CALL US TODAY 01895 832238

01895 832238

Call us today

Book appointment

PrivacyPolicy

1. Purpose

Denham Green Dental Practice aims to meet the requirements of the Data Protection Act 2018, the United Kingdom General Data Protection Regulation (UK GDPR), the guidelines on the Information Commissioner’s (ICO) website, and our professional guidelines and requirements.
This privacy notice describes the type of personal information we hold, why we keep it, and what we do with it.

2. Registered name

The data controller is Asha Chandaria of Denham Green Dental Practice

3. Contact details

If you have an enquiry or request, please contact Asha Chandaria

Denham Green Dental Practice
24 Penn Drive, Denham, Uxbridge, Middlesex, UB9 SJP Email: denhamgreen.dentalpractice@nhs.net
Phone: 01895 832238

This privacy notice is also available [on the practice website at https://denhamgreendentalpractice.co.uk/. or a hard copy can be requested from the Practice by emailing or calling directly.

4. What information we collect, use, and why

The personal data we process includes:
Name, address, contact details, gender, pronoun preferences, date of birth, nationality, NHS number, medical history, dental history, family medical history, family contact details, emergency contact details, marital status, information about care needs, financial details, doctor’s details, treatment plans, consent, X-rays, clinical photographs, digital scans, study models, appointment dates, details of complaints
We may also process more sensitive special category data, including:
Ethnicity, race, religion, health records, sex life information, or sexual orientation. The reasons we process the data include:

  1. To fulfil our contract with you
  2. To maintain a contemporaneous clinical record
  3. To discuss treatment options
  4. To provide dental prevention and oral health advice
  5. To ensure any medication we prescribe is suitable
  6. To modify treatments based on individual needs
  7. To meet our obligations under the Equality Act 2010
  8. To carry out financial transactions
  9. To manage appointments, recall arrangements and send reminders
  10. To communicate with your next of kin in an emergency
  11. To communicate with parents or carers about the person being cared for
  12. To refer to other dentists, doctors and health professionals as required
  13. For debt recovery
  14. To continually improve the care and service you receive from us
  15. To assist with safeguarding or public protection concerns
  16. To assist with dealing with queries, complaints or claims

Last modified: 20 Nov 2025 Denham Green Dental Practice, 24 Penn Drive, UB9 SJP M 217T(E) – Privacy Notice for Patients, Ver 1, Folder 1, Page 1 of 4

5. Lawful basis (Personal data)

Our lawful bases for processing personal data:

a. A legitimate interest to provide evidence-based dental care to patients safely and effectively
b. Consent of the data subject
c. To comply with our legal obligations

6. Lawful basis (Special category data)

Our Article 9 conditions for processing special category data:

  1. Processing is necessary for ethical and professional health care purposes
  2. Processing is necessary to monitor and assess the quality of opportunity or treatment between different groups
  3. Consent of the data subject

7. Data protection rights

You have the following personal data rights:

  1. The right of access – you can ask for a copy of the data we hold about you. We do not usually charge you for copies of your information; if we charge you, we will explain why
  2. The right to rectification – you can ask us to correct or delete information if it is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
  3. The right to erasure – you can ask us to delete your personal data. For legal reasons, we may be unable to erase certain information (for example, information about your dental treatment). However, we can, if you ask us to, delete some contact details and other non-clinical information
  4. The right to restrict processing – you can ask us to limit how we use your personal data. For example, stop sending you appointment reminders or information about our service
  5. The right to data portability – you can ask us to transfer your personal data to someone else. For example, supplying your information electronically to another dentist
  6.  The right to withdraw consent – you can withdraw your consent to the processing of your personal data at any time. For example, even if you have given us consent to send you marketing information, you may withdraw that consent

8. Where we get personal information from

We obtain your details when you enquire about our care and service, when you join the practice, when you subscribe to our newsletter or register online, when you complete a registration or medical history form, from family members or carers, and when another healthcare provider refers you for treatment at our practice.

9. How long we keep information

We minimise the data that we keep, and do not keep it for longer than necessary.

We keep your records for 11 years after the date of your last visit to the Practice or until you reach the age of 25, whichever is longer. At your request, we will delete non-essential information (for example, some contact details) before the end of this period.

10. How we store information

We store your personal information securely on our practice computer system and in a manual filing system. Only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to

ensure this.

We take precautions to ensure the security of the practice premises, the practice filing systems and computers.

We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail, and we back up information routinely.

11. Sharing information

To provide you with appropriate care, we might need to share personal data with the following; however, only the minimum information required will be shared:

a. Another dentist or another health professional who is caring for you
b. Your GP or consultant
c. A laboratory
d. NHS payment authorities
e. The Inland Revenue
f. The Benefits Agency, if you are claiming exemption or remission from NHS charges
g. A private dental scheme, if you are a member
h. Safeguarding organisations

12. Duty of confidentiality

Exceptional circumstances might override the duty to maintain confidentiality. We will inform you of requests to share personal information where possible. The decision to disclose information will only be taken by senior staff. Examples include:

a. Situations where there is a serious public health risk or risk of harm to other individuals
b. When information is required by the police to prevent or detect crime or to apprehend or prosecute offenders (if not providing the information would prejudice these purposes)
c. In response to a court order
d. To enable a dentist to pursue a legal claim against a patient

13. National data opt-out

Whenever you use a health or care service, important information about you is collected in a patient record for that service. Collecting this information helps to ensure you get the best possible care and treatment. The information collected about you can also be used and provided to other organisations for purposes beyond your care, for instance, to help with:

  • Improving the quality and standards of care provided
  • Research into the development of new treatments
  • Preventing illness and diseases
  • Monitoring safety
  • Planning services

This may only occur when there is a clear legal basis for using this information. All these uses help to provide better health and care for you, your family and future generations.

If you are happy with this use of information, you do not need to do anything. To find out more or to register your choice to opt out, please visit www.nhs.uk/your-nhs-data-matters. If you choose to opt out, your confidential patient information will still be used to support your care.

14. How to complain

If you have any comments, suggestions, or complaints about how we use your data, you can contact us using the contact details at the top of this privacy notice.

If you remain unhappy with our response or feel unable to discuss it with the Practice, you can

contact the Information Commissioner’s Office (ICO) on 0303 123 1113 or by visiting https://www.ico.org.uk/make-a-complaint.

15. Review and Revision

This privacy notice is reviewed annually and updated to ensure its effectiveness and compliance with current regulations, guidance, and standards.

Denham Green Dental practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.

 The information governance lead is Dimple Shah who is also the Data Protection Officer .

This Privacy Notice is available on the practice website at www.denhamgreendentalpractice.co.uk/privacynotice / at reception/ by email if you contact denhamgreen.dentalpractice@nhs.net by calling 01895 832238.

You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you.

The categories of data we process are:

  • Personal data for the purposes of staff and self-employed team member management
  • Personal data for the purposes of direct mail/email/text marketing
  • Special category data including health records for the purposes of the delivery of health care
  • Special category data including health records and details of criminal record checks for managing employees and contracted team members

We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared.

  • Personal data is stored in the EU whether in digital or hard copy format
  • Personal data is obtained when a patient joins the practice, when a patient is referred to the practice and when a patient subscribes to an email list.

The lawful basis for processing special category data such as patients’ and employees’ health data is:

  • Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

The lawful basis of processing personal data such as name, address, email or phone number is:

  • Consent of the data subject
  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract

The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention (M 215) procedure available from the practice.

You have the following personal data rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (clinical records must be retained for a certain time period)
  • The right to restrict processing
  • The right to data portability
  • The right to object

Further details of these rights can be seen in our Information Governance Procedures (M 217C) or at the Information Commissioner’s website. Here are some practical examples of your rights:

  • If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient records within one month.
  • If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.

We have carried out a Privacy Impact Assessment (M 217S) and you can request a copy from the details below. The details of how we ensure security of personal data is in our Security Risk Assessment (M 217M) and Information Governance Procedures (M 217C).

Comments, suggestions and complaints
Please contact Dimple Shah . We take complaints very seriously.

If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.

Related practice procedures
You can also use these contact details to request copies of the following practice policies or procedures:

  • Data Protection and Information Security Policy (M 233-DPT), Consent Policy (M 233-CNS)
  • Privacy Impact Assessment (M 217S), Information Governance Procedures (M 217C)