The practice aims to meet the requirements of the Data Protection Act 2018, the United Kingdom General Data Protection Regulation UK GDPR, the guidelines on the Information Commissioner’s (ICO) website as well as our professional guidelines and requirements.
The data controller is Sualeh Khan the Information Governance Lead is Kevin Evans who is also the Data Protection Officer.
To provide you with a high standard of dental care and attention, we need to hold personal information about you. These personal data include:
- your past and current medical and dental condition; personal details such as your age, address, telephone number and your general medical practitioner
- radiographs, clinical photographs and study models
- information about the treatment that we have provided or propose to provide and its cost
- notes of conversations/incidents about your care, for which a record needs to be kept
- records of consent to treatment
- correspondence with other health care professionals relating to you, for example in the hospital or community services.
- statistical data about your browsing actions and patterns – including the full URL clickstream to, through and from our site (including date and time); services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page
How we obtain information
You may give us information about you through the following:
- Completing forms at our practice or online via our website, or patient portal.
- Corresponding with us via phone, e-mail, letter or SMS.
Why do we hold information about you?
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care. We also need to process personal data about you in order to provide care and to ensure the proper management and administration.
The purpose of which we use your information
The categories of data we process are:
- Personal data for the purposes of direct mail/email/text/other marketing for example, patient treatment reminders, treatment report and planning, service improvements and account management
- Special category data including health records for the purposes of the delivery of health care
- Special category data including health records and details of criminal record checks for managing employees and contracted team members
- We may use your contact details to inform you of products and services available at our practices.
Who is your information shared to?
To provide proper and safe dental care, we may need to disclose personal information about you to:
- your general medical practitioner
- the hospital or community dental services
- other health professionals caring for you
- private dental schemes of which you are a member
- debt collection providers
Disclosure will take place on a ‘need-to-know’ basis. Only those individuals/organisations that need to know in order to provide care to you – or in order to ensure the proper administration of Government (whose personnel are covered by strict confidentiality rules) – will be given the information. Only the information that the recipient needs to know will be disclosed.
In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.
Where possible you will be informed of these requests for disclosure.
How we keep your information safe
Your protection and security of your data is paramount. We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.
- Password protection
- Locked cabinets/rooms
- Practice security systems
- Virus protection
- Secure servers
- Back-up facilities
- Secure cloud-based storage
How long will we keep your information?
We keep your dental records for at least eleven years or, for children, until age 25, whichever is the longer. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
You have the following personal data rights:
The right to be informed – Keeping you connected with appointment and treatment reminders, and any new changes to the practice that could affect you
The right of access – You have a right to access the information that we hold about you and to receive a copy
The right to rectification – You have a right to correct any information that you believe is inaccurate or incomplete. Please contact the practice to request a change in information.
The right to erasure – You have a right to request that we delete your personal information, although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). Please contact the practice to make this request.
The right to restrict processing – You have the right to request us to restrict the processing of your personal information for example, sending you reminders for appointments or information about our service. Please contact the practice to make this request.
The right to data portability – You have a right to data portability, this could include supplying your information to another dentist. Please contact the practice to make this request.
If you are not a patient of the clinic you have the right to withdraw consent for processing personal data, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.
Comments, suggestions & concerns
Please contact the IG Lead at the practice for a comment, suggestion or a complaint about your data processing at [email protected], or 023 8073 8787 or by writing to or visiting the practice at Fleming Avenue, North Baddesley, Southampton, Hampshire, SO52 9EP.
We take complaints very seriously.
If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113.