Our dental practice is independent and offers various private dental and facial aesthetic treatments. Our team includes both employed and self-employed staff. We all work to protect our patients’ privacy and keep their information safe.
This document explains how we use patient information. We follow the rules of the UK GDPR and the Data Protection Act of 2018.
The person responsible for data protection compliance is Sara Al-Naer you can reach them at dental@twoth.com or by calling the practice at 0204 542 0155.
We usually get your personal information directly from you. This happens when you contact us, use our website, complete a feedback form or come for an appointment. Sometimes, we might also get your information from other places, like:
Additionally, we may get information from online companies, such as Google and Facebook. These companies are not in the UK and help us with things like analysing our website, advertisements, and handling payments and services.
We handle various kinds of patient information at our dental practice. The table below explains these types in detail. For each type of information, you will find:
Categories of Personal Data | Examples of What We Collect | Why We Need It | Our Legal Grounds |
---|---|---|---|
Personal Identifiers | Name, Contact Details, Patient Reference number, date of birth, signatures, photos and videos (non-clinical purposes) | 1. Register you in our system. 2. Contact you about treatment and manage our relationship. 3. Send marketing information. 4. Share non-clinical photos and videos (e.g., reactions, testimonials) online. 5. Prevent crime and protect our assets | 1. Performance of a contract (private treatments) 2. Performance of a contract (private treatments), legitimate interest. 3. Consent, legitimate interest. 4. Consent. 5. Legitimate interest. |
Family Details | Next of kin, guardians, carers, representatives. | 1. Emergency contact. 2. Discuss your care with responsible parties. | 1. Vital interest, consent. 2. Contract ,consent. |
Financial Details | Payment details, debit/credit card information, bank account details. | 1. Process payments. 2. Debt recovery. | 1. Contract, 2. Legitimate interest. |
Technical Data | Website usage data (IP address, browser details, etc.), social media, patient portal usage. | 1. Improve online services, marketing. 2. Manage and secure our practice, website, and social media. 3. Detect unlawful activities on guest WI-FI. | 1, 2. Legitimate interest. 3. Legitimate interest, legal obligation. |
Communication Data | Data in emails, social media comments, letters, instant messages. | 1. Handle complaints, queries, feedback. 2. Legal defence or regulatory enquiry evidence. | 1, and 2 Legitimate interest. |
Health Data | Medical/dental histories, lifestyle data, x-rays, clinical photos, treatment plans, recorded communications, clinical notes, incident information. | 1. Assess and treat dental health. 2. Legal defence in claims or investigations. 3. Clinical and peer review. 4. Record health and safety incidents. | 1. Necessary for treatment and administration. 2. Legal defence 3. Necessary for treatment, Substantial Public Interest – Equality. 4. Legal defence, Substantial Public Interest – Insurance |
Ethnicity Information | Ethnic group and language details. | 1. Understand cultural, religious, language needs. 2. Comply with equality law. | 1. Necessary for treatment. 2. Necessary for treatment, Substantial Public Interest – Equality. |
Religious and Philosophical Beliefs | Relevant beliefs impacting care (e.g., fasting, treatment preferences). | 1. Assess and provide appropriate care. 2. Comply with equality law. | 1. Necessary for treatment. 2. Necessary for treatment, Substantial Public Interest – Equality. |
For effective private dental care, our practice must collect and process certain personal data. This is crucial for planning and providing safe, personalised treatment. If you choose not to share this essential information, it may hinder our ability to treat you, potentially leading to discontinuation of your treatment at our clinic.
The above table shows when we need your consent to use your personal details. For example, suppose when you first visited our dental practice, you were pleased with the service and agreed to give a video testimonial. We included this testimonial on our website and in our training courses with your consent. If you now decide that you no longer want us to use your video, you can withdraw your consent for this specific purpose.
If you wish to withdraw your consent, please reach out to us. You can find how to contact us at the top of this notice. If you decide to withdraw your consent, we will not use your information for those purposes anymore, unless there is a legal need. Just know, if you withdraw your consent, it doesn’t change any use of your information that happened before.
Our dental practice uses your information mainly internally, by our team and dentists who take care of you. We ensure only those who need to know will access your data. We take great care to keep your information confidential and share it when necessary, such as:
We store your personal details safely, using both paper and computers. For online and cloud services and storage, especially when it’s outside the UK, we follow strict legal rules to keep your data safe.
We keep your details only as long as we need to. We do this to comply with health, legal, and financial-related rules and guidance. When deciding how long to keep your information, we look at its amount, type, and how private it is. We also consider the risk of someone else getting access to it. We also think about whether we need the information for situations like legal matters after your treatment ends.
Sometimes, we might need to send your personal data to countries outside the UK and the European Economic Area. Whenever this happens, we take steps to make sure your information stays safe and secure, just like it would at home. We follow the rules set by data protection laws to protect your privacy.
Here’s how we do it:
Data protection laws grant you certain rights about your personal details:
We aim to respond quickly. If your request lands on a day we’re closed, we’ll start counting our one-month response time from the next working day.
Not at all. You can make your request in any form that suits you. This can be in person, by phone, or via a message on social media. We’ll acknowledge and process your request regardless of how you submit it. While we might suggest filling out a form to streamline the process, it’s not mandatory. You’re free to choose how you’d like to make your request.
We’ll ask you to clarify what you’re looking for. While we wait for your clarification, we pause the one-month countdown.
Usually, it’s free. But if your request is unfounded, repetitive, or excessive, we may ask for a fee to cover our costs.
Yes, in certain cases. If a request is too broad, doesn’t have a clear purpose, or places an unreasonable burden on us, it might be considered “manifestly unfounded” or “manifestly excessive”. We carefully evaluate each request and ensure that any decision to deny is fair and compliant with data protection regulations. We’d then inform you why we can’t fulfil it, and you can challenge our decision by contacting us.
Yes, some requests might be limited by law. We’ll let you know if that’s the case.
Sure, but we’ll need proof that they’re allowed to act on your behalf. If we’re concerned about the safety of your data, we might talk to you directly or send the data to you instead of someone else.
If you have concerns about how we handle your data or if you’re dissatisfied with our response to a request, please reach out using the contact information provided at the beginning of this notice. You’re also entitled to lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/make-a-complaint/