Archenfield Enterprises limited is the company which owns and trades as Broad Street Dental Surgery. We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation and we “Process” information. In other words our business requires us to obtain, store, update and archive personal data.
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.
Collecting your personal information
(Types of Personal Data)
We collect your personal data when you contact us, register with us, receive care with us or work with us. Website usage information is collected using cookies. The practice holds personal data in the following categories:
- Patient clinical, health and ledger data and correspondence.
- Staff employment data and correspondence.
- Contractors’ data and correspondence.
Using your personal information
(Why we process Personal Data – what is the “purpose”)
We may use the personal information you have supplied to us in a number of ways.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment and in accordance with Dental Professional Statutory/Regulatory requirements.
- Staff employment data is held in accordance with our Dental Professional Statutory/Regulatory requirements, Employment, Taxation and Pensions law.
- Contractors’ data is held for the purpose of managing their contracts and in accordance with Dental Professional Statutory/Regulatory requirements.
What is the Lawful Basis for processing your personal information?
The Law says we must tell you what the lawful basis is for us handling your personal information:
- We hold and process patients’ data because it is in our Legitimate Interest to do so and is for the purpose of providing healthcare or in your vital interests (e.g. a life-threatening medical emergency where you are unable to provide consent). Without holding the data we cannot work effectively. We must hold data on NHS care and treatment as it is a Public Task required by law. We process patient data where it is needed to Fulfil a Contract with us and it is in our Legitimate Interest to do so in order to meet our Legal Obligations and our Dental statutory and regulatory requirements. Where you have agreed, we use your Consent to contact you by email and/or SMS and for processing any testimonials or to share your information with family/carers or named individuals.
- We hold and process staff employment data because it is a Legal Obligation for us to do so and to Fulfil a Contract with us. We have a Legitimate Interest to use it in accordance with our Practice policies and Dental statutory and regulatory requirements, to meet our Legal Obligations and to provide appropriate occupational health support for our employees, or it is in their vital interests (e.g. a life-threatening medical emergency where you are unable to provide consent). Where we have asked for Consent we will use that as the lawful basis for processing staff employment data such as publishing photos on our website or in printed literature.
- We hold and process contractors’ data because it is in our Legitimate Interest to do so in order to meet our Legal Obligations and our Dental statutory and regulatory requirements and it is needed to Fulfil a Contract with us.
Who might we share your personal information with?
We can only share data if it is done securely, it is necessary to do so and, if appropriate, consent has been provided.
- Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist which may require us to use an online referral system, need to liaise with your doctor, family member or carer, you need laboratory work undertaken, where there is risk to life or with regard to a criminal offence). Patient data may also be shared for maintenance/support purposes with our computer software and hardware suppliers, trusted experts/support services in relation to the care you have received, and our Dental Plan company (e.g. registration forms and membership details such as the Denplan Assessment category). Where online portals are utilised a data user agreement is in place to safeguard the data e.g. REGO is a national referral service with UK based servers.
- Employment data will be shared with government agencies such as HMRC and trusted expert/support services in order to meet our legal obligations e.g. Pension provider, Occupational Health provider, Dental Plan company, professional insurer, DBS service provider, CQC, GDC, DDU, Accounts and HR and Health and Safety support providers. Employment data may also be shared for maintenance purposes with our computer software and hardware suppliers, where there is risk to life or with regard to a criminal offence.
- Contractor data will be shared with government agencies such as HMRC and authorised advisory/support services e.g. Occupational Health, Dental Plan company, DBS service, CQC, GDC, DDU, Accounts and HR and Health and Safety support providers. Patient data may also be shared for maintenance purposes with our computer software and hardware suppliers.
- Both Employee and Contractor Personal data e.g. name, qualifications and GDC registration number, is published in the public domain in print, but also on our website and business social media and therefore is shared overseas as well as in the UK.
You have the right to:
- Be informed about the personal data we hold and why we hold it.
- Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
- Check the information we hold about you is correct and to make corrections if not.
- Have your data erased in certain circumstances.
- Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
- Tell us not to actively process or update your data in certain circumstances.
How long is personal information stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as the NHS or other trusted experts recommend (please note this can vary e.g. according to the age when you leave or if there has been a dispute).
- We must store employment data for six years after an employee has left.
- We must store contractors’ data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance to our Data protection Officer, who is Ellen Pawley, 01432 266899 or firstname.lastname@example.org, and we will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner at http://www.ico.org.uk/concerns or by calling 0303 123 1113.