Ivory Dental Practice is an independent dental practice providing a range of dental treatments on a private. Our practice comprises of employed and self-employed individuals. We work together to ensure our patient’s privacy is respected and their personal data is protected.
This privacy notice outlines how we handle patient information according to the UK GDPR and Data Protection Act 2018 (DPA18).
Most of the personal information we process is provided to us directly, such as when you contact the practice, engage with our website or during your appointment.
Occasionally, however, we may receive patient information from other sources such as:
We may receive data from third parties, including analytics providers such as Google located outside the UK, advertising networks such as Facebook located outside the UK providers of technical, payment and delivery services.
The table below sets out the main types of patient information we process, the reasons why and the lawful basis for doing so.
|Categories of Personal Data
|Examples of Personal Data
|Purposes of Processing Personal Data
|Lawful Basis under UK GDPR and DPA18
|Name, Contact Details, Patient Reference number, date of birth, signatures, photos and videos (non-clinical purposes), where you can be identified in CCTV footage.
|Next of kin, and details of any guardians, carers and representatives.
|Details of any payments you make to us or need to make to us your debit and credit card details, and if applicable, your bank account details.
|Data about your use of our website such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website, social media channels and patient portal.
|1, 2. In our legitimate interest. 3. In our legitimate interest, Legal obligation.
|Personal data contained in an email, comments on social media posts, letters, instant messages.
|1, 2 and 3. In our legitimate interest.
|Medical and dental histories, lifestyle questions (e.g. alcohol and tobacco use), x-rays, clinical photographs, digital scans of your mouth and teeth, study models, treatment plans, patient understanding exercises, recorded communications (e.g. voice messages, video calls, instant messages, letters and emails), clinical notes made by our clinical staff and other dental professionals involved in your care and treatment, information of any health and safety incident you have been involved in.
|Where relevant, we may need to process your ethnic group and language.
|Religious and philosophical beliefs
|Where relevant to your care, such as fasting or abstaining from certain types of treatments.
Providing you with private dental treatment means the practice and your treating clinician must collect and process your personal data. Refusal to provide personal data connected to these lawful bases may directly impact our ability to treat you and we may be unable to continue your treatment at the practice.
We record call for training, monitoring and fact recording purposes. We process personal data for these purposes in our legitimate interest.
The above table sets out where we rely on your consent to process your personal data. You can request to withdraw your consent for these purposes by contacting the practice using the contact details found at the top of this notice.
How We Store Your Data
Your information is securely stored paper and digital formats. We use online and cloud-based digital storage. Where data is stored outside of the UK, we ensure the correct legal protection are in place to ensure compliance with international data transfer rules.
How long we keep your Personal Data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any medical, legal, accounting, or reporting requirements.
When deciding the correct time to keep the data, we look at the amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, and necessary ongoing purposes of the processing.
Your information is typically used internally by staff employed by the practice and self-employed dentists working at the practice and responsible for your treatment.
There may be instances where we need to share it – for example, with:
We will only disclose your information on a need-to-know basis and limit any information we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Where we transfer your data to third parties outside of the UK, we will ensure that certain safeguards are in place to provide a similar degree of security for your personal data. As such:
If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Depending on the nature of the request we may need to ask you to provide further information to verify your identity and/or better understand your request.
If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this notice.
If you are dissatisfied with our response or prefer to lodge your complaint with them directly you can do using the details below.
The ICO’s address:
Information Commissioner’s Office
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk