Privacy Policy - Beyond Dental
Home > Privacy Policy
Beyond Dental

Privacy Policy

This website uses Google Analytics to help analyse how users use the site. The tool uses “cookies,” which are text files placed on your computer, to collect standard Internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including IP address) is transmitted to Google. This information is then used to evaluate visitors’ use of the website and to compile statistical reports on website activity.

We will never (and will not allow any third party to) use the statistical analytics tool to track or to collect any Personally Identifiable Information (PII) of visitors to our site. Google will not associate your IP address with any other data held by Google. Neither we nor Google will link, or seek to link, an IP address with the identity of a computer user. We will not associate any data gathered from this site with any Personally Identifiable Information from any source, unless you explicitly submit that information via a fill-in form on our website.

If you have questions concerning our privacy policy, please use our contact details to discuss them. Should you wish to view your details or to be removed from our database please do not hesitate to contact our team directly on

Privacy Notice

The practice aims to meet the requirements of the Data Protection Act 2018, and the General Data Protection Regulation (GDPR). This notice describes our procedures for ensuring that personal information about our patients and employees is processed fairly and lawfully.

The data controller is the Clinical Director Dr Gareth McAleer . The Information Governance Lead is Practice Manager.

This Privacy Notice is available on the practice website at or at reception in the Practice Information Booklet.

Description of processing

The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal information communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to unable us:

To provide safe and effective healthcare services to our patients
Maintain our own accounts and records
Promote and advertise our services
To support and manage our employees
Who the information is processed about?

We process personal information about:

Advisers, consultants, other professional experts
Type/classes of information processed

Personal details
Medical History
Dental cast models
Family details
Goods and services
Financial details
Education and employment details
Who the information may be shared with?

We sometimes need to share the personal information we process with the individual themselves and with other organisations i.e. specialist referrals. Where this is necessary, we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with one or more reasons.

Where necessary or required we share information with:

Healthcare professionals
Social and welfare organisations
Dental Practice Board – GDC
Central government
Financial organisations
Current, past and prospective employers
Educators and examining boards
Family, associates and representatives of the person whose personal data we are processing.
Quality Care Commission (CQC)
CCTV – Crime Prevention

CCTV is used to maintain security of the premises and for preventing and investigating crime. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders or members of the public. Where required this information may be shared with the data subjects themselves, employees, the service provider, police forces and persons making an enquiry. We have a CCTV policy in place and is available on request.


It may be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act.


This policy sets out how our practice uses and protects any information that you provide when you use our website. Here you can read further information about how we use your data.

When using our practice website all transmission of personal information and other means of communication is not secure and patients use it at their own risk. Information submitted to our practice through our website is normally unprotected until it reaches us. In addition, users are also requested not to send confidential details or credit card numbers, for example by email.

Our website DO NOT give out or hold any confidential information.

Privacy Impact Assessment and Data Protection Impact Assessment

We did assessments and have reformulated our policies including this Privacy Policy. In addition, as part of our procedures we review our impact assessments on a yearly basis and whenever we feel it necessary e.g. advise from the GDC or ICO or where rights and freedoms of individuals are at risk.

Personal Information

In providing you with our services, our practice will handle your personal information. Personal information is information about you from which you can be identified, such as your name and contact details. Depending on what services you receive from us, this will include sensitive personal information such as medical information.

By providing your data and/or information, or by using our practice website or other online or digital platforms, you consent to the use of data and information as described or referred to in this privacy policy.

If we make a change to any of the ways in which we process personal information, we will update our website and notice boards in the practice.

Confidential and Medical Information

The confidentiality of your personal information is of paramount concern to our practice and we comply with UK data protection law and all the applicable medical confidentiality guidelines issued by professional bodies such as the General Dental Council, ICO and the CQC.

Your confidential medical information will only be disclosed:

To those involved with your treatment or care
In accordance with UK law and guidelines from professional bodies
For the purposes of clinical audit (unless you object)
If you receive services from our practice and that service transfers to a new provider, we may share your personal and confidential medical information with the new provider.

Sending information by email

Most patients have their x-rays sent by email and we ask the patients to input their email address at the time of transmission. All such transmissions are done at the patients’ own risk. Any requests for clinical information re: treatment or if the patient wishes to opt out in receiving any correspondence from us, then this must be provided in writing. This request will be processed within 48hrs of receiving it.

Sending Emails, letters and texts to patients

If you let us know we will remove your contact details so that you do not receive emails or texts. We will still hold the information but no longer use it. The only reason we would contact you after that would be if there is an overriding reason e.g. regulator GDC/CQC/ICO.

Securing information

We are committed to keeping your personal information secure. We have put in place physical, electronic and operational procedures intended to safeguard and secure the information we collect. Our practice staff members have a legal duty to respect the confidentiality of your information, and access to your confidential information is restricted only to those who have a reasonable need to access it.

Personal Data Breaches

We have in place a process to assess the likely risk to individuals as a result of a breach
We will report certain types of personal data breach to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms we will inform those individuals without undue delay.
We will ensure you have a robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and affected individuals.
We will keep a record of any personal data breaches, regardless of whether we are required to notify.
Information we may hold about you

The information we hold about you may include the following:

Basic details such as name, address, contact details and next of kin
Details of contact we have had of you
Details of services you have received
Payments made (we do not store credit/debit card details)
Information about complaints and incidents
Notes and reports about your health and any treatment and care you have received or need
Recording of calls we receive or make
Other information we receive from other sources, including from your use of websites and other digital platforms we operate or the other services we provide or information provided by other companies who have obtained your permission to share information about you.
When we collect information

Information about you is collected when:

You use our services
You submit a query for us, for example by email, telephone or social media, including where you reference our practice in a public social media post
You participate in any marketing activity.
We may also collect personal information about you from other people when:

We liaise with

Your family
Health professional
Other treatment or benefit provider
We only share information in this way where:

We are required by law or in accordance with guidance from professional bodies.
You have provided your consent or in circumstances where you are incapable of giving consent
We are unable, or it is not reasonable to seek your permission.
Using your information

We use personal information to provide you with our services, and to improve and extend our services. This may include:

Responding to your queries
Supporting your medical treatment or care and other benefits
Internal record keeping and administration within our practice.
Responding to requests where we have a legal or regulatory obligation to do so.
Checking the accuracy of this information about you, and the quality of your treatment or care, including auditing medical and billing information.
Supporting your nurse, carer or other healthcare professional
Assessing the type and quality of care you have received and any concerns or complaints you raise, so that these can be properly investigated.
Sharing Information

Our practice works with other individuals and organisations to provide our services to you and this may involve them handling your personal information. This handling of your information may be done within the European Economic Area and we insure that the confidentiality and security of your personal information is protected by contractual restrictions and service monitoring.

We do not share your personal information with anyone outside of our practice to use for their own purposes, except:

When we have your permission
When we are permitted or obliged to do so by law (safeguarding).
To protect the rights, property or safety of Claydon Dental, our customers, or others.
In order to detect, prevent and help prosecution of financial crime. For example, we may share information with fraud prevention or law enforcement agencies, and other organisations. If we suspect fraudulent activity we may inform the person or organisation who administers or funds our practice service.
Keeping Information

We will only keep personal information for as long as is necessary and in accordance with UK law. We follow the guidelines for how long we retain data set out by:

The General Dental Council (GDC)
The Information Commissioner Office (ICO)
The Quality Care Commission (CQC)
Keeping information confidential and secure

We achieve this by

Training all staff members as part of their induction
Ongoing and regular and frequent training of all staff members at least once a year
Internal reporting procedures
Robust methods of breach detection
All data processors are required to inform the data controller of all breaches with undue delay
Proper password policy and procedures
Enhanced Police Checks on all staff members
Proper storage of digital and not digital data
Proper destruction of data that we no longer need
Secure screensavers
Ensuring that staff are aware of their individual responsibilities for data handling and processing
Following best practice as advised by the GDC, ICO, CQC and DP
Have effective working relationship with people/companies who have access or share our data
Regular audits of our risk and of our procedures
Feedback from staff, patients, visitors and partners.
We only keep your personal information for as long as is necessary and in accordance with UK Law.

Our Data Suppliers

The only people with access to our data and/or computer system are:

Our computer maintenance/security partner company
Our dental database company
Access to your information and records

We need to verify that a request made is being made by a legitimate person and we therefor will always carry our security measures to determine the legitimacy of a request and this is especially true when the request is being made using email or another digital platform.
The request should always be made in writing and handed into reception or sent by post
Almost all requests for copies of data are dealt with on the day or within 48hrs of receiving the letter or email.
We prefer to give patients information and data directly to the patient rather that to a third party as this limits the opportunity for breaches and also means that the patient is directly in control and responsible if the decide to subsequently share the information.
Complaints about the way we use your data

These should be addressed to:

Stephanie Gibbs, 42 Holy Walk, Leamington Spa, CV32 4YS. If you are unhappy with our response you may complain to:

Information Commissioners Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Telephone Number: 0303 1231113 (Local Rate) or 01625 545745 if you prefer to use a national rate number.

Accessing Information

If you have any data protection queries, please contact our Stephanie Gibbs on 0344 216 3007 or email or write to Stephanie Gibbs, 42 Holy Walk, Leamington Spa, CV32 4YS. If you request a copy of the personal information we hold about you and you ask to correct or remove (where justified) any inaccurate information. The charge for this is free however, there may be a small charge if you request further copies. We may also ask you to provide additional documentation to confirm your identity or, if you are seeking to access personal information of another individual, proof of their consent or your legal right to receive personal information.

Updating this privacy policy

We review and update this notice regularly.