Data Protection Policy

This Privacy Notice explains what Personal Data we hold at Spring Hill Dental and why we hold it, process it, who we might share it with and your rights and freedoms under the Law.

Why we process Personal Data (what is the “purpose”)

“Processing” includes us obtaining, using, storing, updating, archiving and destroying data.

  1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
  2. Staff employment data is held in accordance with Employment, Taxation and Pensions law.
  3. Contractors’ data is held for the purpose of managing their contracts.
  4. For the purpose of fulfilling contracts we hold in relation to dental care
  5. For business administration

What Personal Data we hold:

  • Name
  • Address and DOB
  • Contact number/s
  • Occupation
  • GP details
  • Next of kin
  • Email address
  • Medical History
  • Dental Records/Photos
  • Denplan details
  • Debit/credit card receipts
  • Correspondence
  • Complaint details if any received

What is the Lawful Basis for processing Personal Data?

The Law says we must tell you this:

  1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively or provide the appropriate care for the patient.
  2. We hold staff employment data because it is a Legal Obligation for us to do so.
  3. We hold data because it is needed to Fulfil a Contract with us.

Who might we share your data with?

We can only share data if it is done securely and it is necessary to do so by law or to deliver an additional service that cannot be fulfilled by us at the practice e.g. a referral. We may also share personal data if we feel an individual is at risk of harm or abuse, in which case we would follow the relevant steps as outlined in our Safeguarding Policy.

  1. Patient data may be shared with other healthcare professionals who need to be involved in their care (for example if we refer to a specialist or need laboratory work undertaken).
  2. Denplan/Simplyhealth administration
  3. Employment data will be shared with government agencies such as HMRC.
  4. Regulatory Authorities such as the Care Quality Commission
  5. NHS Local Authorities
  6. Debt Collection authorities

Your Rights

You have the right to:

  1. Be informed about the personal data we hold and why we hold it.
  2. Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within 28 days or sooner where possible.
  3. Check the information we hold about you is correct and to make corrections if not
  4. Have your data erased in certain circumstances.
  5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so (portability).
  6. Tell us not to actively process or update your data in certain circumstances i.e. marketing and automated decision making. For such things we require patients to opt-in, unless they do so they will not receive any such correspondence (see ‘consent’ below).

How long is the Personal Data stored for?

  1. We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended which is at least 11 years or for children until the age of 25, whichever is longer.
  2. We must store employment data for six years after an employee has left.
  3. We must store contractors’ data for seven years after the contract is ended.

Consent

We obtain consent from patients with regards to the processing of their data for marketing communications via the clinipad on arrival at reception. Patients who choose to opt-in provide a signature and the form is saved on the secure system. For patients who do not wish to opt-in, the preference is saved and they are asked to review on an annual basis.

What if you are not happy or wish to raise a concern about our data processing?

You can complain in the first instance to our Data Protection Officer, who is our Practice Manager Trudi Roweand we will do our best to resolve the matter immediately.  If this fails and you remain unhappy, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.