Privacy Policy

CHURCH ROAD DENTAL PRACTICE

 We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation.

This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.

Types of Personal Data

The practice holds personal data in the following categories:

  1. Patient clinical and health data and correspondence.
  2. Staff employment data.
  3. Contractors’ data.

Why we process Personal Data (what is the “purpose”)

“Process” means we obtain, store, update and archive data.

  1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
  2. Staff employment data is held in accordance with Employment, Taxation and Pensions law.
  3. Contractors’ data is held for the purpose of managing their contracts.

What is the Lawful Basis for processing Personal Data?

The Law says we must tell you this:

  1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. [Also, we must hold data on NHS care and treatment as it is a Public Task required by law].
  2. We hold staff employment data because it is a Legal Obligation for us to do so.
  3. We hold contractors’ data because it is needed to Fulfil a Contract with us.

Who might we share your data with?

We can only share data if it is done securely and it is necessary to do so.

  1. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken).
  2. Employment data will be shared with government agencies such as HMRC. Employment data is also shared with Accountants Martin Evans & Partners .
  3. Certain Orthodontic Treatment patient data, including photographs is held in a secure, encrypted “ Dropbox “ and backed up on a secure server that is certified under the EU-US Privacy Shield framework. This data is only used for treatment purposes and is not shared or used for marketing.
  4. Patients who are a member of the Denplan Scheme do have their data stored by Simplyhealth Professionals. Details of their data protection policy can be accessed in our data protection file.

This privacy policy was updated on 23 May 2018. If you have any questions, please contact the practice on 0117 9540 351.