Privacy Statement

Enlighten Dental Care is committed to complying with the Data Protection Act 1998, the General Data Protection Regulation (GDPR), GDC, NHS and other standards.
The practice only keeps relevant information about employees for the purpose of employment, and
about patients to provide them with safe and appropriate dental care.
The person responsible for Data protection is Lynn Birch-Holmes.
Our legal basis for processing data is:


Medical purposes

Processing is necessary for the performance of our care for patients and the health care data we process
is called special data.
Employment/Social Security Law.
Hard copy and computerised records are stored, reviewed and updated securely and confidentially.
Records are securely destroyed when no longer required. Confidential information is only seen by the
person who needs to see it and the team are trained on our policies and procedures to keep information

The personal information may be disclosed to a dentist, doctor, health care professional, hospital, NHS
authorities, HMRC, the benefits Agency, for identification or if required by law.

All confidential information is sent via secure methods. Electronic communications and stored data are

All computerised clinical records are backed up and encrypted copies are kept off- site.

Data Breach
The practice will report serious data breaches to the ICO within 72 hrs of becoming aware of the breach.
The practice will keep a log of all personal data breaches. The individual concerned will be notified as
soon as possible without delay.
Subject Access Requests.

Patients and team members can have access to view the original of their records free of charge.
Copies are provided following a written request to the Principal Fiona Quinn using the ICO Subject
access request template free of charge within 1 month of the request.
Deleting Personal Data

Our procedures for deleting personal data in electronic or paper are detailed in the Record
Management. If not related to necessary clinical or employment records, we will delete personal data.
All requests for access, disclosures, consent to disclosure must be recorded.