Privacy Policy | A1 Dental Canterbury

Last Updated: 20 March 2026

Introduction

A1 Dental Surgery is committed to protecting your privacy and personal data. This privacy policy explains how we collect, use, store, and protect your information in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Practice Details:
A1 Dental Surgery
52 London Road
Canterbury
Kent CT2 8LF
Phone: 01227 765 851
Email: a1teeth52@yahoo.com

Dr Somitra Banvir is the data controller responsible for your personal information.

Personal Data We Collect

We collect and process the following information about you:

Personal identification information:

• Name, date of birth, gender
• Address, email address, telephone number
• NHS number (if applicable)
• Emergency contact details
• Proof of identity and address

Medical and dental information:

• Medical history and conditions
• Current medications and allergies
• Dental treatment records and clinical notes
• X-rays, photographs, and diagnostic images
• Treatment plans and consent forms
• Prescriptions

Financial information:

• Payment details and billing information
• Insurance details (if applicable)
• NHS exemption status

Technical information:

• Website usage data (cookies)
• IP address and browser information
• Appointment booking system data

How we use your information

We process your personal data under the following legal grounds:

Contract Performance

To provide dental treatment and services you’ve requested, including:

• Scheduling and managing appointments
• Delivering dental care and treatment
• Processing payments
• Communicating about your treatment

Legal Obligation

To comply with legal requirements, including:

• Maintaining accurate dental records (required by GDC regulations)
• NHS patient registration and claims processing
• Reporting notifiable diseases
• Responding to regulatory investigations
• Complying with court orders or legal proceedings

Vital Interests

To protect your life or physical safety in emergency situations.

Legitimate Interests

For our legitimate business purposes, including:

• Managing our practice efficiently
• Improving our services
• Handling complaints
• Preventing fraud
• Ensuring practice security

Consent

Where we have your explicit consent for specific purposes, such as:

• Marketing communications (you can withdraw consent anytime)
• Sharing information with third parties not directly involved in your care
• Taking clinical photographs for treatment planning (beyond routine records)

Who We Share Your Data With

We may share your personal information with:

Healthcare professionals involved in your care:

• Dental specialists we refer you to
• Your GP (when clinically necessary)
• NHS services and dental payment systems
• Laboratory technicians making your crowns, dentures, or other appliances
• Dental hygienists and therapists

Regulatory and legal bodies:

• General Dental Council (GDC)
• Care Quality Commission (CQC)
• NHS England
• Courts and tribunals (when legally required)
• Police and law enforcement (when legally required)

Service providers supporting our practice:

• Appointment booking and practice management software providers
• IT support and data storage providers
• Accountants and legal advisors
• Finance providers (for payment plans, with your consent)

Other parties with your consent:

• Insurance companies (for claims processing)
• Family members (when you’ve given permission)
• Employers (for dental fitness certificates, with your consent)

We ensure all third parties respect the security of your data and treat it in accordance with data protection laws. We only allow them to process your data for specified purposes and in accordance with our instructions.

How long we keep your information

We retain your personal data for the following periods:

Adult patient records: Minimum 11 years from last treatment date (GDC requirement)

Child patient records: Until the patient’s 25th birthday or 11 years from last treatment, whichever is longer (GDC requirement)

X-rays and diagnostic images: Minimum 11 years (adults) or until age 25 (children)

Financial records: 7 years (HMRC requirement)

Consent forms: Permanently as part of clinical records

Employment records: 7 years after employment ends

CCTV footage: 30 days unless required for legal proceedings

After these periods, we securely destroy records in accordance with data protection requirements.

We may retain certain information longer if legally required (for example, in cases of ongoing litigation or regulatory investigation).

Your Data Protection Rights

Under data protection law, you have the following rights:

Right to Access

You can request copies of your personal data. We’ll provide this within one month. The first copy is free; we may charge a reasonable fee for additional copies.

Right to Rectification

You can ask us to correct inaccurate or incomplete personal data. We’ll update our records promptly.

Right to Erasure

You can request deletion of your personal data in certain circumstances. However, we may be legally required to retain clinical records (GDC regulations require minimum retention periods), so this right has limitations in healthcare.

Right to Restrict Processing

You can request we limit how we use your data in certain situations, such as while we verify accuracy of data you’ve disputed.

Right to Data Portability

You can request we transfer certain data to you or another organization in a commonly used electronic format.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes. We’ll stop processing unless we have compelling legitimate grounds to continue.

Rights Related to Automated Decision-Making

You have rights regarding automated decision-making and profiling. We don’t use automated decision-making for treatment decisions.

Right to Withdraw Consent

Where we process data based on your consent, you can withdraw that consent anytime. This doesn’t affect the lawfulness of processing before withdrawal.

To exercise any of these rights, contact us:
Email: a1teeth52@yahoo.com
Phone: 01227 765 851
Post: Data Protection, A1 Dental Surgery, 52 London Road, Canterbury, Kent CT2 8LF

We’ll respond within one month of receiving your request.

Data Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction.

Security measures include:

• Secure password-protected computer systems
• Encryption of sensitive data
• Regular data backups stored securely
• Restricted physical access to patient records
• Staff training on data protection and confidentiality
• Secure disposal of paper records (shredding)
• Regular security reviews and updates
• Firewall and antivirus protection
• Secure email systems for sensitive communications

Access controls:
Only authorized staff members can access patient records, and only for legitimate purposes related to patient care or legal requirements. All staff sign confidentiality agreements.

Data breaches:
If we discover a data breach likely to result in high risk to your rights and freedoms, we’ll notify you and the Information Commissioner’s Office (ICO) within 72 hours.

International Data Transfers

We don’t routinely transfer your personal data outside the United Kingdom. If we need to transfer data internationally (for example, if you move abroad and request records transfer), we’ll ensure appropriate safeguards are in place to protect your information in accordance with GDPR requirements.

How Our Website Uses Cookies

Our website uses cookies to improve your experience. Cookies are small text files stored on your device when you visit our website.

We use cookies for:

• Essential website functionality
• Remembering your preferences
• Understanding how visitors use our website
• Improving website performance

For detailed information about our cookie usage, see our Cookie Policy.

You can control cookies through your browser settings. Blocking all cookies may affect website functionality.

Children’s Privacy

We treat children’s data with extra care. For children under 16, we seek consent from parents or guardians for processing personal data, except where treatment is necessary for the child’s health.

Children’s dental records are retained until their 25th birthday or 11 years from last treatment, whichever is longer, as required by GDC regulations.

Parents and guardians can exercise data protection rights on behalf of children under their care.

Changes to this Policy Updates

We review this privacy policy regularly and may update it to reflect changes in our practices or legal requirements. We’ll post any changes on this page and update the “Last Updated” date.

For significant changes affecting how we use your personal data, we’ll notify you by email or prominent notice on our website.

How to Complain About Data Protection

If you’re unhappy with how we’ve handled your personal data, please contact us first:

Data Protection Enquiries:
Email: a1teeth52@yahoo.com
Phone: 01227 765 851
Post: Data Protection, A1 Dental Surgery, 52 London Road, Canterbury, Kent CT2 8LF

We’ll investigate and respond to your complaint.

If you remain unsatisfied, you can complain to the supervisory authority:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Phone: 0303 123 1113
Website: www.ico.org.uk

Contact us

If you have questions about this privacy policy or how we handle your personal data:

Email: a1teeth52@yahoo.com
Phone: 01227 765 851
Post: Data Protection, A1 Dental Surgery, 52 London Road, Canterbury, Kent CT2 8LF