How we look after your data
This Privacy Notice is a shortened form of our Privacy Policy and any patient who wishes to have a copy of our full Policy should ask Natalie Montgomery. Umi Clinic takes great care to protect the personal data we hold for you in line with the requirements of the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).
The purpose of collecting and storing personal data about you is to ensure we can provide appropriate, safe and effective dental care, treatment and advice, to fulfil any contracts we hold in relation to your care and for the business administration of your care.
Personal data
The personal data we process* includes:
- Name, address, date of birth.
- Unique identification number.
- Next of kin.
- Email address.
- Phone numbers.
- GP contact details.
- Occupation.
- Medical history.
- Dental care records.
- Photographs.
- Family group.
- Payment plan details.
- Financial information.
- Credit cards receipts.
- Correspondence.
- Details of any complaints received.
* Processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it.
We keep an inventory of personal data we hold on our patients and this is available on request. At Umi Clinic sensitive personal information relating to our patients is only used to provide dental care for the individual. It is never shared for research purposes or any non-clinical need. The National Opt-out Policy introduced in March 2020 is therefore not operated at our clinic on this basis.
Should we change our policy to use personal or sensitive personal information for a non-clinical purpose or a research project, we would then introduce the National Opt-out policy.
Transferring personal data outside the EU – your personal data is not transferred outside the EU.
This Privacy Notice was reviewed and implemented on 30/03/2024. It will be reviewed annually and is due for review on 30/04/2025 or prior to this date in accordance with new guidance or legislative changes.
The information we collect and store will not be disclosed to anyone who does not need to see it. We will share your personal information with third parties when required by law or to enable us to deliver a service to you or where we have another legitimate reason for doing so. Third parties we may share your personal information with may include:
• Regulatory authorities such as the General Dental/Medical Councils or the Care Quality Commission
• NHS Local Authorities.
• Dental payment plan administrators.
• Insurance companies.
• Loss assessors.
• Fraud prevention agencies.
• Dental or medical laboratories
• In the event of a possible sale of the clinic at some time in the future.
We may also share personal information where we consider it to be in a patient’s best interest or if we have reason to believe an individual may be at risk of harm or abuse.
Under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, you have the following personal privacy rights in relation to the information we hold about you:
• Access to and copies of your records.
• Have inaccuracies deleted.
• Have information about you erased. This should be seen in light of the need to keep records about your dental/medical care in case you have any problems in the future.
• Object to direct marketing.
• Restrict the processing of your information, including automated decision-making.
• Take your data to another dental / medical clinic or anywhere else.
Patients who wish to have inaccuracies deleted or to have information erased must speak to the dentist who provided or provides their care.
UK GDPR requires us to state the legal basis upon which we process all personal data for our patients, and it requires us to inform you of the legal basis on which we process your personal data.
The legal basis on which we process personal information for our private patients is;
Patient Consent: Similar to other jurisdictions, patient consent is a fundamental principle in processing personal health information in England. Dentists and doctors must obtain explicit consent from patients for the collection, use, and disclosure of their personal health data for specific purposes, such as diagnosis, treatment, and sharing information with other healthcare providers.
Legal Obligations: Healthcare professionals in England are obligated to comply with various laws and regulations concerning the handling of patient data, including the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR). These laws set out specific requirements for the processing of personal data, including health information, and impose obligations to ensure the confidentiality, security, and lawful processing of patient data.
Contractual Obligations: Dentists and doctors may process personal information as necessary to fulfill their contractual obligations to patients. This includes providing healthcare services, maintaining accurate patient records, and communicating with patients about their treatment plans and appointments, in accordance with professional standards and regulatory requirements.
Vital Interests: In emergency situations where the patient’s life or health is at risk and obtaining consent is not feasible, healthcare professionals in England may process personal information based on the vital interests of the patient.
Legitimate Interests: Dentists and doctors may rely on legitimate interests as a legal basis for processing personal information in England, provided that the interests or fundamental rights and freedoms of the patient are not overridden. This may include activities such as quality assurance, medical research (subject to ethical approval), or administrative purposes, provided appropriate safeguards are in place.
Healthcare professionals in England must ensure compliance with relevant data protection laws and regulations to avoid legal consequences, including fines, regulatory sanctions, and reputational damage. Implementing appropriate data protection measures, such as encryption, access controls, and staff training, is essential to safeguard patient confidentiality and privacy.
Umi Clinic will always obtain specific, opt in consent from you for direct marketing information. This will be provided to you when attending your first appointment. We will also obtain specific, opt in consent from you for sending appointment reminders or correspondence via text and email.
If you are a new patient,we will obtain consent when you first attend the clinic. If you are an existing patient, we will obtain consent when you attend for your recall appointment or for a treatment appointment. We will refresh this consent when you complete a new medical history proforma.
After you have given your opt in consent you have a right to withdraw your consent at any time.
This clinic retains dental records and orthodontic study models while you are a patient of our clinic and after you cease to be a patient for at least eleven years or for children until age 25, whichever is longer. For medical patients, we retain records for eight years from the date of last treatment for adult records. Eight years after their 18 birthday or until 25 years of age for children.
You have a right to complain about how we process your personal data. All complaints concerning personal data should be made in person or in writing to Natalie Montgomery. All complaints will be dealt with in line with the clinic complaints policy and procedures. Please see our Complaints Policy page for further details.
If you are unhappy with the resolution of your complaint, you have the right to raise your complaint with the Information Commissioner’s Office (ICO).
The ICO can be contacted at https://ico.org.uk/make-a-complaint or you can start a live chat on their website or call the ICO helpline on 0303 123 1113. Further information on making a complaint to the ICO can be found here: https://ico.org.uk/make-a-complaint/data-protection-complaints/data-protection-complaints
This Privacy Notice was reviewed and implemented on 30/03/2024. It will be reviewed annually and is due for review on 30/04/2025or prior to this date in accordance with new guidance or legislative changes.