Privacy Notice

This privacy notice sets out how we, {my}dentist (‘we’, ‘us’ and ‘our’ in this notice), collect and use personal information about you as an associate engaged by us.

It applies to all associates who are engaged by us. It does not form part of any contractual arrangement between us.

It is important that you read this notice carefully, and any other privacy notice we may provide on specific occasions, so that you understand how and why we are using personal information about you.

From time to time we may need to update this privacy notice. If we do so, we will let you know.

{my}dentist is committed to protecting the privacy and security of your personal information.

The kind of personal information we hold about you

Personal data, or personal information, means any information about you from which you be identified. It does not include personal information where your identity has been removed (such as any anonymous personal information).

We collect, store and use the following categories of personal information about you in order to administer our engagement with you:

• personal contact details such as name, title, addresses, telephone numbers, and personal email addresses
• date of birth
• gender
• marital status and dependents
• next of kin and emergency contact information
• bank account details, dentist pay records and tax status information
• salary, annual leave, pension and benefits information
• information on eligibility to work
• commencement data and termination date of your engagement
• location of the practice where you provide your services
• information which you provided to us prior to your engagement
• our internal records (including training records and professional memberships)
• regulatory records (including information from the General Dental Council and any other relevant regulatory or professional bodies)
• performance information (including any targets applicable to you such as UDAs and UOAs in England and Wales)
• CCTV footage and other information obtained through electronic means such as swipe card records
• information about your use of mydentist information and communications systems
• photographs

We also collect, store and use ‘special categories’ of more sensitive personal information, including:

• your race or ethnicity, religious beliefs, sexual orientation and political opinions
• your health, including any medical condition, health and sickness records, immunisations
• criminal convictions and offences under Disclosure and Barring Service (DBS)

Protecting your personal data

We are committed to complying with data protection laws. These laws say that the personal information we hold about you must be:

• used lawfully, fairly and in a transparent way
• collected only for valid purposes that have been clearly explained to you and not used in any way that is incompatible with those purposes
• relevant to the purposes you have been told about and limited only to those purposes
• accurate and kept up to date
• kept only as long as necessary for the purposes you have been told about
• kept securely

Collecting your personal information

We may collect your personal information from the following sources:

• you
• your bank, building society or equivalent financial institution
• Disclosure and Barring Service in respect of criminal convictions
• General Dental Council and any other relevant regulatory or professional bodies in respect of matters relating to your profession
• any relevant life insurance company
• any relevant occupation health provider and, if applicable, your GP in respect of any risks in the workplace that may give rise to work-related ill health
• Her Majesty’s Revenue and Customs (HMRC)
• HM Courts & Tribunals Service in respect of any court orders such as any attachment of earnings orders (in England, Wales and Northern Ireland) or Earnings Arrestment Order (In Scotland)

Where appropriate, we may also collect your personal information from the following publicly accessible sources:

• GDC Register and any similar publicly accessible register
• National Performer List (in England), Medical Performers List (in Wales), NHS Board Dental List (in Scotland), Dental List of the Health and Social Care Board (in Northern Ireland) and any similar publicly accessible lists
• social media websites such as LinkedIn, Twitter and Facebook but only where we have a legitimate interest to do so; that is, it is necessary and relevant to your engagement

Using your personal information

We will use the personal information we collect about you to allow us to perform the contract between {my}dentist and you and to enable us, where applicable, to:

• pay you
• provide you with various contractual benefits to which you are entitled
• administer the contract between us
• for the termination of the relationship between {my}dentist and you

We will use the personal information we collect about you to enable us to comply with legal obligations and to enable us to, where applicable:

• check you are legally entitled to be engaged as an associate in the UK
• make any statutory deductions such as under any court order
• assess any benefits to you (such as travel expenses)
• comply with health and safety obligations

We will use the personal information we collect about you to allow us to pursue the legitimate interests of our business or those of third parties (provided your interests and fundamental rights do not override those interests) and to enable us to, where applicable:

• make decisions about your engagement or termination of your engagement
• make decisions about your continued engagement
• ascertain your fitness to be engaged by us
• assess qualifications for specific activities
• manage sickness absence
• determine the terms on which you are engaged by us
• undertake education, training and development requirements
• conduct performance reviews, manage performance and determine performance requirements
• deal with legal disputes involving you, or other employees, workers and contractors, including accidents at work
• prevent fraud
• monitor your use of our information and communication systems to ensure compliance with our IT policies
• ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
• conduct data analytics studies to review and better understand retention and attrition rates of our associates
• undertake business management and planning, including accounting and auditing
• undertake equal opportunities monitoring

Using your sensitive personal information

We will use your sensitive personal information in the following ways:

• information relating to any absence, which may include sickness absence or family related absence, to comply with any relevant laws
• information about your physical or mental health, or disability status, to:
• • ensure your health and safety in the practice where you provide your services
  • assess your fitness to be engaged by us
  • provide appropriate adjustments in the practice where you provide your services
  • monitor and manage sickness absence
  • administer any contractual benefits
• information about your race or national or ethnic origin, religious, philosophical or moral beliefs, or your sexual life or sexual orientation, to ensure meaningful equal opportunity monitoring and reporting.

Processing information about criminal convictions

We will collect information about any criminal convictions to determine your continued suitability to be engaged by us.

In many cases, we are required to carry out a criminal records check in order to be satisfied that there is nothing in your criminal convictions history which makes it unsuitable for you to be engaged by us, in particular:

• we are legally required by the General Dental Council and other regulatory bodies to carry out criminal record checks for those undertaking certain activities
• many of the roles are listed on the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (SI 1975/1023) and specified in the Police Act 1997 (Criminal Records) Regulations (SI 2002/233) so are eligible for standard or enhanced checks from the Disclosure and Barring Service
• many of the activities you undertake require a high degree of trust and integrity, so we seek a basic disclosure of your criminal records history

We have appropriate policy and safeguards in place which we are required by law to maintain when processing such personal information.

Failing to give us your personal information

If you fail to provide information when requested, it is likely that:

• we will not be able to perform the contractual arrangements we have entered with you, such as paying you or providing you with a benefit
• we will be prevented from complying with our legal obligations, such as to ensure the health and safety of all colleagues and patients

Change of purpose

We will only use your personal information for the purposes for which we collect it, unless it reasonably considered that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will:

• let you know
• explain the legal basis which allows us to do so

We may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Sharing your personal information

From time to time we will share your personal information with third parties including, where applicable:

• other entities in the IDH Group, such as for the purposes of internal administration
• your bank, building society or equivalent financial institution, such as when it pays you any sums owing to you under the contractual arrangements that we have entered with you
• Disclosure and Barring Service, such as when it needs to check for any criminal convictions
• General Dental Council and any other relevant regulatory or professional bodies, such as when we need to liaise with them in connection with any matters relating to your profession
• any relevant occupation health provider and, if applicable, your GP in respect of risks in the workplace that may give rise to work-related ill health
• any relevant life insurance company
• HM Courts & Tribunals Service, such as if we are obliged to comply with any court orders such as any attachment of earnings orders (in England, Wales and Northern Ireland) or Earnings Arrestment Order (In Scotland)
• any debt recovery providers, such as if you owe us any monies (typically for any training that you may have undertaken)
• if you are disabled or have a health condition, any Access to Work grant (or the equivalent in Northern Ireland) in respect of any application for help

We may also share your personal information with third parties where:

• required by law
• where it is necessary to administer the working relationship with you
• we have another legitimate interest in doing so

All our third-party service providers and other entities we work with, are required to take appropriate security measures to protect your personal information in line with our policies and their obligations in accordance with the law.

We do not allow our third-party service providers to use your personal information for their own purposes. We only permit them to process your personal information:

• for specified purposes
• in accordance with our instructions

We will, where necessary, share your personal information with other third parties, for example in the context of the possible sale or restructuring of the business.

We will also, where necessary, need to share your personal information with a regulator (such as the GDC) or to otherwise comply with the law.

Securing your personal information

We have put in place appropriate security measures to safeguard your personal information from accidental loss, use or access in an unauthorised way, alteration or disclosure.

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know.

They will only process your personal information on our instructions and are subject to a duty of confidentiality.

We have robust procedures in place to deal with any suspected security breach which involves personal information and we will always let you and any applicable regulator know of a suspected breach where we are legally required to do so.

Keeping your personal information for as long as necessary

We will retain your personal information for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for personal information, we consider:

• the volume, nature, and sensitivity of the personal information
• the potential risk of harm from unauthorised use or disclosure of your personal information
• the purposes for which we process your personal information and whether we can achieve those purposes through other means whilst meeting our legal obligations

Keeping your personal information up to date

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.

Exercising your rights of access, correction, erasure, and restriction

Under certain circumstances, by law, you have the right to:

• ask for access to your personal information, commonly known as a ‘subject access request’. This means you can receive a copy of the personal information we hold about you and check that we are lawfully processing it
• ask for the correction of the personal information that we hold about you. This means you can correct any incomplete or inaccurate information we hold about you
• ask for the erasure of your personal information. This means you can ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to stop processing personal information where we are relying on a legitimate interest which makes you want to object to processing for this reason
• object to processing of your personal information. Where we are relying on a legitimate interest (or those of a trusted third party) and you wish to object to processing due to something connected to your personal situation
• ask for the restriction of processing of your personal information. This means you can ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it
• ask for the transfer of your personal information to another party

If you want to do any of these things, please send an e-mail: dataprotection@mydentist.co.uk

In almost all circumstances you do not have to pay a fee to access your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with your request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

There are some circumstances where we are unable to exercise these rights, or we need to apply an exemption afforded to us under the Data Protection Act (2020). We will advise you of this in our response to your request.

Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection and use of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.

To withdraw your consent, please e-mail dataprotection@mydentist.co.uk.

Data Protection Officer

Our Data Protection Officer oversees compliance with this privacy notice.

If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Protection Officer:-

• IDH Group Ltd
• Europa House
• Europa Trading Estate
• Stoneclough Road
• Kearsley
• Manchester
• M26 1GG

If you are unhappy with the way in which we process your personal information, you have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues.