Privacy Notice

Privacy Notice


Privacy Notice for Somerhill Dental Practice for Patient Data.

This Privacy Notice is a shortened form of our Privacy Policy and any patient who wishes to have a copy of our full Policy should ask Kate Attwood.

Somerhill Dental Practice takes great care to protect the personal data we hold for you in line with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

The purpose of collecting and storing personal data about you is to ensure we can:


  • Provide, appropriate, safe and effective dental care, treatment and advice for you.

  • Fulfil any contracts we hold in relation to your care.

  • For business administration of your care.


Personal data held for our patients.

The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for you includes:

  • Name, address, date of birth.

  • Unique identification number.

  • Next of kin.

  • Email address.

  • Phone numbers.

  • GP contact details.

  • Occupation.

  • Medical history.

  • Dental care records.

  • Photographs.

  • Family group.

  • Payment plan details.

  • Financial information.

  • Credit cards receipts.

  • Correspondence.

  • Details of any complaints received.


We keep an inventory of personal data we hold on our patients and this is available on request.

Disclosure to third parties

The information we collect, and store will not be disclosed to anyone who does not need to see it.

We will share your personal information with third parties when required by law or to enable us to deliver a service to you or where we have another legitimate reason for doing so. Third parties we may share your personal information with may include:

  • Regulatory authorities such as the General Dental Council or the Care Quality Commission.

  • NHS Local Authorities.

  • Dental payment plan administrators.

  • Insurance companies.

  • Loss assessors.

  • Fraud prevention agencies.

  • In the event of a possible sale of the practice at some time in the future.



We may also share personal information where we consider it to be in a patient’s best interest or if we have reason to believe an individual may be at risk of harm or abuse.

Personal privacy rights

Under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, you have the following personal privacy rights in relation to the information we hold about you:

  • Access to and copies of your records.

  • Have inaccuracies deleted.

  • Have information about you erased. This should be seen in light of the need to keep records about your dental care in case you have any problems in the future.

  • Object to direct marketing.

  • Restrict the processing of your information, including automated decision-making.

  • Take your data to another dental practice or anywhere else.


Patients who wish to have inaccuracies deleted or to have information erased must speak to the dentist who provided or provides their care.

Legal basis for processing data held about patients

The GDPR requires us to state the legal basis upon which we process all personal data for our patients and it requires us to inform you of the legal basis on which we process your personal data.

The legal basis on which we process personal information for our private patients is:

Consent: the processing is necessary for us to comply with the law (not including contractual obligations).

Contract: the process is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

Public Task: the process is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

Legitimate interest: the process is necessary for our legitimate interest or the legitimate interest of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.


The legal basis on which we process personal information for our payment plan patients is:

Consent: the processing is necessary for us to comply with the law (not including contractual obligations).

Contract: the process is necessary for a contract we have with the individual, or because they have asked us to take specific steps before entering into a contract.

Public Task: the process is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

Legitimate interest: the process is necessary for our legitimate interest or the legitimate interest of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.


The legal basis on which we process personal information for our NHS patients is:

Consent: the processing is necessary for us to comply with the law (not including contractual obligations).

Public Task: the process is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.

Legitimate interest: the process is necessary for our legitimate interest or the legitimate interest of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.


Automated decision making


You will be asked to opt into any processes involving automated decision making.


This includes:

Recalls for appointments via email,

Recalls for appointments via SMS,

Appointment reminders via email,

Appointment reminders via SMS,

Consent.


Somerhill Dental Practice will always obtain specific, opt in consent from you for direct marketing information. This will be done via our Clinipads.


We will also obtain specific, opt in consent from you for Direct Marketing.


If you are a new patient, we will obtain consent when you first attend the practice. If you are an existing patient, we will obtain consent when you attend for your recall appointment or for a treatment appointment. We will refresh this consent annually when you complete a new medical history proforma.


Withdrawal of consent


After you have given your opt in consent you have a right to withdraw your consent at any time.


Retention period


This practice retains dental records and orthodontic study models while you are a patient of our practice and after you cease to be a patient for at least eleven years or for children until age 25, whichever is the longer.


Complaints


You have a right to complain about how we process your personal data. All complaints concerning personal data should be made in person or in writing to [insert name]. All complaints will be dealt with in line with the practice complaints policy and procedures.


Your personal data is not transferred outside the EU.


This Privacy Notice was reviewed and implemented on 03/07/2019


It will be reviewed annually and is due for review on 03/07/20 or prior to this date in accordance with new guidance or legislative changes.