Call us today on 01624 863422
or email reception@laxeydental.co.uk Follow us on Facebook

Privacy

We are a Data Controller under the terms of the Data Protection Act 2018 and the requirements of the EU General Data Protection Regulation (GDPR).

This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and the rights and freedoms of Data Subjects under the Law.

Types of Personal Data

The practice holds personal data in the following categories:

  1. Patient clinical and health data and correspondence.
  2. Staff employment data.
  3. Contractors’ data including dental registrants.

Why we process Personal Data (what is the “purpose”)

“Process” means we obtain, store, update and archive data.

  1. Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
  2. Staff employment data is held in accordance with Employment, Taxation and Pensions law.
  3. Contractors’ data is held for the purpose of managing their contracts.

What is the Lawful Basis for processing Personal Data?

  1. We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
  2. We hold staff employment data because it is a Legal Obligation for us to do so.
  3. We hold contractors’ data because it is needed to Fulfil a Contract with us.

Who might we share data with?

We only share data if it is done securely and it is necessary to do so.

  • Patient data may be shared with
  1. other healthcare professionals who need to be involved in their care (e.g. referrals to a specialist or if laboratory work is undertaken)
  2. computer software suppliers and advisors for the sole purpose of providing software support to the practice
  3. a named telecommunication company for the sole purpose of providing a text reminder service to patients who consent to this
  4. an insurance company or patient plan provider with whom a patient may have a policy
  • Employment data is shared with
  1. the Isle of man Government (Treasury) for Tax and National Insurance purposes
  2. a named payroll company for the sole purpose of payroll processing

It may also be necessary to share employment data with other government departments for example at the request of data for survey purposes or for legal obligations such as crime investigations.

Data Subjects' Rights

Data subjects have the right to:

  1. Be informed about the personal data we hold and why we hold it.
  2. Access a copy of the data that we hold.
  3. Check that the information we hold about them is correct and to make corrections if not
  4. Have data erased in certain circumstances.
  5. Transfer data to someone else if requested and it is safe and legal to do so.
  6. Tell us not to actively process or update their data in certain circumstances.

How long is the Personal Data stored for?

  1. We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes.
  2. We must store employment data for six years after an employee has left.
  3. We must store contractors’ data for seven years after the contract is ended.

How to raise a Concern about Personal Data

Any concern about personal data should be addressed to Katharine Partington, the Practice Manager and Data Controller.  

May 2018

KP