Privacy and Cookies Notice
We are committed to protecting your privacy when dealing with your personal information. This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, how we use and protect it and provides information about your rights.
For the purposes of the policy ‘we’, ‘us’ means N7 Dental Care and/or Holloway Dental Centre and the staff, ‘you’, ‘your’ relates to the patient and the parent/guardian/carer responsible for the patient.
- A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
- We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
- Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.
- You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.
Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective care and treatment. Data may be in paper records or held on computer.
Standard Personal Information
- Basic details about you such as name, address, date of birth, next of kin, telephone numbers, email addresses. etc.
- Details of your General Dental Practitioner and sometimes your Doctor.
- Contact we have had with you such as appointments.
- Record of payments made for any treatment or goods bought. We do not keep any financial information of bank or card details.
Special Category Information
- Notes and reports about your health, medical history, treatment and care.
- X-rays taken at the practice and those sent to us by other health care professionals, relevant for your care.
- Photographs of the dentition and face taken at the practice, relevant to your care.
- Plaster models of the teeth, relevant to your care.
- Information relevant to your care from other health professionals, including reports, hospital and NHS numbers.
- Information about your race, ethnic origin and religion, if you have given it to us.
- Information about your physical or mental health, including genetic information.
It is essential that your details are accurate and up to date. Always check that your personal details are correct when you visit us and please inform us of any changes as soon as possible
What is the Lawful Basis for Processing Data?
- We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively to provide our service of care.
- We must hold data on NHS care and treatment as it is a Public Task required by law.
- Consent. This is specific, informed and freely given.
- We have legal obligations under the NHS contract and under our duty of care.
- Necessary for the purposes of preventive medicine, orthodontic and dental diagnosis and advice, provision of orthodontic treatment and advice.
How your Personal Data is used and shared
Your records are used to direct, manage and deliver the care you receive to ensure that:
- The dental professionals involved in your care have accurate and up to date information to assess your oral health, orthodontic and dental health needs and decide on the most appropriate treatment and care for you.
- Healthcare professionals have the information they need to be able to improve the quality of care and service you receive.
- Patient data may be shared with other healthcare professionals who need to be involved in your care, for example if you see another dental professionalor are referred to a specialist.
- Patient data may be shared with a laboratory care for laboratory work undertaken.
- Your concerns can be properly investigated if a complaint is raised.
Security of your Personal Data
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information. Our server and computers are password secured and have hosted antivirus and ransomware protection.
Patient data is stored for back-up purposes on removable USB hard drives that are encrypted.
We will only share data if it is done securely and it is necessary to do so. Data shared between healthcare professionals is via secure NHS.net email and the Dental Electronic Referral System.
We do not hold or have any personal patient data on our website, (other than that which we have had consent for).
We do not use or share your personal information for marketing reasons or with any third parties.
How long is the Personal Data stored for?
We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend. (At present for 11 years after treatment or 25 years if a child, whichever is the longest.)
You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you. For more information, see below.
You have the following rights. These are complex and not absolute.
- Right of access: the right to make a written request for details of your personal information and a copy of that personal information
- Right to rectification: the right to have inaccurate information about you corrected or removed
- Right to erasure (‘right to be forgotten’): the right to have certain personal information about you erased
- Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
- Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interests.
- Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
- Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information.
- Right not to be subject to automated decision making including profiling.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. We will meet your request within one month. If we are unable to do so, we will explain the reason why.
What if you are not happy or wish to raise a concern about our data processing?
You can raise your concern in the first instance to our Data Protection Officer, and we will do our best to resolve the matter. If this fails, you can contact the Information Commissioner’s Office at www.ico.org.uk/concerns or by calling 020 7609 1122.