PRIVACY NOTICE FOR PATIENTS INCLUDING CHILDREN

Beech House Dental Practice is committed to protecting and respecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, NHS requirements, General Dental Council (GDC) standards, Care Quality Commission (CQC) requirements and all applicable data protection legislation.

Beech House Dental Practice is the Data Controller responsible for your personal information.

This Privacy Notice explains how we collect, use, store and protect your personal information when you register as a patient, receive treatment from us, contact us or use our services.

What information do we collect?

We may collect, use, store and process the following information:

  • Name, address, date of birth and gender.
  • Telephone numbers and email addresses.
  • NHS number and exemption status where applicable.
  • Details of private dental plans or insurance providers.
  • Emergency contact information.
  • Medical history and information about your general health.
  • Details of your GP and other healthcare professionals involved in your care.
  • Past and present dental history.
  • Clinical records, treatment notes, treatment plans and estimates.
  • Clinical photographs, radiographs (X-rays), scans and study models.
  • Records of consent and treatment discussions.
  • Appointment records and communications.
  • Financial and payment information relating to treatment provided.
  • Complaints, compliments and feedback.
  • Website and online booking information where applicable.

Use of Heidi Health

To support accurate clinical record keeping, our clinicians may use Heidi Health, a secure clinical documentation and AI-assisted medical scribing system.

Information discussed during your appointment, including details of your dental treatment, medical history, treatment plans and consent discussions, may be processed through Heidi Health solely for the purpose of generating clinical notes and maintaining accurate patient records.

No decisions about your care are made solely by automated systems or artificial intelligence. All clinical records produced through Heidi Health are reviewed and approved by a qualified clinician.

Heidi Health acts as a data processor on our behalf and processes information in accordance with UK GDPR, contractual safeguards and applicable healthcare confidentiality requirements.

CCTV Monitoring

For the safety and security of patients, staff and visitors, CCTV may operate in certain areas of the practice.

CCTV recordings are used solely for security, safety, safeguarding, crime prevention and investigation purposes and are managed in accordance with data protection legislation and our CCTV Policy.

Why do we need this information?

We use your information to:

  • Register you as a patient.
  • Provide safe and effective dental care and treatment.
  • Maintain accurate clinical records.
  • Arrange referrals to specialists and other healthcare professionals.
  • Communicate with you regarding appointments, recalls and treatment.
  • Process payments and manage accounts.
  • Meet legal, regulatory and professional obligations.
  • Respond to complaints and concerns.
  • Defend legal claims where necessary.
  • Improve the quality and effectiveness of our services.

Where NHS treatment is provided, we are also required to process information for NHS administration and management purposes.

What is our legal basis for processing your information?

We process personal data under one or more of the following lawful bases:

  • Consent.
  • Performance of a contract.
  • Compliance with legal obligations.
  • Legitimate interests in providing healthcare services and protecting legal rights.

Health information is classified as Special Category Data under UK GDPR.

We process this information because processing is necessary for:

  • Preventive and occupational medicine.
  • Medical diagnosis.
  • Provision of health or social care.
  • Management of health or social care systems and services.
  • Establishment, exercise or defence of legal claims.

Who may receive your information?

Your information may be shared securely where necessary with:

  • Dentists, hygienists, therapists and other members of our clinical team.
  • Dental laboratories.
  • Specialist referral practices.
  • General Medical Practitioners (GPs).
  • Other healthcare professionals involved in your care.
  • NHS organisations where NHS treatment is provided.
  • Dental plan providers and insurers.
  • Regulatory bodies including the General Dental Council (GDC).
  • The Care Quality Commission (CQC).
  • Professional advisers and insurers where required.
  • Law enforcement agencies or public authorities where legally required.
  • Heidi Health solely for the purpose of generating and maintaining clinical records.

All third-party providers are required to maintain appropriate security and confidentiality arrangements.

International Data Transfers

Some of our service providers may process information outside the United Kingdom.

Where this occurs, we ensure that appropriate safeguards are in place, including International Data Transfer Agreements (IDTAs), adequacy regulations, or other approved safeguards required by UK GDPR to protect your information.

Marketing Communications

From time to time, we may send information about services, promotions, practice updates or oral health information where we are permitted to do so.

You may opt out of receiving marketing communications at any time by:

  • Contacting the practice.
  • Using the unsubscribe option included in communications where applicable.

We will never sell your personal information to third parties.

How do we store your information?

We take appropriate technical and organisational measures to protect your information.

Information may be stored:

  • In secure paper records.
  • Within secure electronic patient management systems.
  • In encrypted or protected backups.
  • Through approved clinical documentation systems such as Heidi Health.

Access is restricted to authorised individuals who require access to perform their duties.

All staff receive training in confidentiality, information governance and data protection.

How long do we keep your information?

Patient records are retained in accordance with:

  • NHS Records Management Code of Practice.
  • General Dental Council requirements.
  • FGDP and other professional guidance.

Adult dental records are generally retained for a minimum of 11 years after treatment has concluded.

Retention periods may be extended where legal, regulatory, insurance or safeguarding requirements apply.

The practice maintains a formal retention and disposal schedule covering all categories of records.

Your Rights

Under UK GDPR, you have the right to:

Access

Request a copy of the personal information we hold about you.

Rectification

Request correction of inaccurate or incomplete information.

Erasure

Request deletion of information where appropriate, subject to legal and professional obligations.

Restriction

Request restriction of processing in certain circumstances.

Data Portability

Request transfer of your information to another healthcare provider where appropriate.

Objection

Object to certain types of processing.

Withdraw Consent

Withdraw consent where processing is based on consent.

Contacting Us

If you have any questions regarding this Privacy Notice or how we use your information, please contact:

Data Protection Lead
Alice Harriss

Beech House Dental Practice
12 Church Street

Cobham

KT11 3EG

Complaints

If you are unhappy with how we have handled your information, please contact us in the first instance.

You also have the right to complain to:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

PRIVACY NOTICE FOR CHILDREN

When you visit Beech House Dental Practice, we need to collect some information about you so that we can look after your teeth and keep you healthy.

What information do we collect?

We may collect:

  • Your name, address and date of birth.
  • Contact information for your parents, guardians or carers.
  • Information about your health and medical history.
  • Information about your dentist visits and treatment.
  • Clinical photographs, scans and X-rays.
  • Notes about conversations relating to your care.
  • Referrals to other healthcare professionals.

Heidi Health

We may use secure clinical note-taking software called Heidi Health to help our dental team create accurate records of your care.

Information discussed during your appointment may be processed through this system to generate clinical notes.

This information is kept secure and is only used to support your treatment and care.

Why do we need this information?

We need this information to:

  • Look after your teeth and oral health.
  • Plan and provide treatment.
  • Keep accurate records.
  • Arrange referrals where needed.
  • Meet our legal and professional responsibilities.

Who can see your information?

Only people involved in your care will have access to your information.

We will only share information when:

  • It is necessary for your care.
  • We are required to do so by law.
  • It is important to protect your health and wellbeing.

Your Rights

If you are under 13 years old, we will usually ask your parent or guardian to make decisions about your information.

If you are 13 years old or older and understand how your information is used, you may be able to make certain decisions yourself.

How long do we keep records?

Children’s dental records are usually kept until:

  • At least age 25; or
  • For 11 years after treatment ends,

whichever is longer.

Questions or Concerns

If you or your parent or guardian would like to know more about how we use your information, please contact:

Data Protection Lead
Beech House Dental Practice
Reception@beechhousedentalpractice.co.uk

You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.