154 High Road Leytonstone, London E15 1UA

Tel: 02085342926 




We will keep your records safely

This practice complies with the Data Protection Act (1998) and General Data Protection Regulation (GDPR) 2018. This means that we will ensure that your information is processed fairly and lawfully.


What personal information do we need to hold?

  • Your past and current medical and dental condition; personal details such as your age, address, telephone number and your general medical practitioner
  • We may need to request details of your NHS number and entitlement to healthcare treatment
  • We may also need to request details of your exemption status
  • Radiographs, clinical photographs and study models
  • Information about the treatment that we have provided or propose and its cost
  • Treatment invoices
  • Notes of conversations or incidents that might occur for which a record needs to be kept
  • Records of consent to treatment
  • Any correspondence relating to you with other health care professionals, for example in the hospital or community services
  • We do not store payment details such as card or bank details.


What do we use the data for?

We need to keep comprehensive and accurate personal data about the patients in order to provide you with safe and appropriate dental care. We will ask you yearly to update your medical history and contact details. We only use data to manage your treatment and stay in touch with you. We do not sell or forward on the data to any other parties.



Your personal information is stored on our practice server and its associated back-up drives and on your paper records which are kept in secure cabinets. Access is only allowed to authorised members of staff. Your personal information is carefully protected by the staff at this practice. All access to information is held securely and can only be accessed by regularly changed passwords. All terminals are closed if unattended. All software systems that we use to store, or process data are fully GDPR compliant.


Disclosure of information

In order to provide proper and safe dental care, we may need to disclose personal information about you to:

  • Your general medical practitioner
  • The hospital or community dental services
  • Other health professionals caring for you
  • Dental schemes that you are a member

Disclosure will take place on ‘need-to-know’ basis (only that information that recipient needs to know will be disclosed). In very limited circumstances or when required by law or court order, personal data may have to be disclosed to a third party not connected with your health care. In all other situations, disclosure that is not covered by this Code of Practice will only occur when we have your specific consent.


Retaining information

All data is retained for the appropriate lengths of time in compliance with all applicable legal, regulatory and contractual requirements.

The Department of Health recommends that records are retained for no longer than 30 years. The minimum retention period is 11 years after the completion of the last course of treatment, for adults. For children records should be retained for a minimum of 11 years or until the patient is 25 years old, whichever is the longer. Once this period has lapsed, your digital data is archived and only deleted if specifically requested. This not apply to old hard copy data which gets destroyed by a professional shredding service.


Access to your records

You have the right of access to the data that we hold about you and to receive a copy. Parents may access their child’s records if this is in the child’s best interest and  not contrary to a competent child’s wishes. Formal applications for access must be in writing to your dentist and the payment of a fee for access of up to £10 (for records held on computer) or £50 (for those held manually). Disclosure will take place as quickly as possible but in any event within 40 days of receipt of the signed patient authority (request).Please note that you will be asked for ID verification when requesting access to your records.


Disciplinary action    

If, after investigation, a member of staff is found to have breached patient confidentiality or this policy, he or she shall be liable to summary dismissal in accordance with the practice’s disciplinary policy.

Employees are reminded that all personal data processed at the practice must by law remain confidential after their employment has terminated. It is an offence under section 55(1) of the Data Protection Act 1998, knowingly or recklessly, without the consent of the data controller , to obtain or disclose personal data. If the practice suspects that employee have committed such an offence, it will contact the Office of the Information Commissioner and they may be prosecuted by the Commissioner by or with the consent of the Director of Public Prosecutions.


Automated decision making-SMS, recall letters, phone calls

We will send you information via above media. This information includes appointment reminders and recall letters. Should you not wish to receive this type of information, kindly ask our Reception Team to ament your records.


If you do not agree

If you do not wish your personal data that we hold about you to be disclosed or used in the way that is described in this Code of Practice, please discuss the matter with your dentist. You have the right to object; however, this might affect our ability to provide you with dental care.


Date complied: May 2018


Contact us

Data Protection Officer: Dr H. Hambarchian

The Thatched house Dental Practice

154 High Road Leytonstone, London E15 1UA

Telephone: 02085342926