GDPR Privacy Notice for processing patient data
How Prince George Dental Practice processes the information we collect and hold on you
Personal data is obtained for two main sets of data subjects – our patients and our team.
Data is obtained from patients when you first register with us or change your details. The data is processed in order to provide the correct healthcare in order for us to carry out our CQC registered activities effectively – Treatment of Disease, Disorder or Injury, Surgical Procedures and Diagnostic and Screening Services.
We will also process your data in order to book appointments, remind you of upcoming appointments and to remind you that you are due appointments. We sometimes use the data to promote our services which may be of interest either to you or someone you know. This is only when there is a legitimate business purpose and, of course, you may opt out of this at any time from our marketing to you. With express and signed permission, we may use your clinical photos and details in our advertising and promotion – using photos, feedback, recommendations on our Facebook page and on our website.
The information we collect, and store will not be disclosed to anyone who does not need to see it.
We will share our patients’ personal information with third parties when required by law or to enable us to deliver a service to them or where we have another legitimate reason for doing so. Third parties we may share patients’ personal information with may include:
- Regulatory authorities such as the General Dental Council or the Care Quality Commission
- Dental payment plan administrators
- Insurance companies
- Loss assessors
- Fraud prevention agencies
- In the event of a possible sale of the practice at some time in the future.
We may also share personal information where we consider it to be in a patient’s best interest or if we have reason to believe an individual may be at risk of harm or abuse.
We process the data you give us on log in and password protected computers. This is backed up daily to a cloud based back up. We have data agreements for security in place with our provider.
We only collect and keep data which is relevant to our treatment of you and your oral health. Should you wish to leave our practice then we will archive your records but they will not be deleted. Legally we need to keep your records for as long as is necessary. Archiving means they are put out of reach and not accessible accidentally. Then, should you wish to return to us in the future, we can reactivate your records and have a history of you.
Should you wish to take your records to another provider, then we will arrange to copy them to a medium of your choice for your collection or send them recorded deliver to an address of your choosing. You can also access your records at any time by completing a ‘subject access request’ and we will respond within one month.
The right to erasure – otherwise known as the right to be forgotten, this means that you have the right to have any personal data that we no longer need to be deleted.
You also have the right to object to how we process the data we hold on you – this includes direct marketing. For legitimate business purposes we can inform you of things that we think may be of interest to you, we will never pass your details on to third parties, but you can tell us if you do not wish to be informed and withdraw from marketing.
The Data Controller for the practices is P George Practice Ltd and all of the team who process and deal with your information are bound by the laws of confidentiality under the Data Protection Act and we will observe this at all times.
P George Practice Ltd