The practice aims to meet the requirements of the Data Protection Act 2018, the United Kingdom General Data Protection Regulation (UK GDPR), the guidelines on the Information Commissioner’s (ICO) website as well as our professional guidelines and requirements.

The data controller is Rajen Ganatra, the Information Governance Lead is Rajen Ganatra who is also the Data Protection Officer.

This Privacy Notice is available at reception or by email if you contact hello@refreshdentalcare.co.uk/ by calling 01923 223611.

You will be asked to provide personal information when joining the practice. The purpose of processing your personal data is to provide you with optimum dental health care and prevention.
The categories and examples of data we process are:

▪ Personal data for the provision of dental health care
▪ Personal data for the purposes of providing treatment plans, recall appointments, reminders or
estimates
▪ Personal data such as details of family members for the provision of health care to children or for
emergency contact details
▪ Personal data for the purposes of employed and self-employed team members employment and
engagement respective
▪ Special category data including health records for the purposes of the delivery of health care and
meeting our legal obligations
▪ Special category data including health records
▪ Special category data to meet the requirements of the Equality Act 2010
▪ Special category data details of criminal record checks for employees and contracted team members

We minimise the data that we keep, and do not keep it for longer than necessary.

We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital, we will gain the individual’s permission before the referral is made and the personal data is shared. Your data will be shared with the NHS if you are having NHS treatment.

▪ Personal data is stored in the UK or EU whether in digital or hard copy format
▪ Personal data is obtained when a patient joins the practice, when a patient is referred to the practice

For full details or where your data is stored, please ask to see Information Governance Procedures (M 217C).

We have established the following lawful bases for processing your data:

Our lawful bases for processing personal data:

▪ The legitimate interests of the dental practice
▪ Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract
▪ Consent of the data subject
▪ To comply with our legal obligations