Privacy Policy

What is personal data?

Personal data refers to any information related to a living individual who can be directly or indirectly identified through specific details such as their name, National Insurance (NI) number, email address, or physical features. It encompasses both factual data (such as contact details or date of birth) and opinions about an individual’s actions or behaviour. Additionally, personal data can have an impact on an individual in either a personal or business context.

Under data protection law, personal data is categorised into two main types:

1. 1. Ordinary personal data: This includes general information that does not fall into the special category. For instance, contact details or employment history.
   2. Special category personal data: This category covers sensitive information that reveals aspects like racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life, sexual orientation, or biometric/genetic data used for identification purposes.

Remember, special category personal data requires extra protection due to its sensitive nature, while ordinary personal data is more commonplace and less sensitive.

Data Protection Principles

We are committed to the following principles to continue to abide by the regulatory requirements:

1. 1. Lawful and Transparent Use: Personal data is handled lawfully, fairly, and transparently.
   2. Valid Collection and Purpose: Data is collected for specific, clearly explained purposes and not used in ways incompatible with those purposes.
   3. Relevance and Limitation: Data is relevant to the advised purposes and limited solely to those purposes.
   4. Accuracy and Currency: Efforts are made to keep data accurate and up to date.
   5. Necessary Retention: Data is retained only as long as necessary for the advised purposes.
   6. Secure Storage: Data is stored securely to prevent unauthorised access or breaches.

Information We Use

Patient data will be collected, processed, stored, and shared where necessary, including but not limited to the below:

Contact Details

• • • Title, first name, surname, preferred name, address, post code, mobile number, alternate contact number, personal and work email addresses. GP contact details 
    • Characteristics information (such as gender, age and date of birth) 
    • National insurance number, NHS number, unique identification number 
    • Next of kin and their contact number, relationship to the patient and if they are a patient at the practice 
    • Occupation

Dental and Health Records

• • • Clinical records made by dentists and other dental professionals involved with a patient’s care and treatment 
    • Notes of conversations with a patient about their care 
    • Communication records with patients such as letters and emails 
    • X-rays, clinical photographs, digital scans of a patient’s mouth and teeth, and study models 
    • Treatment plans and Consent 
    • Correspondence from other health professionals or institutions involved in a patient’s care 
    • Medical and dental history 
    • Dates of a patient’s appointments and reminders 
    • Details of any complaints and or feedback that a patient has made and how these complaints were dealt with

Financial Information

• • • Information about the fees we have charged, the amounts a patient have paid and some payment details 
    • Exemption details (NHS only)

Security Information

• • • CCTV images

Technical Data

• • • Data gathered from a patient’s use of our website with the use of Cookies.

Purposes of Processing Data

Clinical Records and Treatment:

• • Maintain clinical records.
  • Provide dental treatment, prevention, and oral health advice.

Patient Referrals:

• • Refer patients to other dentists, doctors, and health professionals as needed.

Financial Transactions:

• • Handle financial transactions and debt recovery.

Compliance and Communication:

• • Share information with the General Dental Council or other relevant authorities as required by law.
  • Communicate with patients:
    • Understand their preferred communication methods.
    • Provide appointment reminders, treatment plans, and estimates.
    • Coordinate dental appointments and care.
    • Contact next of kin in emergencies.
    • Inform patients about products and services available at Regent Dental Care practices.
    • Conduct patient surveys for quality control and improvement.

Marketing and Safety:

• • Analyse marketing effectiveness.
  • Ensure safety at dental practices with CCTV.

Dental Research and Education:

• • Discuss dental research or education with patients.
  • Seek patient consent and anonymize information when possible.
  • Explore options if anonymization is not feasible.

Lawful Basis for Processing Personal Data and Special Category Data

1. 1. Processing based on the legitimate interests of the dental practice.
   2. Contractual Obligations (Processing necessary for the performance of a contract with a patient or to initiate a contract)
   3. Processing based on patient consent.
   4. Legal Obligations (Processing to comply with Regent Dental Care’s legal requirements)

1. 5. Necessary processing for health care purposes. 
   6. Legal Obligations and Equality (Processing related to legal obligations or promoting equality among different groups)
   7. Explicit Consent from customer in limited circumstances.

If we seek a patient’s consent for specific data processing (e.g., notifications, newsletters, surveys, or marketing), the patient has the right to withdraw consent. They can do so by contacting the Practice Manager in writing. Upon notification of withdrawal, we will cease processing for the specified purpose or purposes originally agreed upon by the patient.

Automated processing

Automated processing, which includes profiling, refers to making decisions using computer algorithms without human involvement. These decisions can have significant effects on individuals. However, there are specific rules governing such processes:

Explicit Consent:

Automated decision-making is generally prohibited unless:

• • The data subject (the individual) has explicitly consented.
  • The processing is authorised by law.
  • The processing is necessary for a contract.

Special Categories of Data:

If certain sensitive data (such as health information or criminal convictions) is processed, grounds (b) or (c) may not apply. However, processing can still occur if it is necessary for substantial public interest (e.g., fraud prevention).

Solely Automated Decisions:

When decisions are based solely on automated processing (including profiling), patients must be informed of their right to object. This right must be clearly presented, separate from other information. Patients also have the right to understand the logic behind the decision and to request human intervention or challenge it.

Data Protection Impact Assessment:

Before undertaking any automated processing or decision-making, a thorough assessment of its impact on privacy and rights must be conducted.

In summary, while automated processes offer efficiency, safeguards are essential to protect individuals’ rights and freedoms. Regent Dental Care must adhere to these guidelines when implementing automated systems.

Data Sharing

A patient’s information typically remains within the confines of a dental practice, accessible only to those working there. However, there are scenarios where Regent Dental Care may need to share this information with various entities. Here are some examples:

1. 1. Health Professionals: Regent Dental Care may share patient information with a patient’s doctor, hospital, or community dental services when necessary for their care.
   2. Specialist Services: If a patient is referred to specialist dental or medical services, their information may be shared.
   3. Dental Laboratories: Information might be shared with dental laboratories for specific procedures.
   4. NHS Authorities: This includes NHS payment authorities and the NHS Business Services Authority (NHSBSA).
   5. Regulatory Authorities: Entities like the General Dental Council, Care Quality Commission, and other regulatory bodies may receive relevant information.
   6. Health Boards: Information could be shared with NHS Health Boards.
   7. Private Dental Schemes: For patients who are members of private dental schemes.
   8. Debt Collection Companies: In cases related to outstanding payments.
   9. Law Enforcement and Insurance Companies: For legal or insurance purposes.
   10. Potential Practice Sale: If the practice is sold in the future.
   11. Patient’s Best Interest or Safety: When it is in the patient’s best interest or if there are concerns about their safety.
   12. Third-Party Services: To manage new inquiries, appointment reminders, online bookings, patient feedback, email communications, and IT system support.

Remember that patient privacy and rights are always safeguarded, and any sharing of information is done with due diligence and care

• • Regent Dental Care shares patient information only on a need-to-know basis and limits the details shared to the minimum necessary.
  • They have agreements with third parties to safeguard patient information.
  • Third-party providers can’t use patient data for their own purposes; they process it only as instructed by Regent Dental Care.
  • Personal information is shared only with Regent Dental Care or authorised sub-processors.
  • In specific situations or as required by law, patient information may be disclosed to unrelated parties, such as HMRC or law enforcement agencies.

National Opt Out Policy

When you visit Regent Dental Care for NHS dental services, they collect and store your personal information in your patient record. This helps ensure you receive the best care and treatment. But it doesn’t stop there! The information they gather can also be used by other organisations to improve health and care for you, your family, and future generations. Here’s how:

1. 1. Quality Improvement: They use the data to enhance the quality and standards of care provided.
   2. Research: Information contributes to research for developing new treatments.
   3. Illness Prevention: It helps prevent illnesses and diseases.
   4. Safety Monitoring: They keep an eye on safety.
   5. Service Planning: Data assists in planning healthcare services.

Remember, your health information is confidential and protected by law. Most research and planning use anonymized data, so your identity remains private. If you’re okay with this, no action is needed. But if you prefer not to share your info, it’ll only be used for your individual care. You can manage your choice anytime at nhs.uk/your-nhs-data-matters.

Data Security

Regent Dental Care’s security measures to protect patient information:

1. 1. Access Control: Only authorised colleagues and self-employed associates with a legitimate need-to-know can access personal data. They are bound by confidentiality obligations.
   2. Encrypted Servers: Electronic records are securely stored on encrypted servers.
   3. Software Protection: Regularly updated antivirus, anti-malware software, and security patches safeguard against threats.
   4. Cloud Security: Secure cloud-based storage ensures data safety.
   5. Data Backup: Regular backups prevent data loss.
   6. Visitor Management: Strict security procedures, including CCTV, control access.
   7. Paper Files: Sensitive paper files are locked away with restricted key access.
   8. Secure Communication: Encrypted email and secure file sharing protect data shared externally.
   9. Due Diligence: Service providers undergo security checks, and Data Protection Impact Assessments are conducted when needed.
   10. Breach Response: Procedures are in place to handle suspected data breaches, including notifying patients and relevant authorities.

Regent Dental Care ensures that third-party service providers also follow these protective measures.

Transferring data internationally

When we send a patient’s digital data to third-party service providers outside the European Economic Area (EEA), they ensure proper safeguards are in place. Some service providers store data beyond the UK or EEA, especially for creating medical devices like crowns and dentures.

Data Retention

While you’re a patient at Regent Dental Care, we keep your dental records and orthodontic study models. After you’re no longer a patient, we retain this information for eleven years or until you turn 25, whichever is longer. These retention periods may change based on business or legal requirements.

Rights of access, correction, erasure, and restriction

By law, an individual has the right to the following under certain circumstances:

1. 1. Information: Individuals have the right to know how their personal data is collected and used.
      Regent Dental Care provides a privacy notice that explains how they process data.
   2. Access: Individuals can request a copy of their personal data (known as a “data subject access request”). This allows them to verify that Regent Dental Care processes their information lawfully.
   3. Rectification: If any personal information held by Regent Dental Care is incomplete or inaccurate, individuals can ask for corrections.
   4. Erasure: Individuals can ask Regent Dental Care to delete their personal data if there’s no valid reason for continued processing. This includes cases where consent is withdrawn or data is processed unlawfully.
   5. Restriction: Individuals can request the suspension of processing if they believe the information is inaccurate, no longer needed, or used unlawfully.
   6. Objecting to Processing: If an individual disagrees with how Regent Dental Care processes their personal information based on legitimate interests (or those of a third party), they have the right to object. This also applies if the processing is for direct marketing purposes.
   7. Portability: Individuals can request the transfer of their personal information to themselves. If Regent Dental Care has their permission to process this data, they can receive it in a portable format. They can also ask to send it directly to a third party (if technically feasible). However, Regent Dental Care isn’t responsible for how that third party uses the information. This right applies specifically to electronically processed data.
   8. Automated Decision Making and Profiling:

– Individuals have the right not to be solely subject to decisions based on automated processing (including profiling) that significantly affects them.

– Exceptions include decisions necessary for contracts, authorised by law, or based on explicit consent.

Rest assured, Regent Dental Care takes these measures seriously to protect your data!

Complaint on Data Processing

If you have any concerns or complaints about data processing by Regent Dental Care or if you believe that the handling of your personal information is unfair, misleading, or inappropriate, you may contact our Data Protection Officer via email at ———-.

Additionally, patients can seek advice from the Information Commissioner’s Office:

• • For England, Wales, and Northern Ireland: Visit Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or start a live chat or call their helpline at 0303 123 1113.
  • For Scotland: Contact Queen Elizabeth House, Sibbald Walk, Edinburgh EH8 8FT. Telephone: 0303 123 1115. Email: Scotland@ico.org.uk.

Changes to This Privacy Notice

This Privacy Notice undergoes an annual review, taking into account alterations in legal, regulatory, or contractual obligations, as well as shifts in business practices or organisational structure. Modifications to this notice may arise from audit findings, security incidents, risk assessments, improvement initiatives, or newly established objectives within Regent Dental Care.