Privacy Policy and Cookies

Brij Dhody Dental Practice and Bhylls Lane Limited trading as Brij Dhody Dental Practice, is referred to as ‘The Practice’

BACKGROUND & PRACTICE STATEMENT

The Practice understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all of our customers and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.  At the Practice we only use your personal information to provide individual care to you and we do not disclose your data for any other purpose, other than stated below. The Practice is currently compliant with the national data opt-out policy. For further information – please feel free to ask to see a copy of our Practice Policies.

We are a Data Controller under the terms of the UK GDPR and Data Protection Act 2018.

At the Practice, so we can provide your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it. Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.

Dr Brij Dhody is responsible for keeping secure the information about you that we hold.

Our Data Protection Officer, Mrs Helen Bates ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly.

Information About Us

Brij Dhody Dental Practice and Bhylls Lane Limited trading as Brij Dhody Dental Practice, Registered in England & Wales: 074770450
Address: 2 Bhylls Lane, Wolverhampton WV3 8DH
Data Protection Officer: Helen Bates
Email address: info@brijdhodydentalpractice.co.uk
Telephone number: 01902 766287
Postal address: 2, Bhylls lane, Merry Hill Wolverhampton WV3 8DH

Bhylls Lane Limited, trading as Brij Dhody Dental Practice is an Appointed Representative of Citrus Compliance. Citrus Compliance is a trading name of Andrew Smith which is authorised and regulated by the Financial Conduct Authority.

What Does This Notice Cover?

This Privacy Information explains how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data.

What Is Personal Data?

Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.

The personal data that we use, is outlined later on below.

What Are My Rights?

1. The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions.
2. The right to access the personal data we hold about you. Please see right to access personal data below, which will tell you how to do this.
3. The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete.
4. The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold.
5. The right to restrict (i.e. prevent) the processing of your personal data.
6. The right to object to us using your personal data for a particular purpose or purposes.
7. The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
8. The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
9. Rights relating to automated decision-making and profiling. We do not use your personal data in this way.

It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.

Further information about your rights can also be obtained from the Information Commissioner’s Office or your local Citizens Advice Bureau.

What Personal Data Do You Collect and How?

We may collect and hold some or all of the personal and non-personal data set out below and using the methods set out below. We do not collect any personal data relating to criminal convictions and/or offences.

Data Collected

Identity Information including name, title, DOB. Contact information including address, email address, telephone number. Financial Data, including bank account details, payment card details.  By Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms (for example the Contact Us form on our website) or by corresponding with us by post, phone, email or otherwise. 

We hold personal information about you including your name, date of birth, national insurance number, NHS number, address, telephone number and email address. This information allows us to fulfil our contract with you to provide appointments. We will also use the information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and to make you aware of our services.  If you are under 16 years of age consent from a parent or guardian is obtained and applies to all sections of this document.

The Practice holds data in the following other categories:

1. Patient clinical and health data and correspondence.
2. Staff employment data.
3. Contractors’ data.

Dental Records

We may collect the following information about you:

• Information about your dental and general health, including
• Clinical records made by dentists and other dental professionals involved with your care and treatment
• X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
• Medical and dental histories
• Treatment plans and consent
• Notes of conversations with you about your care
• Dates of your appointments
• Details of any complaints you have made and how these complaints were dealt with
• Correspondence with other health professionals or institutions

Financial Information

We hold information about the fees we have charged, the amounts you have paid and some payment details. This information forms part of our contractual obligation to you to provide dental care and allows us to meet legal financial requirements.

Where your dental care is provided under the terms of the NHS, we are required to complete statutory forms to allow payments to be processed. This is an NHS requirement.

Why We Process Personal Data (What Is The “Purpose”)

“Process” means we obtain, store, update and archive data.

1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
2. Staff employment data is held in accordance with Employment, Taxation and Pensions law.
3. Contractors’ data is held for the purpose of managing their contracts.

What is the Lawful Basis for Processing Personal Data?

The Law says we must tell you this:

1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. [Also, we must hold data on NHS care and treatment as it is a Public Task required by law].
2. We hold staff employment data because it is a Legal Obligation for us to do so.
3. We hold contractors’ data because it is needed to Fulfil a Contract with us.

How Do You Use My Personal Data?

Under the Data Protection Legislation, we must always have a lawful basis for using personal data. Where you make an enquiry to use our services we will only collect data that will provide us with the information for us to complete your purchase.

Once you become a customer we will use your data for providing you with our support and to register you as a new customer. We will keep a copy of all email communications with you. Where we need additional information from we will request this from you. Where we need it for any other reason we will notify you of this.

With your permission and/or where permitted by law, we may also use your personal data for marketing purposes. You will not be sent any unlawful marketing or spam. We will always work to fully protect your rights and comply with our obligations under the Data Protection Legislation and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out. We will always obtain your express opt-in consent before sharing your personal data with third parties for marketing purposes and you will be able to opt-out at any time.

We will only use your personal data for the purpose(s) for which it was originally collected unless we reasonably believe that another purpose is compatible with that or those original purpose(s) and need to use your personal data for that purpose. If we do use your personal data in this way and you wish us to explain how the new purpose is compatible with the original, please contact us.

If we need to use your personal data for a purpose that is unrelated to, or incompatible with, the purpose(s) for which it was originally collected, we will inform you and explain the legal basis which allows us to do so.

In some circumstances, where permitted or required by law, we may process your personal data without your knowledge or consent. This will only be done within the bounds of the Data Protection Legislation and your legal rights.

To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.

We will share your information with the NHS and Denplan (Simply Health) in connection with your dental treatment.

We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes.

We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or letter. (We have a secure encrypted NHS email address)

We may use your contact details for the text messaging service we offer to remind you of your appointments.

We have CCTV at the practice to help ensure:

• Protect the practice premises and property
• Increase the safety of patients, staff and visitors
• Deter criminal activity and anti social behaviour
• Assist in the apprehension, identification and prosecution of offenders
• Provide evidence to a court or tribunal
• Comply with legal obligation
• Please see our policy on CCTV for further details.

How Long Will You Keep My Personal Data?

We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

We take precautions to ensure security of the practice premises, the practice filing systems and computers.

We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.

We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. By law we have to keep all information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for regulatory purposes. We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend. We keep your clinical records for a minimum of 11 years and maximum of 30 years after the date of your last visit to the practice or until you reach the age of 25 years, whichever is the longer.

We must store staff employment data for six years after an employee has left.

We must store contractors’ data for seven years after the contract is ended.

How and Where Do You Store or Transfer My Personal Data?

We will only store your personal data in the UK. This means that it will be fully protected under the Data Protection Legislation.

We ensure that your personal data is protected under binding corporate rules. Binding corporate rules are a set of common rules which all our group companies are required to follow when processing personal data. For further information, please refer to the Information Commissioner’s Office.

The security of your personal data is essential to us and to protect your data, we take a number of important measures, including the following:

• limiting access to your personal data to those employees, agents, contractors, and other third parties with a legitimate need to know and ensuring that they are subject to duties of confidentiality.
• Procedures for dealing with data breaches (the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, your personal data) including notifying you and/or the Information Commissioner’s Office where we are legally required to do so.

Do You Share My Personal Data?

Bhylls Lane Limited t/a Brij Dhody Dental Practice may share your details with Citrus Compliance who is our AR principal firm. We may share personal names, addresses and email address, along with any documents in relation to finance taken for any treatment you may have received. We may share additional information if it is requested. We share these details as Citrus Compliance conduct monitoring and compliance on behalf of Bhylls Lane Limited as we are an appointed representative of the principal firm. We are required to undergo regular audits, and we are obliged to share your details with Citrus Compliance when we are requested to do so. Any data we share is shared in accordance with our data protection policy. Please refer to the practice data protection policy. You can contact Citrus Compliance on 0800 688 9935 or admin@citruscompliance.co.uk should you wish to discuss any data shared with them. Citrus Compliance is a trading name of Andrew Smith and you can search them on the FCA register using firm reference number 826675.

If any of your personal data is shared with a third party, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party’s obligations under the law, as described above.

If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.

In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.

We can only share data if it is done securely and it is necessary to do so. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes with our computer software suppliers who will also store it securely. Patient data with Service Company and Clinical software suppliers to facilitate dental care and appointment reminders.

Sharing information

Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:

• Your doctor
• The hospital or community dental services or other health professionals caring for you.
• Referrals to hospitals/ Consultants/other Specialist Dental Practices/Orthodontic labs or Clinics to provide your care.
• NHS payment authorities
• The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
• Dental laboratories
• Debt Collection agencies
• Private dental schemes of which you are a member.
• We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary.

Staff Employment data will be shared with government agencies such as HMRC.

How Can I Access My Personal Data?

If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.

All subject access requests should be made in writing and sent to the email or postal address.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.

We will respond to your subject access request within one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.

All requests should be made by in writing to our data protection officer (DPO) Mrs Helen Bates.

Changes to this Privacy Notice

We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.

This Privacy Notice was last updated on 30^th August 2024

If you do not agree

If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.

Complaints

If you have any concerns about our use of your personal information, you can make a complaint to us as follows:

Please write to our Data Protection Officer -Mrs H Bates, at Brij Dhody Dental Practice, 2 Bhylls Lane, Wolverhampton, WV3 8DH. 
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF Helpline number: 0303 123 1113 ICO website: https://www.ico.org.uk

USEFUL INFORMATION DOWNLOADS

You can download the following useful information

• Data Protection Policy
• Leaflet on Data Protection Policy & Access to your Health Records
• National Data opt-out document – if you wish to opt-out

Issued by B Dhody
Update Issued 30.8.24

This document applies to:
Brij Dhody Dental Practice
and Bhylls Lane Limited trading as Brij Dhody Dental Practice.