Data Protection Privacy Policy

This Privacy Notice (a shortened version of our General Data Protection Regulations (GDPR) Policy) explains what Personal Data the practice holds, why we process it, who we might share it with, and your rights and freedoms under the law.

854 Dental Health is a private dental practise, we are not a public body. We process (obtain, store, update & archive) data in accordance with GDPR. We are registered with the Information Commissioners Office and our data controller under the terms of GDPR is Androniki Zoidaki.

Our Data Protection Lead is Khaled Tbaily.

The GDPR requires that personal data shall be:

• Processed lawfully, fairly, and transparent manner
• Collected for specified, explicit and legitimate purpose
• Adequate, relevant, and limited to what is necessary
• Up to date
• Kept in a form which permits identification for no longer than is necessary
• Processed with appropriate technical and organisational measures to ensure security of personal data.

What personal information do we hold?

Name, address, date of birth, telephone numbers, email address, medical histories, referral correspondence, emergency contact details, dental records, payment plan details and pdq receipts.

Some of this information is sensitive, the rest is non sensitive. If patients have joined a plan, then we retain a copy of the paperwork including the direct debit details.

What information or cookies is processed on this website?

We employ no tracking software/analytics on this website that would process your IP address or other sensitive information.

The only cookie that will be stored on your device is “__wpdm_client” which is stored by WordPress, our CMS/content management system. This is a technical cookie that synchronizes the website and the CMS. This is necessary to update the website.

How is this information collected?

The majority of the data we hold is collected directly from our patients and other data is obtained on an individual basis with patients’ specific consent, i.e., from patients’ previous dental practitioner.

Why is this information collected/processed? How will it be used?

Our lawful bases for collecting/ processing sensitive and non-sensitive are for the purposes of medical diagnosis and the provision of dental health care and treatment and compliance of legal obligation.

We do not use automated decision making.

We do not process personal data for the purposes of direct marketing by ourselves without prior consent.

Who will patients’ personal information be shared with?

The Information we process will not be disclosed to anyone who does not need to see it.

We will share your personal information with third parties when required by law or to enable us to deliver service to you or where we have another legitimate reason for doing so.

Third Parties may include:

• Regulatory authorities such as General Dental Council or Care Quality Commission
• Payment Scheme administrators
• Insurance companies, loss assessor, fraud prevention agencies
• In the event of a practise sale
• Dental laboratories, NHS, or private healthcare providers
• If the Patient request their records be sent to another dentist

We may also share information where we consider it to be in a patients’ best interest or if we have reason to believe an individual is at risk of harm or abuse.

We do not transfer your personal data outside the EU.

Security of personal Data and retention information

Patients’ personal information is held digitally and is kept securely, safely, and confidentially. All physical records and data are stored securely on site.

In line with Department of health guideline, patients’ personal information is retained for a minimum of 11 years after their last attendance (adults), or until the patient is 25 (children), and then destroyed securely. Where justified the maximum retention period is 30 years.

What are patients’ right of access to their data? 

Under GDPR, patients (whilst living) have a statutory right to see all personal data we hold about them, including their dental records. We would carry out the discloser as quickly as possible and in any case within one month from receiving a written and signed patient request.

If a patient dies this right passes on to those who may have a claim against their estate and arises under the Access to Health Records Act 1990.

Further information and concerns

Should you require further detail about how we handle or process your personal information, and your rights under data protection legislation, please contact Khaled Tbaily for a copy of our full GDPR Policy and Procedure.

Any concerns about how data is processed should be raised Khaled Tbaily on 01202 512 967 at 854 Dental Health, 854 Wimborne Rd, Moordown, Bh9 2DS and every attempt will be made to resolve that matter. If you still have concerns then the Information Commissioners Office can be contacted at www.i.c.o.org.uk/concerns or call them on 0303 123 1113.

Version 1 July 2022