Privacy Notice for The Square ADC
The Square ADC takes great care to protect the personal data we hold for you in line with the requirements of the General Data Protection Regulation (GDPR).
The purpose of collecting and storing personal data about you is to ensure we can:
- Provide, appropriate, safe and effective dental care, treatment and advice for you
- Fulfil any contracts we hold in relation to your care
- For business administration of your care
Personal data held for our patients
The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for you includes:
- Name, address, date of birth
- Unique identification number
- Next of kin
- Email address
- Phone numbers
- GP contact details
- Medical history
- Dental care records
- Details of any complaints received
We keep an inventory of personal data we hold on our patients and this is available on request.
Disclosure to third parties
The information we collect, and store will not be disclosed to anyone who does not need to see it. We will share your personal information with third parties when required by law or to enable us to deliver a service to you or where we have another legitimate reason for doing so. Third parties we may share your personal information with may include:
- Regulatory authorities such as the General Dental Council or the Care Quality Commission
- NHS Local Authorities
- Insurance companies
- Loss assessors
- Fraud prevention agencies
- In the event of a possible sale of the practice at some time in the future.
We may also share personal information where we consider it to be in a patient’s best interest or if we have reason to believe an individual may be at risk of harm or abuse.
Personal privacy rights
Under the General Data Protection Regulation (GDPR) you have the following personal privacy rights in relation to the information we hold about you.
You have a right to:
- Access to and copies of your records.
- Have inaccuracies deleted.
- Have information about you erased. This should be seen in light of the need to keep records about your dental care in case you have any problems in the future.
- Object to direct marketing.
- Restrict the processing of your information, including automated decision-making.
- Take your data to another dental practice or anywhere else.
Patients who wish to have inaccuracies deleted or to have information erased must speak to the dentist who provided or provides their care.
Legal basis for processing data held about patients
The GDPR requires us to state the legal basis upon which we process all personal data for our patients and it requires us to inform you of the legal basis on which we process your personal data.
The legal basis on which we process personal information for our private patients is Consent, Contract, Legal Obligation, Vital interests and Legitimate reason.
The Square ADC will always obtain specific, opt in consent from you for direct marketing information. We will request this consent via email or letter whichever is appropriate.
We will also obtain specific, opt in consent from you for any treatments including scans, x-rays, periodontal treatment, Implant placement, extractions and hygiene maintenance. If you are a new patient, we will obtain consent when you first attend the practice. If you are an existing patient, we will obtain consent when you attend for your recall appointment or for a treatment appointment.
Withdrawal of consent
After you have given your consent you have a right to withdraw your consent at any time.
This practice retains dental records and orthodontic study models while you are a patient of our practice and after you cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer.
You have a right to complain about how we process your personal data. All complaints concerning personal data should be made in person or in writing to Miss Alison Parker. All complaints will be dealt with in line with the practice complaints policy and procedures.
Your personal data is not transferred outside the EU