Privacy Notice

Privacy Notice for Patients

This
privacy policy sets out how Lowen Dental Spa uses and protects any
information that you give when you use this website.

The
practice is committed to complying with the General Data Protection
Regulation (GDPR), GDC and other standards.

The
practice only keeps relevant information about employees for the
purposes of employment, and about patients to provide them with safe
and appropriate dental care.

The
person responsible for Data Protection is Alice Martin.

Our
legal basis for processing data is:

  • Consent
  • Processing
    is necessary for the performance of our care for patients
  • And
    the health care data we process is called special data, our legal
    basis for processing it is:

Processing
is necessary for the purposes of preventative or occupational
medicine, for assessing the working capacity of the employee, medical
diagnosis, the provision of health or social care or treatment or
management of health or social care systems and services on the basis
of Union or Member State law or a contract with a health
professional.

Hard
copy and computerised records are stored, reviewed and updated
securely and confidentially. Records are securely destroyed when no
longer required. Confidential information is only seen by personnel
who need to see it and the team are trained on our policies and
procedures to keep patient information confidential.

To
facilitate patients’ health care, the personal information may
be disclosed to a dentist, doctor, health care professional,
hospital, HMRC, the Benefits Agency or private dental schemes of
which the patient is a member and CQC has powers under the Health and
Social Care Act 2008 to access and use information where they
consider this is necessary for them to carry out their functions as a
regulator. Where possible inspectors will explain why they are asking
to look at certain records. They will consider any concerns and
objections raised to them, and whether they can achieve CQC’s
purpose by accessing the records of someone else. However, CQC relies
on its legal powers to access information rather than consent,
therefore may use its powers to access records even in cases where
objections have been raised.

More
detail on how CQC ensure compliance with data protection law
(including GDPR) and their privacy statement is available on their
website https://www.cqc.org.uk/about-us/our-policies/privacy-statement

In
all cases only relevant information is shared. In very limited cases,
such as for identification purposes, or if required by law,
information may have to be shared with a party not involved in the
patient’s health care. In all other cases, information is never
disclosed to such a third party without the patient’s written
authority.

All
confidential information is sent via secure methods. Electronic
communications and stored data are encrypted. All computerised
clinical records are backed up and encrypted copies are kept
off-site. No information or comments about patients are posted on
social networking or blogging sites.

Access
is strictly controlled and limited to persons who need to have access
to information in the course of their duties.

What
personal information do we need to hold?

  • We
    need to hold your past and present medical & dental condition.
    Details such as your age, address, telephone number and your general
    medical practitioner.
  • We
    will need to take and store Radiographs, clinical photographs and
    study models.
  • We
    will need to keep information about the treatment we have proposed
    and provided along with its price.
  • Notes
    of conversations or incidents that might occur for which a record
    needs to be kept.
  • Records
    of permission or consent for treatment.
  • Any
    correspondence relating to you with other health care professionals,
    for example in the hospital or community services.

Why
do we hold this information?

We
keep accurate personal data about patients in order to provide you
with appropriate and safe dental care.

Retaining
Information

We
are required to retain your dental records, X-rays and study models
while you are a patient of this practice and after you cease to be a
patient for a minimum of 11 years or until the age of 25 (whichever
is longer).

There
are several other documents that we may collect that have a variety
of retention dates. We have a retention schedule listing all
documents and the timeframes for disposal. Retention periods may be
changed from time to time based on business or legal and regulatory
requirements

Security

Information
about you is stored in Lowen Dental Spa’s computer system. The information is only accessible
to authorised personnel. Personal information will not be removed
from this practice without the patients authorised consent.

Your
personal information is protected by the staff at Lowen Dental Spa.
All access to information is held securely and can only be accessed
by password which are routinely changed. Data is encrypted, and
computer terminals are locked if unattended.

This
includes:

  • Password
    protection
  • Locked
    cabinets/rooms
  • Practice
    security systems (including CCTV)
  • Virus
    protection
  • Secure
    servers
  • Back-up
    facilities
  • Secure
    cloud-based storage

Access

You
have a right to access the information that we hold about you and to
receive a copy. You can make a request by contacting your practice or
by e-mailing hello@lowendentalspa.co.uk

Rectification

You
have a right to correct any information that you believe is
inaccurate or incomplete. Please contact your practice to request a
change in information.

Erasure

You
have a right to request that we delete your personal information,
although you should be aware that, for legal reasons, we may be
unable to erase certain information (for example, information about
your dental treatment). Please contact Lowen Dental Spa in writing to make this
request.

Restriction

You
have the right to request us to restrict the processing of your
personal information for example, sending you reminders for
appointments or information about our service. Please contact Lowen Dental Spa in writing to make this request. 

Portability

You
have a right to data portability; this could include supplying your
information to another dentist. Please contact your practice Lowen Dental Spa in writing to make
this request.

Concerns

If
you have any concerns about how we use your information and you do
not feel able to discuss it with your dentist or anyone at the
practice, you can contact our Data Protection Officer via email at
hello@lowendentalspa.co.uk

You
can also seek advice from The Information Commissioner’s Office
(ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or
start a live chat or call helpline on 0303 123 1113.

We
may need to disclose your information in
order to provide proper and safe dental care to:

  • Other
    health professionals caring for you are including but not limited to
    your general medical practitioner and the hospital or community
    dental services.
  • The
    Inland Revenue.
  • Private
    dental schemes of which you are a member.
  • Should
    a patient make a complaint or claim, we may need to provide
    information about the patient, and treatment they have received, to
    insurers, indemnifiers or legal advisers.

Disclosure
will take place when relevant at a need to know basis. This means
only those individuals or organisations that need to know in order to
provide care to you and for the proper administration of Government
will be given this information. Only information that the recipient
needs to know will be disclosed.

In
very limited circumstances or when required by law of a court order,
personal data may have to be disclosed to a third party not connected
with your health care. In all other situations, disclosure that is
not covered by this Code of Practice will only occur when we have
your specific consent. Where possible you will be informed of these
requests for disclosure.