Our dental clinic is open and you can read our COVID-safe procedures here.
We have unfortunately had to temporarily stop our beauty treatments in line with Government regulations. All existing appointments will be rescheduled.
Welcome to the Kreate Dental Limited (Kreate Dental) privacy notice. Kreate Dental respects your privacy and is committed to protecting your personal data.
This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
This privacy notice is provided in a layered format, so you can click through to the specific areas set out below. Please also use the Glossary to understand the meaning of some of the terms used in this privacy notice.
Important information and who we are
The data we collect about you
How is your personal data collected?
How we use your personal data
Disclosures of your personal data
International transfers
Data security
Data retention
Your legal rights
Glossary
Your legal rights
Privacy notice
Purpose of this privacy notice
This privacy notice aims to give you information on how Kreate Dental collects and processes your personal data through your use of this website, including any data you may provide through this website when you sign up to our newsletter or request information on our services.
This website is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
Controller
Kreate Dental: is the controller and responsible for your personal data (collectively referred to as [“COMPANY”], “we”, “us” or “our” in this privacy notice).If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact us using the details set out below.
Contact details
Our full details are:
a. Full name of legal entity: Kreate Dental Limited;
b. Email address: info@kreatedental.co.uk;
c. Postal address: Unit 3, Cedar Court, 1 Royal Oak Yard, London, SE1 3GA;
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Changes to the privacy notice and your duty to inform us of changes
This version was last updated on 12/10/2020It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third-party links
The Kreate Dental website www.kreatedental.co.uk may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
a. Identity data includes first name, last name, username or similar identifier, title and job title.;
b. Contact data includes postal address, email address and telephone numbers.;
c. Technical data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.;
d. Profile data includes your interests, preferences, feedback and survey responses.;
e. Usage data includes information about how you use our website, products and services.;
f. Marketing and communications data includes your preferences in receiving marketing from us and our third parties and your communication preferences.;
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
We use different methods to collect data from and about you including through:
Direct interactions. You may give us your identity and contact data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
a. apply for services
b. subscribe to our service or publications.
c. request marketing to be sent to you; or.
d. give us some feedback.
Automated technologies or interactions. As you interact with our website, we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies. Please see our cookies notice.
Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:
a. Technical data from the following parties:
a. analytics providers such as Google based outside the EU; and
b. advertising networks and events based inside the EU.
b. Identity and contact data from data brokers or aggregators such as event managers and marketing lead providers based inside the EU.
c. Identity and contact data from publicly availably sources such as Companies House and the Electoral Register based inside the EU.
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
a. Where we need to perform the contract we are about to enter into or have entered into with you.
b. Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.;
c. Where we need to comply with a legal or regulatory obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email, text message or postage. You have the right to withdraw consent to marketing at any time by contacting us at info@kreatedental.co.uk.
Purposes for which we will use your personal data
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us at info@kreatedental.co.uk if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may use your identity, contact, technical, usage and profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will receive marketing communications from us if you have requested information from us or if you provided us with your details when you subscribe for news and updates, in each case, you have not opted out of receiving that marketing.
Third-party marketing
We will get your express opt-in consent before we share your personal data with any company outside of Kreate Dental for marketing purposes.
Opting out
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at info@kreatedental.co.uk.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. For more information about the cookies we use, please see cookies notice.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us at info@kreatedental.co.uk.If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We may have to share your personal data with the parties set out below for the purposes set out in the glossary section, this includes:
a. Internal third parties;
b. External third parties; or
c. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy notice.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
a. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.;
b. Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.;
c. Where we use providers based in the United States of America, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the United States of America. For further details, see European Commission: EU-US Privacy Shield.;
Please contact us at info@kreatedental.co.uk if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
How long will you use my personal data for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances you can ask us to delete your data: see request erasure below for further information.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please click on Your legal rights below to find out more about these rights:
a. Request access to your personal data.;
b. Request correction of your personal data.;
c. Request erasure of your personal data.;
d. Object to processing of your personal data..;
e. Request restriction of processing your personal data.;
f. Right to withdraw consent.;
If you wish to exercise any of the rights set out above, please contact us at info@kreatedental.co.uk.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Lawful basis
a. Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us at info@kreatedental.co.uk.
b. Performance of contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
c. Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
Third parties
a. Internal third parties
Other companies in the business acting as joint controllers or processors, who are based in the EU and provide IT and system administration services and leadership reporting.
b. External third parties
a) Service providers acting as processors based in the United Kingdom who provide IT and system administration services
b) Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
c) HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
You have the right to:
a. Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
b. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
c. Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
d. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
e. Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
e. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Kreate Dental is committed to protecting your personal information and uses physical, technological, and operational measures to ensure that it is not damaged, stolen or lost. You have rights under the General Data Protection Regulations (GDPR) and Freedom of Information act to know what information we hold, to have access to that information, and to know how we use it.
Who is the data controller?
a. Kreate Dental Ltd
b. Our information commissioner’s office registration is: ZA503997
How can I contact Kreate Dental Ltd?
a. You can write to Kreate Dental Ltd at: Kreate Dental, 160 Main Road, Sutton at Hone, Dartford, Kent, DA4 9HP.
b. Or call us on: 01322 936359
c. Or email us on: info@kreatedental.co.uk
Who is the Data Protection Officer?
a. Mihir Shah
How can I contact the Data Protection Officer?
a. You can write to him at: Kreate Dental, 160 Main Road, Sutton at Hone, Dartford, Kent, DA4 9HP.
b. Or call on: 01322 936359
What information is collected and what we do with it
We need several kinds of information in order to treat you as a patient, to contact you about your appointments, and in order to refer you for specialist treatment. For each type of information collected we have a legal basis for its use which is included in italics.
Name, date of birth, gender and address are used to identify you. This is also required in order to claim NHS dental treatment.
Provision of health care
a. Contact details (address, telephone, email) are used to contact you about appointments. This is also used if you are referred to other services. If you make an enquiry via our website, or by email, we will respond to your enquiry using the information you have provided.
b. Contact preferences are used to determine how we should normally contact you.
c. Marketing preferences (if we send information about offers) is used to determine if we can send information about new services or offers on existing services that may be of interest to you.
d. Occupation (what you do) is used to help in diagnosing any problems found or reported.
e. Emergency contact details are used in case something happens to you while you are at the practice.
f. GP details are used if we need to contact your GP if we need to coordinate treatment that we plan with them, or to pass on a finding we make during an examination which may be relevant to them. We also need this information if we refer you to an NHS service as NHS funding is often based on the location of your GP.
g. Hospital or GP visits in the last two years is used to tell us if there are any problems you may be having that could be affected by, or which could affect your dental health. This may also be used to determine if any treatment we plan is safe for you.
h. Medication information is used to determine if medications we might use or treatment that we plan will be safe. Even if you no longer take some medications, the effects can be permanent, so we sometimes ask if you have ever taken some types of medication.
i. Allergy information is used to determine if medications we might use, equipment we use, or treatment we plan will be safe.
j. Information about conditions or diseases you may have had are used to determine if medication we may use, or treatment we plan is safe for you.
k. Information about Prosthetics (replacement parts) you may have had is used to determine if any equipment we use or treatment we plan will be safe.
l. Pregnancy information is used to determine if treatment we plan or diagnostic processes such as x rays will be safe for you and your unborn child.
m. HIV information is used to help in diagnosis of any oral conditions that may be more likely if your immune system is affected. It is also used in the unlikely event of an injury to staff either while you are at the practice, or while processing the instruments used to treat you after you have left. We need to know if it will be necessary to take additional steps to treat an injury if there is a risk of infection.
n. Your concerns (crooked, discoloured, or missing teeth, fillings or snoring) are all used to guide the advice you may be given as part of your examination.
o. Smoking and vaping information are used as part of the process of diagnosing symptoms found during your examination, and affect advice given as both will increase your risk of oral cancer and reduce your body’s ability to heal.
p. Alcohol consumption information is used as part of the process of diagnosing symptoms found during your examination, and affect advice given.
q. Your weight is used to determine if it is safe to examine you in our surgeries. Equipment is rated at 21 stones (135Kg), so we may have to refer you for treatment elsewhere if you weigh more than our equipment can support.
r. The NHS requests information about your ethnic origin in order to carry out statistical analysis into treatment needs. This may later be used to advise dentists to be more vigilant for certain conditions or expect different outcomes where it is found that some groups are more likely to have a particular condition or were more likely to experience difficulty in undergoing treatment. For example, jaw bone density can vary between different groups, which can cause extractions to be more difficult.
s. Information about exemptions from paying NHS charges is needed in order to provide free NHS treatment. The NHS business services authority requires that certain information is collected to confirm that you are eligible for free treatment so we may need to collect your current educational institution, Exemption Card details, National Insurance Number. We may also ask to see proof that you receive a benefit.
t. Information about your entitlement to reduced NHS charges is used to process your payment where the NHS does not provide free treatment but will pay for more of your treatment than it would normally.
u. Details of your appointments are recorded including their dates, times and duration, who you were treated by, what treatment was recommended, what treatment was carried out, what materials were used, whether any appointments were missed. This information is used to record the history of your treatment and may subsequently be used to investigate a complaint, diagnose a symptom, to audit the use of materials and treatment outcomes or determine whether further NHS or private appointments can be offered.
v. Non-clinical notes may be recorded to capture a wide range of non-clinical information which may be used to indicate your preference for clinician, comments you have made to reception staff, actions or behaviour that may later become part of a complaint investigation, or to enable different members of staff to cooperate in providing your dental service. The above is not an exclusive list of information.
w. A full or summary copy of your signed treatment plan is used to confirm your written consent to the treatment proposed, and its cost.
x. Letters to and from other services are stored as part of your record. This will include letters referring you to other services for further treatment, letters from those services about the treatment they have carried out, results of tests or advice requested from the services.
During your examination, a dentist will also collect clinical information including:
a. The condition of your teeth, and any fillings or other restorations
b. The condition of your gums and any pockets between the gums and teeth
c. The condition of your soft tissues and palate
d. Whether your temporomandibular joint (jaw hinge) is functioning smoothly
e. The condition of your salivary glands
f. Xrays of your teeth
g. The colour of your teeth
h. The amount of sugar or acid in your diet
i. The amount of sugar or acid in your diet
This information is used to record the status of your teeth, gums, other soft tissues, and any restorations. This makes it possible to note change over time and is used to diagnose and treat any symptoms found.
We may share some of your data in order to:
a. Process your NHS treatment at the practice with: NHS Business Services
b. Refer you for further treatment with:
Community Dental Service, Rego Vantage, NHS Hospitals, Hodsoll House, Bupa Dental Care Longfield, Grove House Orthodontics, Our Implantologist, Dr Bizhan Shokouhi, Our Oral Surgeons: Dr Bizhan Shokouhi and Dr Linda Murtadha
c. If you or your GP are not within the NHS Kent boundaries, we may have to identify an NHS service within your area. Some services base this on your address, while others base this on the address of your GP. We cannot list all possible services in this privacy notice.
d. Engage a dental laboratory to make a dental prosthetic for you with:
M J Underhay Dental Laboratory, Invisalign, S4S UK Limited, Boutique Whitening, Sun Dental Laboratories Ltd, Elite Dental Restorations, Enlighten Smiles Ltd, Knight Dental Design, Oak Dental Studio, Nimro Dental, SDH Dental Laboratory, Simplee Dental Ceramics Ltd, Kreation Laboratory Ltd, Essence Dental Laboratory, Allport and Vincent Dental Laboratory Ltd, Kendall Dentures Ltd, Rahnama Dental Laboratory Ltd, Smile Fast, RW Dental Studio, IAS Laboratory, Martin Wright Crown and Bridge Specialist Ltd
e. Engage a dental laboratory to make a dental prosthetic for you with:
M J Underhay Dental Laboratory, Invisalign, S4S UK Limited, Boutique Whitening, Sun Dental Laboratories Ltd, Elite Dental Restorations, Enlighten Smiles Ltd, Knight Dental Design, Oak Dental Studio, Nimro Dental, SDH Dental Laboratory, Simplee Dental Ceramics Ltd, Kreation Laboratory Ltd, Essence Dental Laboratory, Allport and Vincent Dental Laboratory Ltd, Kendall Dentures Ltd, Rahnama Dental Laboratory Ltd, Smile Fast, RW Dental Studio, IAS Laboratory, Martin Wright Crown and Bridge Specialist Ltd
f. Request advice from or to notify your GP about findings we have made with:
Your GP Practice
g. Comply with legal requirements or where the greater public good is at risk with:
The HMRC, Security Services
h. Report concerns about your health or wellbeing with:
Child protective services, Social services
i. Request aid from the emergency services with:
Ambulance service, Police, Fire service
j. At your request, to order a taxi with:
All Night Cars Dartford
Is data sent overseas
The data that is shared, described above, is sent within the UK by us to the service.
We will use secure means to do so – either by post, by courier, or using a secure messaging service such as encrypted email. Encrypted email will only be stored in Switzerland and will be transmitted and stored in encrypted form. Our contract with other services mandates that we are informed if your data will be sent overseas or shared with another party, and this may only be done as part of the requirement to provide the service requested and with the same requirement to protect your information that we require from them.
We send to and receive email from you. Our email is stored at our service provider. Your service provider may store your email anywhere in the world. We do not recommend that you send any sensitive information by email to us as we cannot guarantee that your information is protected either by our service provider or yours.
We send to and receive encrypted email from our treatment providers and may also use this method to send referrals to non-NHS referral services. Our encrypted email is stored at our service provider. NHS email is stored in the UK. If we send you an encrypted message, you may use the same service to respond to us which will ensure your response can only be read by our staff.
We make backup copies of all electronic data, which are strongly encrypted before storing locally. Another copy of the encrypted data is also stored offsite, and it is a condition of the contract with our storage provider that the data cannot be stored in any other location for any reason.
Contact though our website
If you use the contact form on our website, your enquiry is processed via our online providers so it can be delivered to our secure email service. We have third party Data Processing Agreements in place with these providers to protect the information you send us.
If you use the Chat service on our website, your enquiry is processed via the chat service provider. We have a third party Data Processing Agreement in place with the chat service that includes its providers to protect the data you send us.
Both methods are configured to keep your data within the EU, and use encryption to protect your information from the moment it leaves your device.
How long we retain data for
Your data is retained continuously while you are a patient, and for 11 years after you cease to be a patient at the practice. For children, data is retained until the age of 25 or 11 years after leaving, whichever is the longer. It may take up to a year longer for data to be purged from all backups.
Rights of access, rectification, and erasure
a. Access
You have the right to access the data we hold about you and to receive a copy. Copies of your record are free. You may also request access to the data of a person you are legally responsible for, and you may give written authority for a 3rd party to receive a copy of your record. We may require evidence of your identity before releasing your record.
b. Rectification
You have the right to correct information held in your record, but in some cases we may only permit a difference of opinion to be recorded. This might occur if you disagree with clinical notes. You can update your records by telephone, in person, or by completing the appropriate form. You should not update your record by email unless you accept that we cannot guarantee the security of email.
c. Erasure
You have the right to be forgotten, however, Patient records will not be deleted even at the request of a patient for the following reasons: Records are required by the NHS contract to be kept as part of both patient and care provider records for a minimum of 2 years post-treatment.
Records may be used as evidence in respect of a claim under the consumer protection act 1998 which supports claims in respect of defective products for up to 10 years.
Patients requesting their records be deleted will be informed of the reasons above, and: their right to make a complaint to the ICO or another supervisory authority; and their ability to seek to enforce this right through a judicial remedy.
Individual data items will not be deleted as they form part of the patient record. However, where a patient identifies a point of contention – for example if they disagree with a statement made in a record – then it will be recorded that the patient disagrees with the record at that point.
If you request that your records are erased, we will treat this as a request to de-register.
Your data will be put beyond practical use by marking your record as inactive. No further communications will be sent. Data will not be sent to the NHS or any other treatment bodies. We will also be unable to provide any further service.
Rights of restriction on processing
You have the right to object to automated processing and decision making. This applies where:
a. Processing is for direct marketing
b. Processing is for scientific, historical or statistical reasons.
In this case you must demonstrate grounds for your objection, and these must outweigh the public interest.
c. Processing is for legitimate interests.
In this case we may demonstrate compelling grounds that outweigh your objection. An example of this is that NHS patients must have a summary record of treatment sent to the NHS business services division in order to receive NHS treatment.
Right to data portability
You have the right to request your data in a common machine-readable format. We will endeavour to supply your information in a plain text format, or as jpeg images, PDF, or standard word-processor compatible files as appropriate to the type of information.
Right to withdraw consent
You have the right to withdraw consent, which will usually mean that you no longer wish to receive marketing information from us. This can be done by requesting a change by telephone, email, SMS, in person, or by leaving the marketing consent section of the medical history form empty or by ticking the NO box.
You may also register the wish to withdraw consent for other kinds of processing, including transmission of your details to a third party service such as a hospital, specialist clinic, or dental laboratory. This may mean that treatment cannot be carried out.
If you are an NHS patient, you may register your wish not to have your data processed by the NHS. This will mean we are unable to provide NHS treatment to you.
You may also separately contact the NHS to assert your right to opt out from the use of your data for research or planning purposes. More information is available here: https://digital.nhs.uk/services/national-data-opt-outNote that Kreate does not send or use your data for research or planning purposes so we are informing you about the NHS’ wider use of data collected through all its services. There is no need to ask us to apply this right locally.
Right to complain to the ICO
You have the right to complain to the Information Commissioners Office about the information we hold about you.
a. Whether we are obliged by statute or contract to provide information. We are obliged by contract to provide information to: the NHS in regard to NHS patients referral services which we have discussed as part of your treatment, dental laboratories which will make prosthetics or models required as part of your treatment
b. Consequences for failure to provide information. If we fail to provide information to the parties above, your treatment may not be possible at all, or may only be possible as a private patient. If you fail to provide up to date information to us, this may: put your life at risk result in delays or failures in your treatment as we or other services involved in your treatment are unable to contact you prevent us from treating you and lead to your de-registration
c. Consequences for failure to provide information. If we fail to provide information to the parties above, your treatment may not be possible at all, or may only be possible as a private patient. If you fail to provide up to date information to us, this may: put your life at risk result in delays or failures in your treatment as we or other services involved in your treatment are unable to contact you prevent us from treating you and lead to your de-registration
Rights in relation to automated decision-making, what the logic is, and consequences of purely automated decision making. Automated decision making is used where:
a. Automated reminders of appointments or the need to book an examination are sent.
b. If you have provided your email or mobile telephone number:
c. You will be sent an automated reminder of a booked appointment 4 days before the appointment.
d. We initiate monthly checks to send reminders to book a dental examination.
Your dentist sets the interval between examination appointments.
If the date is after the interval since your last appointment, then you will be sent a reminder by email if we have your email address, by SMS if we have your mobile number and no email, or by post if we have no email or mobile number.
Toothache or other urgent appointments will not normally count as the “last” appointment.
If you have contacted us to say that you cannot attend dental examinations for a reasonable period of time, we may reset the reminder interval so you do not receive unwanted reminders.
You have the right to refuse reminders, or to request reminders be sent via a particular method. You may do this by telephone, SMS, email or in person.
Referrals are sent through NHS referral pathways
Referrals that we send are checked to determine the most appropriate type of service. We do not have control over this process but the intention is to direct referrals that require a hospital setting to hospitals, and to direct referrals that can be managed by other services to the appropriate service. The aim is to reduce waiting times for treatment by sending patients who do not require a hospital setting to services with shorter queues.
You may refuse to have your referral processed but this may mean there are no other pathways available to request treatment, which could lead to treatment becoming impossible to carry out. You may do this by telephone, SMS, email, or in person.
How else do you protect my information?
There are a number of methods used to ensure that information is held safely at the practice. They can be divided into two categories: security for paper records, and security for electronic records.
a. Paper records
The practice keeps as little paper as possible. Letters, forms that you or we complete, and any other paper records that contain identifiable information are securely shredded as soon as possible. We transfer all current paper-based information into our computer system before destroying the original, and any paperwork that has not yet been transferred is held securely.
Dental Records which were created prior to the establishment of our computer system are held in an archive under lock and key. These records will be securely shredded as they reach the end of their retention period.
b. Electronic records
In line with Cyber Essentials advice and general good practice, our computer system uses all of the following methods to secure the data we hold on site: The computer system is connected to the internet via a firewall, not directly. Computers require an individual login before use – they are not left “open”.
Users have individual accounts with restricted access
No default passwords – all software and hardware is configured specifically and passwords are changed from default settings. This includes not using the same password for multiple accounts or devices.
Applications and user accounts are selected and configured on the basis of only allowing the features or access necessary for the task.
Computers are encrypted – in the event of theft, data on a computer stolen from the practice cannot be accessed because the entire computer is encrypted. Even if the disk is removed and put in a different computer, it cannot be read.
Only authenticated software from approved sources is used.
Antivirus software is used on all computers and is updated frequently. Full scans are run regularly, and reports monitored.
Updates are tested and applied regularly to both the computer operating systems and applications used. Vulnerability scans are run to identify known weaknesses.
Regular offsite backups are taken to protect against data loss for any reason.
Questions, comments and requests regarding this cookies notice are welcomed. Please contact us at info@kreatedental.co.uk.
Dartford
Rugby