Privacy Policy

Cherrybank Dental Spa was established in 1995 with the Practice in Glasgow Road, Perth. In 2010 we opened a second practice in Edinburgh under the name Cherrybank Dental Spa, Edinburgh. In 2018, a majority shareholding in Cherrybank Edinburgh was sold to Dr Mark Skimming and his team from Dentistry on the Square in Glasgow. Whilst Dr Elaine Halley retains a shareholding in the Edinburgh practice it is now being managed by Mark’s team. As such whilst the name is the same, Cherrybank Perth and Cherrybank Edinburgh are operating as two independent dental practices. We apologise if this causes any confusion!

PRIVACY STATEMENT

Your privacy is important to Cherrybank Dental Spa. This privacy statement provides information about the personal information that Cherrybank Dental Spa collects and the ways in which Cherrybank Dental Spa uses that personal information.

Privacy Notice for Cherrybank Dental Spa for Patient Data

This Privacy Notice is a shortened form of our Privacy Policy and any patient who wishes to have a copy of our full Policy should ask the Practice Manager.

Cherrybank Dental Spa takes great care to protect the personal data we hold for you in line with the requirements of the General Data Protection Regulation (GDPR).

The purpose of collecting and storing personal data about you is to ensure we can:

Provide, appropriate, safe and effective dental care, treatment and advice for you
Fulfil any contracts we hold in relation to your care
For business administration of your care.
Types of Personal data held for our patients

The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for you includes:

Name, address, date of birth
Unique identification number
Next of kin
Email address
Phone numbers
GP contact details
Occupation
Medical history
Dental care records
Photographs
Family group
Payment plan details
Financial information
Credit cards receipts
Correspondence
Details of any complaints received
We keep an inventory of personal data we hold on our patients and this is available on request.

Disclosure to third parties

The information we collect and store will not be disclosed to anyone who does not need to see it. We can only share data if it is done securely and it is necessary to do so.

We will share your personal information with third parties when required by law or to enable us to deliver a service to you or where we have another legitimate reason for doing so. Third parties we may share your personal information with may include:

Regulatory authorities such as the General Dental Council or the Scottish Regulatory Authorities
Insurance companies
Loss assessors
Fraud prevention agencies
In the event of a possible sale of the practice at some time in the future.
We may also share personal information where we consider it to be in a patient’s best interest or if we have reason to believe an individual may be at risk of harm or abuse.

Personal privacy rights

Under the General Data Protection Regulation (GDPR) you have the following personal privacy rights in relation to the information we hold about you.

You have a right to:

Access to and copies of your records that we hold by contacting us directly: we will acknowledge your request and respond within one month or sooner.
Have inaccuracies deleted.
Have information about you erased in certain circumstances. This should be seen in light of the need to keep records about your dental care in case you have any problems in the future.
Object to direct marketing.
Restrict the processing of your information, including automated decision-making.
Take your data to another dental practice or anywhere else.
Patients who wish to have inaccuracies deleted or to have information erased must speak to the dentist who provided or provides their care.

Legal basis for processing data we store

The GDPR requires us to state the legal basis upon which we process all personal data for our patients and it requires us to inform you of the legal basis on which we process your personal data.

The legal basis on which we process this data are:

We hold patient data because it is in our Legitimate interest to do so. Without holding the data we cannot work effectively.
We hold staff employment data because it is a legal obligation for us to do so
We hold suppliers data because it is needed to fulfil a contract with us

Automated decision making

You will be asked to opt into any processes involving automated decision making.

This includes:

Consent

Cherrybank Dental Spa will always obtain specific, opt-in consent from you for direct marketing information.

We will also obtain specific, opt-in consent from you. If you are a new patient, we will obtain consent when you first attend the practice. If you are an existing patient, we will obtain consent when you attend for your recall appointment or for a treatment appointment. We will refresh this consent annually when you complete a new medical history proforma.

Withdrawal of consent

After you have given your opt-in consent you have a right to withdraw your consent at any time.

Retention period

This practice retains dental records and orthodontic study models while you are a patient of our practice and after you cease to be a patient, for at least ten years, or for children until age 25, whichever is the longer.

Complaints

You have a right to complain about how we process your personal data. All complaints concerning personal data should be made in person or in writing to Gillian Fearnley Clinical Manager. All complaints will be dealt with in line with the practice complaints policy and procedures.

Transferring personal data outside the EU

This practice sends any necessary laboratory work to U.S.A and CT Scans are sent for reporting to India

Laboratory work sent outside the EU will be labelled with your unique identifying number rather than your name. A record of the unique identifying number will be held at the practice.

This Privacy Notice was reviewed and implemented on 18th May 2018

It will be reviewed annually and is due for review

on: 18th May 2019 or prior to this date in accordance with new guidance or legislative changes.

Personal information collection

We may collect and use the following kinds of personal information:
Information about your use of this website (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation.)
Information that you provide using for the purpose of registering with the website.
Information about transactions carried out over this website including information relating to any purchases you make of our goods or services.
Information that you provide for the purpose of subscribing to the website services.

Using personal information

We may use your personal information to:

Administer this website;
Personalise the website for you;
Enable your access to and use of the website services;
Publish information about you on the website;
Send to you products that you purchase;
Supply to you services that you purchase;
Send you statements and invoices;
Collect payments from you; and
Send you marketing communications.
Where we disclose your personal information to our agents or sub-contractors for these purposes, the agent or sub-contractor in question will be obligated to use that personal information in accordance with the terms of this privacy statement.

In addition to the disclosures reasonably necessary for the purposes identified elsewhere above, we may disclose your personal information to the extent that we are required to do so by law, in connection with any legal proceedings or prospective legal proceedings, and in order to establish, exercise or defend our legal rights.

Securing your data

We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.

We will store all the personal information you provide on our secure servers.

Information relating to electronic transactions entered into via this website will be protected by encryption technology.

Cross-border data transfers

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate to enable the use of the information in accordance with this privacy policy.

In addition, personal information that you submit for publication on the website will be published on the internet and may be available around the world.

You agree to such cross-border transfers of personal information.

Updating this statement.
We may update this privacy policy by posting a new version on this website.

You should check this page occasionally to ensure you are familiar with any changes.