Privacy Notice

Thatch House is a state-of-the-art dental practice providing private cosmetic dental treatments. Our practice comprises employed and self-employed individuals, we work together to ensure our patient’s privacy is respected and their personal data is protected.

This privacy notice outlines how we process patient information according to the UK GDPR and Data Protection Act 2018 (DPA18).

Our Contact Details

Address: 7 High St, Long Buckby, Northampton, NN6 7RE

Phone Number: 01327 842815

Email: info@thatchhousedental.co.uk

Collecting Your Personal Data

Most of the personal information we process is provided to us directly, such as when you contact the practice, engage with our website or during your appointment.

Occasionally, however, we may receive patient information from other sources such as:

  • Another dental professional that has treated you
  • GP or hospital
  • Carer, family member or partner
  • Insurance or dental plan provider
  • A regulator or other authority, such as the Police.
  • Your solicitor

We may receive data from third parties such as analytics providers such as Google based outside the UK, advertising networks such as Facebook based outside the UK providers of technical, payment and delivery services.

The Types of Personal Information We Collect and Process

We currently collect and process the following information:

Categories of Personal Data Examples of Personal Data Purposes of Processing Personal Data Lawful Basis under UK GDPR and DPA18
Personal Identifiers Name, Contact Details, Patient Reference number, date of birth, signatures, photos and videos (non-clinical) 1. Register you as a patient. 2. Contact you in connection with your treatment, and manage our relationship with you; this includes sending you recalls and appointment reminders. 3. Send you marketing information. 4. Share non-clinical video and photos of you such as reactions and testimonials to our online audiences and training courses 1. Performance of a contract. 2. Performance of a contract, in our legitimate interest. 3. Consent, in our legitimate interest. 4. Consent
Family Details Next of kin, and details of any guardians, carers and representatives. 1. Contact them in an emergency. 2. Contact them about your care if they are responsible for looking after you. 1. Vital interest, consent. 2. Performance of a contract, consent.
Financial details Details of any payments you make to us or need to make to us your debit and credit card details, and if applicable, your bank account details 1. Process any payments you make to us or need to make to us. 2. Recover any debts due to us. 1. Performance of the contract with you. 2. In our legitimate interest.
Technical data Data about your use of our website such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website, social media channels and patient portal. 1. Analyse how patients use our online services to develop them, to grow our practice and to progress our marketing strategies. 2. Administer and protect our practice, social media channels, website, deliver relevant online content and advertisements to you, and understand our advertising effectiveness. 3. Detect and identify whether an individual has used the practice’s guest WI-FI network to conduct unlawful activities. 1, 2. In our legitimate interest. 3. In our legitimate interest, Legal obligation.
Communication data Personal data contained in email, comments on social media posts, letters, instant messages. 1. To investigate and respond to a complaint, query or feedback you may have. 2. Provide evidence required to establish a legal defence or regulatory enquiry. 1, 2 and 3. In our legitimate interest.
Health Data Medical and dental histories, lifestyle questions (e.g. alcohol and tobacco use), x-rays, clinical photographs, digital scans of your mouth and teeth, study models, treatment plans, patient understanding exercises, recorded communications (e.g. voice messages, video calls, instant messages, letters and emails), clinical notes made by our clinical staff and other dental professionals involved in your care and treatment, information of any health and safety incident you have been involved in. 1. For the assessment, diagnosis of your dental health to administer care and treatment, including prescription and referral. 2. To establish a legal defence in the event of a claim or regulatory investigation. 3. For clinical and peer review to assess equality and the level of care provided to patients visiting the practice. 4. To record and manage a health and safety incident that has occurred on the premises. Including, insurance purposes. 1. Necessary for your dental and orthodontic treatment and the administration of it.* 2. Legal defence 3. Necessary for your dental and orthodontic treatment and the administration of it. Substantial Public Interest – Equality.** 4. Legal defence, Substantial Public Interest – Insurance***
Ethnicity Information Where relevant, we may need to process your ethnic group and language. 1. Understand your cultural, religious and language needs, identify any patients at risk. 2. Comply with the law which gives the practice a duty to promote equality. 1. Necessary for your dental and orthodontic treatment and the administration of it.* 2. Legal defence 3. Necessary for your dental and orthodontic treatment and the administration of it. Substantial Public Interest – Equality.**
Religious and philosophical beliefs Where relevant to your care, such as fasting or abstaining from certain types of treatments. 1. For the assessment, diagnose your dental health to administer care and treatment, including prescription and referral. 2. Comply with the law, which gives the practice a duty to promote equality. 1. Necessary for your dental and orthodontic treatment and the administration of it.* 2. Legal defence 3. Necessary for your dental and orthodontic treatment and the administration of it. Substantial Public Interest – Equality.**

*For this purpose, we also rely on the lawful bases set out in the Data Protection Act 2018, Schedule 2, Part 1, Paragraph 2.2.C and 2.2.D, which states processing is necessary for medical diagnosis, and the provision of health care and treatment, respectively.

**For this purpose, we also rely on the lawful bases set out in the Data Protection Act 2018, Schedule 2, Part 2, Paragraph 8.1.B. This states processing is necessary for identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people specified in relation to that category with a view to enabling such equality to be promoted or maintained.

*** For this purpose, we also rely on the lawful bases set out in the Data Protection Act 2018, Schedule 2, Part 2, Paragraph 20.1.A. This states processing is necessary for insurance purposes.

Providing you with private dental treatment means the practice and your treating clinician must collect and process your personal data. Refusal to provide personal data connected to these lawful bases directly affects our ability to treat you. Consequently, we may be unable to continue your treatment at the practice.

Withdrawing Consent

The above table sets out where rely on consent to process your personal data. You can request to withdraw your consent for these purposes by contacting the practice using the contact details found at the top of this notice.

How We Store Your Data

Your information is securely stored in the practice or online cloud environments such as Microsoft Office 365, which sits within and outside the UK.

Our cloud-based practice management system is also based in the UK and benefits from state-of-the-art encryption, access controls and regular back-ups to ensure your personal data is safe and readily available.

How long we keep your Personal Data for

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including to satisfy any medical, legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data, we look at its amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, and the processing purposes, if these can be achieved by other means and legal requirements.

Sharing Your Personal Data

Your information is typically used only by those working at the practice, including self-employed clinicians engaged by the practice.

There may be instances where we need to share it – for example, with:

  • Your doctor
  • The hospital or community dental services or other health professionals caring for you
  • Private dental schemes (if applicable) of which you are a member.
  • The General Dental Council
  • Any professionals advising us or you, such as any lawyers and insurance companies
  • Our IT providers
  • Your next of kin, such as in an emergency
  • Pharmacists

We will only disclose your information on a need-to-know basis and limit any information we share to the minimum necessary.

In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.

International Transfer of Personal Data

Where we transfer your data to third parties outside of the UK, we will ensure that certain safeguards are in place to provide a similar degree of security for your personal data. As such:

  • We may transfer your personal data to countries that the UK has approved as providing an adequate level of protection for personal data by; or
  • If we use US-based providers that are part of a UK approved legal privacy framework, we may transfer data to them, as they have appropriate safeguards in place; or
  • Where we use certain service providers who are established outside of the UK, we may use specific contractual clauses approved by the European Commission, giving personal data the same protection it has in Europe.

If none of the above safeguards is available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time. 

Knowing Your Information Rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal information.

Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.

Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us using the contact details at the top of this notice.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office

Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk