Call us on: 020 8854 0573
Email us at: firstname.lastname@example.org
184 Upper Wickham Lane
SmileWelling Privacy Notice
- Data Controller: M S Darr – Practice Principal
Data Protection Officer: To be appointed
- Data is collected for purposes of safe health care provision. This is legally allowable for GDC registered dental surgeons and CQC registered practices
- Dental care can only be provided safely if detailed, accurate health and personal information is recorded.
- Personal details including occupation, welfare benefit, ethnicity, social and health information is recorded.
- Data is sent to the NHS Business Services Authority and occasionally NHS England
- Data is not sent abroad
- Records are retained for a minimum of 11 years and for children 11 years or up to the age of 25.
- Every patient has a right to access their data.
- By accepting NHS data you consent to data being shared with NHS Business Services Authority, Department of Work and Pensions, HM Revenue & Customs, Health & Social Care Information Centre, local authorities and bodies performing functions on their behalf. Health care provision is not possible without consent for data sharing by the NHS. Private health care will not require data sharing but does require consent for collection of personal and health data.
- Patients have the right to lodge a complaint with the ICO if you feel your data protection rights have been breached.
- Personal data will only come from patients directly or from referring practices.
- The provision of personal data is part of a statutory and contractual requirement and failure to provide accurate data will prevent provision of health care or result in penalties if financial data is inaccurate.
- The practice has no automated decision making or profiling programs, your data is not used for any third party marketing purposes. Data will be used for internal quality audits only.
We are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information. You can visit the Website without disclosing any information about yourself. We do not collect personal identifying information when you access the Website homepage and browse the Website without disclosing your personal data.
Data Protection and Data Security Policy
SmieWelling is registered with the Information Commissioner and we comply with the principles of the GDPR 2018 and other regulatory bodies and acts.
This registration is renewed every 12 months.
The data held at SmileWelling is:
• Obtained only for specified and lawful purposes (healthcare)
• Adequate, relevant and not excessive
• Accurate and up to date
• Kept for no longer than is necessary (in accordance with our retention policy)
• Processed in accordance with the rights of the data subjects
• Kept secure
(1) What information do we collect?
We collect data about patients who use our services that is relevant to their healthcare and that allows SmileWelling to deliver its services to our patients. We process personal information about our patients, customers, suppliers and employees.
The types of data we may collect are listed below and we will only use that data in ways relevant to carrying out our legitimate purposes and functions and in a way that is not detrimental to the interests of our patients or employees. SmileWelling will take particular care in the collection and storage of any personal sensitive data. Everyone working within SmileWelling has a legal duty to keep information about you confidential. Similarly, anyone who receives information from us has a legal duty to keep it confidential.
Collection of data:
The dental professionals caring for you keep records about your health and any treatment and care you receive from our practice. These records help to ensure that you receive the best possible care. They may be written down in paper records or held on computer. These records may include:
•Basic details about you such as name, address, date of birth, next of kin, etc.
•Contact we have had with you such as appointments.
•Notes and reports about your health, treatment and care.
•Results of x-rays.
•Relevant information from people who care for you and know you well such as health professionals and relatives.
•Financial information for payment of any treatments
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible.
2.How your personal information is used:
Your records are used to direct, manage and deliver the care you receive to ensure that:
•The dental professionals involved in your care have accurate and up to date information to assess your oral health and decide on the most appropriate care for you.
•Healthcare professionals have the information they need to be able to assess and improve the quality and type of care you receive.
•Your concerns can be properly investigated if a complaint is raised.
•Appropriate information is available if you see another dental professional, or are referred to a specialist.
•From time-to-time we may use your contact information to send you details of products and services offered in our practices that directly relate to your oral healthcare.
We do not process any data by automated decision making or profiling systems. Data is used for internal audits and not shared for third party marketing purposes.
We will retain your dental records while you are a practice patient and after you cease to be a patient, for at least eleven years or for children until age 25, whichever is the longer.
SmileWelling may disclose your personal information to third parties:
•In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.
•If SmileWelling or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data.You can also exercise the right at any time by contacting us at:
184 Upper Wickham Lane
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Access to information:
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act. Any access request will be free for computerised records and up to £50 for any non-digital x-ray copies/hard copies that are required to provide you with details of the information you have requested.
Policy changes and updates will be posted on our policy page and notices
When you visit a website it may send “cookies” to your computer primarily to enhance your on-line experience. “Cookies” are files which can identify you as a unique viewer and store your personal preferences as well as technical information. On their own, cookies do not contain or reveal any personal information. However, if you choose to furnish the site with personal information, this information may be linked to the data stored in the cookies.
Our website does collect certain anonymous technical information when you visit many of our web pages such as the type of browser you are using, the type of operating system you are using and the domain name of your Internet service provider.
6.Using your personal data
What personal data do we hold?
We hold the following types of data required to provide you with health care under private and NHS regulations:
• your past and current medical and dental condition; personal details such as your date of birth, address, telephone number, ethnicity, social habits and name and contact details of your general medical practitioner
• radiographs, clinical photographs and study models
• information about the treatment that we have provided or propose to provide and its cost
• notes of conversations/incidents that might occur for which a record needs to be kept
• records of consent to treatment
• any correspondence relating to you with other health care professionals, for example in the hospital or community services.
Why do we hold information about you?
We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care.
We also need to process personal data about you in order to provide care under NHS arrangements and to ensure the proper management and administration of the NHS.
We may use your personal information to:
(a) enable your use of the services available on the website;
(b) send you general (non-marketing) communications;
(c) send you email notifications;
(d) deal with enquiries and complaints made by you.
We do not share information for marketing. If we did we will not do so without your express consent.
In addition, we may disclose information about you:
(a) to the extent that we are required to do so by law;
(b) in connection with any legal proceedings or prospective legal proceedings;
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
7. Security of your personal data
SmileWelling holds sensitive personal data and has a commitment to protect and keep this potentially harmful data secure by complying with GDPR 2018 Regulations.
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted [using SSL technology].
Data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
Confidentiality (see the practice confidentiality policy for further information)
All staff are required to sign a confidentiality agreement.
Access to personal data is available on a “need to know” basis only.
Access to information is monitored and breaches of security are the responsibility of M S Darr (Practice Principal).
We have an information governance policy designed to ensure that personal data is regularly reviewed, updated and deleted in a confidential manner when no longer required.
Physical security measures
Portability of personal data is only allowed in exceptional circumstances and when authorised by M S Darr. If personal data is taken from the premises it must never be left unattended in a car or in a public place.
Patient dental records (hard copies) are kept in locked filling cabinets, which are not accessible by patients and visitors to the practice.
Efforts have been made to secure the practice against theft by the use of an intruder alarm, lockable windows and doors.
The practice has in place a business continuity plan in case of a disaster which includes procedures for protecting and restoring personal data.
Information held on computer
Passwords and encryption are used to protect information held on computer. Passwords are only known to those who require access to the information, are changed on a regular basis and are not kept near or on the computer for others to see.
Back-ups of computerised data are stored off site via an automated online backup system.
Back-ups are also tested at prescribed intervals to ensure that the information being stored is usable should it be needed.
Staff using practice computers undertake information governance training to help protect data on computers.
Our dental software has a full audit trail facility preventing the erasure or overwriting of data. The system records details of any amendments made to data, who made them and when.
Precautions are taken to avoid loss of data through the introduction of computer viruses.
Information governance training is provided periodically and is part of staff induction training. IG concerns are brought up at staff training meetings.
Should any staff have concerns about the security of personal data within the practice they should contact M S Darr.
Third party websites
The SmileWelling website may contain links to other websites. We are not responsible for the privacy policies or practices of third party websites.
Please let us know if the personal information which we hold about you needs to be corrected or updated.