• My Practice
    To set your preferred practice look out for the star symbol on the find a dentist and book online pages.Close
    Your preferred practice has been set
    To return to this practice page at any time click the ‘My practice’ button.Close
  • Search
  • Careers

Your privacy as a valued patient

Medical confidentiality and looking after your information is the cornerstone of trust between us. It underpins the great care our dental and orthodontic team gives you. That’s why millions of patients in the UK trust us with their care — and their information.

Our commitment to your privacy

  • Trust: as a valued patient of mydentist, you have the right to know about how we collect and use your information. Please take a bit of time to read how we do this below. We know it is quite detailed but, as part of your care, it is important you understand how we collect and use your information and keep it safe from harm.
  • Protect: from teething toddlers to denture wearers, everyone deserves a great smile. Everyone also deserves their information to be kept safe and secure so you can put your mind at ease. That’s why we have invested significant resources to make sure that your information is cared for using industry-leading IT. Put simply, we look after your data as if it were our own. We know you’d expect nothing less.
  • Share: we aren’t the only people who look after your dental and orthodontic health. There’s a whole team of professionals working hard behind the scenes, from dental hospitals to dental laboratories, to give you the best possible care. We make sure that our trusted partners adhere to the highest standards when they have to use your information.
  • Keep up to date: whether you’re thinking of a smile makeover or you want to maintain your dental health, we can help you achieve the results you want. However, to do this it is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
  • Help: have a concern? Want to get in touch? No problem, use our contact us button at the top of this page and we’ll get back to you as soon as we can. Or drop the data protection team a line at dataprotection@mydentist.co.uk.

mydentist privacy policy for when we send you information on our products and services

For more information on how we collect and use your information when you have agreed to us sending you information on our products and services, please click on this link.

There are links to websites in this document which don’t belong to mydentist. Please don’t forget that if you click on those links the people or entities who run those sites may collect or use your information in some way. When you leave this website, we encourage you to read the privacy notice of every website you visit.

How can I get extra help?

If you would like this information in another format please contact using the button at the top of this page and we will do our best to help. Alternatively, you can contact us as follows:

Europa House, Europa Trading Estate, Stoneclough Road, Kearsley, Manchester, M26 1GG

Telephone: 01204 799799
E-mail: dataprotection@mydentist.co.uk

personal-informationThe kind of personal information we hold about you

In the table below, we set out the personal information which we collect and use about you.
Click on the headings for more details on:

  • what we use
  • why we use it, and
  • the lawful basis for using it.
Personal contact details:

What we use: your:

  • name (and, if applicable, your previous surname)
  • title
  • marital status
  • address
  • telephone number, and
  • email address.

Why we use it: we do this so that:

  • we can:
    • register you as a patient
    • contact you in connection with your treatment, and
    • manage our relationship with you,
  • the NHS (in England, Scotland and Wales) or HSC (in Northern Ireland) can contact you to do a survey on your dental or orthodontic experience, such as the NHS Friends and Family Test (the NHS encourages feedback from patients so that it can improve its services). We may gather the results and analyse them rapidly to see if any action is required.

What the lawful basis for using it is:

  • for dental and orthodontic treatment and any surveys on such treatment:
    • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
    • the performance of the contract with you (if your treatment is provided privately), and
  • for managing our relationship with you:
    • it is necessary to comply with a legal obligation (such as when we need to tell you about any changes to these details)
    • it is necessary for our legitimate interests (to keep our records updated)
  • for managing our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data), it is necessary for our legitimate interests (to run our business, provide administration and IT services and network security and to prevent fraud)
  • for debt recovery: it is necessary for our legitimate interests (to recover any debts due to us).
Age and gender details:

What we use: your:

  • date of birth, and
  • gender

Why we use it: we do this:

  • so that we can:
    • register you as a patient, and
    • determine your treatment, and
  • as an additional identifier to distinguish you from other patients.

What the lawful basis for using it is:

  • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
  • the performance of the contract with you (if your treatment is provided privately).
Username details:

What we use: your

  • username (such as any name you use on any social media site or on any NHS or HSC website).

Why we use it:

  • respond and deal with any queries, comments or feedback that you have.

What the lawful basis for using it is:

  • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
  • the performance of the contract with you (if your treatment is provided privately).
Family details:

What we use:

  • next of kin, and
  • details of any guardians, carers and representatives.

Why we use it: we do this so that we can:

  • contact them in an emergency, and
  • contact them about your care if they are responsible for looking after you.

What the lawful basis for using it is:

  • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
  • the performance of the contract with you (if your treatment is provided privately).
Financial information details:

What we use: if applicable:

  • details of any payments you make to us or need to make to us
  • your debit and credit card details, and
  • if applicable, your bank account details

Why we use it: we do this so that we can:

  • process any payments you make to us or need to make to us, and
  • recover any debts due to us.

What the lawful basis for using it is:

  • for dental and orthodontic treatment:
    • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
    • the performance of the contract with you (if your treatment is provided privately), and
  • for debt recovery: it is necessary for our legitimate interests (to recover any debts due to us).
Benefits and exemptions details:

What we use: if applicable:

  • details of any benefits you receive
  • details of any exemptions you rely on, and
  • National Insurance number.

Why we use it: we do this so that we can:

  • apply any reductions to the cost of your treatment, and
  • recover any debts due to us.

What the lawful basis for using it is:

  • for dental and orthodontic treatment:
    • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
    • the performance of the contract with you (if your treatment is provided privately), and
  • for debt recovery: it is necessary for our legitimate interests (to recover any debts due to us).
Images from CCTV:

What we use: if applicable:

  • images of you on any CCTV system.

Why we use it: we do this so that we can:

  • reduce crime
  • protect our premises, and
  • ensure the safety of all our staff, patients and visitors.

(You will always see signs when we operate a CCTV system. Only a limited number of practices operate such systems.)

What the lawful basis for using it is: it is necessary for our legitimate interests (see the reasons in the column to the left).

IP address:

What we use:

  • your Internet Protocol (IP) address if you visit our website.

Why we use it: we do this so that we can:

  • understand the types of patients who need dental and orthodontic treatment
  • keep our website updated and relevant, and
  • develop our business and to inform our marketing strategy.

What the lawful basis for using it is: it is necessary for our legitimate interests (see the reasons in the column to the left).

Any other personal information:

What we use:

  • any communication with us where you let us have your personal information.

Why we use it:

  • respond and deal with to any queries, comments or feedback that you have.

What the lawful basis for using it is: it is necessary for our legitimate interests (see the reasons in the column to the left).

In the table below, we set out the ‘special categories’ of more sensitive personal information which we collect and use about you.

The following are ‘special categories’ of more sensitive personal information: race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life, sexual orientation, offences (including alleged offences), criminal proceedings, outcomes and sentences.

This type of personal information is given more protection in law. This means that we have to have a further legal basis for collecting and using it.

In the table below, we set out the personal information and sensitive personal information which we collect and use about you. Click on the headings for more details on:

  • what we use
  • why we use it, and
  • the lawful basis for using it.
Details on your ethnicity:

What we use: on the relevant NHS or HSC form, what ethnic group you belong to (unless you don’t want to let us have these details):

  • white British
  • white Irish
  • other white background
  • white and black Caribbean
  • white and black African
  • white and Asian
  • other mixed background
  • Asian or Asian British Indian
  • Asian or Asian British Pakistani
  • Asian or Asian British Bangladeshi
  • other Asian background
  • Black or Black British Caribbean
  • Black or Black British African
  • ·other black background
  • Chinese, or
  • any other ethnic group.

Why we use it: we do this so that we can:

  • understand your cultural, religious and language needs,
  • identify any patients at risk, and
  • comply with the law which gives public authorities a duty to promote race equality

What the lawful basis for using it is: it is necessary to comply with a legal obligation to which we are subject under the Equality Act 2010 (and related laws).

The further lawful basis for processing this more sensitive personal information is that it is necessary for the management of the NHS and HSC.

Details on your sexual orientation:

What we use: sexual orientation, if your dental or orthodontic team decides to collect and use details on lesbian, gay and bisexual (LGB) individuals.

Why we use it: we do this so that we can:

  • demonstrate the provision of equitable access for LGB individuals,
  • have a better understanding of the impact of inequalities on health and care outcomes for LGB individuals, and
  • identify any health risks at a population level.

What the lawful basis for using it is: it is necessary to comply with a legal obligation to which we are subject under the Equality Act 2010 (and related laws).

The further lawful basis for processing this more sensitive personal information is that it is necessary for the management of the NHS and HSC.

Details on your religion or philosophical beliefs:

What we use: if applicable, details of your religious beliefs or philosophical beliefs where this is relevant to your dental and orthodontic care, such as if you are fasting

What the lawful basis for using it is:

  • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
  • the performance of the contract with you (if your treatment is provided privately), and

For both circumstances above, the further lawful basis for processing this more sensitive personal information is that it is necessary for your dental and orthodontic treatment and the administration of it.

Dental and orthodontic records:

What we use: as applicable:

  • NHS forms and HSC forms including consent forms and prescription forms
  • mydentist forms such as our medical history form
  • details on any treatments received or ongoing
  • details on any allergies
  • details on any medicines and reactions to medications in the past
  • details on any known long-term conditions, such as diabetes or asthma
  • any sedation records
  • any medical test results
  • any investigation reports
  • any lifestyle information which is clinically relevant
  • details on whether you are a nursing mother or expectant mother
  • any consultation notes, which your dentist takes during an appointment
  • any hospital admission records, including the reason you were admitted to hospital
  • any hospital discharge records, which will include the results of treatment and whether any follow-up appointments or care are required
  • any radiographs (usually better known as x-rays)
  • any photographs
  • any study models (also known as study models, dental casts, diagnostic casts or dental impressions)
  • any statements of conformity (such as when a custom-made medical device is made for you), and
  • any audio or visual recordings of consultations (this would only ever be done with your explicit consent).

Why we use it: we do this so that we can:

  • understand your clinical needs, and
  • provide you with any necessary or desirable dental or orthodontic treatment.

What the lawful basis for using it is:

  • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
  • the performance of the contract with you (if your treatment is provided privately), and

For both circumstances above, the further lawful basis for processing this more sensitive personal information is that it is necessary for your dental and orthodontic treatment and the administration of it.

NHS, CHI or HSC number:

What we use: as applicable:

  • your NHS number (in England and Wales)
  • CHI number (in Scotland)
  • HSC number (in Northern Ireland), and
  • any other patient ID number.

Why we use it: we do this so that we can match you to your dental, orthodontic and any other relevant health records.

What the lawful basis for using it is:

  • the exercise of our legal authority to provide NHS and HSC dental and orthodontic care to you (if your treatment is provided by the NHS or HSC), or
  • the performance of the contract with you (if your treatment is provided privately), and

For both circumstances above, the further lawful basis for processing this more sensitive personal information is that it is necessary for your dental and orthodontic treatment and the administration of it.

Criminal convictions:

What we use: if applicable, details of your status if you are in custody.

Why we use it: we do this so that we can provide dental and orthodontic care to you if you are in custody.

What the lawful basis for using it is: for health or social care purposes.


Here is a bit of detail on what we mean by ‘personal information’ and ‘legitimate interests’:

  • ‘personal information’ means any information about you from which you can be identified, and
  • ‘legitimate interests’ means the interest of mydentist in managing our practices and business generally so, ultimately, we can give you the best possible care. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).

The company responsible for your information and privacy (also known as the ‘data controller’) is the legal entity or people who run your mydentist practice.

  • for details of who this is in England, Wales and Northern Ireland, please visit the home page of your practice at the mydentist website (you can find your practice by using the find a dentist button at the top of this page). Details of the relevant legal entity are at the bottom of your practice’s homepage
  • in Scotland, the data controller will be your dentist

collecting-informationCollecting your personal information

As you would expect, we collect your personal information from various sources.

This will be from you such as when:

  • you speak to any member of your dental or orthodontic team in person
  • you correspond with us, such as by post, phone or e-mail
  • you complete any NHS forms (in England, Scotland and Wales) and HSC forms (in Northern Ireland) (including consent forms and prescription forms) and any other similar forms (including mydentist forms)
  • you set up a mydentist account on our website
  • you download or install any app on our website
  • you contact us on social media or our blog (see ‘Social Media’ box in the ‘Sharing your personal information’ section)
  • you review or rate your dental or orthodontic team on any NHS or HSC website, and
  • you interact with our website. When you do this we collect and use technical data automatically about your equipment, browsing actions and patterns. We collect and use this personal data by using cookies and other similar technologies. We also receive technical data about you if you visit other websites employing our cookies (for more details, go to our Cookie policy and see ‘Seeing ads for mydentist online’ in the ‘Using your personal information’ section).

This will be from other people and entities such as when:

  • you give other people and entities permission to share your personal information with us, and
  • those people and entities set out in the ‘Sharing your personal information’ section share your personal information with us (where they are allowed to do this).

using-informationUsing your personal information

We will only use your personal information when the law allows us to.

Seeing ads for mydentist online

We like to keep you aware of the great products and services which we offer. This means that if you visit our site, other sites such as Google will show mydentist ads on other sites across the Internet (including Google itself). Google helps us do this by using cookies or similar technologies on your computer.

You can opt out of this at any time by visiting:

For more information on how Google collects and uses your personal data, please take a bit of time to read their privacy policy

Failing-to-give-informationFailing to give us your personal information

Please bear in mind that if you don’t give us certain key personal information we won’t be able to offer you most of our products and services, including our dental and orthodontic services. In some cases this means that we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

why-we-use-informationChanging why we use your personal information

We only use your personal information for the purposes for which we collected it, unless:

  • we reasonably consider that we need to use it for another reason, and
  • that reason is compatible with the original purpose.

If we need to use your personal data for in this way, we will:

  • notify you, and
  • explain the legal basis which allows us to do this.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law, such as where we are obliged to help the police in any criminal investigation.

sharing-informationSharing your personal information

Our duty to share your personal information can often be as important as our duty to protect and secure it from harm. When we share your information, we do this to make sure that you receive the best possible care from our dental and orthodontic team in your mydentist practice.

We will share your personal information with our trusted partners where:

  • required by law, such as where:
    • we have a duty to share your information for your direct care, or
    • we have to share your information with the police or other enforcement, regulatory of government entity (bear in mind that we assess such requests on a case-by-case basis and always take your privacy into consideration when doing so)
  • required by a court order
  • where it is necessary for the purposes of administration, such as with other entities in the mydentist group
  • you have explicitly consented to us doing so, such as where you have agreed to participate in a clinical trial or research
  • we have another legitimate interest in doing so, such as when we have to contact our bank to process your debit or credit card payments

The people or entities we share your personal information with include, where applicable:

  • your next of kin, such as in an emergency
  • your parent, guardian, carer or representative, such as if they have responsibility for looking after you or your oral healthcare
  • healthcare providers, such as any other NHS entities (in England, Scotland and Wales) or HSC entities (in Northern Ireland). This includes entities such as NHS Digital and:
    • in England and Wales, the NHS Business Services Authority (NHSBSA). The NHSBSA also shares your information with other people or entities, such as to prevent and detect fraud and mistakes and to make sure that they deliver NHS services to you in an efficient and effective way. You agree to this sharing when you sign the dental treatment form (FP17 form)
    • in Scotland, NHS National Services Scotland (also known as the ‘Common Services Agency’). NHS National Services Scotland also shares your information with other people or entities, such as to make sure you have a valid claim for any benefit claim or exemption and to prevent, detect and investigate crime. You agree to this sharing when you sign the dental treatment form (GP17 form)
    • in Northern Ireland, the Business Services Organisation. The Business Services Organisation also shares your information with other people or entities, such as to make sure you have a valid claim for any benefit claim or exemption and to prevent, detect and investigate fraud and incorrectness. You agree to this sharing when you sign the dental treatment form (HS45PR form)
  • other dentists
  • other orthodontists
  • other healthcare workers such as GPs and pharmacists
  • dental and orthodontic laboratories
  • emergency services, including the police, fire service and ambulance services
  • local authorities, including social services
  • schools
  • translators or interpreters, such as if you need help using our products and services
  • government bodies (this includes the Department of Health and Social Care and the Department of Work and Pensions in England and any similar departments in the devolved administrations of Scotland, Wales and Northern Ireland and any agencies of such departments), such as when we need to prevent, detect and investigate fraud and errors
  • ombudsmen, such as the Parliamentary and Health Ombudsman (in England), Scottish Public Services Ombudsman, Public Services Ombudsman for Wales or Northern Ireland Public Services Ombudsman
  • health and social care regulators, such as the Care Quality Commission (CQC)(in England), Healthcare Improvement Scotland, Health Inspectorate Wales (HIW)(Arolygiaeth Gofal Iechyd Cymru) and the Regulation and Quality Improvement Authority (RQIA)(in Northern Ireland)
  • Information Commissioner’s Office (ICO)
  • HM Revenue & Customs, such as when we need to prevent, detect and investigate fraud and errors
  • banks (known as merchant services providers), such as when they process any debit or credit card payments that you make to us
  • credit reference agencies, such as when we do a credit search on you
  • debt recovery services providers, such as when we seek to recover any debts from you
  • Google Analytics, such as where we use your IP address to track and report on traffic to the mydentist website
  • any professionals advising us or you, such as any lawyers
  • our IT providers, such as when they support our website and other business systems
  • any providers of postal and delivery services such as the Post Office or DHL
  • any third party who buys us or a member of the mydentist group or substantially all of our assets

If we need to share your personal information, we follow best practice such as the ICO’s Data Sharing Code of Practice.

We also follow any other guidance when it applies to us such as:

We require these third parties to respect the security of your personal information and to treat it carefully in accordance with the law. In addition, all of our third-party service providers and other entities in the mydentist group are required to take appropriate security measures to protect your personal information in line with our stringent policies.

We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information:

  • for specified purposes, and
  • in accordance with our instructions.

We will, where necessary, share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business.

We will also, where necessary, need to share your personal information with a regulator (such as the General Dental Council (GDC) or any health and social care regulator) or to otherwise comply with the law.

Social media

We love social media and chatting with you there, whether it be on Facebook, Twitter, any NHS or HSC website, or our ‘Big smiles blog’.

Don’t forget, however, that everybody can see everything you do there (our sites are public) so if you want us to keep your information private, please don’t put anything on these sites which you or your loved ones would like to keep private, whether now or in the future.

We will always try to respond to you using another more private medium such as e-mail or phone, where appropriate.

If you use certain social media features from within our website or connect with us on our social media webpages, the privacy policies of those companies will apply. Please read them carefully before you share your information with us and others using these websites as often these companies may not give your information as much protection as we do.have different standards of protection of information than we do.

 

transfering-personal-dataTransferring your personal information outside of the EEA

The future of much of your dental and orthodontic care is digital. This is why the NHS (in England, Wales and Scotland) and HSC (in Northern Ireland) encourage us to take full advantage of cloud-based technologies when looking after your dental and orthodontic health.

Using the cloud has many benefits. It means we can do things like transfer your personal information to other people or entities in a safer and more secure way than, say, using e-mail (see the ‘Sharing your personal information’ section).

When we use the cloud your personal information is sent to, and stored on, computers which aren’t physically located in your mydentist practice. The majority of our cloud-based services are based in the European Economic Area (EEA) so your personal information stays in the EEA. (The EEA includes all of the countries of the European Union (EU), including the UK, together with Iceland, Liechtenstein and Norway).

However, like many businesses, some of the cloud-based services we use are not based in the EEA, such as Box (see below). This means that your personal information leaves the EEA. When this happens, we have made sure that we use a cloud-based service that collects and uses your personal information in accordance with high data protection standards.

We follow the NHS guidance on off-shoring and the use of public cloud services (and the guidance referred to in this NHS guidance). Our private practices also follow this guidance as a matter of best practice.

Box software

Many mydentist practices use Box software to transfer or share your personal information securely to any other people or entities who we need to transfer it to (see the ‘Sharing your personal information’ section above).

Whenever we use Box, we ensure that a similar degree of legal protection is given to your personal information as would apply in the EEA by applying, in particular, the following safeguards:

  • Box encrypts all your personal information by default both when it is stored and when it is shared with other authorised people or entitled. (Encryption is a way of scrambling your personal information so it can only be read by the people we need it to be read by.)
  • Box is part of the ‘Privacy Shield’ framework (for more details on this, go to Box EU-U.S. and Swiss-U.S. Privacy Shield Notice)
  • Box uses binding corporate rules which ensure that any of its group companies follow the same rules when collecting and using your personal information (for more details on this, go to Box Global Binding Corporate Rules (BCRs) FAQs)
  • Box adheres to international standards such as:
    • ISO 27001 (which is a code of practice for information security controls), and
    • ISO 27018 (which is code of practice for protecting personal information in the cloud)

      For more details, go to the Box privacy notice.

      In addition, when a member of your dental or orthodontic team uses Box:

  • they must follow the Box Acceptable Use Policy and all of mydentist’s data protection policies and procedures, and
  • they must password protect any personal information which they transfer

Other circumstances

From time to time, there are other circumstances when we have to send your personal information outside the EEA, such as if you move abroad and you want your dental and orthodontic records to be sent to your new dentist. We would always need your explicit consent to do this.

Securing-protecting-informationSecuring and protecting your personal information

Your personal information deserves the greatest protection and security. This is why we have put in place appropriate security measures to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality to us. Details of these measures can be obtained from our Data Protection Officer (see the ‘Data Protection Officer’ section).

We have put in place extensive procedures to deal with any suspected security breach which involves personal information and we will let you and any applicable regulator know of a suspected breach where we are legally required to do this.

The security of your debit or credit card

When you pay us using your debit or credit card you rightly expect the highest levels of security for your card details. This is why we comply with PCI DSS. (For more details on this, go to: What is PCI DSS?) This is a worldwide payment card industry data security standard that helps us process your card payments securely and protect you against the misuse of your card information.

keeping-informationKeeping your personal information for as long as necessary

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for.

We follow guidance from the NHS (in England, Wales and Scotland) and HSC (in Northern Ireland) to work out how long we should keep your personal information.

Where such guidance is unavailable, we work out an appropriate retention period for your personal information by taking into account the:

  • amount, nature, and sensitivity of the information
  • potential risk of harm from unauthorised use or disclosure of the information
  • purposes for which we process the information and whether we can achieve those purposes through other means, and
  • any applicable legal requirements

Details of our retention periods for some of your personal information, following the guidance set out at the end of this section, are set out below:

Type of personal information Minimum retention period
Adult dental and orthodontic records

England and Wales: 10 years after we discharge you from our care or when you were last seen by us. After this time, we review whether we keep your records and, if appropriate, we destroy them in accordance with mydentist policies.

Scotland and Northern Ireland: it is the same as England and Wales above except that the relevant retention period is 11 years.
Child dental and orthodontic records

England and Wales: Until your 25th birthday, or if you were 17 at the conclusion of the treatment, until your 26th birthday. After this time, we review whether we keep your records and, if appropriate, we destroy them in accordance with mydentist policies.

Scotland: it is the same as England and Wales above except that the relevant retention period is 11 years, or up to your 25th birthday, whichever is the longer.

Northern Ireland: it is the same as England and Wales above except that the retention period is until your 25th birthday, or if you were 17 at the conclusion of the treatment, until your 26th birthday or 11 years after the date of the last entry on your records, if longer (or eight years after death if death occurred before 18th birthday).
Requests when you ask for access to your personal information and similar requests (see the ‘exercising your rights’ section)

England and Wales:

  • 3 years after we have dealt with your request, or
  • 6 years after we have dealt with your request where you have appealed it

Scotland:

  • 40 working days after we have dealt with your request
  • 6 months after we have dealt with your request where you have appealed it
Northern Ireland: 3 years after we have dealt with your request
CCTV

mydentist policy is to keep any images for no longer than 28 days from the date of recording unless:

  • they are required for:
    • evidential purposes
    • the investigation of crime, or
  • otherwise required by law

For details of the retention periods for any other types of records:

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes in which case we can use this information indefinitely without further notice to you.


keeping-information-up-to-dateKeeping your personal information up to date

It is important that the personal information we hold about you is accurate and current.

If you want to tell us about any changes please use our contact us button at the top of this page. Alternatively, you can contact us as follows:

  • call your practice
  • speak with a member of the dental and orthodontic team in person at your mydentist practice, or
  • e-mail dataprotection@mydentist.co.uk

By law you have many rights over your personal information. Bear in mind that in some circumstances some of these rights may not apply to you.

Right to be informed:

What is the right? It is a right for you to be informed about how we collect and use your personal information

What does this mean to you? These details are given to you:

  • when we collect your personal information, and
  • within a reasonable period of collecting your personal information (and no later than one month after this) where you have not given us your personal information personally.

This information is also set out in detail on this webpage.

Right of access:

What is the right? It is a right for you ask for access to your personal information. This is commonly known as a ‘subject access request’ or ‘SAR’.

What does this mean to you? You can receive a copy of the personal information we hold about you and check that we are collecting and using it properly.

Right to rectification:

What is the right? It is a right for you ask for the correction of your personal information.

What does this mean to you? You can correct any incomplete or inaccurate information we hold about you. However, this doesn’t usually extend to an opinion from your dentist or orthodontist where the information recorded accurately represents an opinion given at the time.

Right to erasure:

What is the right? It is a right for you ask for the erasure of your personal information. This is also known as the ‘right to be forgotten’.

What does this mean to you? You can ask us to delete or remove certain personal information where there is no good reason for us to continue to process it. However, we typically have a very good reason for collecting and using your personal data when providing your dental or orthodontic care so the ‘right to be forgotten’ doesn’t apply in these circumstances.

Right to restrict processing:

What is the right? It is a right for you to ask us to restrict the processing of your personal information.

What does this mean to you? You can ask us to suspend the collection and use of your personal information, for example if you want us to establish its accuracy or the reason for us collecting and using it.

Right to data portability:

What is the right? It is a right for you to ask for the transfer of your personal information to another party.

What does this mean to you? You can ask for the transfer of your personal information to another party in certain circumstances although bear in mind that this right does not apply to your dental or orthodontic records in the context of any treatment you received under the NHS (in England, Scotland and Wales) and HSC (in Northern Ireland).

Right to object:

What is the right? It is a right for you to object to the collection and use of your personal information.

What does this mean to you? Where:

  • we are relying on a legitimate interest (or those of a third party) to collect and use your personal information, and
  • there is something about your particular situation which makes you want to object to processing on this ground (because you feel it impacts on your fundamental rights and freedoms),

you can object to the processing.

Rights related to automated decision-making including profiling:

What is the right? It is a right for you to, among other things, request human intervention or challenge a decision where any automated individual decision-making is used (where a decision is made solely by automated means without any human involvement).

What does this mean to you? mydentist does not use any automated decision making technology in its dental and orthodontic care. Therefore, this right does not apply.

Rights under the Access to Medical Records Act 1990:

What is the right? If you are:

  • a personal representative (i.e. the executor or administrator of the deceased person's estate), or
  • have a claim resulting from the death of an individual,

you can apply to see a deceased individual’s dental or orthodontic records.

What does this mean to you? You can apply in writing to the record holder of the deceased individual’s dental or orthodontic records records under the above Act. We can let you know who the record holder you need to contact is.

If you want to do any of these things please use our contact us button at the top of this page. Alternatively, you can contact us as follows:

  • call your practice
  • speak with a member of the dental and orthodontic team in person at your mydentist practice, or
  • e-mail dataprotection@mydentist.co.uk.

In almost all circumstances you do not have to pay a fee to access your personal information or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests:

  • within one month, and
  • within 21 days for any subject access requests made in respect of any NHS or HSC treatment.

Occasionally it may take us longer than this if your request is particularly complex or you have made a number of requests. In this case, we will:

  • notify you, and
  • keep you updated.

Your Data Matters: How can I learn more about protecting my information?

If you want detailed information on your rights, protecting your information, and what the Information Commissioner’s Office (ICO) does and how it can help you protect your information, go to: https://ico.org.uk/yourdatamatters. The ICO is the UK’s independent body which upholds information rights.

dealing-with-cookiesDealing with cookies

Not all cookies are bad! Most websites you visit, such as the mydentist site, use cookies to improve how the website works by letting that website ‘remember’ you, either for the duration of your visit (using a ‘session cookie’) or for repeat visits (using a ‘persistent cookie’). For more details, go to our Cookie policy.

In certain limited circumstances, you have the right to withdraw your consent to the collection and use of your data. This is not the same, however, as giving or withdrawing your consent to dental treatment.

If you want to do this, please use our contact us button at the top of this page. Alternatively, you can contact us as follows:

  • call your practice
  • speak with a member of the dental and orthodontic team in person at your mydentist practice, or
  • e-mail dataprotection@mydentist.co.uk.

How the NHS uses your information

mydentist is one of many organisations working in the health and care system to improve care for patients and the public. 

Whenever you use a health or care service, such as visiting one of our dental or orthodontic practices, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment.

The information collected about you when you use these services can also be used and provided to other organisations for purposes beyond your individual care, for instance to help with:

  • improving the quality and standards of care provided
  • research into the development of new treatments
  • preventing illness and diseases
  • monitoring safety, and
  • planning services.

This may only take place when there is a clear legal basis to use this information. All these uses help to provide better health and care for you, your family and future generations. Confidential patient information about your health and care is only used like this where allowed by law.

Most of the time, anonymised data is used for research and planning so that you cannot be identified in which case your confidential patient information isn’t needed.

You have a choice about whether you want your confidential patient information to be used in this way. If you are happy with this use of information you do not need to do anything. If you do choose to opt-out your confidential patient information will still be used to support your individual care.

To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters.

You can also find out more about how patient information is used at:
https://www.hra.nhs.uk/information-about-patients/ (which covers health and care research); and https://understandingpatientdata.org.uk/what-you-need-know (which covers how and why patient information is used, the safeguards and how decisions are made)

You can change your mind about your choice at any time.

Data being used or shared for purposes beyond individual care does not include your data being shared with insurance companies or used for marketing purposes and data would only be used in this way with your specific agreement.

contacting-data-protection-officerContacting the Data Protection Officer

Our Data Protection Officer oversees compliance with this privacy notice.

If you have any questions about this privacy notice or how we collect and use your personal information, please contact the Data Protection Officer. Details are as follows:

The Data Protection Officer
Intergrated Dental Holdings Limited
Europa House, Europa Trading Estate, Stoneclough Road, Kearsley, Manchester, M26 1GG

Telephone: 01204 799799

E-mail: dataprotection@mydentist.co.uk

If we have got something wrong, please let us know and we will do whatever we can to try to fix it. Of course, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.

changes-to-privacy-noticeChanges to this privacy notice

From time to time we will to update this privacy notice to reflect how we are collecting and using your information. If we do this, we will let you know (such as by email or a notice on the mydentist website) so that you can review any updates before you continue to

Details of any changes will also be recorded in our change log below.

Date Nature of change
22nd May 2018 New privacy policy adopted.
25th May 2018 Further information added about the national data opt-out programme in the ‘Exercising your right to withdraw consent’ section
 12th June  Details of patient information websites added to the information on the national data opt-out programme in the ‘Exercising your right to withdraw consent’ section

If you would like a previous version of this privacy policy, please let us know.

We are required under data protection laws to let you have the information contained in this privacy notice. If you have any questions about this privacy notice, please drop the data protection team a line at dataprotection@mydentist.co.uk or contact the Data Protection Officer (see above).

Data protection principles

We are committed to complying with data protection laws such as the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

These laws say that the personal information we hold about you must be:

  • used lawfully, fairly and in a transparent way
  • collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes
  • relevant to the purposes we have told you about and limited only to those purposes
  • accurate and kept up to date
  • kept only as long as necessary for the purposes we have told you about, and
  • kept securely.

In addition to the data protection principles, we also committed to complying with other key laws and rules which are designed to protect and secure your personal information, such as:

  • the Human Rights Act 1998
  • the common law duty of confidentiality, and
  • professional conduct rules, such as the Standards for the Dental Team