Vistara Smiles Privacy Notice
Vistara Smiles aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.
We are committed to protecting your privacy when dealing with your personal information. This privacy notice provides details about the information we collect about you, how we use and protect it. It also provides information about your rights.
The data controller is Anita Patel.
In this privacy notice, ‘we’, ‘us’ and ‘our’ mean Vistara Smiles.
Scope of our privacy notice
This privacy notice applies to anyone who interacts with us about our dental services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone).
You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you.
This privacy notice applies to you if you ask us about, buy or use our dental services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone). We will provide you with further information or notices if necessary, depending on the way we interact with each other.
Our lawful basis for processing data
The lawful basis for processing special category data such as patients’ and employees’ health data is:
“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional”
The lawful basis of processing personal data such as name, address, email or phone number is:
- Consent of the data subject
- Processing being necessary for the performance of a contract with the data subject or to take steps to enter into a contract
The categories of data we process are:
- Personal data from patients of Vistara Smiles, for the purposes of communicating with you via telephone, email, text.
- Special category data including health records for the purposes of the delivery of health care.
- Personal data for the purposes of staff and self-employed team member management
- Special category data including health records and details of criminal record checks for managing employees and contracted team members
We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared. Examples of when we share personal data include: –
- Referral to an oral surgeon, referral to a periodontist, referral to an orthodontist, referral to another dental practice, referral to the oral medicine department at Guys Hospital / Eastman Dental Hospital, etc. We will need to provide your full name, date of birth, address, contact details such as telephone and email, medical history details, clinical observations and the reason(s) for the referral, additional data such as X-rays, photographs, gum measurements and CT Scan data.
- Communication with a dental laboratory – we may need to provide the patient’s name, age, copy of clinical notes, X-rays, CT Scans, photographs, video (e.g. recorded on an iPAD), pictures taken on a mobile phone and “Whatsapped” to the technician, impressions and other records of the teeth/mouth, and digital 3D scans.
You have the following personal data rights:
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure (clinical records must be retained for a certain time period)
• The right to restrict processing
• The right to data portability
• The right to object
Further details of these rights can be seen at the Information Commissioner’s website. Here are some practical examples of your rights:
• If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient records within one month.
• If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.
Where our data is stored
- Personal data is obtained when a patient joins the practice, when a patient is referred to the practice and when a patient subscribes to an email list.
- Personal data is stored at Vistara Smiles in digital and hard copy formats. We have a policy of recording information on paper initially, and then transferring the information on to our specialist computer software. We also securely store patient photographs, videos (analysing the smile), X-rays, digital tooth records, and CT Scans securely on our networked computers. We have secure backups. We also hold data securely on an email system.
- Personal data is stored in the EU whether in digital or hard copy format
- Personal data is stored in the US in digital format when the data storage company is certified with the EU-US Privacy Shield.
- We ensure that secure passwords are required to access our computers and software systems, and that the cupboard where clinical records are kept is locked when there are no staff members or dentists on the premises.
Retention of personal data
The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention procedure available from the practice.
Personal identifiers from your browsing activity:
- When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
- If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
- If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
- If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
- Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
- If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.
- For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
Comments, suggestions and complaints
- Please contact Anita Patel at the practice for a comment, suggestion or a complaint about your data processing at email@example.com, or via telephone on 0203 581 7270, or by writing to or visiting the practice at Vistara Smiles, 94 Highbury Park, London, N5 2XE. We take complaints very seriously.
- If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.