Patient Privacy Notice

Coast Dental Health & Beauty Ltd is an independent dental practice providing a range of dental treatments on a private basis. Our practice comprises of employed and self-employed individuals. We work together to ensure our patient’s privacy is respected and their personal data is protected.

This privacy notice outlines how we handle patient information according to the UK GDPR and Data Protection Act 2018 (DPA18).

Name: Coast Dental Health & Beauty Ltd

Address: 307 Copnor Road, Portsmouth, PO3 5EG

Phone Number: 02392170201

Email: coastdentalhealth@gmail.com

Collecting Your Personal Data

Most of the personal information we process is provided to us directly, such as when you contact the practice, engage with our website or during your appointment.

Occasionally, however, we may receive patient information from other sources such as:

  • Another dental professional that has treated you
  • GP or hospital
  • Carer, family member or partner
  • Insurance or dental plan provider
  • The NHS, a regulator or other authority, such as the Police.
  • Your solicitor

We may receive data from third parties, including analytics providers such as Google located outside the UK, advertising networks such as Facebook located outside the UK providers of technical, payment and delivery services.

The Types of Personal Information We Collect and Process

The table below sets out the main types of patient information we process, the reasons why and the lawful basis for doing so.

Categories of Personal Data Examples of Personal Data Purposes of Processing Personal Data Lawful Basis under UK GDPR and DPA18
Personal Identifiers Name, Contact Details, Patient Reference number, NHS number, date of birth, signatures, photos and videos (non-clinical purposes), where you can be identified in CCTV footage.
  1. Add you to our patient system.
  2. Contact you in connection with your treatment and manage our relationship with you; this includes sending you recalls and appointment reminders.
  3. Send you marketing information.
  4. Share your non-clinical videos and photos such as reactions and testimonials to our online audiences and training courses.

For the prevention and detection of crime and to protect our assets including staff (CCTV still and moving images)
  1. Performance of a contract (in connection with private treatments),
  2. Performance of a contract (in connection with private treatments), in our legitimate interest.
  3. Consent, in our legitimate interest.
  4.  

In our legitimate interest.
Family Details Next of kin, and details of any guardians, carers and representatives.
  1. Contact them in an emergency.

Contact them about your care if they are responsible for looking after you.
  1. Vital interest, consent.

(In connection with private treatments).
Financial details Details of any payments you make to us or need to make to us your debit and credit card details, and if applicable, your bank account details
  1. Process any payments you make to us or need to make to us.

Recover any debts due to us.
  1. (In connection with private treatments)

In our legitimate interest.
Technical data Data about your use of our website such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website, social media channels and patient portal
  1. Analyse how patients use our online services to develop them, grow our practice, and progress our marketing strategies.
  2. Administer and protect our practice, social media channels, website, deliver relevant online content and advertisements to you, and understand our advertising effectiveness.

Detect and identify whether an individual has used the practice’s guest WI-FI network to conduct unlawful activities.

 1, 2. In our legitimate interest. 3. In our legitimate interest, Legal obligation.
Communication data Personal data contained in an email, comments on social media posts, letters, instant messages.
  1. To investigate and respond to a complaint, query, or feedback you may have.

Provide evidence required to establish a legal Defence or regulatory enquiry.

 1, 2 and 3. In our legitimate interest.
Health Data Medical and dental histories, lifestyle questions (e.g. alcohol and tobacco use), x-rays, clinical photographs, digital scans of your mouth and teeth, study models, treatment plans, patient understanding exercises, recorded communications (e.g. voice messages, video calls, instant messages, letters and emails), clinical notes made by our clinical staff and other dental professionals involved in your care and treatment, information of any health and safety incident you have been involved in.
  1. For the assessment, diagnosis of your dental health to administer care and treatment, including prescription and referral.
  2. To establish a legal defence in the event of a claim or regulatory investigation.
  3. For clinical and peer review to assess equality and the level of care provided to patients visiting the practice.

To record and manage a health and safety incident that has occurred on the premises. Including, insurance purposes.
  1. Necessary for your dental and orthodontic treatment and the administration of it.
  2. *Legal defence
  3. Necessary for your dental and orthodontic treatment and the administration of it. Substantial Public Interest – Equality.

Legal defence, Substantial Public Interest – Insurance
Ethnicity Information Where relevant, we may need to process your ethnic group and language.
  1. Understand your cultural, religious and language needs, identify any patients at risk.

Comply with the law which gives the practice a duty to promote equality.
  1. Necessary for your dental and orthodontic treatment and the administration of it.*

Public Task, Necessary for your dental and orthodontic treatment and the administration of it. Substantial Public Interest – Equality.
Religious and philosophical beliefs Where relevant to your care, such as fasting or abstaining from certain types of treatments.
  1. For the assessment, diagnose your dental health to administer care and treatment, including prescription and referral.

Comply with the law, which gives the practice a duty to promote equality.
  1. Necessary for your dental and orthodontic treatment and the administration of it.*
  2. Legal defence

Necessary for your dental and orthodontic treatment and the administration of it. Substantial Public Interest – Equality.**

Providing you with private dental treatment means the practice and your treating clinician must collect and process your personal data. Refusal to provide personal data connected to these lawful bases may directly impact our ability to treat you and we may be unable to continue your treatment at the practice.

Withdrawing Consent

The above table sets out where we rely on your consent to process your personal data. You can request to withdraw your consent for these purposes by contacting the practice using the contact details found at the top of this notice.

How We Store Your Data

Your information is securely stored paper and digital formats. We use online and cloud-based digital storage. Where data is stored outside of the UK, we ensure the correct legal protection are in place to ensure compliance with international data transfer rules.

How long we keep your Personal Data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any medical, legal, accounting, or reporting requirements.
When deciding the correct time to keep the data, we look at the amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, and necessary ongoing purposes of the processing.

Sharing Your Personal Data

Your information is typically used internally by staff employed by the practice and self-employed dentists working at the practice and responsible for your treatment.

There may be instances where we need to share it – for example, with:

  • Your GP
  • The hospital or community dental services or other health professionals caring for you
  • Private dental plans (if applicable) of which you are a member.
  • Dental labs
  • Finance companies concerning your payment plan
  • The General Dental Council and other healthcare regulators
  • Any professionals advising us or you, such as any lawyers and insurance companies
  • Our IT system providers
  • Your next of kin, such as in an emergency
  • Pharmacists
  • Social services
  • Translators or interpreters, such as if you need help using our products and services
  • Debt recovery services providers, such as when we seek to recover any debts from you
  • Any third party who buys us.

We will only disclose your information on a need-to-know basis and limit any information we share to the minimum necessary.

In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.

International Transfer of Personal Data

Where we transfer your data to third parties outside of the UK, we will ensure that certain safeguards are in place to provide a similar degree of security for your personal data. As such:

  • We may transfer your personal data to countries that the UK has approved as providing an adequate level of protection for personal data by; or
  • If we use US-based providers that are part of a UK approved legal privacy framework, we may transfer data to them, as they have appropriate safeguards in place; or
  • Where we use certain service providers who are established outside of the UK, we may use specific contractual clauses approved by the European Commission, giving personal data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time. 

Knowing Your Information Rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Depending on the nature of the request we may need to ask you to provide further information to verify your identity and/or better understand your request.

How To Complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this notice.

If you are dissatisfied with our response or prefer to lodge your complaint with them directly you can do using the details below.

The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk

Scroll right on mobile and tablet devices to view table content