Data protection and confidentiality statement
The Data Protection Act 1998 (“DPA”) applies to all organisations that process data about living individuals. This includes information which DPAS Limited (“DPAS”,”we” or “us”) holds about our customers (“you”) in whatever form e.g. computer or paper records. You have rights under the DPA to acquire copies of personal information that we hold about you, however, you need to be aware that not all personal information is covered by the DPA.
Eight principles under the Act
All organisations that handle personal data must comply with the following legally enforceable principles of good data handling practice. Data must be;
- Fairly and lawfully processed (this means that the individual should know how their information will be used);
- Processed for limited purposes (this means data must only be used for the purposes which the individual has been told about and which are covered in the notification);
- Adequate, relevant and not excessive;
- Accurate and, where necessary, up to date;
- Not kept longer than necessary;
- Processed in accordance with the data subjects’ (your) rights;
- Secure; and
- Not transferred to other countries outside the European Economic Area (EEA) without adequate protection.
Information we hold about you
What information do we keep about you?
- We keep personal details e.g. name, address, date of birth
- We keep your dental practice and dentist details e.g. name of your practice, and the name of your dentist, and what monthly or annual fee rate your dentist has set for you.
- We keep your bank details, in order to process your Direct Debit Mandate instructions.
- We may obtain sensitive medical information directly from you or your dental practice in relation to the settling of dental insurance claims, and the prevention of fraud.
- We only obtain information from third parties if this is permitted by law.
- We may also use legal public sources to obtain information about you.
Why do we keep information about you?
- We keep customer information in order to carry out the services that we provide and to meet out legal, statutory and regulatory obligations. In addition, we keep it to advertise and market our business services.
Who has access to the information?
- Customer information is held securely and in accordance with data protection legislation. Access is restricted to DPAS employees and agents (including our data processors) that need to access and process the information in order to perform their duties. Otherwise, your information is generally only provided to you.
- We may provide information to certain third parties, as follows;
- To other companies in our group of companies;
- To relevant business associates and other professional advisors that help DPAS in the delivery of its services;
- To legal and regulatory authorities such as the Her Majesties Revenue and Customs (HMRC), auditors, accountants, lawyers and other professional advisors;
- As required by law.
- If a third party asks for information about you, we will check the identity and authority of the third party to make sure that they are entitled to the information, and we will ensure that any disclosure is permissible under the DPA.
Data access rights
- The DPA grants you the right to access most of the personal information that we hold about you. This is referred to as a subject access request. (Under DPA we are allowed to charge a small administrative fee, currently a maximum of £10 per written request, to provide you with access to the requested information).
- If you wish to see details of your information held by us, please submit a formal letter to our Compliance Manager, using our Place Farm Courtyard address. You must provide your full contact details, and details of the information that you wish to have a copy of.
- We shall promptly respond, and at most within 40 days from the point of receiving the following: the request, all necessary information from you, and the £10 fee. Our formal response shall include details of the personal information we hold about you, including the following: sources from which we acquired the information, the purposes for processing the information, and who we are sharing information with.
- You are also able to access our up-to-date data protection notifications on the Information Commissioner’s website: http://www.ico.gov.uk . This website also provides guidelines on how to make subject access requests.
Responsibility for this policy
Our Compliance Manager is responsible for this policy and must approve any changes. If you have any questions about this policy, please contact our Compliance Manager at our Place Farm Courtyard address.
Get in touch
To find out more about our services or to arrange an appointment with your local DPAS Practice Consultant, get in touch via the link below:
We can provide extensive marketing and patient recruitment support to your practice. Follow the link below for more information: