Buxton Dental Practice
We are a Data Controller under the terms of the Data Protection Act 2018 and the requirements of the EU General Data Protection Regulation.
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.
You will be asked to provide personal information when joining the practice. The purpose of processing your personal data is to provide you with optimum dental health care and prevention.
The practice holds personal data in the following categories:
1. Patient clinical and health data and correspondence: -
· Name, D.O.B, gender, address, telephone numbers, NHS exemption details, emergency contacts and Email.
· Clinical records made by dentists and other dental care professionals involved with your care and treatment.
· X-Rays, clinical photographs and study models.
· Medical and dental histories
· Treatment plans and consent
· Notes of conversations with you about your care
· Dates of appointments
· Details of any complaints you have made and how these complaints are dealt with
· Correspondence with other health professionals or institutions
· Details of fees we have charger you, the amounts you have paid and type of payments.
2. Staff employment data-
· Name, D.O.B, Address, Telephone Number, Email
· Details of DBS checks
· Health records
· Training records, PDP and CPD
· Driving Licence
· Payroll and HMRC records
· Pension Records
· GDC and Professional Bodies Membership including Indemnity insurance
· Vaccination Records
· Holiday and absence records
3. Contractors’ data
· Name, Address, Telephone Number, Email, contact name
· Invoices and bills paid
“Process” means we obtain, store, update and archive data.
1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
2. Staff employment data is held in accordance with Employment, Taxation and Pensions law.
3. Contractors’ data is held for the purpose of managing their contracts.
Details of retention periods are available in our records retention schedule.
The Law says we must tell you this:
1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. Also, we must hold data on NHS care and treatment as it is a Public Task required by law.
2. We hold staff employment data because it is a Legal Obligation for us to do so and it is needed to Fulfil a Contract with us.
3. We hold contractors’ data because it is needed to Fulfil a Contract with us.
We can only share data if it is done securely and it is necessary to do so.
1. Patient data may be shared with other healthcare professionals who need to be involved in your care
· If we refer you to a specialist
· Dental laboratory
· Your Doctor
· NHS payment authorities
· Denplan or Practice plan of which you are a member
· Dental software companies
· The department of work and pensions and its agencies, where you are claiming exemption or remission from NHS charges.
· The Police
2. Patient Data may also be shared with our text reminder service to remind patients of appointments and recalls.
3. Patient data may also be stored for back-up purposes with our computer software suppliers Upland Systems of Buxton who also store it securely
4. Patient data may also be shared with Debt collection agencies for recovery of bad debts.
5. Employment data will be shared with government agencies such as
· DBS checking service
· GDC and other professional bodies
We will only disclose your information on a need to know basis and will limit any information that we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement agencies or government agencies.
You have the right to:
1. Be informed about the personal data we hold and why we hold it.
2. Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
3. Check the information we hold about you is correct and to make corrections if not
4. Have your data erased in certain circumstances.
5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
6. Tell us not to actively process or update your data in certain circumstances.
1. We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend.
2. We must store employment data for six years after an employee has left.
3. We must store contractors’ data for seven years after the contract is ended.
You can complain in the first instance to our Data protection Officer, who is Charlotte Townsend 01298 70183 and we will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.
Policy Date: 12th May 2018 Next Review Due: 12th May 2019