Policy key definitions:
- “I”, “our”, “us”, or “we” refer to the business The Old Forge House Dental Practice
- “You” or “the user” refers to the person(s) using this website.
- GDPR means General Data Protection Regulation.
- PECR means Privacy & Electronic Communications Regulation.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a user’s computer or device.
Processing of Your Personal Data
Under GDPR (General Data Protection Regulation) we control and / or process any personal information about you electronically under the following lawful basis:
- Lawful basis: Contract
- The reason we use this basis: we may use your personal data to fulfil our contractual obligations to you. For example, if you book an appointment to see us, we’ll keep your name and contact information on file so that we can see you on time or notify you if the appointment has to be cancelled.
- Data retention period: We shall continue to process your information until the contract between us ends or is terminated under any contract terms.
- Sharing your information: We do not share your information with third parties.
If, as determined by us, the lawful basis upon which we process your personal information changes, we will notify you about the change and any new lawful basis to be used, if required. We shall stop processing your personal information if the lawful basis used is no longer relevant.
In order to provide you with a high standard of dental care and attention, we need to hold personal information about you. This personal data comprises:
- Personal details such as your name, age, address, telephone numbers, email address and your general medical practitioner;
- Your past and current medical and dental condition;
- Radiographs, clinical photographs and study models;
- Information about the treatment we have provided or propose to provide (and its cost);
- Notes of conversations or incidents that might occur for which a record needs to be kept;
- Records of consent to treatment;
- Any correspondence (relating to you) with other healthcare professionals: such as referrals to specialists, for example.
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care.
We will process personal data that we hold about you in the following way:
We will retain your dental records while you are a practice patient. If you cease to be a patient, we will continue to hold them for at least another eleven years, or in the case of children until they reach the age of 25, whichever is the longer.
Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer system has secure audit trails and we back up information on every working day.
In order to provide proper and safe dental care, we may need to disclose personal information about you to:
- Your general medical practitioner;
- The hospital or community dental services;
- Other health professionals caring for you;
- Dental Insurance Companies of which you are a member.
- Private dental schemes of which you are a member.
Disclosure will take place on a “need-to-know” basis. Information will only be given to those individuals/organisations who need to have it in order to provide care to you and for the proper administration of Government (whose personnel are also covered by strict confidentiality rules). The recipient will only be given the information that they need to know for these purposes.
Your Individual Rights
Under GDPR your rights are as follows (you can read more about your rights in detail here):
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making, including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data.
We handle subject access requests in accordance with GDPR.
We do this by placing a small text file on your device / computer hard drive to track how you use the website; to record or log whether you have seen particular messages that we display; to keep you logged into the website, where applicable; to display relevant adverts or content; and to refer you to a third party website, where relevant.
Some cookies are required to enjoy the full functionality of this website.
Data Security and Protection
We ensure the security of any personal information we hold by using secure data storage technologies and precise procedures in how we store, access and manage that information. Our methods meet GDPR compliance requirements.
Email Marketing Messages and Subscription
Under GDPR, we use consent as a lawful basis to send email marketing and subscription messages to anyone subscribed to our newsletter or marketing mailing list. Any email marketing messages we send are done so through an EMS, or email marketing service provider. An EMS is a third-party service provider of software / applications that allow marketers to send out email marketing campaigns to a list of users.
Email marketing messages that we send may contain tracking beacons / tracked clickable links or similar server technologies in order to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of data, such as times; dates; IP addresses; opens; clicks; forwards; and geographic and demographic data. Such data, within its limitations, will show the activity each subscriber made during that email campaign.
Any email marketing messages we send are in accordance with GDPR and the PECR. We provide you with an easy method to withdraw your consent (unsubscribe) or manage your preferences / the information we hold about you at any time.