Martin Docking Limited T/A Dental Precision, a company registered in England under company number 04058267 whose registered office is at 1 Abacus House, Newlands Road Corsham, Wiltshire SN13 0BH (hereinafter referred to as ‘Dental Precision’ or ‘We’ or ‘Us’ or ‘Our’) have created this privacy statement (‘Statement’) in order to demonstrate Our firm commitment to the privacy of the details that You provide to Us when using the Site to access Our Services.
We are committed to protecting and respecting Your privacy and Your Personal Data. For the purpose of the Data Protection Legislation, We are the Data Controller (ICO registration number: ZA479990)
For all matters relating to privacy and data protection, please contact, Alison Middleton, Our Data Protection Manager (DPM) by email to email@example.com or by telephone to 01872 555911.
We are regulated by the Medicines and Healthcare Regulatory Agency (MHRA)
We are a member of the Dental Laboratory Association (DLA) and Dental Appliances Manufacturers Audit System (DAMAS)
In this Privacy Statement, references to ‘You’, ‘Your’ and ‘Client’ are references to Clients who use the Site.
We aim to be as clear as possible in this Privacy Statement in respect of Your Personal Data. This Privacy Statement applies to Your Personal Data that We collect about You when You use the Site, how and when it is used, how We protect it and who has access to it (the ‘Terms’).
1. YOUR ACCEPTANCE OF THIS PRIVACY STATEMENT
This Privacy Statement governs Your use of Our Services, including any dispute concerning privacy. By using Our Services, You accept this Privacy Statement in full. You should read the Statement carefully and ensure that You understand its effect before proceeding to use the Site to access Our Services.
We reserve the right to make reasonable changes to any of the Terms at any time. Any changes We do make will be posted on this page and, where appropriate, notified to You by email, or, when You next log in, the new Terms may be displayed on-screen and You may be required to read and accept them to continue.
Personal Data and Special Category Personal Data are defined in accordance with the Data Protection Legislation. In this Privacy Statement, Personal Data shall include the meaning of Special Category Personal Data.
2. WHAT PERSONAL DATA IS COLLECTED & HOW?
A. PERSONAL DATA SUBMITTED VOLUNTARILY BY YOU TO US:
2.1 In order for Us to provide You with Our Services, We collect various types of Personal Data. We are committed to ensuring that the information We collect and use is appropriate, relevant and proportionate for the stated purpose. Some types of Personal Data may be voluntarily provided by You which is to be shared with Us (and Our Service Providers as applicable) in respect of Yourself (or in respect of one or more other individuals where lawful authority is granted to You by those other individuals) which shall include as follows:
|What Personal Data is processed?||Source: Where is it collected from/ via?||What is the ‘purpose’ of processing? & What is the lawful basis (Article 6 for processing?||Retention: For how long is it held?|
|Email, company name, name, address, phone number.||Client||To provide Our services to You for the benefit of Your patients.||We will retain Your personal data for the length of Our contract with You and for 7 years afterwards in line with HMRC guidelines.|
|Personal data of Client’s patients: Name, dob, gender, Dental and/or medical details.||Client||To provide Our services to You for the benefit of Your patients.||We retain the personal data of your patient for 10 years|
2.2 Some of the information collected in the table above is essential for Us to provide You with Our Services but it is Your choice whether You provide all the information We request. Not providing information may affect Our ability to provide all of Our Services to You.
2.3 We will retain Your Personal Data only for as long as is necessary to provide Our Services which You request and in accordance with the retention periods set out in this Privacy Statement. We shall then delete it unless you ask Us not to, or We have a legitimate reason to retain it. We need to retain sufficient information about You in compliance with certain legal or statutory requirements, for example, in the event of a legal or insurance claim in the future so that We can identify You.
B. PERSONAL DATA AUTOMATICALLY COLLECTED BY US:
Your visits to the Site and the Content that You download;
2.5 We agree to adhere to all Data Protection Legislation and will take appropriate technical and organisational security measures against the unauthorised or unlawful processing of Your Personal Data and against accidental loss or destruction of, or damage to, Your Personal Data.
2.6 We shall process Personal Data listed in the table at Clause 2.1 only to the extent, and in such a manner, as is necessary for the sole purpose of fulfilling Our Services (including making improvements to Our Services). For the avoidance of doubt, We are the exclusive owner (or lawful licensee) of the Site as well as the Content.
C. FINANCIAL PERSONAL DATA
2.7 We will process Your financial data solely for the purposes of invoicing You for Our Services rendered. We will use the financial data You submit to Us pursuant to Our agreement for Dental Laboratory Services.
3. HOW IS YOUR DATA USED?
3.1 We will process the Personal Data You provide in a manner that is compatible with the Data Protection Legislation.
3.2 We will try Our best to keep Your Personal Data accurate and up-to-date and We shall not keep it for longer than is necessary. Our aim is not to be intrusive and We undertake not to ask You irrelevant or unnecessary questions. Moreover, the information You provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
3.3 NON-MARKETING COMMUNICATIONS: You acknowledge that, Your Personal Data may be used by Us to contact You when necessary in connection with Your use of the Site to access Our Services as follows:
|What Type of Non-Marketing Communication?||Method of presentation/ sending?||Legal Basis for processing?|
|We will send you communications such as invoices, statements of accounts, information regarding our laboratory (such as holiday closures)||Email and Phone Call||We do not need Your explicit consent for this as the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR.|
3.4 MARKETING COMMUNICATIONS: We do not undertake marketing activities
4. WHO HAS ACCESS TO YOUR DATA?
4.1 We have a legitimate interest in sharing Your Personal Data with Service Providers who We engage to provide some of Our business and daily operational functions on Our behalf to ensure Our Services. Consequently, We need to disclose Your Personal Data to them for the sole purpose of fulfilling Our Services only (including making improvements to Our Services) and not for the purposes of those Service Providers sending Marketing Communications to You. We limit the Personal Data that We share to the minimum required to provide the Services and the Service Provider will only be able to use the Personal Data for the specific purposes for which it was shared with them by Us. We do not need Your express consent for this as We rely on legitimate interests under Article 6(1)(f) GDPR in addition to the fact that the “processing is necessary for the performance of a contract” under Article 6(1)(b) GDPR.
4.2 Disclosure of Your Personal Data in Compliance with Laws or by way of a Legal/Statutory Obligation
You should be aware that We may release Your Personal Data when We believe it is necessary to comply with laws or regulations, to assist law enforcement, to enforce the terms under which You transact or communicate with Us, or to protect the rights, property or safety of Dental Precision, a Client or other third parties. We may need to process Personal Data about You to comply with a legal or statutory obligation including but not limited to:
(a) accounting, auditing, compliance and administration practices; and,
(b) the maintenance of amendments to consents and to create suppression lists to ensure Clients who object to processing are excluded from the relevant processing activity in the future.
4.3 Transfer of Your Personal Data (to third party Data Processors)
From time to time, We may transfer Your Personal Data to a related company, agent or contractor (also known as Service Providers and third party Data Processors) in order to perform certain business services for Us, improve Our Services or to assist our security, credit risk or fraud protection activities and as permitted by Data Protection Legislation from time to time.
|Name or category of Service Provider||Where is the data transferred to? & what level of protection is given to it?|
Dental Prosthetic Manufacturers and Scanners, Couriers, IT company, Franchise company (Changing Faces), Marketing Agency
|Your Personal Data will only be stored within the United Kingdom. You are deemed to consent to this by using the Services. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement.|
Digital Dental Design Partners
|Some of our Digital Partners are in the UK or the European Economic Area (the “EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, Liechtenstein) in compliance with the Data Protection Legislation.|
Or we have Standard Contractual Clauses in place to ensure compliance with Data Protection Legislation.
|Laboratory Computer Programme (Labtrac)||Your Personal Data will only be stored within the United Kingdom. You are deemed to consent to this by using the Services. Should We need to transfer Your Personal Data outside of the UK or EEA in the future, it will be in compliance with the GDPR requirements for external transfer and all details will be added to Our Privacy Statement. https://labtrac.com/en/Legal/Privacy|
4.4 Transfer of Your Personal Data (to independent Data Controllers)
From time to time, We may transfer Your Personal Data to a related company, agent or contractor (also known as an independent Data Controller) e.g. where We introduce You to a complimentary service.
|Name of Independent Data Controller?||What Personal Data is transferred/ shared?||Purpose of Sharing?||What is the lawful basis for processing i.e. sharing the Personal Data (as applicable from Article 6 and/ or Article 9)?|
|Accountants, Solicitors,||Company name, contact details, bank details||To assist with the efficient and lawful running of Our business.||We are relying on the lawful basis of Our contract with You set out at Article 6(1)(b) GDPR which are defined at Clause 9|
4.5 Transfer of Your Personal Data (to Joint Data Controllers)
We do not transfer Your Personal Data to any Joint Data Controllers. However, we maintain a Facebook Page. In this instance, Facebook is considered to be a Joint Data Controller with Us.
|Name of Joint Data Controller?||What Personal Data is transferred/ shared?||Purpose of Sharing?||What is the lawful basis for processing i.e. sharing the Personal Data (as applicable from Article 6 and/ or Article 9)?|
|Facebook (through the use of Our page)||Name, contact details and any other personal identifiable details as is placed on Facebook by the Data Subject and made accessible to the Data Controller.||So that the Data Subject can be a part of the Facebook Page community. More information can be found on Facebook here.||We are relying on Your consent set out in Article 6(1)(a) GDPR|
4.6 Transfer of Personal Data in the Event of the Sale of Martin Docking Limited T/A Dental Precision or its Assets
In the event that Dental Precision is sold or transfers some of its assets to another party, Your Personal Data could be one of the transferred assets. If Your Personal Data is transferred, its use will remain subject to this Privacy Statement. Your Personal Data will be passed on to a successor in the event of a liquidation or administration.
4.7 Other Websites and their Privacy Policies and Cookie Policies
The Site may contain links to other websites or applications. We are not responsible for the privacy practices or the content of such websites or applications or for the privacy policies, cookie policies and practices of other third parties, so You should be careful to read and understand those policies independently.
5. HOW DO WE PROTECT YOUR PERSONAL DATA & FOR HOW LONG?
5.1 We aim to ensure Our Services are fully inclusive and accessible to everyone. To make this possible, We need to collect (and may provide to prospective Service Providers) information on Your usage of Our Services which will help us review the accessibility of, and Your usage of, Our Services. This information is very important to Us as it also enhances Our understanding of the User/ Client needs and helps Us to help the technical administration of the Site, to better understand how the Site is functioning and to draw conclusions upon demographic information. Such information is provided in anonymised and aggregate form and do not include any individually identifiable data.
5.2 RETENTION: How long We keep Your Personal Data depends on the context in which You provide it and the purpose for which We use it. We will only retain it for as long as is necessary for such purposes. Our retention periods are set out in this Privacy Statement in the tables at Clause 2.1.
7. YOUR RIGHTS UNDER DATA PROTECTION LEGISLATION
7.1 You have a number of rights that You can exercise free of charge and on request in certain circumstances, however, if Your requests are obviously unfounded or excessive, We reserve the right to charge a reasonable fee or to refuse to act. You have the right:
For more information on these rights and when you can exercise them, see the Information Commissioner’s Guide
7.2 If You wish to exercise any of these rights, please complete Our Data Subject Rights Request Form. We will respond to You within one month from when We receive Your request, unless the complexity and number of requests We receive means that we need more time. If We do need more time (up to two further months), We will tell You why within the first month.
8. COMPLAINTS OR QUERIES
We try to meet the highest standards when collecting and using Personal Data. For this reason, We take any complaints We receive about this very seriously. We encourage You to bring it to Our attention. We are happy to provide any additional information or explanation needed in respect of Our processing activities upon request. If You are still not happy with the way in which Your Personal Data is being processed by Us, You also have the right to lodge a complaint with the Information Commissioner’s Office if you are in the UK, or with the supervisory authority of the European Member State where You work, normally live or where the alleged infringement of data protection laws occurred. The Information Commissioner’s Office can be contacted here.
9. DEFINITIONS & INTERPRETATIONS
Article 6(1)(a) GDPR Either You have given Your consent to the processing of Your Personal Data for the specific purpose(s) (6(1)(a)); the “processing is necessary for the performance of a contract” (6(1)(b)); processing is necessary for compliance with a legal obligation to which We as a Data Controller are subject (6(1)(c); processing is necessary in order to protect the vital of You or another natural person (6(1)(d); processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in Us as a Data Controller (6(1)(e)); processing is necessary for the purposes of the legitimate interests pursued by Us as a Data Controller or by a third party and such interests are not overridden by Your interests or fundamental rights and freedoms of the data subject which require protection of Personal Data (6(1)(f)).
Article 9(2)(a) GDPR: Either You have given Your consent to the processing of Your Personal Data for the specific purpose(s) (9(2)(a)); the processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law (9(2)(b)); the processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent (9(2)(c)); the processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects (9(2)(d)); the processing relates to personal data which are manifestly made public by the data subject (9(2)(e)); the processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity (9(2)(f)); the processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject (9(2)(g)); the processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3 (9(2)(h)); the processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy (9(2)(i)); processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject (9(2)(j)).
Content: the content including all Intellectual Property Rights therein residing on the Site (which may or may not include Personal Data).
Data Controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Article 4(7));
Data Processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Controller (Article 4(8));
Data Protection Legislation: means, as applicable to either Party:
(b) the Data Protection Act 2018;
(c) the Privacy and Electronic Communications (EC Directive) Regulations 2003;
(d) any other applicable law relating to the Processing, privacy and/or use of Personal Data, as applicable to either Party;
(e) any laws which implement any such laws; and,
(f) any laws that replace, extend, re-enact, consolidate or amend any of the foregoing.
Data Protection Manager (DPM): Alison Middleton, firstname.lastname@example.org
Data Subject Access Request or ‘DSAR’: refers to right of access as further described in the table at Clause 7.
Electronic Mail: includes email, text, video, voicemail, picture and answerphone messages (including push notifications).
General Data Protection Regulation or GDPR: the General Data Protection Regulation ((EU) 2016/679). Personal data is subject to the legal safeguards specified in the Data Protection Legislation including the GDPR.
Intellectual Property Rights: patents, rights to inventions, copyright and neighbouring and related rights, trademarks and service marks, business names and domain names, rights in get-up and trade dress, goodwill and the right to sue for passing off or unfair competition, rights in designs, database rights, rights to use, and protect the confidentiality of, confidential information (including know-how and trade secrets) and all other intellectual property rights, in each case whether registered or unregistered and including all applications and rights to apply for and be granted, renewals or extensions of, and rights to claim priority from, such rights and all similar or equivalent rights or forms of protection which subsist or will subsist now or in the future in any part of the world.
Non-Marketing Communication(s): refers to any communication which is functional/ administrative only as distinct from Marketing Communications.
Service Providers: refers to third party Data Processors with whom We work with from time to time as a necessary part of providing Our Services and with whom We may need to share Your Personal Data with from time to time which shall include e.g. delivery companies, payment processing partners etc.
Services: refers to Our Dental Laboratory Services We may provide to You.
Special Category Data: is defined under Article 9 of the GDPR as personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
User/ Client: refers to the person using the Site.
10. CHANGES TO THIS PRIVACY STATEMENT
We keep Our Privacy Statement under regular review. This Privacy Statement was last updated on 30 April 2019.