Southwater dental practice are data controllers under the terms of the Data Protection Act 1998 and the requirement of the EU General Data Protection Regulation (GDPR). The privacy notice explains what personal data Southwater dental practice holds why and how we use it, who we may share it with, and patient rights and freedom under the law. Types of personal data kept at Southwater dental practice are in the following categories. 1. Patient data, clinical, health information, and correspondence. 2. Staff data employment information. 3. Contractor’s data. Why Southwater dental practice process personal data? What is the purpose? Process means to obtain, store, update, and archive. 1. Patient data is held to provide patients with appropriate, high quality, safe and effective dental care and treatment. 2. Staff employment data is held in accordance with employment, taxation, and pension laws. 3. Contractor’s data is held to manage their contracts. The Law states we must inform you about: 1. Southwater Dental practice holds patient data because it is our legitimate interest to do so, without holding the information we cannot work effectively. 2. Southwater Dental Practice holds staff employment data because it is our legal obligation to do so. 3. Southwater Dental Practice holds a contractor’s data because it is needed to fulfill a contract.
Security.Southwater Dental Practice is committed to ensuring that your information is safe and secure. To prevent unauthorized access or disclosure we have in place suitable physical, electronic, and managerial procedures to safeguard and secure information that we collect from you. Controlling your personal information that we collect from you or about you will be treated as confidential and will not be disclosed, other than in the normal course of performing services on your behalf unless your consent has been obtained. You may request details of personal information which we hold here at Southwater Dental Practice under the Data Protection Act 1998, Email firstname.lastname@example.org. If you believe any information is incorrect or incomplete please write or Email to the above and we will update it as soon as possible.
Breach of information.A personal data breach will be reported to ICO or another relevant data protection agency if the breach is likely to result in a risk to the rights and freedom of the individual. The time limit for notification of a relevant supervisory authority is 72 hours after you become aware of the breach. Under the investigation process, information may have to be provided to the ICO. If the breach id deemed significant, patients may need to be informed, if this is necessary.