This privacy notice applies to all personal information processing activities carried out by Portman Healthcare Limited. Portman Healthcare is the data controller in respect of personal information that we process in connection with our business. Our principal address is The Port, Rosehill, New Barn Lane, Cheltenham, Gloucestershire, GL52 3LZ, our contact details can be located here.
Our Data Protection Officer can be contacted by e-mail at firstname.lastname@example.org
What information do we collect?
We may collect the following kinds of information about you:
- Personal details such as your name, date of birth, gender, national insurance number, NHS number, address, telephone number, email address, occupation
- Information about yourdental and general health, including clinical records made by dentists and other dental professionals involved with your care and treatment
- X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
- Medical and dental histories
- Treatment plans and consent
- Notes of conversations with you about your care
- Correspondence from other health professionals or institutions involved in your care
- Details of the fees we have charged, payments exemptions (NHS), the amounts you have paid and some payment details
- Feedback and complaints
- CCTV images
- Online profile and social media information and activity, based on your interaction with us and
- Our websites, including for example Internet Protocol (IP) address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
- Statistical data about your browsing actions and patterns – including the full URL clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page
How we obtain information
- You may give us information about you through the following:
- Filling in forms at our practices or on our websites.
- Corresponding with us by phone, e-mail or otherwise.
- Through the technology you use to access our services
Information we receive from third parties – This includes information you provide when you visit our websites, for the purpose of booking an appointment with a dentist at Portman Healthcare clinics, participate in discussion boards or other social media functions on our site and when you report a problem with our site.
Our website, like many others, uses third party cookies, helping us improve the performance of our website and digital marketing, to provide you with a better user experience.
These cookies monitor activity throughout our website using third-party providers – Mediahawk and Google. We track which sources are effective at helping visitors find our website and make calls to us, navigation journeys throughout, and pages visited. We may use IP addresses, geo-location data and caller telephone numbers.
What are ‘cookies’?
‘Cookies’ are small text files that are stored by the website browser (for example, Internet Explorer or Safari) on your computer or mobile device. They are widely used in order to make websites work, or work in a better, more efficient way. They can do this because websites use them to recognise you and remember important information that will make your use of a website more convenient.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
How we use your information – the purpose
We may use this information to:
- To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.
- We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes.
- We will seek your preference for how we contact you about your dental care. Our usual methods are SMS, telephone, email or letter.
- We may use your information for our own analysis to understand the effectiveness of our marketing activities.
If we wish to use your information for dental research or dental education, we will discuss this with you and seek your consent. Depending on the purpose and if possible, we will anonymise your information. If this is not possible we will inform you and discuss your options.
We may use your contact details to inform you of products and services available at our practices.
We have CCTV at some of our practices for the purposes of security and patient and staff safety.
We use data processors who are third parties who provide elements of services for us. We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.
Where we store Your Personal Information and International Data Transfers
The personal data that we hold about you will be stored in the UK and the European Economic Area (EEA). In limited circumstances may also be transferred to or stored at a destination outside the UK or EEA.
If we transfer your data to third party service providers based outside the EEA, we ensure a similar degree of protection is provided to the transfer by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts (known as Standard Contractual Clauses) approved by the European Commission which give personal data the same protection it has in Europe, as well as any additional security measures as required.
We will make sure we meet any future requirements the UK or the EU provide following the UK’s exit of the EU, including (but not limited to) the legal safeguards discussed above.
Sharing your information
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
- Your doctor
- The hospital or community dental services or other health professionals caring for you
- Dental laboratories
- NHS payment authorities
- The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
- Private dental schemes of which you are a member
- Debt collection companies
We also share your information with third parties in order to deliver the following services to you:
- Managing new enquiries from our website
- Contacting you to check if you wish to remain a client of ours
- Sending reminders for your dental appointments
- Processing on-line booking appointments
- Collecting feedback from our patients
- Managing email communications to our patients
- Providing troubleshooting and support services for our various IT systems
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. We also have third party agreements in place to protect your information.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Some of your information may be transferred out of the European Economic Area (EEA), primarily for creating medical devices such as crowns. Where information is transferred outside of the European Economic Area (“EEA”), we require that appropriate safeguards are in place and we use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA
How we will keep your information safe
We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.
- Password protection
- Locked cabinets/rooms
- Practice security systems (including CCTV)
- Virus protection
- Secure servers
- Back-up facilities
- Secure cloud-based storage
How long will we keep your information?
We keep your dental records for 10 years after the date of your last visit.
There are a number of other documents that we may collect that have a variety of retention dates, for example the NHS PR form – used to declare payment exemptions – which needs to be kept for 2 years. We have a retention schedule listing all documents and the timeframes for disposal. Retention periods may be changed from time to time based on business or legal and regulatory requirements
You have a right to access the information that we hold about you and to receive a copy. You can make a request by contacting your practice or by e-mailing email@example.com.
You have a right to correct any information that you believe is inaccurate or incomplete. Please contact your practice to request a change in information.
You have a right to request that we delete your personal information, although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). Please contact your practice to make this request.
You have the right to request us to restrict the processing of your personal information for example, sending you reminders for appointments or information about our service. Please contact your practice to make this request.
You have a right to data portability, this could include supplying your information to another dentist. Please contact your practice to make this request.
If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you can contact our Data Protection Officer via email at firstname.lastname@example.org.
You can also seek advice from The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or start a live chat or call our helpline on 0303 123 1113.