Privacy Policy – The Grange Dental and Implant Clinic
The Grange Dental and Implant Clinic is committed to meeting the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines provided on the Information Commissioner’s website, as well as our professional guidelines and requirements.
This Privacy Notice is available on our practice website at www.thegrangedentalcare.co.uk, at reception, and by email if you contact info@thegrangedentalcare.co.uk or by calling the practice at 028 8224 4776.
Collection of Personal Information
When you join The Grange Dental and Implant Clinic, you will be asked to provide personal information. The purpose of processing this data is to provide you with the highest standard of healthcare.
Categories of Data Processed
We process the following categories of data:
- Personal data for the purposes of managing staff and self-employed team members.
- Personal data for the purposes of direct mail, email, text, or other marketing communications.
- Special category data, including health records, for the delivery of healthcare services.
- Special category data, including health records and details of criminal record checks, for managing employees and contracted team members.
We do not share your personal details with third parties unless we have a contract for them to process data on our behalf, and we will otherwise keep your information confidential. If we need to refer you to another practitioner or secondary care such as a hospital, we will obtain your permission before sharing any personal data.
Data Storage
- Personal data is stored in the UK, whether in digital or hard copy format.
- Personal data is stored in the US in digital format when the data storage company is certified with the EU-US Privacy Shield.
- Personal data is obtained when a patient joins the practice, is referred to the practice, or subscribes to an email list.
Lawful Basis for Processing
-
The lawful basis for processing special category data, such as patients’ and employees’ health data, is:
- Processing is necessary for the purposes of preventive or occupational medicine, for assessing the working capacity of the employee, for medical diagnosis, the provision of healthcare, or the management of health or social care systems and services, based on Union or Member State law or a contract with a health professional.
-
The lawful basis for processing personal data, such as name, address, email, or phone number, is:
- Consent of the data subject.
- Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
Retention Periods
- The retention period for special category data in patient records is a minimum of 10 years and may be longer for complex records to meet our legal requirements.
- The retention period for staff records is 6 years.
- The retention period for other personal data is 2 years after it was last processed.
- Details of other retention periods are available in the Record Retention procedure (M 215), available from the practice.
Your Personal Data Rights
You have the following rights concerning your personal data:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure (note that clinical records must be retained for a certain time period).
- The right to restrict processing.
- The right to data portability.
- The right to object.
Further details of these rights can be found in our Information Governance Procedures (M 217C) or on the Information Commissioner’s website. Here are some examples:
-
If you are a patient of the practice: You have the right to withdraw consent for receiving important notifications, newsletters, surveys, or marketing. You can request corrections to your personal details or withdraw consent from communication methods such as telephone, email, or text. You also have the right to obtain a free copy of your patient records within one month.
-
If you are not a patient of the practice: You have the right to withdraw consent for processing your personal data, to obtain a free copy of it within one month, to correct errors in it, or to request its deletion. You can also withdraw consent from communication methods such as telephone, email, or text.
We have carried out a Privacy Impact Assessment (M 217S), and you can request a copy by contacting us. Details of how we ensure the security of personal data are included in our Security Risk Assessment (M 217M) and Information Governance Procedures (M 217C).
Comments, Suggestions, and Complaints
If you have any comments, suggestions, or complaints about how we handle your data, please contact the practice by emailing info@thegrangedentalcare.co.uk, calling 028 8224 4776, or writing to or visiting the practice at The Grange Dental and Implant Clinic,2 Crevenagh Road, Omagh, Co. Tyrone BT79 0AL. We take all complaints very seriously.
If you are dissatisfied with our response or need further advice, you can contact the Information Commissioner’s Office (ICO) at 0303 123 1113 or chat online with an advisor. The ICO can investigate your claim and take action against anyone who has misused personal data. Visit their website for more information on making a data protection complaint.
Related Practice Procedures
You can also use the contact details provided to request copies of the following practice policies or procedures:
- Data Protection and Information Security Policy (M 233-DPT)
- Consent Policy (M 233-CNS)
- Privacy Impact Assessment (M 217S)
- Information Governance Procedures (M 217C)
This policy outlines our commitment to protecting your personal data and ensuring that all data processing at The Grange Dental and Implant Clinic is handled securely and in compliance with relevant regulations.