Privacy Notice - Cudworth Dental Surgery
We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation.
This Privacy Notice explains what Personal Data the practice holds, why we hold it and process it, who we might share it with, and your rights and freedoms under the Law.
Types of Personal Data
The practice holds personal data in the following categories:
- Patient clinical and health data and correspondence.
- Staff employment data.
- Contractors’ data.
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Staff employment data is held in accordance with Employment, Taxation and Pensions law.
- Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
- We hold patients’ data because it is in our legitimate interest to do so. Without holding the data, we cannot work effectively. Also, we must hold data on NHS care and treatment as it is a public task required by law.
- We hold staff employment data because it is a legal obligation for us to do so.
- We hold contractors’ data because it is needed to fulfil a contract with us.
Who might we share your data with?
We can only share data if it is done securely and it is necessary to do so.
- Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken).
- Patient data may also be stored for back-up purposes with our computer software suppliers who may also store it securely.
- Patient data may be shared within the practice with employees of Cudworth Dental Surgery who need to be involved in your care (for example a practitioner that may require a colleague’s second opinion)
- Patient data may be shared with parents/guardians/carers if the patient is under 16, lacks capacity or has an appointed person legally responsible for their care.
- Patient data may be shared with local safeguarding teams. For example, if any of our employees are concerned about the safety and/or welfare of a patient. This also applies to if a safeguarding team have issues raised relating to our patient, they reserve the right to request information from our practice.
- Patient data may be shared with local public services. For example, if the police have a warrant to access data that we hold on a patient at our practice, we are legally required to disclose this information.
- Patient data may be shared with legal professionals. For example, if a clinician at our practice receives a complaint that requires legal aid, the data we hold surrounding the complaint could be shared with the appointed solicitor.
- Patient data may be shared with governing bodies i.e. GDC, CQC, NHS England and RIDDOR.
- Patient and employee data may be shared with the local occupational health department, at their request, regarding medical histories.
- Patient data may be shared with our interpreting service to allow safe and effective communication between employees and patients.
- Patient data is shared with Denplan, who hold all data relating to former and current patients registered with Denplan.
- Confidential waste is handled by PHS dental waste.
- Patient data will be shared with an external agency to provide appointment reminders via text message, but only when consent has been provided.
You have the right to:
- Be informed about the personal data we hold and why we hold it.
- Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
- Check the information we hold about you is correct and to make corrections if not.
- Have your data erased in certain circumstances.
- Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
- Tell us not to actively process or update your data in certain circumstances.
How long is the Personal Data stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend.
- We must store employment data for six years after an employee has left.
- We must store contractors’ data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Data protection Officer:
Cudworth Dental Surgery
260 Barnsley Road
We will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at www.ico.org.uk/concernsor by calling 0303 123 1113
Contractors Confidentiality Agreement
Click here to download our contractor confidentiality agreement pdf.