Privacy Policy - Circus Orthodontics

The practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner's website as well as our professional guidelines and requirements.

The data controller is Nicola Bridge who is also the information Governance Lead and the Data Protection Officer.

This Privacy Notice is available on the practice website at www.circusorthodontics.co.uk/privacynotice / at reception/ by email if you contact info@circusorthodontics.co.uk / by calling 01225 424051.

You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you.

The categories of data we process are:

Personal data for the purposes of staff and self-employed team member management
Personal data for the purposes of direct mail/email/text and possible future marketing
Special category data including health records for the purposes of the delivery of health care
Special category data including health records and details of criminal record checks for managing employees and contracted team members

We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual's permission before the referral is made and the personal data is shared.

Personal data is stored in the EU whether in digital or hard copy format
Personal data is stored in the US in digital format when the data storage company is certified with the EU-US Privacy Shield
Personal data is obtained when a patient joins the practice, when a patient is referred to the practice and when a patient subscribes to an email list

The lawful basis for processing special category data such as patients' and employees' health data is:

Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

The lawful basis of processing personal data such as name, address, email or phone number is:

Consent of the data subject
Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention (M 215) procedure available from the practice.

You have the following personal data rights:

The right to be informed
The right of access
The right to rectification
The right to erasure (clinical records must be retained for a certain time period)
The right to restrict processing
The right to data portability
The right to object

Further details of these rights can be seen in our Information Governance Procedures (M 217C) or at the Information Commissioner's website. Here are some practical examples of your rights:

If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient records within one month.
If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.

We have carried out a Privacy Impact Assessment (M 217S) and you can request a copy from the details below. The details of how we ensure security of personal data is in our Security Risk Assessment (M 217M) and Information Governance Procedures (M 217C).

What personal data do we hold?

your past and current medical and dental condition; personal details such as your age, address, telephone number and your general dental practitioner
radiographs, clinical photographs and study models
information about the treatment that we have provided or propose to provide and its cost
notes of conversations/incidents that might occur for which a record needs to be kept
records of consent to treatment
any correspondence relating to you with other health care professionals, for example in the hospital or community services.

Why do we hold information about you?

We need to keep comprehensive and accurate personal data about our patients in order to provide them with safe and appropriate dental care. We also need to process personal data about you in order to provide care under NHS arrangements and to ensure the proper management and administration of the NHS.

Security of information

Personal data about you is held in the practice's computer system and/or in a manual filing system. The information is not accessible to the public and only authorised members of staff have access to it. Our computer system has secure audit trails and we back up information routinely.

Disclosure of information

In order to provide proper and safe dental care, we may need to disclose personal information about you to:

your general dental practitioner
the hospital or community dental services
other health professionals caring for you
NHS payment authorities
the Inland Revenue
the Benefits Agency, where you are claiming exemption or remission from NHS charges
private dental schemes of which you are a member.

Disclosure will take place on a 'need-to-know' basis, so that only those individuals/organisations who need to know in order to provide care to you and for the proper administration of Government (whose personnel are covered by strict confidentiality rules) will be given the information. Only that information that the recipient needs to know will be disclosed.

In very limited circumstances or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.

Where possible you will be informed of these requests for disclosure.

Comments, suggestions and complaints

Please contact Nicola Bridge at the practice for a comment, suggestion or a complaint about your data processing at info@circusorthodontics.co.uk, or 01225 424051 or by writing to or visiting the practice at Circus Orthodontics, 20 The Circus, Bath, BA1 2EU. We take complaints very seriously.

If you are unhappy with our response or if you need any advice you should contact the Information Commissioner's Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who's misused personal data. You can also visit their website for information on how to make a data protection complaint.

Related practice procedures

You can also use these contact details to request copies of the following practice policies or procedures:

Data Protection and Information Security Policy (M 233-DPT), Consent Policy (M 233-CNS)
Privacy Impact Assessment (M 217S), Information Governance Procedures (M 217C)

Website privacy policy

Key details

This practice Privacy Policy describes how this uses and protects the information you give us when you use this website.

If you provide information when using this website, it will only be used in the ways described in this Privacy Policy.

This Policy is updated from time to time. The latest version is published on this page.

This website Privacy Policy was last updated on: 27/04/2018

If you have any questions about this policy, please email or write to .

Introduction

We gather and use patient information in order to provide products and services and to enable certain functions on this website.

We also collect information to better understand how visitors use this website and to present timely, relevant information to them online.

Website Forms

Forms on this website do collect personal data that you submit, which will be emailed with the intent to store that data on industry standard UK email hosting and practice management records for the purpose of providing you a service.

General Data Protection Regulation (GDPR) (EU) 2016/679

Our practice is Notified with the Information Commissioner's Office (ICO).

Our Data Controller () can be contacted at our practice address () or by telephone with any questions you may have or details concerning the protection of your personal data.

Patient Records

Our Practice is Registered with the Care Quality Commission (CQC). Details of our Registration can be seen at www.cqc.org.uk. Our practice has to comply with the CQC data protection policy for Patient Records both offline and online.

What data we gather

We may collect your data in a variety of ways on this website. Our lawful basis for processing your data will be your explicit consent to us to do so. We may store this data indefinitely.

We may collect the following information:

Contact information including your email address
Demographic information, such as postcode, preferences and interests
Website usage data
Other information relevant to patient enquiries
Other information pertaining to special offers and surveys

How we use this data

Collecting this data helps us understand what you expect from your practice, enabling us to deliver improved products and services.

Specifically, we may use data:

For our own internal records
To transfer or share sensitive patient data with other registered dental or medical professionals
To improve the products and services we provide
To contact you in response to a specific enquiry
To customise the website for you
To send you promotional emails about products, services, offers and other things we think might be relevant to you.
To send you promotional mailings or to call you about products, services, offers and other things we think might be relevant to you.
To contact you via email, telephone or mail for research reasons.

Your individual rights

As an individual, you have the following rights in regard to the data that we collect and store:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling.

Should you wish to exercise any of these rights, please call the practice and speak to our Data Controller or Data Protection Officer.

Cookies and how we use them

What is a cookie?

A cookie is a small file placed on your computer's hard drive. It enables our website to identify your computer as you view different pages on our website.

Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.

How we use cookies

We may use cookies to:

Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
Identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site.
Test content on our website. For example, 50% of our users might see one piece of content, the other 50% a different piece of content.
Store information about your preferences. The website can then present you with information you will find more relevant and interesting.
To recognise when you return to our website. We may show your relevant content, or provide functionality you used previously.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.

Controlling cookies

You can use your web browser's cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies.

However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.

Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it.

To learn more about Cookies, see our Cookie Policy.

Controlling information about you

When you fill in an e- form or provide your personal details on our website, you may see one or more tick boxes allowing you to:

Opt-in to receive marketing communications from us by email, telephone, text message or post.
Opt-in to receive marketing communications from our third-party partners by email, telephone, text message or post.
If you have agreed that we can use your information for marketing purposes, you can change your mind easily, via one of these methods:
Send an email to .
Write to .

Any personal information we hold about you is stored and processed under our data protection policy, in compliance with the General Data Protection Regulation (GDPR).

Security

We will always hold your information securely.

To prevent unlawful disclosure or access to your information, we have implemented strong physical and electronic security safeguards.

We also follow stringent procedures to ensure we work with all personal data in accordance with the General Data Protection Regulation (GDPR).

Links from our site

Our website may contain links to other websites.

Please note that we have no control of websites outside of the domain. If you provide information to a website to which we link, we are not responsible for your data protection and privacy.

Always be wary when submitting data via interactive website templates. Study the website data protection policy and the status of the website itself - is it padlocked or using https:// or green bar transfer protocols?).

Feedback

If you feel that there is a problem with the way that we are handling your data, you may complain to the ICO directly at https://ico.org.uk/.