The Privacy Notice for Patients outlines how VitaSmile collects, uses, stores, and protects patients’ personal and clinical information. It has been prepared in full compliance with the Data Protection Act 2018, the UK GDPR, the Information Commissioner’s Office (ICO) guidelines, and relevant professional standards.
What the document covers:
Personal information collected: name, contact details, medical and dental history, X-rays, clinical photographs, digital scans, treatment plans, financial information, appointment details, and other data required to deliver safe and effective dental care.
Why the information is used: to provide treatments, plan care, ensure patient safety, manage appointments, process financial transactions, handle referrals, support safeguarding duties, and continually improve the service.
Legal bases for processing: legitimate interests in providing healthcare, legal obligations, and patient consent.
Patients’ rights:
access to records,
correction of inaccurate information,
erasure of non-essential data,
restriction of processing,
data portability,
withdrawal of consent at any time.
How data is obtained: through enquiries, registration forms, referrals from other healthcare professionals, and communications with patients or carers.
Data retention: records are kept for 11 years after the last visit or until the patient reaches 25, whichever is longer.
Security measures: robust digital systems, restricted access, secure audit trails, routine backups, and confidentiality procedures.
Information sharing: with other dental professionals, GPs, laboratories, NHS payment authorities, HMRC, safeguarding bodies, and other relevant organisations—always on a minimum-necessary basis.
Raising concerns: patients may contact VitaSmile directly, and unresolved concerns may be escalated to the ICO.
This notice demonstrates VitaSmile’s commitment to privacy, transparency, professionalism, and the highest standards of patient data protection.