Data Protection Privacy Notice

Stewartfield Dental Care Privacy Notice

This practice aims to comply with the Data Protection Act (2018), encompassing the principles of General Data Protection Regulation (GDPR) 2018. This means that we will strive to ensure that your information is processed fairly and lawfully.

In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.

About us

We are Stewartfield Dental Care operating at Unit 1, 5 Macneish Way, East Kilbrdie, G74 4TT. Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.Our data protection officer, Graham Dunn, ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly. You can contact our data protection officer by phone on 01355 458 118.

Information that we hold

We can only keep and use information for specific reasons set out in the law. If we want to keep and use information about your health, we can only do so in particular circumstances. Below, we describe the information we hold and why, and the lawful basis for collecting and using it.

Contact details

We hold personal information about you including your name, date of birth, national, NHS number, address, telephone number and email address. This information allows us to fulfil our contract with you to provide appointments. We will also use the information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care.

Dental records and medical history

We hold information about your dental and general health, including

  • Clinical records made by dentists and other dental professionals involved with your care and treatment
  • X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
  • Medical and dental histories
  • Treatment plans and consent
  • Notes of conversations with you about your care
  • Dates of your appointments
  • Details of any complaints you have made and how these complaints were dealt with
  • Correspondence with you and other health professionals or institutions.

We collect and use this information to allow us to fulfil our contract with you, to discuss your treatment options and provide appropriate, necessary and relevant dental care that meets your needs. We also use this information for the legitimate interest of ensuring the quality of the treatment we provide and ensuring that any medication we prescribe is suitable for you according to your medical information.

Financial information

We hold information about the fees we have charged, the amounts you have paid and when these amounts were paid, any correspondence we have had with you regarding these fees, any fees outstanding, and some payment details. This information forms part of our contractual obligation to you to provide dental care and charge appropriate fees and allows us to meet legal financial and accounting requirements. Where your dental care is provided under the terms of the NHS, we are required to document your liability for NHS charges, or the reason(s) for exemption, and are required to complete statutory forms to allow payments to be processed. This is an NHS requirement.

The categories of personal data we process are:

  • Personal data, as detailed above, for the purposes of fulfilfilling our contract and responsibilities to patients to provide effective healthcare and advice and arrange appointments
  • Special category data including health records for the purposes of the delivery of health care

Lawful basis

The most appropriate lawful basis that applies for our processing of personal data for patients is:

Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

The lawful basis for processing special category data such as patients’ health data is:

Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.

How we use your information

To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you. We will require to contact you regarding appointments and other aspects of your dental care.

We won’t use your contact details for direct marketing purposes.

We will share your information with the NHS in connection with your dental treatment.

We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes.

Sharing information

To provide the patient with appropriate care, we might need to share personal data with:

  • Another dentist or another health professional who is caring for the patient;
  • The patient’s GP;
  • A laboratory;
  • NHS payment authorities;
  • The Inland Revenue;
  • The Benefits Agency, if the patient is claiming exemption or remission from NHS charges;
  • A private dental scheme, if the patient is a member.

In these cases, only the minimum information required will be shared.

Disclosure without consent

Exceptional circumstances might override the duty to maintain confidentiality. Where possible, we will inform the patient of requests to share personal information. The decision to disclose information must only be taken by senior staff. Examples include:

  • Situations where there is a serious public health risk or risk of harm to other individuals;
  • When information is required by the police to prevent or detect crime or to apprehend or prosecute offenders (if not providing the information would prejudice these purposes);
  • In response to a court order;
  • To enable a dentist to pursue a legal claim against a patient.

Graham Dunn is responsible for making the decision regarding whether personal data should be disclosed.

Keeping your information safe

We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

We take precautions to ensure security of the practice premises, the practice filing systems and computers.

We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.

We keep your records for 11 years after the date of your last visit to the Practice or until you reach the age of 25 years, whichever is the longer. At your request, we will delete non-essential information (for example some contact details) before the end of this period.

Access to your information and other rights

You have a right to access the information that we hold about you and to receive a copy. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.

You can also request us to:

  • Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change.
  • Erase some of the information we hold. For legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). However, we can, if you ask us to, delete some contact details and other non-clinical information.
  • Stop using your information – for example, sending you reminders for appointments or information about our service. Even if you have given us consent to send you marketing information, you may withdraw that consent at any time.
  • Stop using information if you believe the information is inaccurate or you believe we are using your information illegally.
  • Supply your information electronically to another dentist.

If we are relying on your consent to use your personal information for a particular purpose, you may withdraw your consent at any time and we will stop using your information for that purpose.

All requests should be made in writing to the address below and addressed to our data protection officer, Graham Dunn, who will respond to requests within 40 days.

Stewartfield Dental Care
Unit 1
5 Macneish Way
Stewartfield
East Kilbride
G74 4TT

If you do not agree

If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.

If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).