Data Protection Privacy Notice for Patients
Patient Privacy Notice
(Private & NHS Dental Patients)
Atkinson & Ooi Ltd T/A London Road Dental Practice is an independent dental practice providing a range of dental treatments on a private and NHS basis. Our practice team, which consists of employed and self-employed individuals, work together to ensure our patient’s data is protected.
This privacy notice outlines how we handle patient information according to the UK GDPR and Data Protection Act 2018 (DPA18).
Name: | Ee Ying Ooi |
Address: | 1A Blackcross, Chippenham, SN15 3LD |
Phone Number: | 01249 446 568 |
Email: | hello@londonroaddental.co.uk |
We have appointed Data Protection Officer who can be contacted using the details above.
Collecting Your Personal Data
The majority of your personal data we process is collected directly from you when you use our website, contact us and attend the practice in person.
Occasionally, we may collect your information from other sources such as
- Another dental professional that has treated you
- GP or hospital
- Carer, family member or partner
- Insurance or dental plan provider
- The NHS, a regulator or other authority, such as the Police.
- Your solicitor
- Online review platforms
We may receive data from other third parties, including online analytics providers like Google and advertising networks like Facebook.
The Types of Data We Collect & Our Purposes of Processing
The table below sets out the main types of patient information we process, why we use your data and the lawful basis for doing so.
Categories of Personal Data | Examples of Personal Data | Purposes of Processing Personal Data | Lawful Basis under UK GDPR and DPA18 |
Personal Identifiers | Name, Contact Details, Patient Reference number, NHS number, date of birth, signatures, photos and videos (non-clinical purposes). | 1. Add you as a new patient to our system and keep your record up-to-date. 2. Contact you in connection with your treatment and manage our relationship with you; this includes sending you recall and appointment reminders. 3. Send you marketing information. 4. Publishing and advertising the use of your video testimonials and before/after images. 5. Request your feedback and review of our services. | 1. Performance of a contract (in connection with private treatments), Public Task (in connection with NHS treatments). 2. Performance of a contract (in connection with private treatments), Public Task (in connection with NHS treatments), in our legitimate interest. 3. Consent, in our legitimate interest. 4. Consent. 5. In our legitimate interest. |
Family Details | Next of kin, and details of any guardians, carers and representatives. | 1. Contact them in an emergency. 2. Contact them about your care if they are responsible for looking after you. | 1. Vital interest, consent. 2. Contract (In connection with private treatments), Public Task (in connection with NHS treatments)Consent. |
Financial details | Details of any payments you make or need to make to us, your debit and credit card information, and if applicable, your bank account details. | 1. Process any payments you make or need to make to us. 2. Recover any debts due to us. | 1. Contract (In connection with private treatments), Public Task (in connection with NHS treatments). 2. In our legitimate interest. |
Technical data | Data about your use of our websites such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website, social media channels and patient portal. | 1. Analyse how patients use our online services to develop them, grow our practice, and progress our marketing strategies. 2. Administer and protect our practice, social media channels, website, deliver relevant online content and advertisements to you, and understand our advertising effectiveness. 3. Detect and identify whether an individual has used the practice’s guest WI-FI network to conduct unlawful activities. | 1, 2. In our legitimate interest. 3. In our legitimate interest, Legal obligation. |
Communication data | General personal data contained in emails, comments on our social media posts, letters, instant/direct messages. | 1. To investigate and respond to a complaint, query or feedback you may have. 2. Provide evidence required to establish a legal defence or regulatory enquiry. | 1, and 2 In our legitimate interest, Public Task (in connection with NHS treatments), Establishment, exercise or defence of legal claims. |
Life information | Where required, we may need to ask about your occupation, hobbies, state benefit status, whether you are pregnant/new mother and whether you’re a pensioner or student on a low income. | 1. For the assessment and diagnosis of your dental health to administer care and treatment, including prescription and referral. 2. To understand and manage where you are entitled to receive free treatment. | 1. Necessary for your dental and orthodontic treatment and the administration of it. 2. Public Task (in connection with NHS treatments) |
Health Data | Medical and dental histories, lifestyle questions (e.g. alcohol and tobacco use), x-rays, clinical photographs, digital scans of your mouth and teeth, study models, treatment plans, patient understanding exercises, recorded communications (e.g. voice messages, video calls, instant messages, letters and emails), clinical notes made by our clinical staff and other dental professionals involved in your care and treatment, information of any health and safety incident you have been involved in. | 1. For the assessment and diagnosis of your dental health to administer care and treatment, including prescription and referral. 2. To establish a legal defence in the event of a claim or regulatory investigation. 3. For clinical and peer review to assess equality and the level of care provided to patients visiting the practice. 4. To record and manage a health and safety incident that has occurred on the premises which may be used for insurance purposes and/or to establish a legal defence | 1. Necessary for your dental and orthodontic treatment and the administration of it. 2. Establishment, exercise or defence of legal claims. 3. Necessary for your dental and orthodontic treatment and the administration of it. Substantial Public Interest – Equality. 4. Legal obligation, Legal defence, Substantial Public Interest (Insurance). |
Ethnicity Information | Where relevant to your care, we may need to process your ethnic group and language. | 1. Understand your cultural, religious and language needs, identify any patients at risk. 2. Comply with the law setting out the practice’s a duty to promote equality. | 1. Necessary for your dental and orthodontic treatment and the administration of it. 2. Substantial Public Interest – Equality. |
Religious and philosophical beliefs | Where relevant to your care, such as fasting or abstaining from certain types of treatments. | 1. For the assessment and diagnosis of your dental health to administer care and treatment, including prescription and referral. 2. Comply with the law setting out the practice’s a duty to promote equality. | 1. Necessary for your dental and orthodontic treatment and the administration of it. 2. Substantial Public Interest – Equality. |
Where necessary, we may need to share your data with third parties for safeguarding purposes. Depending on the circumstances, we will share your data where we have your consent or are required under a public interest or legal obligation or where an exemption applies under the Data Protection Act 2018.
The practice and your treating clinician must collect and process your personal data to diagnose your dental health, refusal to provide personal data relating to this purpose will directly impact our ability to continue any further treatment at the practice.
As providers of NHS dental treatment, we are required to collect additional information as part of the public task assigned to us under the NHS dental contract.
Withdrawing Consent
The above table sets out where we rely on your consent to process your personal data. You can request to withdraw your consent for these purposes by contacting the practice using the contact details found at the top of this notice.
How We Store Your Data
We store your data in the following formats and locations:
- On-premise manual record filing systems
- On-premise computers and server systems
- Cloud-based server systems
- Portable electronic devices
- Off-premises digital data backups
Determining How Long We Keep Your Data
We will store your personal data for as long as it is necessary to fulfil the purposes for which it was collected. We may also need to retain it to comply with legal obligations, regulatory guidance/codes of practice, resolve disputes and legal claims, as well as for other reasons that are specified at the time of collection.
For determining whether personal data should be deleted or destroyed we’ll consider the amount of and sensitivity of the personal data we have, the amount of harm that could be caused by a data breach, the benefits of the purposes for which we’re using the data and any legal requirements that we are bound to.
Sharing Your Personal Data
Your information is mostly handled internally by staff employed by the practice and self-employed dental professionals responsible for treatments you receive at the practice.
Where we required we will may need to share you data with third parties or suppliers, such as:
- Your GP
- Another hospital, community dental service or other health professional caring for you
- Private dental plan of which you are a member (if applicable)
- Dental labs
- Finance companies concerning any payment plan related to your treatment(s)
- The General Dental Council and other healthcare regulators
- Relevant NHS entities such as the NHS Business Services Authority (NHSBSA)
- Any professionals advising us or you, such as consultants, lawyers and insurance companies
- Marketing consultants
- Our IT system providers
- Your next of kin, such as in an emergency
- Pharmacists
- Social services and safeguarding organisations
- Translators or interpreters if required to make use of our services
- Debt recovery services providers
- A third party who buys us or intends to buy us (for due diligence purposes).
When sharing your data we ensure to justify the purpose, disclose on a need-to-know basis and use the minimum necessary information
If required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC, other law enforcement or government agencies.
International Transfer of Personal Data
Where we transfer your data to third parties outside of the UK, ensure that your data is protected in a manner that is consistent with how your personal data will be protected by us in the UK. This can be done in the following ways:
- We may transfer your personal data to countries that the UK has approved as providing an adequate level of protection for personal data by; or
- Where we have established specific contractual clauses approved by the European Commission, giving personal data the same protection it has in Europe.
If none of the above safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Knowing Your Information Rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Depending on the nature of the request we may need to ask you to provide further information to verify your identity and/or better understand your request.
How To Complain
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this notice.
If you are dissatisfied with our response or prefer to lodge your complaint with them directly you can do using the details below.
NHS Data Opt-out
Being part of the NHS means we are required to inform you of how the NHS uses your data for additional purposes and how you can opt-out of this arrangement.
The information acquired about you when you use NHS services can be used and shared with other organisations for purposes other than your personal care, such as to assist with:
- improving the quality and standards of care provided
- research into the development of new treatments
- preventing illness and diseases
- monitoring safety, and
- planning services.
All these applications contribute to your, your family’s, and future generations’ better health and care. Confidential patient information concerning your health and care is only used in this manner where permitted by law.
In most cases, anonymised data is utilised for research and planning, however, if you don’t want your sensitive patient information to be used in this way, you can opt out.
Visit www.nhs.uk/your-nhs-data-matters for additional information and to register your choice to opt out.