Privacy Policy

Astley Dental Centre (“we”, “our”, “us”) is committed to protecting your privacy and handling your personal data in a transparent and secure manner.

This Privacy Policy explains how we collect, use, store and protect your personal data in accordance with:

• UK General Data Protection Regulation (UK GDPR)
• Data Protection Act 2018
• Privacy and Electronic Communications Regulations (PECR)

1. Who We Are

Astley Dental Centre is the Data Controller for the purposes of data protection legislation. This means we determine how and why your personal data is processed.

We are a dental healthcare provider regulated by the Care Quality Commission (CQC), and all clinicians are registered with the General Dental Council (GDC).

2. The Information We Collect

We may collect and process the following categories of personal data:

Personal Identification Information

• Full name
• Date of birth
• Gender
• NHS number (where applicable)

Contact Information

• Home address
• Email address
• Telephone numbers

Health Information (Special Category Data)

• Medical history
• Dental history
• Clinical notes
• Radiographs (X-rays)
• Clinical photographs
• Treatment plans
• Medication records
• Allergies and health conditions

Financial Information

• Payment details
• Insurance details
• Finance provider information (where applicable)

Website and Technical Information

• IP address
• Device and browser information
• Cookies and usage data

Health information is classified as Special Category Data under UK GDPR and is subject to enhanced legal protections.

3. How We Collect Your Data

We collect data in the following ways:

• When you register as a patient
• When you complete medical history forms
• During consultations and treatment
• Through telephone, email or website enquiries
• Via online appointment booking systems
• Through CCTV systems (where in operation)
• Through website cookies and analytics tools

4. Lawful Basis for Processing

We process your personal data under the following lawful bases:

Provision of Healthcare

• Article 6(1)(b) – Performance of a contract
• Article 9(2)(h) – Provision of health care

Legal and Regulatory Obligations

• Article 6(1)(c) – Legal obligation
  Including compliance with CQC standards, NHS requirements (where applicable), safeguarding duties and financial regulations.

Legitimate Interests

• Article 6(1)(f) – Legitimate interests
  Including practice management, appointment reminders, service improvements and internal audits.

Consent

Where required (for example, marketing communications), we rely on your explicit consent. You may withdraw consent at any time.

5. How We Use Your Information

We use your personal data to:

• Provide safe and appropriate dental care
• Maintain accurate clinical records
• Communicate regarding appointments and treatment
• Process payments and manage accounts
• Refer you to specialists or laboratories
• Meet legal and regulatory obligations
• Improve our services and patient experience
• Send marketing communications (where consent is given)

We do not sell or trade personal data.

6. Sharing Your Information

We may share your information where necessary with:

• Dental laboratories
• Referral specialists
• NHS bodies (where applicable)
• Regulatory authorities (CQC, GDC)
• Insurance companies
• Finance providers
• IT and clinical software providers (under data processing agreements)
• Professional advisers (legal and accounting)

All third parties are required to process data securely and in accordance with UK data protection laws.

7. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Secure, password-protected clinical systems
• Access controls limiting staff access to necessary information
• Staff confidentiality agreements
• Regular staff data protection training
• Secure disposal of records
• Encrypted data storage where appropriate

8. Data Retention

We retain patient records in accordance with professional guidance and legal requirements.

Generally:

• Adult dental records are retained for at least 11 years after the last entry.
• Children’s records are retained until age 25 (or 26 if 17 at the end of treatment).

Financial records are retained in line with HMRC requirements.

After the retention period expires, records are securely destroyed or anonymised.

9. Your Data Protection Rights

Under UK GDPR, you have the right to:

• Access your personal data (Subject Access Request)
• Request correction of inaccurate information
• Request erasure where legally permissible
• Request restriction of processing
• Object to processing
• Request data portability
• Withdraw consent where processing is based on consent

Requests should be made in writing to the practice. We may require proof of identity before fulfilling requests.

We will respond within one month unless the request is complex.

10. Marketing Communications

We will only send marketing communications where:

• You have provided consent; or
• We are permitted to do so under PECR regulations.

You may opt out at any time.

11. Cookies

Our website uses cookies and analytics tools to improve user experience and monitor performance. Further details are available in our Cookie Policy.

12. CCTV

Where CCTV operates on the premises, it is used solely for safety, security and crime prevention. Footage is stored securely and retained for a limited period.

13. Complaints

If you have concerns about how we handle your personal data, please contact us in the first instance.

You also have the right to complain to the Information Commissioner’s Office (ICO):

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
www.ico.org.uk

14. Changes to This Policy

We may update this Privacy Policy periodically. Any changes will be published on this page with an updated effective date.