We take your privacy very serious. This notice informs you of our policy about all information that we record about you. It sets out the conditions under which we may process any information that we collect from you, or that you provide to us. It covers information that could identify you (“personal information”) and information that could not.
Your personal data is processed fairly and lawfully in line with the GDPR (General Data Protection Regulation).
The practice is registered with the Information Commissioner’s Office (ICO).
Data Controller of the practice is owner Yvonne Bruehmann who will deal with any queries you might have.
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
All data we hold is received from you directly, through your consent or through Practitioner Services.
We don’t create derived or inferred data about the data we hold of you and we don’t plan to use this in future for any other purposes.
Our intended use is unlikely to cause individuals to object or complain.
We only hold data of you which we require in order to perform the contract between you and us providing you with our services.
As Health Care Providers we have a legal obligation to hold certain types of your personal data.
We hold data of you which is of legitimate interest to us and which you have been informed about, you consent and freely give to us.
If a basis on which we process your personal information is no longer relevant then we shall immediately stop processing your data.
Please be aware when you contact us through email or the contact form on our website that like any generic email account this is not encrypted and can be hacked into. Only volunteer the information you feel safe you can share with us this way.
Our website uses Google Analytics to help analyse how users use the site. “Cookies” are used, which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. This including IP address is transmitted to Google which then evaluates visitors’ use of our website and produces statistics of the website activity. Google and us will not associate or seek to link your IP address with any other data held by Google. We will never use the statistical analytics tool to track or collect any Personally Identifiable Information of visitors to our site. We also will not allow any third party to do so.
We only share the individual components of your personal data with others as far as it is required.
Our website is directed to adults; it is not directed to children under the age of 13. We operate our site in compliance with the Children’s Online Privacy Protection Act, and will not knowingly collect or use personal information from anyone under 13 years of age.
The contact form on our site will only be used for the practice’s internal processes. Please be aware when you contact us through email or the contact form on our website that like any generic email account this is not encrypted and can be hacked into. Only volunteer the information you feel safe you can share with us this way. We will delete this data from our email account after a period of three months. We may record this information within our practice management software.
The contact form on our website is only to be used by children aged 13 years and over. If you are younger please ask your parent or guardian to fill it in for you. If you don’t know what to do, please phone the practice and we can help you further.
We keep your name, address, contact details, date of birth, medical and dental records and Community Health Index number, name and contact of your guardian (if necessary) and any details you freely give to us so that we can help you in the best way. By law, we need to keep your data up to 11 years or until you are aged 25, whichever is longer.
It is always good to bring a parent or guardian with you when you come to see us.
If you are under age 16, bring your parent/guardian because they will need to fill in and sign forms for you which give us details about you and your health.
Your data is partially stored on password-protected computers with the latest anti-virus software and partially stored in the cloud. Practice premises are secured and alarmed and paper files stored in lockable cabinets to which only authorised staff hold the key to. Data is backed-up daily and stored in a secure place. The dental software we use is cloud-based and is hosted on servers that are owned and operated by Amazon Web Services (AWS) that reside within the European Union. AWS is an industry leader and provides a highly scalable cloud computing platform with end-to-end security and privacy features. Access to these data centres is strictly controlled and monitored using a variety of physical controls, intrusion detection systems, environmental security measures and 24/7 on-site security staff, biometric scanning, multi-factor authentications, video surveillance and other electronic means. All physical and electronic access to data centres by AWS employees is authorized strictly on a least privileged basis and is logged and audited routinely.
Personal data is reviewed, updated and deleted in a confidential and secure manner when no longer required.
Transfer of your clinical/medical records is only by post or encrypted email.
Staff is trained on up-to-date data protection requirements and their contracts include a clause regarding confidentiality and data protection.
You have the right to access the data we hold of you. Please put your request in writing to the practice owner Yvonne Bruehmann.
We will supply the requested information within one month. Where requests are complex or numerous we can extend this by up to a further two months.
A fee can be requested by the practice, but only restricted to requests which are manifestly unfounded or excessive.
Most of the personal data we hold of you we need to keep by law up to 11 years or until you are aged 25, whichever is longer. Card payment details we hold for 6 years and 11 months.
Your data is deleted in a confidential and secure manner when no longer required.
As a health care provider we need to comply with the law and are required to keep most of the data for the above listed periods of time.
However you can request immediate deletion of your contact phone numbers and/or email contact.