Privacy Notice for Patients | Cramond House Dental Practice

Privacy Notice for Patients

1. Purpose

Cramond House Dental Practice aims to meet the requirements of the Data Protection Act 2018, the United Kingdom General Data Protection Regulation (UK GDPR), the guidelines on the Information Commissioner’s (ICO) website, and our professional guidelines and requirements. This privacy notice describes the type of personal information we hold, why we keep it, and what we do with it.

2. Registered Name

The data controller is Catherine Cumpstey.

3. Contact Details

Cramond House Dental Practice
23 York Street, Clitheroe, Lancs BB7 2AU
Email: cramondhouse@protonmail.com
Phone: 01200 423381

This privacy notice is also available on our website at www.cramondhousedental.co.uk or as a hard copy upon request.

4. What Information We Collect, Use, and Why

The personal data we process includes:

Name, address, contact details, gender, pronoun preferences, date of birth, nationality, NHS number, medical history, dental history, family medical history, family contact details, emergency contact details, marital status, information about care needs, financial details, doctor’s details, treatment plans, consent, X-rays, clinical photographs, digital scans, study models, appointment dates and details of complaints.

We may also process more sensitive special category data, including: ethnicity, race, religion, health records, sex life information, or sexual orientation.

The reasons we process this data include:

To fulfil our contract with you
To maintain a contemporaneous clinical record
To discuss treatment options
To provide dental prevention and oral health advice
To ensure any medication we prescribe is suitable
To modify treatments based on individual needs
To meet our obligations under the Equality Act 2010
To carry out financial transactions
To manage appointments, recalls and reminders
To communicate with next of kin or carers when appropriate
To refer to other health professionals as required
For debt recovery and service improvement
To assist with safeguarding, complaints or legal claims

5. Lawful Basis (Personal Data)

Legitimate interest to provide safe, effective dental care
Consent of the data subject
Compliance with legal obligations

6. Lawful Basis (Special Category Data)

Processing necessary for ethical and professional healthcare
Processing necessary to monitor equality of opportunity or treatment
Consent of the data subject

7. Data Protection Rights

You have the following rights regarding your personal data:

Right of access – request a copy of your data
Right to rectification – request correction or deletion of inaccurate information
Right to erasure – request deletion of personal data, subject to legal obligations
Right to restrict processing – limit how we use your personal data
Right to data portability – request transfer of your data to another provider
Right to withdraw consent – withdraw your consent at any time

8. Where We Get Personal Information From

We obtain your details when you enquire about our services, register as a patient, complete medical forms, or are referred by another healthcare provider. Information may also come from family members or carers.

9. How Long We Keep Information

We retain patient records for 11 years after the last visit or until age 25 (whichever is longer). Non-essential contact information may be deleted sooner upon request.

Images captured by CCTV are retained for 3 months unless required longer for investigations or compliance.

10. How We Store Information

Your information is securely stored in our computer system and manual files. Only authorised staff have access, and all follow strict confidentiality and data protection procedures. Our systems are backed up routinely and protected by secure audit trails.

11. Sharing Information

We may share limited personal data, when necessary, with:

Other dentists or healthcare professionals
Your GP or consultant
Dental laboratories
NHS payment authorities
HMRC or the Benefits Agency
Private dental schemes
Safeguarding organisations

12. Duty of Confidentiality

Information may only be disclosed in exceptional circumstances, such as:

Serious public health risk or harm prevention
Police investigations or legal requirements
In response to a court order
Pursuing a legal claim

13. NHS Required: National Data Opt-Out

For information about how your NHS data may be used beyond your care, and how to opt out, visit www.nhs.uk/your-nhs-data-matters.

14. How to Complain

If you have any concerns about how we handle your data, please contact us using the details above. If you are not satisfied with our response, you can contact the Information Commissioner’s Office (ICO):

Phone: 0303 123 1113
Website: www.ico.org.uk/make-a-complaint

15. Review and Revision

This privacy notice is reviewed annually and updated to ensure compliance with current regulations.