Privacy Notice For Patients

The Practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.

The data controllers are Mrs Reinet Du Preez, and Mr Neil Du Preez who is also the Information Governance Lead.

The Privacy Notice is available on the practice website at https://oldbankhousedental.com/privacy-policy and in person at reception.

Data processing of personal information: overview

Patients will be asked to provide personal information when joining the practice. The purpose of the Practice processing this data is to provide optimum healthcare to you, the patient.

The categories of data that the practice processes are:

  1. Personal data for the purpose of direct mail/email/text/telephone marketing.
  2. Special category data, in this case health records, for the purposes of delivering healthcare.
  • Personal data is stored in the EU or New Zealand whether in digital or hard copy format.
  • Personal data is obtained when a patient joins the practice, when the patient is referred to the practice and when the patient subscribes to an email list.
  • Special category data is stored mostly in the EU and New Zealand whether in digital or hard copy format.
  • Special category data is obtained directly from the patient, for instance from the completed medical history form.

The lawful basis of processing personal data such as name, address, email or phone number is:

  • Consent of the data subject (Patient)
  • Processing is necessary for the performance of a contract with the data subject (Patient) or to take steps to enter into a contract.

The lawful basis for processing special category data such as patients’ health data is:

  • Processing is necessary for the purposes of preventative or occupational medicine, medical/dental diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State Law or a contract with a health professional.

Data retention

The retention period for special category data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for other personal data is 2 years after it was last processed.

For website enquiries, the data entered on the enquiry form is kept for a maximum of 30 days.

At the end of the retention period, all personal data is securely destroyed.

Sharing of data

We do not pass any patients’ personal details to a third party unless we have a contract for them to process the data on our behalf (such as with our text and email reminder system) or when required to do so by law, and will otherwise keep it confidential.

If we intend to refer a patient to another practitioner or to secondary care, such as a hospital, we will gain the individual’s permission before the referral is made and the personal data is shared.

Patient rights

Patients have the following personal rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (clinical records must be retained for a certain time period)
  • The right to restrict processing
  • The right to data portability
  • The right to object

Further details of these rights can be seen at the Information Commissioner’s website. Here are some practical examples of your rights:

  • If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can request us to correct errors in your personal details or you can withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient records within one month.
  • If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.

For users and visitors to our website:

Should you follow any links from our website, please note that the website(s) and any services that may be accessible through them are completely independent from us and are not governed by our privacy notice. Our Practice therefore does not accept any responsibility or liability for the policies of third party websites or services or for any personal data collected through these websites or services, such as contact and location data. Please check the policies of those websites or services before you submit any personal data to them or use their services.

Comments, Suggestions or complaints

We take complaints very seriously. Please direct any comments, suggestions or complaints regarding your data processing in writing to Mrs R Du Preez, or by visiting the Practice.

If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 1231113. You can also chat online with an advisor. The ICO can investigate your claim and take appropriate action against anyone who has misused your personal data. You can also visit their website for information on how to make a data protection complaint.

Policy Updated May 2018