Who we are
Our website address is: https://cedardentalandimplant.com
We are a Data Controller under the terms of the Data Protection Act 2018 and the requirements of the General Data Protection Regulation (GDPR), which means we determine the purposes and means of the processing of your personal data, ensuring it is handled responsibly and securely.
This Privacy Policy page explains what ‘personal data’ we hold, why we hold and process it, who we might share it with, and your rights under the law.
We hold your data for specific purposes in providing services, treatment, care and employment at our dental practice. This includes patient clinical and health data and correspondence, staff employment data, and contractors’ data.
Why we process and hold your data
Holding and ‘processing’ your data essentially means we obtain, store, update and archive data where necessary.
This means we hold patient data for the purposes of providing appropriate, high-quality, safe and effective dental care and treatment. We hold this because it is our interests to do so, for the effective working of business operations and patient care. We must hold data on NHS care and treatment as it is a Public Task required by law.
In regard to staff employment, we must legally hold data in accordance with Employment, Taxation and Pensions law.
For those who enter into a contract with us, we hold data for the purpose of managing their contracts and fulfilling agreed obligations.
Website forms
If you fill in forms on our website, we receive and collect the data submitted to us, and store information if you are registering as a patient.
Who we share your data with
We can only share data if it is strictly necessary for the purposes of our work and your care, for example with any third party organisations we operate with for the provision of services or dental referrals. This is done responsibly and securely.
For patients, this includes, but may not be limited to, healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or if you need external laboratory work).
For employees, data is shared with government agencies (HMRC) where necessary, and if and when requested.
In certain situations, data may be used for teaching, training or marketing purposes. Where this is the case, additional consent will be sought for its use.
How long we retain your data
We hold submitted patient data on our email and computer systems.
We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will store data for as long as is required for legal purposes as recommended by the NHS or other trusted experts.
To comply with legal requirements, we must retain employment data and contractors’ data for seven years after employment or a contract has ended.
What rights you have over your data
You can request details about the personal data we hold about you and why, including any data you have provided to us, by contacting us directly with the request. This includes being informed about how your data is being used, accessing personal data, and checking details about you are correct and up to date.
You can also request that we stop or restrict the processing of your data, or erase any personal data we hold about you. This, however, does not include any data that we must keep for administrative, legal, or security purposes.
You also have the right to request the transfer of your data to a third party. We will comply if it is safe and legal to do so.
How to contact or raise a concern about our data processing
To get in touch with our data protection officer, Issar Hussain, email contact@cedardentalandimplant.com
If you are not satisfied with the response, you can complain to the Information Commissioner’s Office.