Dentures Direct policy is to hold the minimum amount of data necessary to carry out the required treatments you have agreed to. Data is held for the duration stipulated by the General Dental Council I.e 11 years.

For the most part, Dentures Direct operates a paper based system,lockable security containers provide physical security. Electronic data is held at a remote site using industry standard security procedures. Dentures Direct will promptly inform anyone affected should any breach occur.

We will not circulate any personal information to third parties without prior consent.

WHAT WE HOLD
Name, address, date of birth, medical history, treatment details and final invoice details only.
Names, addresses and contact details are held on a paper and an electronic system for invoicing only.
Your personal information is not shared with anyone outside of Dentures Direct without your express consent.

EMPLOYEE INFORMATION
It is noted too that every staff member and contractor holds personal information which comes under the jurisdiction of the GDPR, in the form transactional records. All staff and contractors are required to read and sign a security brief annually. All e-mails contain a standard confidentiality notice.

​
OVERSIGHT

The GDPR requires that public authorities and large-scale data processing organisations designate a Data Protection Officer to take responsibility for data protection compliance. The size and structure of Dentures Direct does not justify a dedicated post. However, data security has been identified as a risk for the company, we review this risk and the procedures for protecting against it regularly.

INDIVIDUALS’ RIGHTS
The GDPR includes the following rights for individuals: The right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and the right not to be subject to automated decision-making including profiling.
We are confident that current procedures fulfil the GDPR and we do not operate any data profiling processes. We will regularly review our procedures to ensure they cover areas such as the deletion of personal data and will provide individuals with the data we hold on them, if requested, in electronic and paper format.

 

SUBJECT ACCESS REQUESTS
We acknowledge that individuals have a right to seek access to information held with us or if they think there is a problem with the way we are handling their data. We will comply with any such request within the new statutory one month period. However, we can refuse or charge for requests that are manifestly unfounded or excessive. 

Individuals will have the right to have their personal data deleted when they believe it is being held without a practical or lawful basis.  If we refuse a request, we must tell the individual why and that they have the right to complain to the ICO and to seek a judicial remedy. We must do this, at the latest, within one month.

​
CHILDREN

There is a requirement to obtain parental or guardian consent for any data processing activity. This is unlikely to affect Dentures Direct.​​

 

DATA PRIVACY IMPACT ASSESSMENT (DPIA)
Dentures Direct ‘Data Protection Impact Assessments will be carried out if a new technology is being deployed; or if there
is any change of data held. While this is unlikely to directly affect Dentures Direct, we will work with whoever necessary to ensure that awareness of this is included in any future development programmes.

BREACHES OF DATA
Should we become aware of any personal data breach, we will notify those patients as rapidly as possible, notifying the ICO if a breach is likely to result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage to those concerned.