Moira Cosmetic Dental Limited treats the privacy of its patients and website users very seriously and we take appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any personal data* you share with us and that we hold about you, including how we collect, process, protect and share that data.
*Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
How we obtain your personal data
Information provided by you
You provide us with personal data either on your medical history forms, via signing up to our online mailing list or over the telephone. This may include name, address, date of birth, email address and Direct Debit mandate instructions, medical records. We use this information in order to manage and administer your dental treatment and maintain your dental health, and at your request direct marketing.
We may also keep information contained in any correspondence you may have with us by post or by email.
We may obtain sensitive medical information directly from your doctor or other specialists. The provision of this information is subject to you giving us express consent. If we do not receive this consent from you, then we may be unable to provide dental treatment to you. The provision of this personal data is essential for us to be able to continue providing health care to you, including verifying your identity when you contact us to discuss your health. This means that the legal basis of our holding your personal data is for the performance of a contract.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR). You will already have submitted your personal data to these companies and specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.
How we use your personal data
We use your personal data to manage and administer your dental care. We undertake at all times to protect your personal data, including any health and financial details, in a manner which is consistent with your dental practitioner’s duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable security measures to protect your personal data in storage.
Do we use your personal data for marketing purposes?
Any information that you choose to give us will not be used for marketing purposes by us without your prior consent.
Information about cookies
Our cookies are safe and can't harm your computer. We use a cookie that may allow us to:
Collect unidentifiable visitor information
This may include the number of visits to a page or whether a mobile phone is used. This data allows Moira Cosmetic Dental to provide a better service as we tailor our website development around what you and our other visitors need. If particular pages are slow to load, this information can help pin point at what time of day and the reasons why this may be happening. This collection service is provided by Google and is called Google Analytics.
How do I manage my cookies?
It is worth noting that blocking or removing some of our cookies may result in the website not working. However, you can choose to opt out of the collection of anonymous visitor information without having an effect on your website experience.
Most internet browsers are initially enabled to accept cookies automatically. However, there are ways of disabling them in most modern browsers. Information on controlling cookies for your browser can be found here:
Not sure which browser you have? - Click here
We will keep information about you confidential and we will abide by the General Dental Council Standards in this area as follows:
4.2 You must protect the confidentiality of patients’ information and only use it for the purpose for which it was given
4.2.1 Confidentiality is central to the relationship and trust between you and your patients. You must keep patient information confidential. This applies to all the information about patients that you have learnt in your professional role including personal details, medical history, what treatment they are having and how much it costs.
4.2.2 You must ensure that non-registered members of the dental team are aware of the importance of confidentiality and that they keep patient information confidential at all times.
4.2.3 You must not post any information or comments about patients on social networking or blogging sites. If you use professional social media to discuss anonymised cases for the purpose of discussing best practice you must be careful that the patient or patients cannot be identified. See our website for further guidance on social networking.
4.2.4 You must not talk about patients or their treatment in places where you can be overheard by people who should not have access to the information you are discussing.
4.2.5 You must explain to patients the circumstances in which you may need to share information with others involved in their healthcare. This includes making sure that they understand:
What information you will be releasing;
Why you will be releasing it; and
The likely consequences of you releasing the information.
You must give your patients the opportunity to withhold their permission to share information in this way unless exceptional circumstances apply. You must record in your patient’s notes whether or not they gave their permission.
4.2.6 If a patient allows you to share information about them, you should ensure that anyone you share it with understands that it is confidential.
4.2.7 If other people ask you to provide information about patients (for example, for teaching or research), or if you want to use patient information such as photographs for any reason, you must:
Explain to patients how the information or images will be used;
Check that patients understand what they are agreeing to;
Obtain and record the patients’ consent to their use;
Only release or use the minimum information necessary for the purpose; and
Explain to the patients that they can withdraw their permission at any time.
If it is not necessary for patients to be identified, you must make sure they remain anonymous in any information you release.
4.2.8 You must keep patient information confidential even after patients die.
4.2.9 The duty to keep information confidential also covers recordings or images of patients such as photographs, videos or audio recordings, both originals and copies, including those made on a mobile phone. You must not make any recordings or images without the patient’s permission.
4.3 You must only release a patient’s information without their permission in exceptional circumstances
4.3.1 In exceptional circumstances, you may be justified in releasing confidential patient information without their consent if doing so is in the best interests of the public or the patient. This could happen if a patient puts their own safety or that of others at serious risk, or if information about a patient could be important in preventing or detecting a serious crime. If you believe that revealing information about a patient is in the best interests of the public or the patient you should first try to get the patient’s permission to release the information. You should do everything you can to encourage the patient to either release the information themselves or to give you permission to do so. You must document the efforts you have made to obtain consent in the patient’s notes.
4.3.2 If obtaining consent from a patient to the release of their information in the public interest is not practical or appropriate, or if the patient will not give their permission, you should get advice from your defence organisation or professional association before you release the information.
4.3.3 If you have information that a patient is or could be at risk of significant harm, or you suspect that a patient is a victim of abuse, you must inform the appropriate social care agencies or the police. See our website for further guidance.
4.3.4 You can be ordered by a court, or you can be under a statutory duty, to release information about a patient without their permission. If this happens, you should only release the minimum amount of information necessary to comply with the court order or statutory duty.
4.3.5 In any circumstance where you decide to release confidential information, you must document your reasons and be prepared to explain and justify your decision and actions.
Transfer of your personal data outside of the European Economic Area (EEA)
We do not currently transfer your personal data outside the EEA. If in the future we transfer your personal data, in accordance with the terms of this Policy outside of the EEA, we will make sure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our instructions.
If you require further information regarding such transfers, please write to the Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or email firstname.lastname@example.org
How long do we keep this information about you?
We keep information in line with the retention policy of as per the relevant legislation. There are a number of pieces of legislation that require both NHS and private practitioners to keep records. These include: The Consumer Protection Act 1987 under which an action could arise for a defective product, the Medical Devices Directive (Directive 93/42/EEC), which relates to custom-made devices, the Medicines Act 1968 and the Misuse of Drugs Regulations 2001.
The Health and Professional Social Services General Dental Services Regulations (Northern Ireland) 1993 as amended by the Health and Personal Social Services General Dental Services (Amendment) Regulation (Northern Ireland) 2008, requires all NHS treatment records to be retained for a period of not less than six years from that date on which the last treatment took place.
The NHS GDS contract requires that records are made of any treatment provided. It also specifies the length of time that records must be kept, in accordance with the contract. The NHS contract currently requires records to be kept for six years in Northern Ireland, but Dental Protection’s advice is that clinical records should be kept for longer than this minimum period.
The RQIA, which was established by the Health and Personal Social Services (Quality, Improvement and Regulation) (Northern Ireland) Order 2003, is the Northern Ireland equivalent to the CQC. The main responsibilities of the RQIA are the registration, monitoring, inspecting and overseeing the quality of health and social care services in Northern Ireland provided by both statutory and independent providers.
Any dental practitioners providing private dental services have since 2011 been required to be registered with the RQIA.
The regulations also advise that records should be kept up to date, available for inspection at all times. Under the 2011 regulations practitioners are required to retain records for a period of not less than 10 years from the date of the last entry. Therefore dentists registered with RQIA are required to keep clinical records for a minimum period of not less than 10 years.
The Consumer Protection (Northern Ireland) Order 1987 provides for a patient to bring an action against a supplier within ten years for the supply of defective products. This could include laboratory fabricated materials such as dentures. Therefore this could explain why the RQIA advises practitioners to retain records for a minimum period of ten years.
These retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your dental care while you are a patient and after. They also take into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of.
Data subject rights
Subject access requests
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data subject”) the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request and all necessary information from you. Our formal response shall include details of the personal data we hold about you, including the following:
Sources from which we acquired the information;
The purposes for processing the information; and
Persons or entities with whom we are sharing the information.
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you, the data subject, shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
although the GDPR give you, the data subject, the right to obtain from us the erasure of personal data concerning you without undue delay. This cannot be granted within a medical sphere and the regulations governing us in this area outweighs the GDPR’s right to erasure. It is in the patient’s best interest for their medical notes to be safely maintained.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction of processing where one of the following applies:
a) the accuracy of the personal data is contested by you, the data subject, and is restricted until the accuracy of the data has been verified;
b) the processing is unlawful and you, the data subject, oppose the erasure of the personal data and instead request the restriction in its use;
c) we no longer need the personal data for the purposes of processing, but it is required by you, the data subject, for the establishment, exercise or defence of legal claims;
d) you, the data subject, have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.
Notification obligation regarding rectification or erasure of personal data or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you, the data subject, with information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you, including any personal profiling; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you, the data subject, or for the establishment, exercise or defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to the Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or email "email@example.com
Accuracy of information
In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur.
Questions and queries
If you have a complaint
If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to the Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or email www.moiracosmeticdental.com and we will do our best to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303 123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO where you consider that your rights under this regulation have been infringed as a result of the processing of your personal data. You have the right to appoint a third party to lodge the complaint on your behalf and exercise your right to seek compensation.