In providing your dental care and treatment, we will ask for information about you and your health. We may also receive information from other persons and organisations who have been involved in providing your care. Manor Lodge Dental Surgery complies with the 1998 Data Protection Act and the General Data Protection Regulation (EU 2016/679) and this Notice describes our procedures for ensuring that personal information about patients is processed fairly and lawfully. It sets out the type of personal information we hold, why we hold it and what we do with it.

We are fully computerised and are registered as a Data Controller with the Information Commissioner for this purpose – registration number Z6496776.

In order to provide you with a high standard of dental care and attention, we need to hold personal information about you.

We can only keep and use the information for specific reasons set out in the law. If we want to keep and use information about your health, we can only do so in particular circumstances. Below, we describe the information we hold, why and the lawful basis for collecting and using it:

Contact details such as your name, age, date of birth, address, telephone numbers and email address. This information allows us to fulfil our contract with you by providing appointments and information about your care. We will also use this information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and making you aware of our services. Dental records comprising information about your dental and general health, including clinical records made by dentists and other healthcare professionals involved with your care and treatment; x-rays, clinical photographs, digital scans of your mouth and teeth, study models; medical and dental histories (including details of your general medical practitioner); treatment plans/estimates; records of consent; details of your appointments; details of any complaints you have made and how these complaints were dealt with; correspondence with you and other health professionals or institutions. We collect and use this information to allow us to fulfil our contract with you – to discuss your treatment options and provide dental care that meets your needs. We also use this information for the legitimate interest of ensuring the quality of treatment we provide. Financial information includes the fees we have charged, the amounts you have paid and some payment details. This information forms part of our contractual obligation to you to provide dental care and allows us to meet our legal financial requirements.

Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:

Your doctor A hospital, community dental service or other health professionals caring for you. Specialist dental and medical services to which we may refer you. Dental laboratories. Your dental insurance provider. The Care Quality Commission. Debt collection agencies / HMCTS / Insolvency Practitioners. The GDC, DCS, defence organisations, our insurers & legal advisers.

We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. We will let you know in advance if we send your medical information to another medical provider and we will give you the details of that provider at that time.

In certain circumstances required by law or by court order, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies. In all other situations, disclosure that is not covered by this Policy will occur only when we have your specific consent. Where possible you will be informed of these requests for disclosure.

In the event of a claim or complaint being made against us (or the threat of a claim or complaint), we may also need to share your information with the General Dental Council, the Dental Complaints Service, our defence organisation, insurers and legal advisers.

In the event that you do not pay our fees, we may need to take recovery action which may involve sharing some of your information with a debt collection agency, legal advisers, the court's service, an insolvency practitioner, etc.

We are also required to allow the Care Quality Commission access to your information when they carry out an inspection or investigation

Personal data about you is held in the practice’s computer system and/or in a manual filing system. The information is not accessible to those who do not work for the practice and only authorised members of staff have access to it. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

Our computer system has secure audit trails and we back up information in an encrypted form to a remote server every working day. We take precautions to ensure the security of the premises, the practice filing systems, and computers.

All our Policies & Protocols are available to view if required.