Beech House Dental Practice is committed to protecting and respecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, NHS requirements, General Dental Council (GDC) standards, Care Quality Commission (CQC) requirements and all applicable data protection legislation.
Beech House Dental Practice is the Data Controller responsible for your personal information.
This Privacy Notice explains how we collect, use, store and protect your personal information when you register as a patient, receive treatment from us, contact us or use our services.
We may collect, use, store and process the following information:
To support accurate clinical record keeping, our clinicians may use Heidi Health, a secure clinical documentation and AI-assisted medical scribing system.
Information discussed during your appointment, including details of your dental treatment, medical history, treatment plans and consent discussions, may be processed through Heidi Health solely for the purpose of generating clinical notes and maintaining accurate patient records.
No decisions about your care are made solely by automated systems or artificial intelligence. All clinical records produced through Heidi Health are reviewed and approved by a qualified clinician.
Heidi Health acts as a data processor on our behalf and processes information in accordance with UK GDPR, contractual safeguards and applicable healthcare confidentiality requirements.
For the safety and security of patients, staff and visitors, CCTV may operate in certain areas of the practice.
CCTV recordings are used solely for security, safety, safeguarding, crime prevention and investigation purposes and are managed in accordance with data protection legislation and our CCTV Policy.
We use your information to:
Where NHS treatment is provided, we are also required to process information for NHS administration and management purposes.
We process personal data under one or more of the following lawful bases:
Health information is classified as Special Category Data under UK GDPR.
We process this information because processing is necessary for:
Your information may be shared securely where necessary with:
All third-party providers are required to maintain appropriate security and confidentiality arrangements.
Some of our service providers may process information outside the United Kingdom.
Where this occurs, we ensure that appropriate safeguards are in place, including International Data Transfer Agreements (IDTAs), adequacy regulations, or other approved safeguards required by UK GDPR to protect your information.
From time to time, we may send information about services, promotions, practice updates or oral health information where we are permitted to do so.
You may opt out of receiving marketing communications at any time by:
We will never sell your personal information to third parties.
We take appropriate technical and organisational measures to protect your information.
Information may be stored:
Access is restricted to authorised individuals who require access to perform their duties.
All staff receive training in confidentiality, information governance and data protection.
Patient records are retained in accordance with:
Adult dental records are generally retained for a minimum of 11 years after treatment has concluded.
Retention periods may be extended where legal, regulatory, insurance or safeguarding requirements apply.
The practice maintains a formal retention and disposal schedule covering all categories of records.
Under UK GDPR, you have the right to:
Request a copy of the personal information we hold about you.
Request correction of inaccurate or incomplete information.
Request deletion of information where appropriate, subject to legal and professional obligations.
Request restriction of processing in certain circumstances.
Request transfer of your information to another healthcare provider where appropriate.
Object to certain types of processing.
Withdraw consent where processing is based on consent.
If you have any questions regarding this Privacy Notice or how we use your information, please contact:
Data Protection Lead
Alice Harriss
Beech House Dental Practice
12 Church Street
Cobham
KT11 3EG
Complaints
If you are unhappy with how we have handled your information, please contact us in the first instance.
You also have the right to complain to:
Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113
Website: www.ico.org.uk
When you visit Beech House Dental Practice, we need to collect some information about you so that we can look after your teeth and keep you healthy.
We may collect:
We may use secure clinical note-taking software called Heidi Health to help our dental team create accurate records of your care.
Information discussed during your appointment may be processed through this system to generate clinical notes.
This information is kept secure and is only used to support your treatment and care.
We need this information to:
Only people involved in your care will have access to your information.
We will only share information when:
If you are under 13 years old, we will usually ask your parent or guardian to make decisions about your information.
If you are 13 years old or older and understand how your information is used, you may be able to make certain decisions yourself.
Children’s dental records are usually kept until:
whichever is longer.
If you or your parent or guardian would like to know more about how we use your information, please contact:
Data Protection Lead
Beech House Dental Practice
Reception@beechhousedentalpractice.co.uk
You also have the right to complain to the Information Commissioner’s Office (ICO) at www.ico.org.uk.