Last Updated: 22 November 2019
We, Only Orthodontics, are committed to protecting and respecting your privacy. This policy, together with any other documents referred to within, sets out the basis on which we will process any personal data that we collect from you, or that you provide to us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
For the purpose of the Data Protection Act 1998 (Act) / EU General Data Protection Regulation 2016 (GDPR), the data controller is Derbyshire & Pearson trading as Only Orthodontics, 22 Greenhead Road, Huddersfield, West Yorkshire, HD1 4EN.
In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care.
This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.
1. Information that we collect (data processing):
1.1 Personal details such as your name, date of birth, national insurance number, NHS number, address, telephone number and email address
1.2 Information about your dental and general health, including
1.2.1 Clinical records made by dentists and other dental professionals involved with your care and treatment
1.2.2 X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
1.2.3 Medical and dental histories
1.2.4 Treatment plans and consent
1.2.5 Notes of conversations with you about your care
1.2.6 Dates of your appointments
1.2.7 Details of any complaints you have made and how these complaints were dealt with
1.2.8 Correspondence with other health professionals or institutions
1.3 Details of the fees we have charged, the amounts you have paid and some payment details
1.4 Information that you provide by filling in forms on our website. This includes information provided at the time of registering to use our site, subscribing to our services or requesting further services or information. We may also ask you for information when you report any problems with our site.
1.5 If you contact us, we may keep a record of that correspondence.
1.6 We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
1.7 Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access.
1.8 Information collected by technology such as Google Analytics and other technology such as cookies placed on our customers' websites (please see "IP addresses and cookies" below for more information).
Only Orthodontics is responsible for keeping secure the information about you that we hold. Our Data Protection Officer Michael Pearson, ensures that our practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly. Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.
2. Individuals whose data we collect and process
We collect and process data from visitors to our website at onlyorthodontics.co.uk and individuals who use our services.
3. How we use your information (the legal basis):
3.1 To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.
3.2 If relevant we will share your information with the NHS in connection with your orthodontic treatment.
3.3 We will seek your preference for how we contact you about your dental care. Our usual methods are telephone or letter.
3.4 We will use your information in the following ways:
3.4.1 to ensure that content from our site is presented in the most effective manner for you and for your computer;
3.4.2 to provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes;
3.4.3 to carry out our obligations arising from any contracts entered into between you and us;
3.4.4 to allow you to participate in interactive features of our service, when you choose to do so;
3.4.5 to notify you about changes to our service;
3.4.6 to generate personal profile reports about you which we use to help to tailor our site, and our interactions with you to suit your preferences.
3.5 We will only contact you with information about goods and services similar to those which were the subject of a previous sale to you.
3.6 We do not disclose personal information about individuals to advertisers or sell your information to any other organisation for marketing purposes.
Only Orthodontics will retain your information while you remain an active patient, unless you ask us to delete your information. If you stop being an active patient we will retain your information unless you request that your details be deleted; however we will only contact you if we believe the information we intend to send to you could be of 'legitimate interest' to you.
If you have signed up to receive our newsletter / requested information from us, we will retain your information until you request to be removed / deleted.
4. Sharing information
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
4.1 Your doctor
4.2 The hospital or community dental services or other health professionals caring for you
4.3 NHS payment authorities
4.4 The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
5. IP addresses, cookies and similar technologies
5.1 We may collect information about your computer, including where available your IP address, operating system and browser type, for system administration purposes. This is statistical data about our users' browsing actions and patterns, and does not identify any individual. This information will be deleted after 3 months.
5.2 We may obtain information about your general internet usage by using technology such as "cookies", which store information on the hard drive of your computer. This type of technology helps us to improve our site and to deliver a better and more personalised service for Public Users and our customers. They enable us:
5.2.1 understand visitor numbers;
5.2.2 to store information about a Public User's preferences, and so allow us to customise our site according to a Public User's interests and offer them goods or services in which we believe they will be interested;
5.2.3 to speed up your searches; and
5.2.4 to recognise you when you return to our site.
5.3 To find out more about cookies, including how to control and disable them, please visit http://www.allaboutcookies.org.
5.4 You may refuse to accept some technologies such as cookies by activating settings on your browser which allows you to refuse the setting of technologies such as cookies. If you refuse all cookies you may be unable to access certain parts of our site. If you do not activate these settings on your browser then you will be taken to have consented to the use of these technologies.
5.5 We use Google Analytics and other monitoring software on our site. These types of technologies also allow the proprietor of the technology e.g.Google to also access your information, we have no control over how your information is processed by third parties such as Google. Please read the privacy packages of the provider to understand how your information may be used by these third parties.
5.6 3rd party services that we use on our site that may set cookies include:
6. Keeping your information safe
We store your personal information securely on our practice computer system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.
We take precautions to ensure security of the practice premises, the practice filing systems and computers. We use high quality specialist dental software to record and use your personal information safely and effectively. Our computer has a secure audit trail and we back-up information routinely. We use cloud computing facilities for encrypted back up of your information. The practice has a rigorous agreement with our provider to ensure that we meet the obligations described in this policy and that we keep your information securely.
It is an obligation to keep your records for 10 years after the date of your last visit to the Practice, but we recommend the retention of such records indefinitely for safety reasons.
All information you provide to us is stored on our secure servers.
Please note that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information we will use strict procedures and security features in order to reduce the risk of unauthorised access.
7. Access to your information and other rights
You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.
You can also request us to
7.1 Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
7.2 Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment
7.3 Stop using your information – for example, sending you reminders for appointments
7.4 Supply your information electronically to another dentist.
If you do not wish us to use your personal information as described, you should discuss the matter with your orthodontist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.
If you have any concerns about how we use your information please contact Joanne Gration the Practice Manager. If you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (0303 123 1113 or 01625 545745).
8. Links to other sites
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
9. Data Subject Rights
9.1 Right to Recification - the right to request the controller rectify inaccurate personal data.
9.2 Right to Object - the right to object to processing based on either public interests or legitimate interests. Processing must stop, unless the controller demonstrates compelling grounds for continuing the processing or that the processing is necessary in connection with the controller’s legal rights.
9.3 Right to Object to Direct Marketing
9.4 Right to be Forgotten - the right to have the controller erase personal data without undue delay. Contingent on the occurrence of one of the following:
9.4.1 The data is no longer necessary;
9.4.2 The data subject withdraws consent (and consent is the legal basis for processing);
9.4.3 Controller has no overriding grounds for continuing processing against the objectification;
9.4.4 Processing was unlawful;
9.4.5 Erasure is necessary with EU or national law.
9.5 Right to Restrict Processing - the right to have the controller restrict processing if:
9.5.1 The accuracy of the data is contested;
9.5.2 Processing is unlawful;
9.5.3 The controller no longer needs the data for its original purpose, but needs it for legal purposes;
9.5.4 Erasure is pending.
9.6 Right of Data Portability - the right to receive a copy of your data in a commonly used machine-readable format for transfer to another controller. This will either be in .xls or .csv format.