Data Protection & Privacy Policy

Park View Dental Practice: The Victoria Buildings, Heaton Park View, Newcastle, NE6 5BF

Email: admin@parkviewdentists.co.uk

Tel: 0191 265 9258

Data Controller: Dr Ian Grime (Information Governance Lead)

ICO Number: Z1519642Last Updated: April 2026 | Version 1.1 | Next Review: April 2027

1. IntroductionPark View Dental Practice is committed to protecting the privacy and confidentiality of all patients, including children and young people. This policy explains how we collect, use, store, and share your personal information in accordance with the Data Protection Act 2018 and UK General Data Protection Regulation (UK GDPR).As the Data Controller, Dr Ian Grime is legally responsible for ensuring your information is handled lawfully, fairly, and securely at all times.

2. The Information We Collect To provide you with safe and effective dental care, we collect and maintain the following information:

  • Personal & Contact Details Full name, date of birth, address, telephone numbers, and email addressNHS number (for NHS patients) and emergency contact details

  • Dental & Medical History Medical conditions, current medications, and allergiesPrevious dental treatment and GP detailsMedical history questionnaire responses

  • Clinical Records Examination findings, treatment plans, and records of treatment providedRadiographs (X-rays), clinical photographs, and digital scansConsent records, prescriptions, and referral letters

  • Appointment & Administrative Information Appointment dates, attendance records, and recall schedulingPayment and invoicing recordsCorrespondence with you (letters, emails, text messages)

  • Other Information CCTV footage (if recorded during a visit to the practice, retained for 31 days)Records of any complaints, concerns, or safeguarding matters

3. Why We Collect Your Information

We use your information to:

  • Provide safe and effective dental care, including planning treatment, prescribing medications, and making specialist referrals

  • Contact you about appointments, recalls, and treatmentProcess NHS claims and verify eligibility (NHS patients)

  • Comply with our legal and professional obligations (GDC, CQC, health and safety law)

  • Protect the safety of children and vulnerable adults (safeguarding)Improve the quality of our services through clinical audit and review

  • We do not use your information for marketing purposes without your explicit consen

4. Our Legal Basis for Processing

UK GDPR requires us to have a lawful basis for processing your data. We rely on the following:

  • Purpose

  • Lawful Basis

  • Providing dental care and treatment

  • Article 6(1)(e) – Public interest (healthcare provision)

  • Legal and regulatory compliance

  • Article 6(1)(c) – Legal obligation

  • Administrative purposes (e.g. debt recovery)

  • Article 6(1)(f) – Legitimate interests

  • Marketing communications

  • Article 6(1)(a) – Your explicit consent


Because your dental and medical information is special category data (health data), we also rely on Article 9(2)(h) UK GDPR — processing necessary for the provision of healthcare by a professional subject to confidentiality obligations.

5. Who We Share Your Information With

We only share your information when necessary for your care, required by law, or with your consent. We never sell your information to third parties for marketing.

  • Healthcare Providers: Specialist dentists, hospitals, GPs, and other professionals involved in your care, using secure communication methods (NHS Mail, encrypted email).

  • NHS Organisations (NHS patients): NHS Business Services Authority (NHSBSA) for claims processing, NHS England/Integrated Care Boards for contract monitoring, and NHS Counter Fraud Authority.

  • Regulatory & Oversight Bodies: Care Quality Commission (CQC), General Dental Council (GDC), Information Commissioner's Office (ICO), Health and Safety Executive (HSE), and UK Health Security Agency (UKHSA) where legally required.

  • Legal & Safeguarding Authorities: Police, courts, local authority safeguarding teams, coroners, and legal advisers where required by law or to protect vulnerable individuals.

  • Data Processors: Third-party service providers who support our practice operations (e.g. practice management software provider R4, IT support, cloud storage, confidential waste disposal). All processors operate under written data processing agreements and may only use your data as instructed by us.

  • Dental Laboratories: For the fabrication of crowns, bridges, dentures, and other dental appliances (limited to prescription and technical details only).

6. How Long We Keep Your Information

We retain records in line with the NHS Records Management Code of Practice and professional requirements:

Record Type: Retention Period

  • Adult clinical records: 11 years from last treatment

  • Children's clinical records: Until age 25, or 11 years from last treatment (whichever is longer)

  • Financial records: 6 years from end of the financial year

  • NHS treatment forms (FP17): 2 years from end of course of treatment

  • CCTV footage: 31 days (unless retained for an incident)

When records are no longer needed, they are securely destroyed — paper records are cross-cut shredded and electronic records are securely deleted. Disposal is fully documented.

7. Children & Young People

Children's dental records receive additional protection. Records are kept until the patient's 25th birthday, or for 11 years from their last visit whichever is longer. This accounts for the extended time limits that apply to legal claims involving minors.

For children under 13, a parent or carer must provide consent for any purposes beyond direct healthcare. Children aged 13 and over may exercise certain rights independently, depending on their capacity to understand. Parents and carers may request access to their child's records by providing proof of parental responsibility and photo ID.

8. How We Keep Your Information Secure

We implement robust technical and organisational security measures, including:

  • Encryption of all computers, devices, and data in transit and at rest

  • Password protection and role-based access controls - staff can only access data they need

  • Secure email (NHS Mail or equivalent encrypted systems) for all patient information

  • Firewall and antivirus protection across all practice systems

  • Regular encrypted backups stored securely off-site or in approved cloud storage

  • Annual data protection training for all staff, with signed confidentiality agreements

  • Locked storage for paper records; clear desk and screen policies in place

  • Confidential waste disposal via cross-cut shredding or certified destruction service

  • CCTV with clear signage (footage retained for 31 days)

Data Breaches: If a breach occurs that poses a risk to your rights, we will report it to the ICO within 72 hours and notify you without undue delay. We maintain a data breach register and act on all incidents to prevent recurrence.

9. International Transfers

We do not routinely transfer your personal data outside the United Kingdom. In the unlikely event this was ever necessary, we would ensure adequate data protection safeguards are in place and inform you accordingly.

10. Automated Decision-Making

We do not use automated decision-making or profiling. All clinical decisions are made by qualified dental professionals.

11. Your Rights

Under UK GDPR, you have the following rights regarding your personal information:

  • Right to be Informed: This policy tells you how your data is used. You may request a copy at any time.

  • Right of Access (Subject Access Request): Request a copy of the personal data we hold about you. We will respond within one month, free of charge.

  • Right to Rectification: Ask us to correct inaccurate or incomplete information. We will respond within one month.

  • Right to Erasure: Request deletion of your data. Please note that we are legally required to retain clinical records for the periods set out in Section 6, so this right has limitations for patient records.

  • Right to Restriction: Ask us to stop actively using your data in certain circumstances (e.g. while accuracy is disputed).

  • Right to Data Portability: Receive your data in an accessible electronic format where applicable.

  • Right to Object: Object to processing, including the right to opt out of marketing at any time. Marketing communications will cease immediately upon request.

To exercise any of your rights, please contact:

Dr Ian Grime (Information Governance Lead)

Park View Dental Practice, The Victoria Buildings, Heaton Park View, Newcastle, NE6 5BF

Email:admin@parkviewdentists.co.uk | Tel: 0191 265 9258

We will verify your identity before processing any request and respond within one month

12. How to Complain

If you are unhappy with how we have handled your personal information, you can raise this with us directly in the first instance. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: www.ico.org.uk

  • Telephone: 0303 123 1113

  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

13. Changes to This Policy

We review this policy annually and update it when data protection law changes, our processing activities change, or regulatory guidance is updated. The current version is always available at the practice reception and on our website.

Version: 1.1 | Last Updated: April 2026 | Next Review: April 2027Approved by: Dr Ian Grime, Information Governance Lead, Park View Dental Practice