Data Protection/ GDPR Practice Policy
Types of Personal Data
The practice holds personal data in the following categories:
- Patient clinical and health data and correspondence.
- Staff employment data.
- Contractors’ data.
- CCTV footage
- Telephone recording
Why we process Personal Data (what is the “purpose”)
“Process” means that we acquire, store, update and archive data.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Staff employment data is held in accordance with the Employment, Taxation and Pensions Law.
- Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says that we must tell you the following:
- We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. [Also, we must hold data on NHS care and treatment as it is a Public Task required by law].
- We hold staff employment data because it is a Legal Obligationfor us to do so.
- We hold contractors’ data because it is needed to Fulfil a Contract with us.
Who might we share your data with?
We will only share data if it is done securely and it is necessary to do so.
- Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data is also being stored for back-up purposes with our computer software and hardware suppliers.
- Patient date may be shared with Hitachi Finance (UK) if they proceed with the interest free credit payment option.
- Employment data will be shared with government agencies such as HMRC.
You have the right under Law to:
- Access information about the personal data we hold as well as details of why we hold it.
- Contact us directly to access a copy of your data that we hold: we will acknowledge your request and supply a response within one month or less.
- Check that the information we hold about you is correct and to make amendments if necessary
- Have your personal data erased in certain circumstances.
- Transfer your data to someone else if you instruct us to do so and it is safely and legally done.
- Tell us not to actively process or update your data in certain circumstances.
How long is the Personal Data stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. Data will be archived (stored without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts.
- We are legally obliged to store employment data for six years after an employee has left.
- We have an obligation to store contractors’ data for seven years after the end of the contract period.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Data Protection Officer, Vicky Heley (Area Manager) on 01582 869040 or email firstname.lastname@example.org and we will do our best to resolve the matter. In the unlikely event that your complaint is not addressed to your satisfaction, you can complain to the Information Commissioner at www.ico.org.uk/concernsor by calling 0303 123 1113.