This privacy notice applies to all personal information processing activities carried out by Portman Healthcare Limited. Portman Healthcare is the data controller in respect of personal information that we process in connection with our business. Our principal address is The Port, Rosehill, New Barn Lane, Cheltenham, Gloucestershire, GL52 3LZ, our contact details can be located here.
Our Data Protection Officer can be contacted by e-mail at firstname.lastname@example.org
What information do we collect?
We may collect the following kinds of information about you:
How we obtain information
Information we receive from third parties – This includes information you provide when you visit our websites, for the purpose of booking an appointment with a dentist at Portman Healthcare clinics, participate in discussion boards or other social media functions on our site and when you report a problem with our site.
Our website, like many others, uses third party cookies, helping us improve the performance of our website and digital marketing, to provide you with a better user experience.
These cookies monitor activity throughout our website using third-party providers – Mediahawk and Google. We track which sources are effective at helping visitors find our website and make calls to us, navigation journeys throughout, and pages visited. We may use IP addresses, geo-location data and caller telephone numbers.
What are “cookies”?
‘Cookies’ are small text files that are stored by the website browser (for example, Internet Explorer or Safari) on your computer or mobile device. They are widely used in order to make websites work, or work in a better, more efficient way. They can do this because websites use them to recognise you and remember important information that will make your use of a website more convenient.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser.
How we use your information – the purpose
We may use this information to:
If we wish to use your information for dental research or dental education, we will discuss this with you and seek your consent. Depending on the purpose and if possible, we will anonymise your information. If this is not possible we will inform you and discuss your options.
We may use your contact details to inform you of products and services available at our practices.
We have CCTV at some of our practices for the purposes of security and patient and staff safety.
We use data processors who are third parties who provide elements of services for us. We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.
Where we store Your Personal Information and International Data Transfers
The personal data that we hold about you will be stored in the UK and the European Economic Area (EEA). In limited circumstances may also be transferred to or stored at a destination outside the UK or EEA.
If we transfer your data to third party service providers based outside the EEA, we ensure a similar degree of protection is provided to the transfer by ensuring at least one of the following safeguards is implemented:
• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts (known as Standard Contractual Clauses) approved by the European Commission which give personal data the same protection it has in Europe, as well as any additional security measures as required.
We will make sure we meet any future requirements the UK or the EU provide following the UK’s exit of the EU, including (but not limited to) the legal safeguards discussed above.
Sharing your information
Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:
We also share your information with third parties in order to deliver the following services to you:
We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. We also have third party agreements in place to protect your information.
In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.
Some of your information may be transferred out of the European Economic Area (EEA), primarily for creating medical devices such as crowns. Where information is transferred outside of the European Economic Area (“EEA”), we require that appropriate safeguards are in place and we use contracts that require the recipient to protect your Personal Data to the same standards as it would be within the EEA.
How we will keep your information safe
We employ administrative, electronic and physical security measures to ensure that the information that we collect about you is protected from access by unauthorised persons and protected against unlawful processing, accidental loss, destruction and damage.
How long will we keep your information?
We keep your dental records for 10 years after the date of your last visit.
There are a number of other documents that we may collect that have a variety of retention dates, for example the NHS PR form – used to declare payment exemptions – which needs to be kept for 2 years. We have a retention schedule listing all documents and the timeframes for disposal. Retention periods may be changed from time to time based on business or legal and regulatory requirements.
You have a right to access the information that we hold about you and to receive a copy. You can make a request by contacting your practice or by e-mailing email@example.com.
You have a right to correct any information that you believe is inaccurate or incomplete. Please contact your practice to request a change in information.
You have a right to request that we delete your personal information, although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). Please contact your practice to make this request.
You have the right to request us to restrict the processing of your personal information for example, sending you reminders for appointments or information about our service. Please contact your practice to make this request.
You have a right to data portability, this could include supplying your information to another dentist. Please contact your practice to make this request.
If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you can contact our Data Protection Officer via email at firstname.lastname@example.org.
You can also seek advice from The Information Commissioner’s Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, or start a live chat or call our helpline on 0303 123 1113.