Data Protection General Statement:
This Data Protection Policy outlines Smile 2012 Limited (t/a @Smile Dental Clinic) commitment to its patients, staff, suppliers and other individuals to operate its business activities in a manner which meets the compliance obligations of the new Jersey data protection legislation, the Data Protection (Jersey) 2018 Law (“DPJL”) and the General Data Protection Regulation (EU) 2016/679.
@Smile Dental Clinic understands and respects your right to privacy and we are committed to ensuring the confidentiality and security of your personal data and the personal data processing activities within our organisation by applying the appropriate technical and organisational measures required to achieve this objective.
This document covers the policies and procedures for processing personal data in a compliant manner and outlines the rights of the data subjects in respect of that data. The Privacy Notice below explains how we may use, process and store your personal data.
Smile 2012 Limited trading as @Smile Dental Clinic is the data controller of all personal data and data processing activities of its dental practice operating in Jersey, Channel Islands, UK. The company runs a number of dental clinics in Jersey and it operates the website www.at-smile.co.uk. The company has three clinics located at (a) 14 Gloucester Street, St. Helier, Jersey, JE2 3QS (b) First Floor 1 Burrard Street, St. Helier, Jersey, JE2 4WS (c) 4a Newgate Street, St Helier, Jersey, JE2 3QU.
The Registered Office of the company is Beachside Business Centre, Rue du Hocq, St. Clements, Jersey, JE2 6LF. Smile 2012 Limited is registered as data controller with the Jersey Office of the Information Commissioner and its number is 62047.
· Data Protection (Jersey) Law 2018
· Data Protection (Registration and Charges)(Jersey) Regulations 2018
· EU General Data Protection Regulation 2016/679
Scope of application:
This policy applies to our business activities operating within Jersey, Channel Islands, UK or the personal data processing of the data subjects within the European Economic Area (EEA).
Personal data means any information relating to an identified or identifiable natural person.
@Smile Dental Clinic collects the following categories of personal information;
Note 1: @Smile Dental Clinic does not collect or record credit/debit card information. All such payment transactions are dealt with by a third payment provider, operating to the high security standards expected of such organisations.
Note 2: Please note that the list above is not exhaustive and Smile Dental Clinic may also collect and process personal data to the extent that it is useful or necessary for the provision of our products and services performed under contract.
Purposes of data processing;
@Smile Dental Clinic use the personal data noted above for the following range of activities;
Please note that this list is not exhaustive and @Smile Dental Clinic may also collect and process personal data to the extent that it is useful or necessary for the provision of our services.
Data collection methods:
We collect personal data in the following ways;
· when you complete and submit a new patient form when joining our clinic for the first time via paper or digital forms
· when you are asked to update your personal data in advance of a dental appointment, consultation and treatment e.g. updating your contact information, health condition and other relevant information
· when you contact us by telephone and leave a voicemail message or send us emails or text messages or contacting us through our website or use of the online chat facility operated by Podium
· when viewing and using our website www.at-smile.co.uk
· when you transfer to us from another dental clinic, we may receive your patient records once you have given us your consent for us to receive it
· in certain circumstances, in order to provide you with the requested dental treatment, we may receive personal data from the States of Jersey or hospital or other relevant authorised body
· from third party channels such as public registers, social media and any other public open forums
· from CCTV images recorded and/or voice recording in our clinics for security purposes
· when you, as a patient, have requested and agreed for us to assist you in getting loan finance to fund your treatment plan by using an approved JFSC regulated loan finance company
· directly from you as a member of the public, staff member, business partner, supplier or intermediary when engaging with us directly
· from use of website cookies and beacons which may track your usage of our website and uploading of information to the website
Patient and other data subject personal data will only be used by us where you are seeking to purchase and use our range of professional dental treatments, products and services.
The personal data collected is used to
· meet our obligations in the performance of a contract for provision of products or services which you have requested of us
· to meet our obligations as member of the General Dental Council professional body
· assist us in the delivery and operation of secure business communications via email and our website and other relevant means
· meet legal obligations from relevant local laws in relation to sale of product and services transactions e.g. GST/VAT
· meet any legal obligations in relation to the defence of a legal claim or where we received a court order for the disclosure of personal data
· meet any other legal obligations from relevant local laws
· assist you in case of an emergency situation e.g. if there was an accident at our premises
Personal data may be used for legitimate business interest of @smile dental clinic as indicated above.
@smile dental clinic is required to meet all relevant sections of the Dentistry (Jersey) Law 2015 and in doing so, it may need to refer to the processing of the personal data as outlined in this privacy notice.
Only personal data that is necessary for the purposes of assisting our patients with the provision of products or services as outlined above is actively collected.
Any other personal information is only passively collected and is processed in accordance with this Privacy Notice, or it may be collected and processed as required by law.
Recipients of data:
Personal data collected may be disclosed or transferred to;
· @Smile Dental Clinic’s data processors who provide services in relation to the provision of xray services, dental products and services, computer systems used for the maintenance of patient records
· @Smile Dental Clinic’s business partners who may provide professional services in relation to additional expert dental services, hospital and relevant health care providers
· @Smile Dental Clinic’s data processors who provide services in relation to the secure and safe running of its business systems and processes
· Approved JFSC regulated loan finance company for the provision of loan finance where the patient has requested this service and given consent for only the required personal data to be transferred
· Credit checking and debt collection agencies for the proper running of customer accounts
· Professional agents in the provision of required services (e.g. lawyers, bankers, accountants, auditors)
· Law Enforcement and Competent Authorities as required by law where such disclosure is necessary for compliance with a legal obligation
· Other third parties where requested by you and when relevant consent has been obtained from you
· Any new owner of @Smile Dental Clinic should it be acquired or merged with another company
Third party service providers are bound by the requirements of the Data Processor Agreement obligations, where personal data is to be processed to high standards of confidentially and the required security arrangements are in place.
Social media platforms:
When we use social media platforms e.g. Facebook, Instagram, we only operate it so as to promote our own business and we would not knowingly engage in activities that go beyond this scope. Patients (and other data subjects) are advised to refer to the respective privacy notices of these social media platforms to check your data protection and privacy rights. @Smile Dental Clinic cannot be held responsible for third party social media platforms or websites activities.
Transfer and access to personal data:
@Smile Dental Clinic will only transfer data outside of the EEA where it is necessary for the performance of the contract agreed by you.
Where the destination of the data transfer is outside the EEA and does not include a third country that has an “adequacy/equivalence” status, as recognized by the EU Commission, we would always ensure that appropriate safeguards are in place.
Where we cannot guarantee these safeguards, we would always request your consent before the data is transferred.
Retention of data:
@Smile Dental Clinic will only retain your personal data for as long as is necessary to fulfill the purpose for which it was collected. Summary of the important data retention periods are as follows;
· @Smile Dental Clinic will retain personal data in relation to patient, staff, supplier, other data subjects’ transactions for 10 years from the date of the transaction where they are deemed to be part of the financial records of the business
· Patient records will be kept for as long as the patient and @Smile Dental Clinic’s relationship exists, thereafter for 10 years
· All other information will be deleted after 2 years unless it is required for defence of a legal claim or to meet any other legal obligation
This is subject to the exception where the data cannot be deleted for legal or regulatory reasons.
Data subject rights:
Where a data subject in the European Union (or any “adequate/equivalent” status country) wishes to exercise their rights under applicable data protection laws, they should contact our @Smile Dental Clinic’s data protection officer at email@example.com.
Data subjects have a number of rights available to them;
· access to their personal data,
· rectification of any inaccuracies,
· restriction on the processing their data
· to object to the processing of their data
· to be forgotten (erasure of your data)
· right to data portability
· right to object to automated decision making and profiling
· right to withdraw consent for those data processing activities based on consent
@Smile Dental Clinic does not make any decisions based on purely automated means, but if we do, you have a right to object.
Each data subject request to exercise the rights noted above will be reviewed against the requirements of the Data Protection (Jersey) Law 2018 and in certain circumstances (e.g. restriction, erasure, objection, data portability) these rights may not be exercisable by the company. Full explanations will be given in such cases.
Making a complaint:
The Office of the Information Commissioner in Jersey, Channel Islands, is an independent statutory authority where you can make a complaint or learn more about data protection in Jersey. Their office is located at 2nd Floor, 5 Castle Street, St. Helier, Jersey, JE2 3BT. Their website is www.jerseyoic.org and telephone number is 01534 716530.
@Smile Dental Clinic is committed to ensuring the security of your personal data and has implemented appropriate commercially reasonable technical, physical and organizational measures to prevent unauthorized or unlawful processing of your personal data or accidental loss or destruction of your personal data.
· Our website is encrypted using HTTPS (Hypertext Transfer Protocol Secure). In HTTPS the communication protocol is encrypted using Transport Layer Security (TLS). This provides a secure method of communication with us and any personal data uploaded onto our website is securely managed by our website data processor services.
· Where other channels are used for receiving personal data, we will store this information in a secure, digitally encrypted way via our UK cloud-server database or other online repository
· Email communications are scanned using the latest version of anti-virus and malware software deployed by our business
· Email communications are secure in transit when we use TLS (Transport Layer Security) software for our communications with you, where possible
· Personal data held by the clinic is not accessible by the public; only authorised members of staff have access to it
· Our computer systems have secure audit trails and we back up information routinely
Management and employees are trained in their data protection responsibilities and obligation to handle personal data in a confidential manner.
Change to this notice:
@Smile Dental Clinic may update this Privacy Notice at any time. The updated notice will appear on our website www.at-smile.co.uk and in our Terms of Business.
This Privacy Notice was last approved on 10 October 2019.
If you have any questions, concerns or complaints with respect to this Privacy Notice or the handling of your privacy or personal information, please contact our data protection officer at firstname.lastname@example.org.