Privacy Notice
The practice aims to meet the requirements of the Data Protection Act 2018, the United Kingdom General Data Protection Regulation (UK GDPR), the guidelines on the Information Commissioner’s Office (ICO) website, as well as our professional guidelines and requirements.
The Data Controller is John Alesbrook. The Information Governance Lead is Nicola Alesbrook, who is also the Data Protection Officer.
This Privacy Notice is available by email if you contact [email protected], or by calling 0114 266 1265.
You will be asked to provide personal information when joining the practice. The purpose of processing your personal data is to provide you with optimum dental health care and prevention.
Categories and Examples of Data We Process:
Personal data for the provision of dental health care
Personal data for the purposes of treatment plans, recall appointments, reminders, or estimates
Personal data such as details of family members for the provision of care to children or for emergency contact purposes
Personal data for the purposes of employment and engagement of employed and self-employed team members
Personal data for the purposes of [direct mail/email/text/other] to inform you of important announcements or new treatments/services
Personal data – IP addresses, to understand our patients better, inform our marketing approach, and improve the website experience
Special category data, including health records, for the delivery of health care and legal compliance
Special category data to meet the requirements of the Equality Act 2010
Special category data, including criminal record check details for employees and contracted team members
We minimise the data we keep and do not retain it for longer than necessary.
We never pass your personal details to a third party unless we have a contract for them to process data on our behalf. Otherwise, we will keep it confidential. If we intend to refer a patient to another practitioner or to secondary care, such as a hospital, we will obtain the individual’s permission before making the referral and sharing personal data. Your data will be shared with the NHS if you are receiving NHS treatment.
Where Your Data is Stored:
Personal data is stored in the UK or EU, in either digital or hard copy format
Personal data may be stored outside the UK and/or EU in digital format when suitable safeguards are in place
Personal data is obtained when a patient joins the practice, is referred to us, or subscribes to an email list
For full details about data storage, please request our Information Governance Procedures (M 217C).
Lawful Bases for Processing Your Data:
Our lawful bases for processing personal data:
The legitimate interests of the dental practice
Processing necessary for the performance of a contract or to take steps to enter into one
Consent of the data subject
Compliance with legal obligations
Our Article 9 conditions for processing special category data:
Processing necessary for health care purposes
Processing necessary to identify or review the existence/absence of equality of opportunity or treatment
Consent of the data subject for criminal record checks
Processing necessary for the establishment, exercise, or defence of legal claims
Reasons We Process Data Include:
Maintaining contemporaneous clinical records
Providing dental treatment, prevention, and oral health advice
Carrying out financial transactions
[Managing your NHS dental care treatment]
Sending personal data to the General Dental Council or other authorities as required
Communicating with you (e.g. appointment reminders, treatment plans, estimates)
Contacting your next of kin in an emergency
Contacting a parent or carer regarding someone under their care
Referring you to other dental or medical professionals
Obtaining criminal record disclosures for team members
Debt recovery
Improving the care and service you receive
Personal Data We Process Includes:
Your name, address, gender, date of birth, NHS number, medical history, dental history, family medical history, family contact details, marital status, financial details for processing payments, your doctor’s details, and treatment records. We may also process special category data, including ethnicity, race, religion, or sexual orientation, to meet obligations under the Equality Act 2010 or tailor treatment appropriately.
Data Retention Periods:
Special category data in patient records is retained for a minimum of 15 years (longer for complex records or legal obligations).
Other personal data is retained for two years after it was last processed.
For more details, see the Record Retention Procedure (M 215).
How We Obtain Personal Data:
We obtain your personal details when you:
Enquire about our services
Join the practice
Subscribe to our newsletter or register online
Complete a registration or medical history form
Are referred to us by another practitioner
Are referred by an NHS clinic or hospital
Your Personal Data Rights:
The right to be informed about the collection and use of your personal data
The right of access – to have a copy of the data we hold about you (generally free of charge)
The right to rectification – to correct inaccurate or incomplete data
The right to erasure – to delete personal data (note: clinical records must be retained for a set period)
The right to restrict processing of your personal data
The right to data portability – to have your data transferred to another party
The right to object to processing
Rights related to automated decision-making and profiling
Examples:
If you are a patient, you can withdraw consent for newsletters, surveys, or marketing.
You can correct personal details or opt out of communication methods (e.g., phone, email, text).
You have the right to obtain a free copy of your records within one month.
If you are not a patient, you still have the right to withdraw consent, request a copy of your data, correct errors, or ask for data deletion.
We have carried out a Privacy Impact Assessment as part of our Sensitive Information Map, PIA and Risk Assessment (M 217Q). You can request a copy of this document. Details of how we ensure data security are included in our Security Risk Assessment (M 217M) and Information Governance Procedures (M 217C).
Comments, Suggestions, and Complaints
Please contact the IG Lead at the practice with any comments, suggestions, or complaints about data processing:
Email: [email protected]
Phone: 0114 266 1265
Address: 17a Sandygate Road, Sheffield, South Yorkshire, S10 5NG
We take complaints very seriously.
If you are unhappy with our response or need further advice, you should contact the Information Commissioner’s Office (ICO):
Phone: 0303 123 1113
Website: https://ico.org.uk
Online chat available on the ICO website
Related Practice Policies Available on Request:
Data Protection and Information Security Policy (M 233-DPT)
Consent Policy (M 233-CNS)
Sensitive Information Map, PIA and Risk Assessment (M 217Q)
Information Governance Procedures (M 217C)
Record Retention Procedure (M 215)
Contact for Enquiries:
Nicola Alesbrook – Information Governance Lead
Email: [email protected]
Phone: 0114 266 1265
Thank you.
Data Opt-Out Policy
How the NHS and Care Services Use Your Information
Sandygate Dental is one of many organisations working within the health and care system to improve care for patients and the public. Whenever you use a health or care service—such as attending Accident & Emergency or accessing Community Care services—important information about you is collected in a patient record for that service. This information helps ensure you receive the best possible care and treatment.
Information collected during your use of these services may also be used and shared with other organisations for purposes beyond your individual care. These purposes may include:
Improving the quality and standards of care provided
Conducting research into the development of new treatments
Preventing illness and disease
Monitoring safety
Planning health and care services
Such use of information will only occur when there is a clear legal basis for doing so. All of these uses support better health and care for you, your family, and future generations. Confidential patient information is only used in this way where permitted by law.
In most cases, anonymised data is used for research and planning purposes, meaning you cannot be identified and your confidential patient information is not required.
Your Right to Choose
You have a choice about whether your confidential patient information is used for purposes beyond your individual care.
If you are happy with this use of information, you do not need to take any action.
If you choose to opt out, your confidential patient information will still be used to support your own care.
To find out more or to register your choice to opt out, please visit:
www.nhs.uk/your-nhs-data-matters
On this website, you can:
Understand what is meant by confidential patient information
See examples of when it is used for individual care and when it is used for purposes beyond individual care
Learn more about the benefits of data sharing
Discover who uses the data and how it is protected
Access the system to view, set, or change your opt-out preferences
Find the telephone number to set or change your opt-out by phone
Understand where the opt-out does not apply
You can also learn more about how patient information is used at:
Health Research Authority – covering health and care research
Understanding Patient Data – explaining how and why data is used, safeguards in place, and how decisions are made
You can change your mind about your data opt-out choice at any time.
Important Notes:
Data used or shared for purposes beyond individual care does not include your information being shared with insurance companies or used for marketing. These uses would only occur with your explicit consent.
NHS health and care organisations must have systems and processes in place to comply with the national data opt-out and to apply your choice whenever confidential patient information is used for purposes beyond individual care.
About Sandygate Dental:
At Sandygate Dental, we only use your personal health data to provide direct, individualised care. We do not disclose your data for any other purposes. The national data opt-out does not apply to our usage of your data, and we are fully compliant with the policy.
Processing of Staff and Candidates’ Information
How We Process Staff and Applicant Information
This section explains how Sandygate Dental processes the personal information of staff and applicants for job roles within the practice.
What Data Do We Collect?
To provide a safe and professional service, we are required to maintain certain records about our team members. We may collect the following types of data:
Basic personal details and contact information, such as:
Name
Address
Date of birth
National Insurance number
Emergency contact/next of kin
Financial details, such as:
Salary and payment information
Insurance, pension, and tax details
Employment-related records, such as:
Training and development records
We may also collect “special category” data, including:
Health and social care information, which may include both physical and mental health details. This is collected only when necessary for employment-related purposes (e.g., fit notes or to process statutory maternity/paternity pay).
Diversity and inclusion information (e.g., race, ethnic origin, sexual orientation, or religion), with your explicit consent.
Criminal Record Checks:
As part of the recruitment or employment process, you may be required to undergo a criminal record check. This information is retained only for as long as necessary—typically no longer than six months after the recruitment decision—unless a dispute arises or there are exceptional circumstances.
Why Do We Collect This Data?
We collect this data to:
Communicate with you
Pay you correctly
Ensure you receive necessary training and support
Fulfil our legal obligations
Manage your employment relationship
Legal bases for processing your data include:
Legal obligation under UK employment law
Legitimate interests, such as administration of training, emergency planning, or recruitment—these interests are standard operational or HR-related practices
Public interest obligations, e.g. reporting to the CQC or NHS
Performance of a public task, where applicable
Processing of special category data, such as:
Health data, necessary for statutory sick or parental leave pay
Criminal records data, processed under the Data Protection Act 2018 and the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975, due to the nature of the work
Consent:
In some cases, we may process your data based on your explicit consent (e.g. for diversity monitoring). When consent is required, we will clearly explain the purpose and provide a genuine choice. You can withdraw your consent at any time.
Where Do We Collect Your Data From?
We collect data from:
You directly
Your legal representative(s)
Third parties, such as references from previous employers
This data may be collected via:
Face-to-face conversations
Phone calls
Email
Our website
Post
Application forms
Apps or software platforms
How Do We Share Your Data?
We may share your data with third parties where there is a legal or contractual obligation. These include:
HM Revenue & Customs (HMRC)
Pension and healthcare scheme providers
External payroll processors
Organisations with legal safeguarding responsibilities, such as the Care Quality Commission (CQC)
Police or law enforcement agencies, when required by law or court order
How Long Do We Keep Your Data?
Staff records are retained for six years after employment ends.
Certain records may be kept longer where legally required.
Unsuccessful applicant forms and interview notes are retained for one year.
Please refer to our Record Retention Procedure (M 215) for more information about how we manage and dispose of staff data.
Your Rights
As an individual, you have rights in relation to the processing of your personal data, including the right to:
Request access to your personal information
Request correction of inaccurate data
Request erasure (in certain circumstances)
Object to or restrict certain types of processing
Lodge a complaint with the Information Commissioner’s Office (ICO)
To request access to your personal file or to exercise any of your rights, please contact:
Nicola Alesbrook
Information Governance Lead
Email: [email protected]
Phone: 0114 266 1265
For more information about your rights, please visit the ICO website.