The data protection officer is Dr Sarah Hughes. We comply with the Data Protection Act (1998) and the General Data Protection Regulations (GDPR) 2018. 

As a patient of Dr Sarah Hughes, your information is also governed by the Quality Care Commission and the General Dental Council regulations.

Your rights

The GDPR outlines your enhanced rights including:

• The right to be informed: you have a right to know how your personal data is processed, how long we keep it for and who your data is shared with in a clear and transparent privacy notice.

• The right of access: you have the right to access any personal information we hold about you free of charge. You can ask for this by completing a “subject access request” and we will respond within one month.

• The right to rectification: you have the right to have your personal information corrected.

• The right to erasure: you have the right to ask for your personal data to be deleted when we no longer need your personal data.

• The right to restrict. You have the right to restrict or limit the extent to which we process your personal data.

• The right to portability: you have a right to request a copy of your personal information in a structured, commonly used, machine-readable format and ask for it to be sent to another health care professional.

• The right to object: you have the right to object to us processing your personal information for certain things, including direct marketing.

What personal information do we hold?

• basic contact details like your name, phone number, email address and home address, age.

• Your past and current medical condition and your general medical practitioner details.

• clinical photographs.

• Information about the treatment that we have provided or propose and its cost.

• Notes of conversations or incidents that might occur for which a record needs to be kept.

• Records of consent to treatment.

• Any correspondence relating to you with other health care professionals.

Why do we hold this information?

We need to keep accurate personal data about patients to provide you with safe and appropriate care and to fulfil our business and legal obligations. 

Retaining information

Dr Sarah Hughes will retain your personal data for as long as necessary to provide you with our services. We are required by tax laws to keep your personal data for a minimum of 7 years. Health & Safety records will be kept for 10 years and where we have your consent for marketing purposes, we will retain the minimum required data until you notify us that you no longer wish to receive such information.

The criteria for which we would continue to process your personal information includes:

• Where there is a legal basis, obligation or legitimate interest to continue processing your personal information.

• Where processing is necessary for the establishment, exercise or defence of legal claims.

Security

Your information is held in the practice’s computer system and/or in a manual filing system. Your

digital record is held on Dentally software. You can read about how Dental.ly keeps your information

secure here (https://www.dentally.com/en-gb/security).The information is only accessible to authorised team members with

passwords. Our computer system has been secured with audit trails and information is regularly

backed up to ensure it is not lost.

Any Questions?

If you have any questions about how we handle your data, please contact us by email at srhughes3@icloud.com.

You can also visit the Information Commissioners Office (ICO) website ICO for more information about GDPR.