Home Meet Us How we can help Fees Contact Us

Suite 2B, Palmers House, 7 Corve St, Ludlow, Shropshire

01584 872892

Home

Corve St Family Dental Practice

We are a Data Controller under the terms of the Data Protection Act 2018 and the requirements of the EU General Data Protection Regulation.

This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.

Types of Personal Data

The practice holds personal data in the following categories:

1. Patient clinical and health data and correspondence.

2. Staff employment data.

3. Contractors’ data.

Why we process Personal Data (what is the “purpose”)

“Process” means we obtain, store, update and archive data.

1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.

2. Staff employment data is held in accordance with Employment, Taxation and Pensions law.

3. Contractors’ data is held for the purpose of managing their contracts.

What is the Lawful Basis for processing Personal Data?

The Law says we must tell you this:

1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively. [Also, we must hold data on NHS care and treatment as it is a Public Task required by law].

2. We hold staff employment data because it is a Legal Obligation for us to do so.

3. We hold contractors’ data because it is needed to Fulfil a Contract with us.

Who might we share your data with?

We can only share data if it is done securely and it is necessary to do so.

1. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes with our computer software suppliers who will also store it securely.

2. Employment data will be shared with government agencies such as HMRC.

Your Rights

You have the right to:

1. Be informed about the personal data we hold and why we hold it.

2. Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.

3. Check the information we hold about you is correct and to make corrections if not

4. Have your data erased in certain circumstances.

5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.

6. Tell us not to actively process or update your data in certain circumstances.

How long is the Personal Data stored for?

1. We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend.

2. We must store employment data for six years after an employee has left.

3. We must store contractors’ data for seven years after the contract is ended.

What if you are not happy or wish to raise a concern about our data processing?

You can complain in the first instance to our Data protection Officer, who is Mr A.Singleton. Tel 01584 87289 and we will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concerns or by calling 0303 123 1113.

Data Protection Policy

Corve St Family Dental Practice

1. General

The practice collects, holds, processes and shares personal data in accordance with the provisions of the General Data Protection Regulation and the Data Protection Act 2018. We have carried out and will review as appropriate, a Data Audit.

This Policy applies to personal data in the following categories:

 Patients’ Records, both current and past

 Employees’ data

 Contractors’ data - including dental registrants

2. Data Protection Principles

We shall ensure that Personal Data, including Special Data (health) will be:

 Processed lawfully, fairly and in a transparent manner

 Collected for specified, explicit and legitimate purposes only

 Adequate, relevant and necessary for the purpose

 Accurate and updated

 Kept for no longer than is necessary

 Processed in a secure manner and protected against loss, destruction or damage

3. Lawful Basis

Data will be held and processed under the following Lawful Basis:

 Patient Data and health records: for the Legitimate Interests of the practice in providing health care and treatment

 Employment records: as a Legal Obligation for the provision of Employment Terms and conditions and supply of data to HM Revenue and Customs and other statutory functions such as pensions and benefits

 Contractor Data: for the fulfilment of contracts

 CCTV Data: for the detection and prevention of crime

We will additionally secure the specific consent of patients for the provision of electronic communication under the Privacy and Electronic Communication Regulations 2011

4. Data Subjects’ Rights

We will ensure that the rights of Data Subjects are respected and maintained by:

 The issue and promotion of a Privacy Notice detailing data processed, its origin and any disclosures, the Lawful Bases for processing, and the rights of Data Subjects

 The maintenance of a Subject Access process and the appointment of A Singleton as Data Protection Officer to oversee that process and to advise on compliance

 A legitimate interest assessment ensuring individuals’ rights are balanced with the legitimate needs of the practice.

 A Data Retention schedule

 An Information Security policy

 A Data Breach Policy

 Contractual assurance of adequate safeguards if data is processed outside the European Union

5. Subject Access Requests

All data subjects may submit a request to be informed of the data we hold about them, its lawful basis and from whom it is/was obtained and to whom it may be disclosed. We will provide this information without charge and as soon as is reasonably possible and in any event within one month of a valid request being received. Access requests should be addressed (or forwarded without delay) to A Singleton.

6. Training and Compliance

We will ensure that all staff are aware of their duty of strict confidentiality regarding personal data, both professional and under the Data Protection law. We will provide training and assure compliance and will review and refresh training on a regular basis.

It is a condition of continuing employment that all staff are aware of, sign their acceptance of, and comply with, their obligations under this Policy. Any queries or concerns must be immediately addressed to A.Singleton. A breach of this Policy may amount to misconduct and result in disciplinary action. Serious or persistent breaches may result in dismissal.

7. Security of Data

The practice will publish and maintain an Information Security policy to assure against any loss, damage, unlawful disclosure or non-compliant erasure of data. All staff will be trained and advised of their obligations under this Policy.

Cookie Policy

Corve St Family Dental Practice

What are Cookies?

Your Privacy online is important to us. As is usual with the majority of websites, this site uses Cookies, which are small text files that are automatically downloaded to your computer in order to improve your browsing experience. In this Policy, we describe what information they collect, how we use it and why we sometimes need to store these Cookies. We will also share with you how to prevent Cookies of different kinds being stored, but please note that doing this may interfere with this website and its operation.

 For more information on Cookies, go to: www.AboutCookies.org

How we use Cookies

We use Cookies for a number of reasons which are set out in the sections below. Unfortunately, there are no standard options for disabling all Cookies completely without damaging the features they add to a website.

The Cookies we set

We only use “Strictly Necessary cookies”on our website

There are different types of Cookie. We use the definitions of the International Chamber of Commerce.

 (See: https://www.cookielaw.org/media/1096/icc_uk_cookiesguide_revnov.pdf)

1. Strictly Necessary Cookies

These Cookies are essential for you to be able to move around our website and use its features. They do not collect information that can be used to contact you outside this site, and they do not remain on your device after you have finished looking at this site (known as “session Cookies”).

2. Performance Cookies

These Cookies collect information about how visitors use our website, such as which pages are viewed, how often, and whether it is working well. This data is used only when aggregated and does not identify you as a single visitor. These Cookies may be sent to a third party, such as Google analytics so that we can see how many people (but not who they are) have used our site. These are also session Cookies.

3. Functionality Cookies

These Cookies allow our website to remember any preferences you have such as text size. They may also allow you to watch videos, blogs or access our social media pages, or to leave comments or messages for us. These Cookies may remain in place for a time after you have left our website (“Persistent” Cookies).

4. Targeting Cookies

These Cookies are used by third parties to deliver advertisements which are more relevant to you and measure how effective advertising campaigns are. These Cookies will also persist after you leave our website.

Privacy, Data Protection and Cookies

Home