Patient Data Privacy Notice

Community Dental Services – CIC (CDS) takes confidentiality and privacy rights seriously. This notice explains how we collect, process, transfer and store personal information and demonstrates our accountability and transparency under the General Data Protection Regulation (GDPR) 2018.

How will we meet the principles of the GDPR?

We will process your personal information fairly and lawfully and only use it for lawful reasons, advising you in advance of how we intend to use it and about your rights.

The General Data Protection Regulations set out that we can use your personal information to provide you with your care without seeking your consent. However, you do have the right to say ‘No’ to us using your data but this is likely to impact on our ability to provide your care.

We only collect and use personal information that is relevant and necessary to provide your care and treatment and will not use it for other purposes.

CDS will keep your information accurate and up to date and if it is found to be wrong, we will correct it.

We shall keep your personal identifiable information only for as long as we are legally required, using secure processes whilst storing, using and sharing where required.

What information do we collect from you?

The dental team, such as dentists, dental hygienists, therapists and nurses and other staff involved in your care, will keep records about your health and any care and treatment provided.

This may include:

  • Basic details such as name, address, date of birth, phone number, email address, NHS number and medical practitioner
  • Information about your oral health care and treatment provided or purpose and its cost
  • Radiographs, clinical photographs, study models and test results and diagnosis
  • Relevant information from other professionals and healthcare services
  • Information on medicines, side effects and allergies
  • Notes of conservations or incidents that might occur for which a record needs to be kept
  • Records of consent to treatment
  • Patient experience feedback and treatment outcome information, you provide

Most of your records are electronic and are held on a computer system and secure IT network or in a paper form kept securely.

Why do we collect this information about you?

We need to keep accurate personal data about you for us to;

  • Assess your needs and for making decisions with you about your care
  • Have details of contact with you, such as appointments and care we have provided and if necessary refer you to a hospital or community service.
  • Assess the quality of care we give you
  • Investigate if you have a concern or a complaint about the healthcare professionals involved in your care.

Who might we share your information with?

Your information will be shared with the dental team who are providing care and treating you. However, CDS works with other healthcare providers so, with your consent, we may need to share your information with other professionals and services involved in your care. We do this to provide the most appropriate treatment.

For NHS treatment we shall need to share your information with NHS England but we shall seek separate consent for this.

You have the right to refuse or withdraw your consent to information sharing at any time. Please discuss this with a member of the dental team as this could have implications in how you receive further care.

A person’s right to confidentiality is not absolute and there may be other circumstances when we must share information from your patient record with other agencies. In these rare circumstances we are not required to have your consent.

Examples of this are:

  • If there is a concern that you are putting yourself or another person at risk of serious harm
  • If we have been instructed to do so by a Court
  • If the information is essential for the investigation of a serious crime
  • If you are subject to the Mental Health Act (1983), there are circumstances in which your ‘nearest relative’ must receive information even if you object
  • If your information falls within a category that needs to be notified for public health or other legal reasons, such as certain infectious diseases

How do we keep your information safe?

All employees and our partner organisations are legally bound to respect your confidentiality and all employees must comply with our security operating procedures.

Any breach of these policies and procedures is treated seriously, and could result in disciplinary action, including dismissal.

How long do we keep your information?

We shall comply with the Records Management Code of Practice for Health and Social Care Act 2016. This sets out best practice guidance on how long we should keep your patient information before we review and securely dispose of it.

How can I access the information you hold about me?

You have a right to see the information we hold about you, both on paper or electronic, except for information that:

  • Has been provided about you by someone else, if they haven’t given permission for you to see it
  • Relates to criminal offences
  • Is being used to detect or prevent crime
  • Could cause physical or mental harm to you or someone else

Your request must be in writing, with proof of identity, before we can disclose personal information. All applications for access to health records must be made in writing or email, and given to the service where you receive your care or, alternatively, sent to our Data Protection Officer.

If you need further information, you can email our Data Protection Officer at or write to us at CDS, Colworth House, Colworth Park, Sharnbrook, Bedfordshire, MK44 1LZ