GDPR – Privacy Statement
Crown Dental is a Data Controller under the terms of the Data Protection Act 2017. We take great care with all of the personal data we hold, to ensure we comply with the best professional practice within the law. The need for the strict confidentiality of personal information about patients is essential. This document describes our policy for maintaining the confidentiality of all personal information and all members of the practice team are required to comply with these safeguards as part of their contract of employment or contract for services with the practice.
We are a Data Controller under the terms of the Data Protection Act 2017 and the requirements of the EU General Data Protection Regulation.
This Privacy Notice explains what Personal Data the practice holds, why we hold and process it, who we might share it with, and your rights and freedoms under the Law.
Types of Personal Data
The practice holds personal data in the following categories:
- Patient clinical and health data and correspondence.
- Staff employment data.
- Contractors’ data.
What is personal information?
In a dental context, personal information held by a dentist about a patient includes:
- The patient’s name, current and previous addresses, bank account/credit card details, telephone number/email address and other means of personal identification such as physical description
- Information that the individual is or has been a patient of the practice or attended, cancelled or failed to attend an appointment on a certain day
- Information concerning the patient’s physical, mental or oral health or condition
- Information about the treatment that is planned, is being or has been provided
- Information about family members and personal circumstances supplied by the patient to others
- The amount that was paid for treatment, the amount owing or the fact that the patient is a debtor to the practice.
Why we process Personal Data (what is the “purpose”)
“Process” means we obtain, store, update and archive data.
- Patient data is held for the purpose of providing patients with appropriate, high quality, safe and effective dental care and treatment.
- Staff employment data is held in accordance with Employment, Taxation and Pensions law.
- Contractors’ data is held for the purpose of managing their contracts.
What is the Lawful Basis for processing Personal Data?
The Law says we must tell you this:
- We hold patients’ data because it is in our Legitimate Interest to do so. Without holding the data we cannot work effectively.
- We hold staff employment data because it is a Legal Obligation for us to do so.
- We hold contractors’ data because it is needed to Fulfil a Contract with us.
Principles of confidentiality
Personal information about a patient:
- Is confidential in respect of that patient and to those providing the patient with health care
- Should only be disclosed to those who would be unable to provide effective care and treatment without that information (the need-to-know concept), and
- Should not be disclosed to third parties without the consent of the patient except in certain specific circumstances described in this policy.
Who might we share your data with?
We can only share data if it is done securely and it is necessary to do so.
- Patient data may be shared with other healthcare professionals who need to be involved in your care (for example if we refer you to a specialist or need laboratory work undertaken). Patient data may also be stored for back-up purposes with our computer software suppliers.
- Employment data will be shared with government agencies such as Department of Social Protection for PRSI claims.
You have the right to:
- Be informed about the personal data we hold and why we hold it.
- Access a copy of your data that we hold by contacting us directly: we will acknowledge your request and supply a response within one month or sooner.
- Check the information we hold about you is correct and to make corrections if not
- Have your data erased in certain circumstances.
- Transfer your data to someone else if you tell us to do so and it is safe and legal to do so.
- Tell us not to actively process or update your data in certain circumstances.
How long is the Personal Data stored for?
- We will store patient data for as long as we are providing care, treatment or recalling patients for further care. We will archive (that is, store it without further action) for as long as is required for legal purposes as recommended by the Dental Council of Ireland or other trusted experts recommend.
- We must store employment data for six years after an employee has left.
- We must store contractors’ data for seven years after the contract is ended.
What if you are not happy or wish to raise a concern about our data processing?
You can complain in the first instance by sending an email to firstname.lastname@example.org or call us on 01 490 4656 and we will do our best to resolve the matter.