrals to other health care professionals where required
- In limited cases (e.g. Identification purposes) where we are required by law or court order personal data maybe disclosed to a third party not connected with your health care
- In rare cases patients may be asked if photographs maybe published as part of a case study in a Dental Journal/Information Leaflet/Website. Written permission will always be obtained before any publications are made.
- In all other cases information is never disclosed to a third party without written authority
- We do not sell/pass on any personal data to a third part for marketing purposes
The Lawful Basis for processing data
- Processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party
- Consent – for specific uses written consent will be obtained
- Contract – Processing is necessary for the performance of a contract which the data subject is party to on order to take steps at the request of the data subject prior to entering a contract
- The lawful basis for processing of special category data, (health care data) is fron Article 9.2.h;- Processing is necessary for the purposes of preventative or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health & social care or treatment or the management of health & social care system and services on the basis of union state or member law or pursuant to contract with a health care professional
- Information is kept on the practice computer system using Shire Dental Software
- Older records are held on paper
- The information is not accessible to the public and only authorised members of staff have access to it
- All our computers are password & firewall protected and are backed up regularly
- All digital formats are stored within the EU
- You have the right to access the data we hold about you, patients may view their records free of charge
- Requests for copies of your records should be made in writing, copies of paper & computerised records may be obtained at a cost of £30 and will be provided within 40 days
- You may challenge the information we hold and following an investigation any corrections necessary can be made
- If you do not wish the personal data we hold about you to be used in any way described in this Privacy Notice please discuss this with your dentist. You have the right to object but this may affect our ability to provide you with your dental care
- Right to erasure: The retention period for health records is 11 years after a patient has ceased treatment and up to the age of 25 for children. The retention period for staff is 6 years.
- If personal data is not related to necessary dental health or employment records, the data can be deleted.
- The practice will report any serious data beach to the ICO within 24 hours of becoming aware of the breach.
- We will keep a log of all personal data breaches and record the basic facts, effects and actions taken
- We may update this Privacy Notice from time to time by posting a new version on our website and a copy will be available in reception on request.
- We may also notify you of any changes by email
- Please contact the practice if you have any queries on 01205 36933, or email email@example.com
- If you need any further advise or are unhappy with our response you can contact the Information Commissioners Office (ICO) on 0303 123 1113. You can also visit their website, ico.org.uk for information on how to make a data protection complaint. The ICO can investigate your claim and take action against anyone who has misused your data.