The practice is committed to complying with the General Data Protection Regulation (GDPR), Data Protection Act, the CQC, GDC and other standards.
The practice only keeps relevant information about employees for the purposes of employment and health and safety, and about patients to provide them with safe and appropriate dental care as well informing them about its products and services.
The person responsible for Data Protection is Rokas Jancevicius
Our legal basis for processing data is:
- Processing is necessary for the performance of our care for patients
- And the health care data we process is called special data, our legal basis for processing it is:
“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.”
Computerised and hard records are stored, reviewed and updated securely and confidentially. Records are securely destroyed when no longer required. Confidential information is only seen by personnel who need to see it and the team are trained on our policies and procedures to keep patient information confidential.
Information we may collect from you:
If you visit our website or contact us by Text, Phone, Online chat systems, Email or any other method, you may provide us with information about yourself. This information can include but is not limited to: name, date of birth, address, post code, telephone number, email, message, general medical practitioner, your health information, photos, and confirmation of method of contact. During your dental appointment we may collect further information about your:
- Past and current medical and dental condition, social habits, preferences, life style
- Information about the treatment that we have provided or propose and its cost
- Radiographs, clinical photographs and study models
- Notes of conversations or incidents that might occur for which a record needs to be kept
- Records of consent to treatment
- Any correspondence relating to you and other health care professionals, for example in the hospital or Medical Specialist Group.
Often, We are processing your data based on a mixture of Legal Obligation, Completion of a Contract, Legitimate Interests & for the purpose of a contract.
If the data is in relation to a child below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
You have the right to withdraw your consent at any time as follows:
Marketing Emails: Utilising the unsubscribe button at the bottom of every marketing email.
Personal Details: By emailing firstname.lastname@example.org with your request to restrict processing of your personal data. We will then contact you to confirm once this has been processed.
Transmission and disclosure of Data:
To facilitate patients’ health care, the personal information may be disclosed to a dental laboratory, dentist, doctor, health care professional, hospital, HMRC, Court, police or private dental schemes of which the patient is a member. In all cases only relevant is shared.
We may disclose your data in order to make certain services available to you.
We may disclose your data to:
- Our trusted service providers acting on our behalf who provide services including (but not limited to): Web Hosting, Web analytics, Web integrations, fulfilment of orders, email marketing, marketing, auditing services, accountant firms and other relevant providers required for Us to complete our services.
- Regulatory, Law Enforcement, Fire & Rescue Services & Insurance Agencies. If We receive a request from any of these stated bodies we will pass on any relevant data for their request in line with the regulatory regulations.
- Google Analytics: We use Google Analytics as a marketing tool. We occasionally monitor IP addresses of visitors to assess the usage of our website, traffic & conversion rates. This allows Us to confirm which pages are most popular etc. The data collected is completely anonymised and does not link any specific personal data.
- Payment Processing/Banking: Your data is shared with our relative Payment Processing companies &/or banks to allow us to process payments.
- We do not sell your data to any other third party.
In very limited circumstances, such as for identification purposes, or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.
All confidential information is sent via secure methods. Electronic communications and stored data are encrypted. All computerised clinical records are backed up and encrypted copies are kept off-site.
Staff criminal record check information is kept securely in a lockable, non-portable storage cabinet with access strictly controlled and limited to persons who need to have access to this information in the course of their duties.
Unfortunately, the transmission of data via the internet cannot be classed as completely secure. We will strive to protect your personal data, but we cannot guarantee the security of the data once it has been transmitted via the internet, Instagram or Facebook or other online community portals, any transmission is at your own risk.
In the event that any entity of Complex Smile Implant Centre, or substantially all of its assets, are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganisation, consolidation or liquidation, Personal Information may be one of the transferred assets.
Our cookies do not store personal information (such as your name or address). Cookies simply allow our website to retrieve information in order to improve your experience of our website.
- Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
- Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content.
- Store information about your preferences. The website can then present you with information you will find more relevant and interesting.
- To recognise when you return to our website. We may show your relevant content, or provide functionality you used previously.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
Here is a list of cookies may be sent to your device when browsing our site.
These are Google Analytics cookies. We use these cookies to see how many visitors use our website and which pages they view. We use this information to make our website easy to use.
Third party cookies
How to manage cookies
If you would like to restrict, block or delete cookies from ours or any other website, you can use your browser to do this. Each browser is different so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences.
Further information about cookies
If you wish to learn more about cookies in general and how to manage them, visit www.allaboutcookies.org.
Personal data shall be processed in accordance with the rights of data subjects under this Act.
- a right of access to a copy of the information we hold on you;
- a right to object to processing that is likely to cause or is causing damage or distress;
- a right to prevent processing for direct marketing;
- a right to object to decisions being taken by automated means;
- a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
- a right to claim compensation for damages caused by a breach of the Act.
Subject Access Requests
Patients and team members can have access to view the original of their records free of charge. Copies of patient or team member records are provided following a written request to the Practice Manager using the ICO Subject access request template. Radiograph copies are charged at the current cost of taking x-rays at the practice. The requested copies will be provided within 30 days.
An employee or a patient may challenge information held on record and, following investigation, should the information be inaccurate the practice will correct the records and inform person of the change in writing.
When the request for information is about the personal data of a child, the practice will consider if the child is mature enough to understand their rights. If they do, then the practice will consider responding directly to the child rather than the parent. If it is decided that the child is not mature enough to understand their rights, and there is some doubt about parental responsibility, proof of identity and evidence of parental responsibility will be requested. The practice will update its privacy notice to ensure its gives information in a language that can be understood by a child on any processing of children’s personal data.
When the practice receives a third-party request for information on someone else’s behalf (e.g. from a solicitor) evidence of their permission will be requested, this could be a written authority to make a request or a power of attorney.
When the practice receives a third-party request for information for a patient who lacks the mental capacity to manage their affairs the practice will ask to see evidence of a Lasting Power of Attorney or the evidence of appointment by:
- The Court of Protection in England & Wales;
- The Sheriff Court in Scotland; and
- The High Court (Office of Care and Protection) in Northern Ireland
This policy should be read in conjunction with the Confidentiality Policy, and the Information Governance Policy.
All of the data you provide in the application process will only be utilised for the purpose of progressing your application with Us. The information you provide will be held securely by Us whether the data is electronic or in a physical format.
We will use the contact details provided to contact you to discuss/progress your application.
If your application is unsuccessful and there is no requirement to keep your data, We will dispose accordingly.
We will always hold your information securely. To prevent unlawful disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
We also follow stringent procedures to ensure we work with all personal data in accordance with the GDPR
Complex Smile Implant Centre has appropriate procedures to ensure personal data breaches are detected, investigated and reported effectively, including procedures to assess and then report any breaches to the ICO where the individual is likely to suffer some form of damage, e.g. through identity theft or confidentiality breach.
The practice will report serious data breaches to the ICO within 72 hours of becoming aware of the essential facts. The practice will keep a log of all data breaches and record the basic facts, effects of the breach and remedial action taken.
How long do we keep your data
We will retain your dental records and orthodontic study models while you are a practice patient and after you cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer.
Changes to our privacy notice
We withhold the right to change/updated our Privacy Notice as required in the future. Any changes will be posted on this page.
If you have any questions or queries on how We use your personal data that are not answered here, or if you wish to exercise your rights, please contact us by any of the following methods:
- Write to us: Complex Smile Implant Centre, 1 New Crane Place, London, E16 2SJ
- Emails Us: email@example.com
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your dentist or write to us. You have the right to object; however, this may affect our ability to provide you with dental care. You have a right to withdraw your consent at any time, however this will not be retrospective.
If at anytime you are unhappy with our use of your information, you can contact us on the methods above in the contact section.
You are also entitled to lodge a formal complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Post: Information Commissioner’s Office
Links to other websites
Our website may contain links to other websites.
Please note that we have no control of websites outside of the www.complexsmile.com domain. If you provide information to a website to which we link, we are not responsible for your data protection and privacy.
Always be wary when submitting data via interactive website templates. Study the website data protection policy and the status of the website itself – is it padlocked or using https:// or green bar transfer protocols?).
This Privacy Notice does not provide exhaustive detail of all aspects of us, collection and use of personal information. However, we are happy to provide any additional information or explanation needed when requested.
We make every effort to ensure that we the information provided on Our website is accurate and current. However, it cannot guarantee this, and cannot accept responsibility for any errors, omissions, misstatements or mistakes on the website. Anyone becoming aware of such matters is requested to notify us in writing or by e-mail at firstname.lastname@example.org