Privacy Policy

UK General Data Protection Regulation (UK GDPR), UK DPA 2018, UK PECR and EU General Data Protection Regulation (EU GDPR)

Our practice is Notified with the Information Commissioner's Office (ICO).
Our Data Controller can be contacted at our practice address or by telephone with any questions you may have or details concerning the protection of your personal data.

 

Patient Records

Our Practice is Registered with the Care Quality Commission (CQC). Details of our Registration can be seen at www.cqc.org.uk. Our practice has to comply with the CQC data protection policy for Patient Records both offline and online.

Our Website

This privacy notice relates to your use of our website, see www.beckenhamdentalcare.co.uk.

Throughout our website we may link to other websites owned and operated by certain trusted third parties to make additional products and services available to you. These other third-party websites may also gather information about you in accordance with their own separate privacy notices.

For privacy information relating to these other third-party websites, please consult their privacy notices.

Definitions

Personal data: means any information that can be linked to an individual and identify them no matter if on its own or when combined with other data. Examples of personal data are name, ID number, location data, health information, political or economic interests, online identifiers, and IP addresses.

• Data Controller: means the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of personal data

• Data Processor: means a natural or legal person, body which processes personal data on behalf of the controller

• Data Protection Act 2018: controls how your personal information is used by organisations, businesses, or the government. The Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR), also called DPA18.

• Data Protection Regulation: are the legislations that set guidelines for the collection and processing of personal data from individuals, such as GDPR.

• Data subject: means an identified or identifiable natural person to whom the data in question belongs to.

• GDPR: General Data Protection Regulation (EU GDPR) – Regulation (EU) 2016/679.

• UK GDPR: means the Data Protection Act 2018 is the UK’s implementation of the General Data Protection Regulation (GDPR).

• Household: means a group, however identified, of consumers who cohabitate with one another at the same residential address and share use of common devices or services.

• PECR: the PECR (Privacy and Electronic Communications (EC Directive) Regulations 2003) is a UK law that is derived from derived from the EU’s ePrivacy Directive (Directive 2002/58/EC) and gives people specific rights to electronic communications

• Personal data: means any information that can be linked to an individual and identify them no matter if on its own or when combined with other data. Examples of personal data are name, ID number, location data, health information, political or economic interests, online identifiers, and IP addresses.

• Personal information: means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

• Processing: are any activities where we use personal data, both through electronic and manual means. This includes (without limitation) collecting, recording, storing, organising, adapting, altering, using, disclosing, and erasing personal data.

• Sell: means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for monetary or other valuable consideration.

• Sharing: means “disclosing, disseminating, making available, transferring, a consumer’s personal information by the business to a third party for cross-context behavioural advertising, whether or not for monetary or other valuable consideration.

• You: means the user or potential user of the website

• We, us, means our practice

Our collection and use of your personal data

We may collect your personal data when you access our website, register with us, contact us or send us feedback.

We collect this personal data from you either directly, such as when you register with us, contact us, or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below).

The personal data we collect about you depends on the activities carried out through our website. This information includes:

• your name, email, and phone number

• details of any feedback you give us by phone, email, post or via social media

• chat history if you contact us on social media

We use this personal data to:

• customise our website and its content to your preferences

• notify you of any changes to our website or to our services that may affect you

• improve our services

Our legal basis for processing your personal data

When we use your personal data, we are required to have a legal basis for doing so. There are various legal bases on which we may rely on, depending on what personal data we process and why.

The legal bases we may rely on include:

• Consent: where you have given us clear consent for us to process your personal data for a specific purpose

• Contract: where our use of your personal data is necessary for a contract we have with you, or because you have asked us to take specific steps before entering a contract

• Legal obligation: where our use of your personal data is necessary for us to comply with the law (not including contractual obligations)

• Legitimate interests: where our use of your personal data is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal data which overrides our legitimate interests)

Who we share your personal data with

We share personal information from our customers and users with third parties under the very limited circumstances and specific purposes below:

• Vendors: We may share personal data with third-party vendors, such as email providers (e.g.: Microsoft, Mailchimp), analytics software (e.g.: Sentry, Firebase, Amplitude Analytics), social media (e.g. WhatsApp, Facebook, Instagram). And consultants and vendors that perform tasks on our behalf like Marketing Agencies (e.g. Wati).

• National Security Authorities or Law Enforcement: We may share personal data to comply with laws and protect our rights and the rights of others. We may disclose your information when we, in good faith, believe disclosure is appropriate to comply with the law, a court order or a subpoena. We may also disclose your information to prevent or investigate a possible crime; to protect the security of the Services; to enforce or apply our online Terms of Use or other agreements; or to protect our own rights or property or the rights, property, or safety of our users or others.

We are responsible for background checking our vendors to ensure that such companies process your personal information in conformity with the applicable data privacy regulations, information security standards and our own standards.

For how long we keep your data

The period for which data is retained varies according to the purpose for which the data is processed. Personal data is being kept only for the time necessary to fulfil the processing purpose. In addition, there may be legal requirements that determine certain data to be retained for a minimum period.

Cookies and other tracking technologies

A cookie is a small text file which is placed onto your device (e.g: computer, smartphone or another electronic device) when you use our website. We use cookies on our website. These help us recognise you and your device and store some information about your preferences or past actions.

For further information on cookies, our use of cookies, when we will request your consent before placing them and how to disable them, please see our Cookie Policy.

Analytics

We use third-party analytics services (such as Google Analytics) as well as self-hosted data collection services on our Services to collect and analyse usage information through cookies and similar technologies; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics purposes, you may install the Google Analytics Opt-out Browser Add-on.

Advertising

We may work with several companies that assist in marketing our services to you on third party websites, mobile apps, and online services. These third parties may use cookies, web beacons or other tracking technologies to collect information about your use of certain parts of the Services and your activities across other websites and online services, which they may associate with persistent identifiers.

Their activities and your choices regarding their use of your information to personalise ads to you are subject to and set out in their own policies. We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking technologies that may be placed on your computer, mobile phone, or other device by non-affiliated, third-party providers. As described below, these providers may offer you a way to opt-out of the collection of information that is used for our interest-based advertising to you. We cannot guarantee that these instructions will not change, or that they will continue to be available; they are controlled by each third-party service provider, not us.

Marketing

We would like to send you information about products and services, competitions, and special offers, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by email or text message (SMS).

If you have agreed to being contacted in this way, you can unsubscribe at any time by:

• Contacting us via the form on our Contact page

• Using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts

Your rights

You have certain rights when it comes to the use of your data. At our practice we make this a global commitment and treat all our users equally. These are:

a. Right to be Informed: You have the right to be informed about all data processing activities performed on your personal data at the point of collection.

b. Right of Access: Also known as Data Subject Access Requests (“DSARs” or “SARs”), you have the right to request information relating to you, and to receive a copy of your personal data.

c. Right to Rectification: You have the right to request the rectification or completion of inaccurate or incomplete personal data concerning you.

d. Rights to Erasure, Restriction, Data Portability and to Object: In certain circumstances you have the right to:

• Request and obtain the erasure of personal data concerning you,

• Request and obtain the restriction of processing of personal data concerning you,

• Request to have your personal data transmitted to another controller without hindrance, where technically feasible (data portability),

• Object at any time to data processing carried out in our legitimate interests or carried out for direct marketing purposes.

Have in mind that we can still store some of our users’ anonymised personal information, as it is not possible to directly link to the data back to their identity.

We may also retain some personal information that is strictly necessary to comply with legal or governmental obligations.

e. Automated Decision Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects concerning you.

f. Facilitating Your Rights: We are required to provide within one month of receipt, information on the action we have taken to facilitate the request, or where applicable, the reasons for not taking action. This must include your right to lodge a complaint with the ICO and to seek a judicial remedy.
 

How to make use of your rights

To make use of your rights as stated above, you can make a direct request with us. Once you submitted your request, our team will get in touch with you within 30 days upon request.

The UK GDPR and EU GDPR allows us to extend this period by a further two months in certain circumstances.

Other Jurisdictions

For residents of other jurisdictions, to exercise your data protection rights or to receive more details in connection with them, you can submit requests via our Contact page. You may be required to provide additional information necessary to confirm your identity before we can respond to your request. We will consider all such requests and provide our response within the period required by applicable law.

Please note, however, that certain information may be exempt from such requests, for example if we need to keep the information to comply with our own legal obligations or to establish, exercise, or defend legal claims. Your rights and our responses will vary based on your state or country of residency.

Please note that you may be located in a jurisdiction where we are not obligated, or are unable, to fulfill a request. In such a case, your request may not be fulfilled. If applicable, you may make a complaint to your local data protection supervisory authority in the country where you are based. Alternatively, you may seek a remedy through local courts if you believe your rights have been breached.

Verifying your identity

We reserve the right to verify your identity before responding to a request, which may include, at a minimum, depending on the sensitivity of the information you are requesting and the type of request you are making, verifying your name, email address, phone number, or other information. You are also permitted to designate an authorised agent to submit certain requests on your behalf.

In order for an authorised agent to be verified, you must provide the authorised agent with signed, written permission to make such requests or a power of attorney. We may also follow up with you to verify your identity before processing the authorised agent’s request.

If you would like further information regarding your legal rights or would like to exercise any of them, please contact us using the details available on our Contact page.

Keeping your personal data secure

The security of the personal data we collect from our customers and users is a high priority and we make sure to adopt the proper technical, organisational, and administrative measures to protect the information we hold in our websites and products against loss, unauthorised access, misuse, modification, or destruction.

Changes to this Privacy Notice

As we improve our products and website, we may also update this Privacy Notice from time to time.

It is your responsibility to periodically check this document and maintain yourself informed about eventual changes in our activities regarding personal data.

We will let you know about the privacy updates on our website:

• by changing the date on top of this document,

• by sending you an email whenever we update our Privacy Notice and

• if the change is substantial, a notice will be posted on the site.

The “Most recent update” caption at the top of this page indicates when this Privacy Policy was last revised.

If you would like to see the version of the Privacy Notice that was in effect immediately prior to this version, please contact us using the details on our Contact page.

How to contact us

Please contact us if you have any questions about this privacy notice or the data we hold about you.

If you wish to contact us, please use the details on our Contact page.

Do you need extra help?

If you would like this website privacy policy in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).