We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation. This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.

Types of Personal Data that we may collect

  1. Personal details such as your name, date of birth, national insurance number, NHS number, address, telephone number and email address
  2. Information about your dental and general health, including
    • – Clinical records made by dentists and other dental professionals involved in your care and treatment
    • –  X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
    • –  Treatment plans and consent
    • –  Notes of conversations with you about your care
    • –  Dates of your appointments
    • –  Details of any complaints you have made and how these complaints were dealt with
    • –  Correspondence with other health professionals or institutions
  3. Details of fees we have charged, the amounts you have paid and some payment details
Dr Vrajesh Ruparelia is responsible for keeping secure the information about you that we hold.

Why we process Personal Data (what is the “purpose”)

“Process” means we obtain, store, update and archive data. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment. To do this we require accurate and up-to-date information about you.

What is the Lawful Basis for processing Personal Data?

The Law says we must tell you this: We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.

Who might we share your data with?

We can only share data if it is done securely and it is necessary to do so. Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes with our computer software suppliers. We share your information with private dental schemes such as Simply Health/Denplan of which you are a member. We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. In certain circumstances or if required by law, we may need to disclose your information to a third party not connected to your health care, including law and government agencies.

Your Rights

You have the right to:
  1. Be informed about the personal data we hold and why we hold it.
  2. Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner. We do not usually charge for copies of your information; if we pass on a charge, we will explain the reasons.
  3. Check the information we hold about you is correct and to make corrections if not
  4. Have your data erased in certain circumstances. Although, you should be aware that for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment)
  5. Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
  6. Tell us not to actively process or update your data in certain circumstances.
  7. Stop using your information – sending you reminders for appointments or information about our services.

How long is the Personal Data stored for?

We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the NHS or other trusted experts recommend. We store your personal data on our practice computer system. We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail; and we back-up information routinely. Your information cannot be accessed by those who do not work at the practice; only those working at the practice will have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

What if you are not happy or wish to raise a concern about our data processing?

You can complain in the first instance to our Data Protection Officer, who is Vrajesh Ruparelia at Tewkesbury Dental Practice and we will do our best to resolve the matter. If this fails, you can complain to the Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Or at www.ico.org.uk/concerns or by calling 0303 123 1113 / 01625 545745. ICO Registration Number: Z4748949