Bay House Dental Practice is a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation and processes data in order to provide healthcare services to our patients.
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.
Types of Personal Data
The practice holds personal data in the following categories:
- Patient clinical and health data and correspondence.
- Staff employment data.
- Contractors’ data
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Staff employment data is held in accordance with Employment, Taxation and Pensions law.
- Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
- We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. [Also, we must hold data on NHS care and treatment as it is a Public Task required by law].
- We hold staff employment data because it is a Legal Obligation for us to do so.
- We hold contractors’ data because it is needed to Fulfil a Contract with us.
Who might we share your data with?
We can only share data if it is done securely and it is necessary to do so.
- Patient data including your contact details and any sensitive data that includes your medical dental records may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or hospital or you need laboratory work undertaken). Patient data may also be stored for back-up purposes with our computer software suppliers who may also store it securely and that may be overseas. We also use a third party on-line data back-up who use encrypted security.
- Your authorised carers (parents if under 16 years old), advisors or trustees.
- NHSA Business Services Authority if you undergo NHS Dental treatment. They require some personal data and some sensitive data about the treatment you may have received when we advise them of the treatment we have provided for you.
- Third party patient management companies such as Simply Health Professionals (Denplan) who administer payment plans.
- Some personal data may be needed but not retained by our IT software management company in the day to day management of our practice data software.
- Personal Healthcare Insurance companies that may require treatment information with your permission.
- Employment personal data will be shared with government agencies such as HMRC, Department of Work and Pensions, Pension Providers, our accountants who provide our payroll data and Healthcare Regulators.
- Contractor data for day to day Practice Management.
- Some of your contact data with your informed consent for any marketing programmes that we may action.
You have the right to:
- The right to be informed about the personal data we hold about you and why we hold it.
- The right to access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
- The right to rectification and to check the information we hold about you is correct and to make corrections if not
- The right to have your data erased in certain circumstances.
- The right to data portability allowing us to transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
- The right to restrict processing of your data and tell us not to actively process or update your data in certain circumstances.
- The right to object. This gives you the right to object to the use of all or some of your data.
- The right not to be subject to automated decision-making including profiling.
How long is the Personal Data stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend.We will destroy your records securely after 11 years unless we have any legal or clinical requirement for us to keep your medical dental records.
- We must store employment data for six years after an employee has left.
- We must store contractors’ data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Data protection Officer, who is Sian Dugdale and we will do our best to resolve the matter.If this fails,you can complain to the Information Commissioner at www.ico.org.uk/ by calling 0303 123 1113.