We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation.
At Brij Dhody Dental so we can provide your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.
Mr Brij Dhody is responsible for keeping secure the information about you that we hold.
Our data protection officer, Mrs Helen Bates ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly.
Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.
“Process” means we obtain, store, update and archive data.
Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
The Law says we must tell you this:
We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. Also, we must hold data on NHS care and treatment as it is a Public Task required by law.
We can only keep and use information for specific reasons set out in the law. If we want to keep and use information about your health, we can only do so in particular circumstances. Below, we describe the information we hold and why, and the lawful basis for collecting and using it.
We hold personal information about you including your name, date of birth, national insurance number, NHS number, address, telephone number and email address. This information allows us to fulfil our contract with you to provide appointments. We will also use the information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and to make you aware of our services.
If you are under 16 years of age consent from a parent or guardian is obtained and applies to all sections of this document.
We may collect the following information about you:
- Information about your dental and general health, including
- Clinical records made by dentists and other dental professionals involved with your care and treatment
- X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
- Medical and dental histories
- Treatment plans and consent
- Notes of conversations with you about your care
- Dates of your appointments
- Details of any complaints you have made and how these complaints were dealt with
- Correspondence with other health professionals or institutions
We hold information about the fees we have charged, the amounts you have paid and some payment details. This information forms part of our contractual obligation to you to provide dental care and allows us to meet legal financial requirements.
Where your dental care is provided under the terms of the NHS, we are required to complete statutory forms to allow payments to be processed. This is an NHS requirement.
How we use your information?
- To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.
- We will share your information with the NHS and Denplan (Simply Health) in connection with your dental treatment.
- We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes.
- We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or letter. ( We have a secure encrypted NHS email address)
- We may use your contact details for the text messaging service we offer to remind you of your appointments.
We have CCTV at the practice to help ensure:
- Protect the practice premises and property
- Increase the safety of patients ,staff and visitors
- Deter criminal activity and anti social behaviour
- Assist in the apprehension, identification and prosecution of offenders
- Provide evidence to a court or tribunal
- Comply with legal obligation
Please see our policy on CCTV for further details.
We can only share data if it is done securely and it is necessary to do so.
Patient data may be shared with other healthcare professionals who need to be involved in your care. Patient data may also be stored for back-up purposes with our computer software suppliers, who may also store it securely overseas.
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
- Your doctor
- The hospital or community dental services or other health professionals caring for you.
- Referrals to hospitals/ Consultants/other Specialist Dental Practices/Orthodontic labs or Clinics to provide your care.
- NHS payment authorities
- The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
- Dental laboratories
- Debt Collection agencies
- Private dental schemes of which you are a member.
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Keeping your information safe
We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure security of the practice premises, the practice filing systems and computers.
We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.
We keep your records for 10 years after the date of your last visit to the Practice or until you reach the age of 25 years, whichever is the longer.
Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to:
- Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
- Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment.
- Stop using your information – for example, sending you reminders for appointments or information about our service.
- Supply your information electronically to another dentist.
- Stop using information if you believe the information is inaccurate or believe we are using your information illegally.
If we are relying on your consent to use your personal information for a particular purpose, you may withdraw your consent at any time and we will stop using your information for that purpose.
All requests should be made by in writing to our data protection officer (DPO) Mrs Helen Bates.
If you do not agree
If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.
If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).
Date: 21st Oct 2019
Review date: Oct 2020