Practice Privacy Policy

separator-dds-blue

Patient Privacy Notice – Download a PDF Copy

Purpose of this document
Portman Healthcare (Ireland) Limited (“Portman Dental Care”) and its group companies (including its subsidiaries, holding company or parent company) is committed to protecting the privacy and security of a patient’s personal information and is a “data controller” for the purposes of data protection law.

Under data protection law, individuals have a right to be informed how Portman Dental Care uses personal data that it holds about them. Portman Dental Care complies with this right by providing ‘privacy notices’ (sometimes called ‘fair processing notices’) to individuals where it processes their personal data.

This privacy notice is provided to all patients so they are made aware of how and why their personal data will be used, namely for the purposes of providing dental and medical care and how long it will usually be retained for.

Contact details
Portman Healthcare (Ireland) Limited’s principal address is: Suite 3, One Earlsfort Centre, LowerHatch Street, Dublin 2, Ireland.
Portman Dental Care’s Data Protection Officer can be contacted via privacy@portmandental.co.uk and they are responsible for informing and advising Portman Dental Care about its data protection law obligations and monitoring its compliance with these obligations. They also act as a patient’s first point of contact if they have any questions or concerns about data protection.

Personal data
Personal data means any information relating to a living individual who can be identified (directly or indirectly) in particular by reference to an identifier (e.g. name, NI number, email address, physical features). It can be factual (e.g. contact details or date of birth), an opinion about an individual’s actions or behaviour, or information that may otherwise impact that individual in a personal or business capacity.

Data protection law divides personal data into two categories: ordinary personal data and special category personal data.

Any personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, biometric or genetic data that is used to identify an individual is known as special category personal data. (The rest is ordinary personal data.)

Data protection principles
Portman Dental Care will comply with data protection law and principles, which means that a patient’s personal data will be:
• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes that Portman Dental Care has clearly explained to them and not used in any way that is incompatible with those purposes
• Relevant to the purposes Portman Dental Care has advised of and limited only to those purposes
• Accurate and kept up to date
• Kept only as long as necessary for the purposes Portman Dental Care has advised of
• Kept securely

Types of personal data that Portman Dental Care processes
Personal data that Portman Dental Care may collect, use, store and share (where appropriate) about a patient includes, but is not restricted to the following:

Contact details

• Title, first name, surname, preferred name, address, post code, mobile number, alternate contact number, personal and work email addresses. GP contact details
• Characteristics information (such as gender, age and date of birth)
• National insurance number, NHS number, unique identification number
• Next of kin and their contact number, relationship to the patient and if they are a patient at the practice
• Occupation

Dental and Health Records (special category personal information)
• Clinical records made by dentists and other dental professionals involved with a patient’s care and treatment
• Notes of conversations with a patient about their care
• Communication records with patients such as letters and emails
• X-rays, clinical photographs, digital scans of a patient’s mouth and teeth, and study models
• Treatment plans and Consent
• Correspondence from other health professionals or institutions involved in a patient’s care
• Medical and dental history
• Dates of a patient’s appointments and reminders
• Details of any complaints and or feedback that a patient has made and how these complaints were dealt with

Financial Information
• Portman Dental Care holds information about the fees it has charged, the amounts a patient has paid and some payment details
• Exemption details (NHS only).

Security Information
• CCTV images

Technical Data
Data about a patient’s use of a Portman Dental Care practice’s website. Further information can be found in our Cookies Policy.

Changes to a patient’s personal data
It is important that the personal information that Portman Dental Care holds about a patient is accurate and current. Patients are requested to keep their dental practice informed if their personal data changes during their relationship with Portman Dental Care.

Collection of a patient’s personal information
Portman Dental Care processes a patient’s personal information to:
• Maintain clinical records and provide dental treatment, prevention and oral health advice
• Refer a patient to other dentists or doctors and health professionals as required
• Carry out financial transactions and for debt recovery

• Send to the General Dental Council or other authority as required by law
• Communicate with them:
o establish a patient’s preference for how Portman Dental Care contacts them about their dental care
o appointment reminders, treatment plans and estimates, changes to dental appointments and provision of dental care at their practice
o with a patient’s next of kin in an emergency
o inform a patient of products and services available at Portman Dental Care’s practices
o conduct patient surveys or to find out if a patient is happy with the treatment received in order to continually improve the care and service a patient receives from Portman Dental Care for quality control purposes
• Analyse and understand the effectiveness of its marketing activities
• Ensure the safety of individuals visiting dental practices where there is CCTV
• Undertake dental research or dental education. Portman Dental Care will discuss this with a patient and seek their consent. Depending on the purpose and if possible, Portman Dental Care will anonymise a patient’s information. If this is not possible Portman Dental Care will inform a patient and discuss their options

Portman Dental Care uses data processors who are third parties who provide elements of services for it. Data Processor Agreements are in place which means that they cannot do anything with a patient’s personal information unless Portman Dental Care have instructed them to do it.

Lawful basis for collecting and processing personal data
Portman Dental Care’s lawful bases for processing personal data:
• The legitimate interests of a dental practice
• For the performance of a contract with a patient or to take steps to enter into a contract
• Consent of a patient
• To comply with Portman Dental Care’s legal obligations

Portman Dental Care’s lawful bases for processing special category data:
• Processing is necessary for health care purposes
• Where we carry out our legal obligations or exercise rights in connection with providing our services
• Processing is necessary for identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with the view to enabling such equality to be promoted or maintained
• In limited circumstances, with a patient’s explicit consent

Where Portman Dental Care requests a patient’s consent to the collection, processing and transfer of their personal data for a specific purpose e.g. to receive notifications, newsletters, surveys or marketing, a patient has the right to withdraw consent for that specific processing at any time. To withdraw their consent, a patient should contact the Practice Manager in writing. Once Portman Dental Care receives a patient’s notification that they have withdrawn their consent, Portman Dental Care will no longer process their information for the purpose or purposes that a patient originally agreed to.

Automated processing (including profiling) and automated decision-making
Generally, automated decision making is prohibited when a decision has a legal or similar significant effect on an individual unless:
(a) a Data Subject has Explicitly Consented;
(b) the Processing is authorised by law; or
(c) the Processing is necessary for the performance of or entering into a contract.

If certain types of Special Categories of Personal Data or Criminal Convictions Data are being processed, then grounds (b) or (c) will not be allowed but the Special Categories of Personal Data and Criminal Convictions Data can be processed where it is necessary (unless less intrusive means can be used) for substantial public interest like fraud prevention.

If a decision is to be based solely on Automated Processing (including profiling), then patients must be informed when Portman Dental Care first communicates with them of their right to object. This right must be explicitly brought to a patient’s attention and presented clearly and separately from other information. Further, suitable measures must be put in place to safeguard a patient’s rights and freedoms and legitimate interests. Portman Dental Care must also inform a patient of the logic involved in the decision making or profiling, the significance and envisaged consequences and give a patient the right to request human intervention, express their point of view or challenge the decision.

A Data Protection Impact Assessment must be carried out before any Automated Processing (including profiling) or Automated Decision Making activities are undertaken.

Data sharing
A patient’s information is normally used only by those working at a dental practice but there may be instances where. Portman Dental Care needs to share it,
for example, with:
• A patient’s doctor
• The hospital or community dental services or other health professionals caring for a patient
• Specialist dental or medical services to which a patient may be referred
• Dental laboratories
• NHS payment authorities
• Dental payment plan administrators
• The Department for Work and Pensions and its agencies, where a patient is claiming exemption or remission from NHS charges
• NHSBSA – NHS Business Services Authority
• Regulatory authorities such as the General Dental Council, the Care Quality Commission, the Regulatory and Quality Improvement Authority, Irish Dental Association, Health and Safety Authority and Health Information and Quality Authority
• NHS Health Boards
• Private dental schemes of which a patient is a member
• Debt collection companies
• Police, fraud prevention agencies, a patient’s insurance company
• In the event of a possible sale of the practice at some time in the future
• Where it is considered to be in a patient’s best interest or if Portman Dental Care has reason to believe an individual may be at risk of harm or abuse
• To third parties to deliver the following services:
o Managing new enquiries from Portman Dental Care’s websites
o Contacting a patient to check if they wish to remain a patient of Portman Dental Care
o Sending reminders for a patient’s dental appointments
o Processing on-line booking appointments
o Collecting feedback from Portman Dental Care’s patients
o Managing email communications to Portman Dental Care’s patients
o Providing troubleshooting and support services for Portman Dental Care’s various IT systems

Portman Dental Care will only disclose a patient’s information on a need-to-know basis and will limit any information that it shares to the minimum necessary. Portman Dental Care also has third party agreements in place to protect a patient’s information.

Portman Dental Care does not allow its third-party service providers to use a patient’s personal data for their own purposes. Portman Dental Care only permits them to process a patient’s personal data for specified purposes and in accordance with Portman Dental Care’s instructions. They will not share personal information with any organisation apart from Portman Dental Care or further sub-processors who must comply with Portman Dental Care’s Data Processor Agreement.

In certain circumstances or if required by law, Portman Dental Care may need to disclose a patient’s information to a third party not connected with their health care, including HMRC or other law enforcement or government agencies.

National opt-out policy
Whenever a patient uses NHS dental care provided by Portman Dental Care, personal information is collected and stored on their patient record to ensure that they receive the best and most appropriate care and treatment. The information collected can also be used by and provided to other organisations for purposes beyond a patient’s individual care, for example, to provide better health and care for them, their family and future generations by:
• Improving the quality and standards of care provided
• Research into the development of new treatments
• Preventing illness and diseases
• Monitoring safety
• Planning services

Information about a patient’s health and care is confidential and can only be used where allowed by law. Mostly, information used for research and planning is anonymised so that a patient cannot be identified and a patient’s confidentiality is maintained.

A patient can choose whether they want their confidential information to be used in this way. If they are happy with this use of their information, they do not need to do anything. If a patient wishes to opt-out, their confidential information will be used only to support their individual care.

A patient can register their choice and find out more at
nhs.uk/your-nhs-data-matters

A patient can change their choice at any time.

Data security
Portman Dental Care has put in place appropriate security measures to prevent a patient’s personal information from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed e.g:
• It has policies, procedures and provides training covering data protection, security, record disposal and confidentiality
• Access to personal data is restricted to colleagues and self-employed associates who have a business need-to-know. They are subject to a duty of confidentiality
• Electronic records are held on encrypted servers
• Up to date virus anti-virus and malware protection software is used and security patches applied promptly
• Secure cloud based storage
• Data is backed up regularly
• Portman Dental Care has strict visitor management security procedures in place (including CCTV)
• Sensitive paper files are locked away with restricted access to the keys

• Encrypted email or secure file sharing platforms are used to share personal data with external organisations
• Due diligence checks are undertaken on service providers and Data Protection Impact Assessments are completed, where required

Portman Dental Care has put in place procedures to deal with any suspected data security breach and will notify a patient and a Supervisory Authority of a suspected breach where Portman Dental Care is legally required to do so.

All Portman Dental Care’s third-party service providers are required to take appropriate security measures to protect a patient’s personal information in line with Portman Dental Care’s policies.

Transferring data internationally
If Portman Dental Care transfers a patient’s personal data in digital format to third party service providers based outside the EEA, it will ensure that suitable safeguards have been put in place to allow personal data to be transferred out of the EU.

Portman Dental Care mainly stores data in the UK or the European Economic Area (EEA), however some of its service providers may store personal data outside these areas primarily for creating medical devices such as crowns, dentures and other dental prosthesis.

Data retention
How long a patient’s information will be held
Portman Dental Care retains dental records and orthodontic study models while an individual is a patient at one of its practices and after they cease to be a patient, for eleven years, or for children until age 25, whichever is the longer.
Retention periods may be changed from time to time based on business or legal and regulatory requirements.

Rights of access, correction, erasure, and restriction
Rights in connection with personal information
Under certain circumstances, by law an individual has the right to:
• Be informed about the collection and use of their personal data. A privacy notice will be provided to individuals at the time their personal data is collected and will explain simply and clearly how and Portman Dental Care intends to process their data
• Access their personal data (commonly known as a “data subject access request”). This enables an individual to receive a copy of the personal information Portman Dental Care holds about them and to check that Portman Dental Care is lawfully processing it
• Rectification of the personal information that Portman Dental Care holds about them. This enables an individual to have any incomplete or inaccurate information held about them, corrected
• Erasure of their personal information. This enables an individual to ask Portman Dental Care to delete or remove personal information where there is no good reason for Portman Dental Care continuing to process it for the purposes for which it was provided; Portman Dental Care requested permission to process their personal data and a candidate wishes to withdraw their consent; Portman Dental Care isn’t using the personal data in a lawful manner
• Request the restriction of processing of their personal information. This enables an individual to ask Portman Dental Care to suspend the processing of personal information about them, for example if an individual considers that:
o any of the information that Portman Dental Care holds about them is inaccurate
o Portman Dental Care no longer needs to process the information for the purposes for which it was provided, but an individual requires the information to establish, exercise or defend legal claims
o Portman Dental Care isn’t using an individual’s information in a lawful manner

• Object to processing of their personal information where Portman Dental Care are relying on a legitimate interest (or those of a third party) and there is something about their situation which makes them want to object to processing on this ground. An individual also has the right to object where Portman Dental Care is processing their personal information for direct marketing purposes
• Portability – request the transfer of their personal information to themselves. Where Portman Dental Care has requested an individual’s permission to process their personal information, an individual has a right to receive the personal information they provided to Portman Dental Care in a portable format. An individual may also request Portman Dental Care to provide it directly to a third party, if technically feasible. Portman Dental Care is not responsible for any such third party’s use of the individual’s information, which will be governed by their agreement with the individual and any privacy statement they provide to the individual. This right only applies to data that is being processed electronically
• In relation to automated decision making and profiling. An individual shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them
This does not apply if the decision:
o is necessary for entering into, or performance of, a contract between the individual and Portman Dental Care;
o is authorised by law to which Portman Dental Care is subject and which also lays down suitable measures to safeguard the individual’s rights and freedoms and legitimate interests; or o is based on the individual’s explicit consent

Complaint on data processing
If a patient considers that Portman Dental Care’s collection or use of personal information is unfair, misleading or inappropriate, or have any other concern/ complaint about Portman Dental Care’s data processing, they should raise this with Portman Dental Care’s Data Protection Officer in the first instance at email: privacy@portmandental.co.uk

A patient can also seek advice from the Supervisory Authority:
• The Data Protection Commission – via their online contact form or via post at 21 Fitzwilliam square south, Dublin 2, D02 RD28, Ireland or call their helpdesk 9.30am to 1pm and 2pm to 5.30pm (Monday to Friday) on 01 7650100 / 1800437 737

Changes to this privacy notice
This Privacy Notice will be reviewed annually, considering changes to legal, regulatory, or contractual requirements, changes in working practice or structure to the business.

Changes to this Privacy Notice may be as a direct result of inputs from audits, security incidents, risk assessments, improvement actions and new objectives that may have been set by Portman Dental Care.

portmandentalcare.com
September 2023 | V3

separator-dds-grey

Get in touch

Dundrum Dental Surgery
12 Main Street
Dundrum
Dublin 14

Tel: 01 2986029
E-mail: info@dundrumdentalsurgery.ie

We are situated on the Main Street of Dundrum Village, directly opposite Lidl, and situated between AIB and Carroll's opticians. Most of our patients find it most convenient to park in the Dundrum Village Centre Carpark directly opposite our practice.

Find us

separator-dds-white