This privacy notice provides you with details of how we collect and process your personal data through your use of our site www.theneemtree.co.uk
By providing us with your data, you warrant to us that you are over 13 years of age.
The Neem Tree [is/am/are] the data controller and we are responsible for your personal data (referred to as “we”, “us” or “our” in this privacy notice).
The Neem Tree is committed to complying with the General Data Protection Regulation (GDPR), Data Protection Act, the CQC, GDC and other standards.
The practice only keeps relevant information about employees for the purposes of employment and health and safety, and about patients to provide them with safe and appropriate dental care as well informing them about its products and services.
The person responsible for Data Protection is Zayba Sheikh.
Our legal basis for processing data is:
“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.”
Computerised and hard records are stored, reviewed and updated securely and confidentially. Records are securely destroyed when no longer required. Confidential information is only seen by personnel who need to see it and the team are trained on our policies and procedures to keep patient information confidential.
Information we may collect from you:
If you visit our website or contact us by Text, Phone, Online chat systems, Email or any other method, you may provide us with information about yourself. This information can include but is not limited to: name, date of birth, address, post code, telephone number, email, message, general medical practitioner, your health information, photos, and confirmation of method of contact. During your dental appointment we may collect further information about your:
Often, we are processing your data based on a mixture of Legal Obligation, Completion of a Contract, Legitimate Interests & for the purpose of a contract.
If the data is in relation to a child below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorised by the holder of parental responsibility over the child.
You have the right to withdraw your consent at any time as follows:
Transmission and disclosure of Data:
To facilitate patients’ health care, the personal information may be disclosed to a dental laboratory, dentist, doctor, health care professional, hospital, HMRC, Court, police or private dental schemes of which the patient is a member. In all cases only relevant is shared.
We may disclose your data in order to make certain services available to you.
We may disclose your data to:
In very limited circumstances, such as for identification purposes, or when required by law or a court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent. Where possible you will be informed of these requests for disclosure.
All confidential information is sent via secure methods. Electronic communications and stored data are encrypted. All computerised clinical records are backed up and encrypted copies are kept off-site. Staff criminal record check information is kept securely in a lockable, non-portable storage cabinet with access strictly controlled and limited to persons who need to have access to this information in the course of their duties.
Unfortunately, the transmission of data via the internet cannot be classed as completely secure. We will strive to protect your personal data, but we cannot guarantee the security of the data once it has been transmitted via the internet, Instagram or Facebook or other online community portals, any transmission is at your own risk.
In the event that any entity of The Neem Tree Dental Practice, or substantially all of its assets, are acquired by one or more third parties as a result of an acquisition, merger, sale, reorganisation, consolidation or liquidation, Personal Information may be one of the transferred assets.
Our cookies do not store personal information (such as your name or address). Cookies simply allow our website to retrieve information in order to improve your experience of our website.
Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
Here is a list of cookies may be sent to your device when browsing our site.
Geo Targeting cookies are used to display appropriate contact information based on the visitors location.
These are Google Analytics cookies. We use these cookies to see how many visitors use our website and which pages they view. We use this information to make our website easy to use.
Third party cookies
How to manage cookies
If you would like to restrict, block or delete cookies from ours or any other website, you can use your browser to do this. Each browser is different so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences.
Further information about cookies
If you wish to learn more about cookies in general and how to manage them, visit www.allaboutcookies.org.
Personal data shall be processed in accordance with the rights of data subjects under this Act.
Subject Access Requests
Patients and team members can have access to view the original of their records free of charge. Copies of patient or team member records are provided following a written request to the Practice Manager using the ICO Subject access request template. Radiograph copies are charged at the current cost of taking x-rays at the practice. The requested copies will be provided within 30 days on receipt of payment.
An employee or a patient may challenge information held on record and, following investigation, should the information be inaccurate the practice will correct the records and inform person of the change in writing.
When the request for information is about the personal data of a child, the practice will consider if the child is mature enough to understand their rights. If they do, then the practice will consider responding directly to the child rather than the parent. If it is decided that the child is not mature enough to understand their rights, and there is some doubt about parental responsibility, proof of identity and evidence of parental responsibility will be requested. The practice will update its privacy notice to ensure its gives information in a language that can be understood by a child on any processing of children’s personal data.
When the practice receives a third-party request for information on someone else’s behalf (e.g. from a solicitor) evidence of their permission will be requested, this could be a written authority to make a request or a power of attorney.
When the practice receives a third-party request for information for a patient who lacks the mental capacity to manage their affairs the practice will ask to see evidence of a Lasting Power of Attorney or the evidence of appointment by:
This policy should be read in conjunction with the Confidentiality Policy, and the Information Governance Policy.
All of the data you provide in the application process will only be utilised for the purpose of progressing your application with us. The information you provide will be held securely by us whether the data is electronic or in a physical format.
We will use the contact details provided to contact you to discuss/progress your application.
If your application is unsuccessful and there is no requirement to keep your data, We will dispose accordingly.
We will always hold your information securely. To prevent unlawful disclosure or access to your information, we have implemented strong physical and electronic security safeguards.
We also follow stringent procedures to ensure we work with all personal data in accordance with the Data Protection Act 1998.
The Neem Tree Dental Practice has appropriate procedures to ensure personal data breaches are detected, investigated and reported effectively, including procedures to assess and then report any breaches to the ICO where the individual is likely to suffer some form of damage, e.g. through identity theft or confidentiality breach.
The practice will report serious data breaches to the ICO within 72 hours of becoming aware of the essential facts. The practice will keep a log of all data breaches and record the basic facts, effects of the breach and remedial action taken.
How long do we keep your data
We will retain your dental records and orthodontic study models while you are a practice patient and after you cease to be a patient, for at least eleven years, or for children until age 25, whichever is the longer.
Changes to our privacy notice
We withhold the right to change/updated our Privacy Notice as required in the future. Any changes will be posted on this page.
If you have any questions or queries on how We use your personal data that are not answered here, or if you wish to exercise your rights, please contact us by any of the following methods:
If you do not wish personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your dentist or write to us. You have the right to object; however, this may affect our ability to provide you with dental care. You have a right to withdraw your consent at any time, however this will not be retrospective.
If at anytime you are unhappy with our use of your information, you can contact us on the methods above in the contact section.
You are also entitled to lodge a formal complaint with the UK Information Commissioner’s Office using any of the below contact methods:
Telephone: 0303 123 11113
Post: Information Commissioner’s Office
Links to other websites
Our website may contain links to other websites.
Please note that we have no control of websites outside of the www.theneemtree.co.uk domain. If you provide information to a website to which we link, we are not responsible for your data protection and privacy.
Always be wary when submitting data via interactive website templates. Study the website data protection policy and the status of the website itself – is it padlocked or using https:// or green bar transfer protocols?).
This Privacy Notice does not provide exhaustive detail of all aspects of us, collection and use of personal information. However, we are happy to provide any additional information or explanation needed when requested.
We make every effort to ensure that we the information provided on our website is accurate and current. However, it cannot guarantee this, and cannot accept responsibility for any errors, omissions, misstatements or mistakes on the website. Anyone becoming aware of such matters is requested to notify us in writing or by e-mail at [email protected]
Neem Tree Clinic Limited © 2004 - 2018