Privacy policy
This website uses Google Analytics to help analyze how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity.
We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.
If you have questions concerning our privacy policy, please use our contact details to discuss them. Should you wish to view your details or to be removed from our database please do not hesitate to contact our team directly on cardiffendo@uwclub.net.
Privacy Notice
Introduction:
Cyncoed Dental Practice takes managing personal data very seriously and acts in accordance with the Data Protection Act 2018 as well as the General Data Protection Regulations.
This Privacy Notice is available on the practice website footer at www.cyncoeddentalpractice.co.uk
A copy can be requested from our reception team in person, via the telephone on 02920 754073 or a the contact us form on the website at https://www.cyncoeddentalpractice.co.uk, by emailing info@cyncoeddentalpractice.co.uk or in writing to Cyncoed Dental Practice, 289 Cyncoed Road, Cardiff, CF23 6PA
Data Controller:
Cyncoed Dental Practice, 289 Cyncoed Road, Cardiff, CF23 6SA is the “Data Controller”.
Purpose of Processing:
The Data Controller processes personal data for the purpose of:
- The provision of dental care to patients
- The provision of managing practice personnel (nurses, receptionists, practice managers, associates, hygienists, third party contractors)
- The provision of dental care to patients on referral from other healthcare providers
- The provision of managing patient referrals to and from other healthcare providers
- The management of patient appointments
- Communicating via newsletters to existing referring healthcare providers, and existing patients of the practice
- Marketing to existing referring healthcare providers and existing patients of the practice
- Other marketing
The data controller processes special category personal data for the purpose of:
- The provision of dental care to patients
- The provision of managing practice personnel
- The provision of dental care to patients on referral from other healthcare providers
- The provision of managing patient referrals to and from other healthcare providers
Lawful Basis:
The lawful basis for the processing of personal information relating to the provision of dental care to patients, provision of managing practice personnel, provision of dental care to patients on referral from other healthcare providers and the provision of managing referrals to and from other healthcare providers is:
- Performance of contract
- Legal obligation
The lawful basis for the management of patient appointments; communicating via newsletters to existing referring healthcare providers and existing patients of the practice; and marketing to existing referring healthcare providers and existing patients of the practice is:
- Legitimate interest
The lawful basis for marketing otherwise is:
- Consent
The lawful basis for the processing of special category data relating to provision of dental care to patients, provision of managing practice personnel, provision of dental care to patients on referral from other healthcare providers and provision of managing patient referrals to and from other healthcare providers is:
- Performance of contract
- Legal obligations
With the conditions under Article 9(2) under GDPR of:
“processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;”
and
“processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
Categories of Data Obtained:
The practice holds personal data in the following categories:
- Patient: information relating to contact details, clinical records, health records, appointment history, payment records, limited financial records, complaints record and correspondence etc. (including special category personal data)
- Information relating to the contact details of healthcare providers/dentists we accept referrals from, or refer to
- Practice personnel: information relating to contact details, recruitment details, eligibility to work in the UK details, GDC registrations, indemnity registrations, disclosure and barring service information, contracts, attendance records, holiday records, sick day records, occupational health/medical records, appraisals, disciplinary records, capability records, grievance records, correspondence with the data subject and third parties in relation to the data subjects work at the practice, pay records, bank details, national insurance number etc. (including special category personal data)
- Information relating to the contact details, professional details, payment records and limited financial records.
- Cookies used on the practice website
How Data is Obtained:
In most instances, personal data and special category personal data is received directly from the data subject themselves (e.g. patients, practice personnel and referring healthcare providers.)
In some instances, personal data and special category personal data may be received from third parties (e.g. referring healthcare providers, disclosure and barring service, regulatory bodies, indemnity providers, dental insurance providers, NHS, legal representatives, website cookies etc.)
The Recipients:
Relevant practice personnel of Cyncoed Dental Practice
Transfer of Data:
Patients of the practice and patients on referral from other healthcare providers
Data is stored on our internal server and is backed up via a back-up disk based system and via a cloud service, which is based in the EU.
It may be necessary for third parties to access this data such as dental software providers, IT support companies, cloud back up providers, email providers, website developers and website hosts.
It may be necessary to share this information with organisations such as other healthcare providers when a referral is made or received, dental laboratories when dental prostheses are needed, indemnity providers if needed, regulatory bodies if needed, dental insurance providers, NHS, appointment reminder texting companies, debt collection companies, legal representatives if needed, prospective practice owners etc.
Other than this data is kept confidential.
Practice personnel
Data is stored on our internal server and is backed up via a back up disk- based system and via a cloud service, which is based in the EU.
It may be necessary for third parties to access this data e.g. IT support companies, cloud back up providers, email providers etc.
It may be necessary to share this information with organisations such as pension providers, HMRC, human resources support, payroll support, insurers, accountants, legal representatives if needed, indemnity providers if needed, regulatory bodies if needed, prospective practice owners, in connection with providing a reference to a future employer etc.
Other than this data is kept confidential
Referring healthcare providers
Data is stored on our internal server and is backed up via a back up disk-based system and via a cloud, which is based in the EU.
It may be necessary for third parties to access this data such as dental software providers, IT support companies, cloud back up providers, email providers, website developers and website hosts.
It may be necessary to share this information with organisations such as other healthcare providers when a referral is made or received, indemnity providers if needed, regulatory bodies if needed, dental insurance providers, NHS, legal representatives if needed, prospective practice owners etc.
Retention Periods:
Special category patient personal data: Minimum of 10 years after the last contact or until the patient reaches 25 years old (whichever is longer); and we may store it for longer if there is justification to do so
Practice personnel data: 6 years after the data subject has left the practice
Cookies: Different cookies types are stored for different lengths of time. Full details can be found on the website cookie policy located at www.cyncoeddentalpractice.co.uk.
Further details on individual data retention periods are available on the practice data retention policy.
Rights of Data Subjects:
Under the GDPR data subjects have:
- The right to be informed about the personal data we hold
- The right of access to the information we hold about them
- The right to rectification of the personal data we hold if incorrect
- The right to erasure of personal data we hold. (This may not apply if there is an overriding obligation to retain data for example clinical records.)
- The right to restrict processing of personal data we hold
- The right to have the data we hold transferred to someone else at their request
- The right to object to processing the data we hold about them
For data subjects who have given their consent to us marketing to them, they have the right to withdraw that consent at any time. This can be done in person, via the telephone on 02920 754073, via the contact us form on the website at www.cyncoedentalpractice.co.uk, by emailing zaseeley@yahoo.co.uk, or by writing to Cyncoed Dental Practice, 289 Cyncoed Road, Cardiff, CF23 6SA.
Queries or Concerns:
Should you have a query or a complaint about the processing of your data by the practice, then please contact Dr Zena Aseeley, the practice owner, who will endeavour to help.
Dr Zena Aseeley can be contacted via the telephone on 02920 754073, via the contact us form on the website at www.cyncoedentalpractice.co.uk, by emailing zaseeley@yahoo.co.uk, or by writing to Cyncoed Dental Practice, 289 Cyncoed Road, Cardiff, CF23 6PA. In the event that you have a complaint and are unhappy with our response, you can contact the Information Commissioner on 0303 123 1113 or by visiting their website at https://ico.org.uk/concerns