Wyndcott Dental Centre is committed to protecting your personal information and uses physical, technological and operational measures to ensure that it is not damaged, stolen or lost. You have rights under the General Data Protection Regulations (GDPR) and Freedom of Information act to know what information we hold, to have access to that information, and to know how we use it.
Who is the data controller
Wyndcott Ltd
Our information commissioner’s office registration is: Z9608552
How can I contact Wyndcott Ltd
You can write to Wyndcott Ltd at:
Wyndcott Dental Centre, Birchwood Park Avenue Swanley, Kent. BR8 7AT
Or call us on:
01322 662 493
Who is the Data Protection Officer
John Mills
How can I contact the Data Protection Officer?
You can write to him at:
Wyndcott Dental Centre, Birchwood Park Avenue,
Swanley,
Kent.
BR8 7AT
Or call on:
01322 662 493
What information is collected and what we do with it
We need several kinds of information in order to treat you as a patient, to contact you about your appointments, and in order to refer you for specialist treatment.For each type of information collected we have a legal basis for its use which is included in italics.
Name, date of birth, gender and address are used to identify you. This is also required in order to claim NHS dental treatment.
Provision of health care
Contact details (address, telephone, email) are used to contact you about appointments. This is also used if you are referred to other services. If you make an enquiry via our website, or by email, we will respond to your enquiry using the information you have provided.
Provision of health care
Contact preferences are used to determine how we should normally contact you.
Provision of health care
Marketing preferences (may we send information about offers) is used to determine if we can send information about new services or offers on existing services that may be of interest to you.
Consent
Occupation (what you do) is used to help in diagnosing any problems found or reported.
Provision of health care
Emergency contact details are used in case something happens to you while you are at the practice.
Provision of health care
GP details are used if we need to contact your GP if we need to coordinate treatment we plan with them, or to pass on a finding we make during an examination which may be relevant to them. We also need this information if we refer you to an NHS service as NHS funding is often based on the location of your GP.
Provision of health care
Hospital or GP visits in the last two years is used to tell us if there are any problems you may be having that could be affected by, or which could affect your dental health. This may also be used to determine if any treatment we plan is safe for you.
Provision of health care
Medication information is used to determine if medications we might use or treatment we plan will be safe. Even if you no longer take some medications, the effects can be permanent, so we sometimes ask if you have ever taken some types of medication.
Provision of health care
Allergy infomation is used to determine if medications we might use, equipment we use, or treatment we plan will be safe.
Provision of health care
Information about conditions or diseases you may have had are used to determine if medication we may use, or treatment we plan is safe for you.
Provision of health care
Information about Prosthetics (replacement parts) you may have had is used to determine if if any equipment we use or treatment we plan will be safe.
Provision of health care
Pregnancy information is used to determine if treatment we plan or diagnostic processes such as xrays will be safe for you and your unborn child.
Provision of health care
HIV information is used to help in diagnosis of any oral conditions that may be more likely if your immune system is affected. It is also used in the unlikely event of an injury to staff either while you are at the practice, or while processing the instruments used to treat you after you have left. We need to know if it will be necessary to take additional steps to treat an injury if there is a risk of infection.
Provision of health care
Your concerns (crooked, discoloured, or missing teeth, fillings or snoring) are all used to guide the advice you may be given as part of your examination.
Provision of health care
Smoking and vaping information are used as part of the process of diagnosing symptoms found during your examination, and affect advice given as both will increase your risk of oral cancer and reduce your body’s ability to heal.
Provision of health care
Alcohol consumption information is used as part of the process of diagnosing symptoms found during your examination, and affect advice given.
Provision of health care
Your weight is used to determine if it is safe to examine you in our surgeries. Equipment is rated at 21 stones (135Kg), so we may have to refer you for treatment elsewhere if you weigh more than our equipment can support.
Provision of health care
The NHS requests information about your ethnic origin in order to carry out statistical analysis into treatment needs. This may later be used to advise dentists to be more vigilant for certain conditions or expect different outcomes where it is found that some groups are more likely to have a particular condition or were more likely to experience difficulty in undergoing treatment. For example, jaw bone density can vary between different groups, which can cause extractions to be more difficult.
Public interest, Provision of health care
Information about exemptions from paying NHS charges is needed in order to provide free NHS treatment. The NHS business services authority requires that certain information is collected to confirm that you are eligible for free treatment so we may need to collect your current educational institution, Exemption Card details, National Insurance Number. We may also ask to see proof that you receive a benefit.
Provision of health care
Information about your entitlement to reduced NHS charges is used to process your payment where the NHS does not provide free treatment, but will pay for more of your treatment than it would normally.
Provision of health care
During your examination, a dentist will also collect clinical information including
The condition of your teeth, and any fillings or other restorations
The condition of your gums and any pockets between the gums and teeth
The condition of your soft tissues and palateWhether your temporomandibular joint (jaw hinge) is functioning smoothly
The condition of your salivary glands
Xrays of your teeth
The colour of your teeth
The amount of sugar or acid in your diet
This information is used to record the status of your teeth, gums, other soft tissues, and any restorations. This makes it possible to note change over time, and is used to diagnose and treat any symptoms found.
Provision of health care
Details of your appointments are recorded including their dates, times and duration, who you were treated by, what treatment was recommended, what treatment was carried out, what materials were used, whether any appointments were missed. This information is used to record the history of your treatment and may be subsequently be used to investigate a complaint, diagnose a symptom, to audit the use of materials and treatment outcomes or determine whether further NHS or private appointments can be offered.
Provision of health care
Non-clinical notes may be recorded to capture a wide range of non-clinical information which may be used to indicate your preference for clinician, comments you have made to reception staff, actions or behaviour that may later become part of a complaint investigation, or to enable different members of staff to cooperate in providing your dental service. The above is not an exclusive list of information.
Provision of health care
A full or summary copy of your signed treatment plan is used to confirm your written consent to the treatment proposed, and its cost.
Provision of health care
Letters to and from other services are stored as part of your record. This will include letters referring you to other services for further treatment, letters from those services about the treatment they have carried out, results of tests or advice requested from the services.
Provision of health care
We may share some of your data in order to:
Process your NHS treatment at the practice with
NHS Business Services
Refer you for further treatment with
Community Dental Service (Medway)
NHS Hospitals (Darent Valley, Queen Victoria, Kings College, Guys)
Green Street Green Dental Practice
Kent Endo
Simply Orthodontics
Chapel Road Orthodontics
Grove House Orthodontics
Bupa (Oasis) Orthodontics
Our implantologist; Dr Pedro Neto
Our Oral Surgeons; Dr Linda Murtadha Dr Bizhan Shokouhi Dr Radhika Chopra
If you or your GP are not within the NHS Kent boundaries, we may have to identify an NHS service within your area. Some services base this on your address, while others base this on the address of your GP. We cannot list all possible services in this privacy notice.
Engage a dental laboratory to make a dental prosthetic for you with
Costech Dental Laboratory
M J Underhay Dental Laboratory
Nimrodental Laboratory
Medimatch Dental Laboratory
Invisalign
Request advice from or to notify your GP about findings we have made with
Your GP practice
Comply with legal requirements or where the greater public good is at risk with
The HMRC
Security Services
Report concerns about your health or wellbeing with
Child protective servicesSocial services
Request aid from the emergency services with
Ambulance service
Police
At your request, to order a taxi with
Swantax
All night cars
Is data sent overseas
The data that is shared, described above, is sent within the UK by us to the service.
We will use secure means to do so – either by post, by courier, or using a secure messaging service such as encrypted email. Encrypted email will only be stored in Switzerland and will be transmitted and stored in encypted form. Our contract with other services mandates that we are informed if your data will be sent overseas or shared with another party, and this may only be done as part of the requirement to provide the service requested and with the same requirement to protect your information that we require from them.
We send to and receive email from you. Our email is stored at our service provider in Canada. Your service provider may store your email anywhere in the world. We do not recommend that you send any sensitive information by email to us as we cannot guarantee that your information is protected either by our service provider or yours.
We send to and receive encrypted email from our treatment providers, and may also use this method to send referrals to non-NHS referral services. Our encrypted email is stored at our service provider in Switzerland. NHS email is stored in the UK. If we send you an encrypted message, you may use the same service to respond to us which will ensure your response can only be read by our staff.
We make backup copies of all electronic data, which are strongly encrypted before storing locally. Another copy of the encrypted data is also stored offsite in Ireland, and it is a condition of the contract with our storage provider that the data cannot be stored in any other location for any reason.
Contact though our website
If you use the contact form on our website, your enquiry is processed via our online providers in London and Ireland so it can be delivered to our secure email service in Switzerland. We have third party Data Processing Agreements in place with these providers to protect the information you send us.
If you use the Chat service on our website, your enquiry is processed via the chat service provider in Amsterdam and France. We have a third party Data Processing Agreement in place with the chat service that includes its providers to protect the data you send us.
Both methods are configured to keep your data within the EU, and use encryption to protect your information from the moment it leaves your device.
How long we retain data for
Your data is retained continuously while you are a patient, and for 11 years after you cease to be a patient at the practice. For children, data is retained until the age of 25 or 11 years after leaving, whichever is the longer. It may take up to a year longer for data to be purged from all backups.
Rights of access, rectification and erasure
Access
You have the right to access to the data we hold about you and to receive a copy. The first copy of your record is free. For subsequent copies a fee will be charged. You may also request access to the data of a person you are legally responsible for, and you may give written authority for a 3rd party to receive a copy of your record. We may require evidence of your identity before releasing your record.
Rectification
You have the right to correct information held in your record, but in some cases we may only permit a difference of opinion to be recorded. This might occur if you disagree with clinical notes. You can update your records by telephone, in person, or by completing the appropriate form. You should not update your record by email unless you accept that we cannot guarantee the security of email.
Erasure
You have the right to be forgotten, however, Patient records will not be deleted even at the request of a patient for the following reasons:
Records are required by the NHS contract to be kept as part of both patient and care provider records for a minimum of 2 years post-treatment.
Records may be used as evidence in respect of a claim under the consumer protection act 1998 which supports claims in respect of defective products for up to 10 years.
Patients requesting their records be deleted will be informed of the reasons above, and:
their right to make a complaint to the ICO or another supervisory authority; and
their ability to seek to enforce this right through a judicial remedy.
Individual data items will not be deleted as they form part of the patient record. However, where a patient identifies a point of contention – for example if they disagree with a statement made in a record – then it will be recorded that the patient disagrees with the record at that point.
If you request that your records are erased, we will treat this as a request to de-register.
Your data will be put beyond practical use by marking your record as inactive. No further communications will be sent. Data will not be sent to the NHS or any other treatment bodies. We will also be unable to provide any further service.
Rights of restriction on processing
You have the right to object to automated processing and decision making.This applies where:
processing is for direct marketing
processing is for for scientific, historical or statistical reasons. In this case you must demonstrate grounds for your objection and these must outweigh the public interest.
processing is for legitimate interests. In this case we may demonstrate compelling grounds that outweigh your objection. An example of this is that NHS patients must have a summary record of treatment sent to the NHS business services division in order to receive NHS treatment.
Right to data portability
You have the right to request your data in a common machine-readable format. We will endeavour to supply your information in a plain text format, or as jpeg images, PDF, or standard word-processor compatible files as appropriate to the type of information.
Right to withdraw consent
You have the right to withdraw consent, which will usually mean that you no longer wish to receive marketing information from us. This can be done by requesting a change by telephone, email, SMS, in person, or by leaving the marketing consent section of the medical history form empty or by ticking the NO box.
You may also register the wish to withdraw consent for other kinds of processing, including transmission of your details to a third party service such as a hospital, specialist clinic, or dental laboratory. This may mean that treatment cannot be carried out.
If you are an NHS patient, you may register your wish not to have your data processed by the NHS. This will mean we are unable to provide NHS treatment to you.
Right to complain to the ICO
You have the right to complain to the Information Commissioners Office about the information we hold about you.
Whether we are oblighed by statute or contract to provide information
We are obliged by contract to provide information to:
the NHS in regard to NHS patients
referral services which we have discussed as part of your treatment
dental laboratories which will make prosthetics or models required as part of your treatment
Consequences for failure to provide information
If we fail to provide information to the parties above, your treatment will may not be possible at all, or may only be possible as a private patient.
If you fail to provide up to date information to us, this may:
put your life at risk
result in delays or failures in your treatment as we or other services involved in your treatment are unable to contact you
prevent us from treating you and lead to your de-registration
Rights in relation to automated decision-making, what the logic is, and consequences of purely automated decision making.
Automated decision making is used where:
Automated reminders of appointments or the need to book an examination are sent.
If you have provided your email or mobile telephone number:You will be sent an automated reminder of a booked appointment 4 days before the appointment.
We initiate monthly checks to send reminders to book a dental examination.
Your dentist sets the interval between examination appointments.
If the date is after the interval since your last last appointment, then you will be sent a reminder by email if we have your email address, by SMS if we have your mobile number and no email, or by post if we have no email or mobile number.
Toothache or other urgent appointments will not normally count as the “last” appointment.
If you have contacted us to say that you cannot attend dental examinations for a reasonable period of time, we may reset the reminder interval so you do not receive unwanted reminders.
You have the right to refuse reminders, or to request reminders be sent via a particular method. You may do this by telephone, SMS, email or in person.
Referrals are sent through NHS referral pathways.
Referrals that we send are checked to determine the most appropriate type of service. We do not have control over this process but the intention is to direct referrals that require a hospital setting to hospitals, and to direct referrals that can be managed by other services to the appropriate service. The aim is to reduce waiting times for treatment by sending patients who do not require a hospital setting to services with shorter queues.
You may refuse to have your referral processed but this may mean there are no other pathways available to request treatment, which could lead to treatment becoming impossible to carry out. You may do this by telephone, SMS, email, or in person.
How else do you protect my information
There are a number of methods used to ensure that information is held safely at the practice. They can be divided into two categories: security for paper records, and security for electronic records.
Paper records
The practice keeps as little paper as possible. Letters, forms that you or we complete, and any other paper records that contain identifiable information are securely shredded as soon as possible. We transfer all current paper-based information into our computer system before destroying the original, and any paperwork that has not yet been transferred is held securely.
Dental Records which were created prior to the establishment of our computer system are held in an archive under lock and key. These records will be securely shredded as they reach the end of their retention period.
Electronic records
In line with Cyber Essentials advice and general good practice, our computer system uses all of the following methods to secure the data we hold on site:
The computer system is connected to the internet via a firewall, not directly.
Computers require an individual login before use – they are not left “open”.
Users have individual accounts with restricted access
No default passwords – all software and hardware is configured specifically and passwords are changed from default settings. This includes not using the same password for multiple accounts or devices.
Applications and user accounts are selected and configured on the basis of only allowing the features or access necessary for the task.
Computers are encrypted – in the event of theft, data on a computer stolen from the practice cannot be accessed because the entire computer is encrypted. Even if the disk is removed and put in a different computer, it cannot be read.
Only authenticated software from approved sources is used.
Antivirus software is used on all computers and is updated frequently. Full scans are run regularly and reports monitored.
Updates are tested and applied regularly to both the computer operating systems and applications used. Vulnerability scans are run to identify known weaknesses.
Regular offsite backups are taken to protect against data loss for any reason