Privacy Notice

Privacy

Hextable Dental holds data about you including your contact details, medical details, clinical notes from examinations and treatment, payment records, appointment records, correspondence between us, and if you were referred elsewhere correspondence between Hextable Dental and other services you were referred to. We also hold data exchanged with dental laboratories about items made for you by them as part of your treatment. All of this information is used for the purposes of providing your treatment.

Information about you is stored in compliance with General Data Protection Regulations. It is only accessible to members of our staff who require access, and who have been CRB/DBS checked. We only use the information we store in relation to your dental treatment.

In accordance with GDPR, patients have rights in relation to the data we hold:

  • The right to be informed.

  • The right of access.

  • The right to rectification.

  • The right to erasure.

  • The right to restrict processing.

  • The right to data portability.

  • The right to object.

  • Rights in relation to automated decision making and profiling.

 

Email communications

Hextable Dental collects and uses your email address in order to send you reminders about appointments.

Please do not send confidential or sensitive information to us via email. We cannot guarantee the security of email communications. If you do send information to us, this will be considered as permission for us to continue a conversation by the same method.

While every care is taken to correctly enter your email address, it is very important that you write carefully – it is easy to misread an email address which could result in your reminders being sent to the wrong person. In particular, please be careful with the following characters: . _ –

 

SMS communications

Hextable Dental collects and may use your mobile phone number to communicate with you about apointments via SMS.

If you change your number, we will continue to send messages to the old number until we are updated by you. This could lead to appointment information being sent to the wrong person. If you do not want us to send SMS messages to your mobile number, please inform us.  

Marketing

From time to time, we would like to make you aware of any special offers or new services.

If you would like to receive information about special offers, please let us know. You can change this preference at any time by calling, writing, emailing, or asking in person.

 

Is my information shared with any other party ?

If your treatment requires something to be made for you, such as a crown, denture or other appliance, then we will send your name (or where possible a unique reference number), and details of the work required to a dental laboratory in order to have it made.

If you are referred for treatment to another provider, then we will send your personal information to that provider in order for them to process your referral and contact you. If you have given us permission to use unsecured email for this purpose, we may send your information by this method.

In order to protect your data against loss, we regularly backup all information. All backups are strongly encrypted so they cannot be read by any other party. We store copies of the encrypted backups offsite within the EU only, to ensure maximum protection under EU data protection law.

What if I ask for my information not to be shared with any other party ?

You have the right to refuse or restrict processing. The result of this is that we may be unable to provide any treatment depending on the treatment needed.

How long we retain data for

Your data is retained continuously while you are a patient, and for 11 years after you cease to be a patient at the practice. For children, data is retained until the age of 25 or 11 years after leaving, whichever is the longer. It may take up to a year longer for data to be purged from all backups.

Rights of access, rectification and erasure

Access You have the right to access to the data we hold about you and to receive a copy. The first copy of your record is free. For subsequent copies a fee will be charged. You may also request access to the data of a person you are legally responsible for, and you may give written authority for a 3rd party to receive a copy of your record. We may require evidence of your identity before releasing your record.

 

Rectification You have the right to correct information held in your record, but in some cases we may only permit a difference of opinion to be recorded. This might occur if you disagree with clinical notes. You can update your records by telephone, in person, or by completing the appropriate form. You should not update your record by email unless you accept that we cannot guarantee the security of email.

 Erasure You have the right to be forgotten, however, Patient records will not be deleted even at the request of a patient for the following reasons:

  • Records may be used as evidence in respect of a claim under the consumer protection act 1998 which supports claims in respect of defective products for up to 10 years.

 Patients requesting their records be deleted will be informed of the reasons above, and:

  • their right to make a complaint to the ICO or another supervisory authority; and

  • their ability to seek to enforce this right through a judicial remedy.

Individual data items will not be deleted as they form part of the patient record. However, where a patient identifies a point of contention – for example if they disagree with a statement made in a record – then it will be recorded that the patient disagrees with the record at that point.

If you request that your records are erased, we will treat this as a request to de-register. Your data will be put beyond practical use by marking your record as inactive. No further communications will be sent. Data will not be sent to any other treatment bodies. We will also be unable to provide any further service.

 

Rights of restriction on processing

You have the right to object to automated processing and decision making. This applies where:

  • processing is for direct marketing

  • processing is for for scientific, historical or statistical reasons

    In this case you must demonstrate grounds for your objection and these must outweigh the public interest.

  • processing is for legitimate interests

    In this case we may demonstrate compelling grounds that outweigh your objection

    An example of this is where we notify you about our availability - holiday opening hours or a planned closure - whether or not you have an apointment booked.

Right to data portability

You have the right to request your data in a common machine-readable format. We will endeavour to supply your information in a plain text format, or as jpeg images, PDF, or standard word-processor compatible files as appropriate to the type of information.

Right to withdraw consent

You have the right to withdraw consent, which will usually mean that you no longer wish to receive marketing information from us. This can be done by requesting a change by telephone, email, or in person.

You may also register the wish to withdraw consent for other kinds of processing, including transmission of your details to a third party service such as a hospital, specialist clinic, or dental laboratory. This may mean that treatment cannot be carried out.

Right to complain to ICO

You have the right to complain to the Information Commissioners Office about the information we hold about you.