Why we collect your information
Your dentist keeps records about your oral health and any dental care you receive at St Raphael’s Dental Practice as part of both the National Health Service and under private dental care arrangements.
These records help us to ensure that you receive the best possible care from us and ensure that we are always up to date with your appointments, dental history and oral health.
Your records are both written down (manual records) and held electronically on a computer.
The records we hold for you will include: basic details about you such as: your name, address, contact details, next of kin contact details, , details of your medical history, history of your dental appointments including notes and reports about your oral health and treatment provided relating to each appointment and details of any planned dental treatment you require, results of any investigations, such as X-rays and any relevant information from other healthcare professionals including your GP and specialist dental care services following sending of any referrals.
The lawful basis for the collection and processing of your data under Article 6 (1) and Article 9 (2h) of GDPR is the provisions of providing you with initial and ongoing dental care under the basis of a contract and on the basis of legitimate interest.
How this helps you?
Your records are used to guide and administer the care you receive to ensure: your dentist and any other healthcare professionals involved in your care have accurate and up-to date information to assess your oral health and decide what care you need when you visit in the future, if your dentist is away and you attend the practice as an urgent case then full information is available should you see another dentist and care can be delivered effectively and efficiently.
How we protect your personal information
Everyone working for at the practice and within the NHS has a legal duty to keep information about you confidential
You may be receiving care from other organisations as well as the NHS (like Social Services). We may need to share some information about you so we can all work together for your benefit. We will only ever use or pass on information about you if others involved in your care have a genuine need for it. We will not disclose your information to third parties without your permission unless there are exceptional circumstances, such as when the health or safety of others is at risk or where the law requires information to be passed on.
Anyone who receives information from us is also under a legal duty to keep it confidential
We are required by law to report certain information to the appropriate authorities. This is only provided after formal permission has been given by a qualified health professional. Occasions when we must pass on information include:
Where we encounter infectious diseases which may endanger the safety of others, such as meningitis or measles where a formal court order has been issued
Our guiding principle is that we are holding your records in strict confidence and in accordance with GDPR and associated legislation
Who may need your information?
Local Health Authorities
NHS Trusts & Hospitals
General Practitioners (GPs)
Dental Practice Board / NHS Dental Services
Your information may also, subject to strict agreements describing how it will be used, be shared with:
NHS Common Services Agencies
such as Primary Care Support Services
Private Referral Providers
Fee collection agencies for unpaid fees
You have the right to ask us not to process your information for the purpose of marketing, we will normally inform you if we intend to communicate with you can exercise this preference in this way and our paper medical history forms by checking the box if you wish to be contacted or don’t wish to be contacted in this way or through unsubscribing through our email communication.
Please contact our practice should you wish to amend your name, address, contact details, GP Details or Medical Details to ensure we hold the correct information for you and so we can provide the most efficient service possible.
Your rights to requesting your records
The General Data Protection Regulations (GDPR) allows you to find out what information about you is held on computer and in certain manual records. This is known as “right of subject access.” It applies to your health records. If you want to see them you should make a written request to the Data Protection officer. You are entitled to receive a copy and we will aim to meet your request within 1 month or sooner. You should also be aware that in certain circumstances your right to see some details in your health records may be limited in your own interest or for other reasons.
In accordance with legislation your records will be retained for a period of 10 years since your last recorded correspondence with the practice.
Request for information and concerns
Requests must be in writing (email is acceptable but you may be asked for proof of identity) and must include the name and address for the correspondence and a clear description of the information requested.
Requests for information should be made to:
David Noon: Data Protection Officer
St Raphael’s Dental Practice Ltd
65 Ormskirk Road
Should you have any further questions of have any concerns relating to how our practice processes personal data then please contact the Data Protection Officer on 01695 627 617.
CCTV has been installed at St Raphael’s Dental Practice Limited for the purpose of safeguarding the safety and security of our property, patients and staff. The scheme is managed by St Raphael’s Dental Practice Ltd, for enquires regarding our practice CCTV scheme people may contact the Data Protection Officer who is David Noon and she/he may be contacted in writing to St Raphael’s Dental Practice Ltd, 65 Ormskirk Road, Upholland, Lancashire WN8 0AH
The legal basis of holding CCTV information is on the basis of legitimate interest:
Promote the safety and security of our property, patients and staff
Evidence gathering on the basis of belief that a criminal offence has been committed
Evidence gathering on the basis of receipt of claims for personal injury
St Raphael’s Dental Practice Ltd will cooperate with relevant authorities e.g. Lancashire Police.
We only share data captured by CCTV where there is cause to believe the safety and security of property/patients/staff has been compromised, on the basis of reasonable belief that a criminal offence has been committed and/or for the purpose of investigating and mediating against any claims for personal injury . We do not ever share images with any other third parties.
A further legal basis of holding CCTV information is on the basis of fulfilment of a contract
It may be necessary to process and use information gathered from CCTV to assist with a disciplinary investigation where there is a clear and justifiable business need.
Any details obtained from extracted CCTV data will be stored up to a maximum retention period of 6 years following the end of contract of employment / self-employment as part of disciplinary records relating to a record of employment.
Images are recorded 24 hours a day, seven days a week and stored on the hard drive of the recording device.
The recording device is situated in a locked office and only the Practice Manager and practice owner has access to the recordings. Access to view footage is restricted to need to know basis dependent on individual staff roles.
All CCTV recordings are stored on our recording devices’ hard-drive for 30 days before being automatically and permanently erased.
CCTV is operational in our waiting area/reception/external view of our property including our car park on side access approach to our car park.
Signs informing visitors that CCTV is in place can be found in the waiting area/reception.
The CCTV only records images and does not record audio.
There is no scope currently for CCTV to be installed within immediate areas where dental treatment is carried out.
The location and angulation of cameras has been done so giving due regard to local residents personal properties at the time of installation.
Subject access requests
Visitors to the practice have the right to request to see images of themselves on CCTV as part of a Data Protection request under GDPR (subject to the basis images have yet to be auto deleted by the system). Like all Data Protection requests, this request must be made in writing and the same exceptions apply. We will also require information that will allow us to identify the visitor, the date and time of the visit.
Where a subject access request arises the practice will provide the footage in accordance with GDPR, however any persons who are shown on disclosed CCTV footage and not relating to the person in question (members of practice staff, other patients and visitors to the building), these images will be blurred out to protect the individuals identity.
We have notified the ICO of our use of CCTV including providing our reasons for doing so and have followed the CCTV guidelines produced by the Information Commissioners’
Office, http://www.ico.org.uk/for_organisations/data_protection throughout
When you visit this website we may send “cookies” to your computer to enhance your on-line experience. Cookies are files which can identify you as a unique viewer and store your personal preferences as well as technical information. On their own cookies do not contain or reveal personal information from website viewers. However if you wish to provide the website with your personal details, this information may be linked to the data stored in cookies.
Cookies may also collect a certain amount of technical information including when you visit many of our webpages and the type of web browser you are using, the type of operating system and the domain name of your internet service provider.
If you would like to know more about how we use your information or if, for any reason, you do not wish to have your information used in any of the ways described in this leaflet please speak to the dentist concerned with your care or the practice manager/Data Protection Officer.
Principal Dentist: Raphy Paul
Practice Manager: David Noon
Data Protection Officer: David Noon
Data Controller: Puthri Raphy
The Information Commissioner
The information Commissioner is an independent public body and reports directly to Parliament. The Commissioner is responsible for implementing the Act. Further information available at:
Other informative FOIA websites: