Skip to content

Privacy Policy

Our website:

Our Practice:

The Angel Dental Practice, 91 Fore Street, Edmonton, London, N18 2TW

Our ICO Registration

Our practices is registered with the ICO.

Registration Number: Z1533596

Date Registered: 06 November 2008

Registration Expires: 05 November 2021

Data Controller: 

The Angel Dental Practice


91 Fore Street, Edmonton, London, N18 2TW

This register entry describes, in very general terms, the personal data being processed by:

The Angel Dental Practice

Nature of work


General Data Protection Regulation (GDPR) and the new Data Protection Act

Legal basis for our practice processing data: Clinical records are special category data.

“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.”

Description of processing

The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.

Reasons/purposes for processing information

We process personal information to enable us

  • To provide safe and effective healthcare services to our patients,
  • Maintain our own accounts and records,
  • Promote and advertise our services
  • To support and manage our employees.

Who the information is processed about

We process personal information about:

  • patients
  • customers
  • suppliers
  • enquirers
  • advisers, consultants other professional experts

Type/classes of information processed

We process information relevant to the above reasons/purposes. This information may include:

  • Personal details
  • Images
  • Dental Cast Models
  • Radiographs
  • Family details
  • Lifestyle and social circumstances
  • Goods and services
  • Financial details
  • Education and employment details
  • We also process sensitive classes of information that may include:

Physical or mental health details

  • Racial or ethnic origin
  • Religious or other beliefs
  • Trade union membership
  • Sexual life

Who the information may be shared with

We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.

Where necessary or required we share information with:

  • Healthcare professionals
  • Social and welfare organisations
  • Dental Practice Board
  • Central government
  • Suppliers
  • Service providers
  • Survey and research organisations
  • Financial organisations
  • Current, past and prospective employers
  • Educators and examining bodies
  • Employees
  • Family, associates and representatives of the person whose personal data we are processing

CCTV – Crime Prevention and/or Staff Monitoring

CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.

We have a CCTV Policy and associated Privacy Access Statement and this is displayed in our practices and also available on request


It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act.

Our CQC Registrations

Our practice is registered with the CQC.

For the purposes of simplification “our practice” means all the practices above, all of whom share the same privacy policy

Other Policies

This policy should be read alongside the following practice policies:

  • Patient Confidentiality Policy
  • Child Protection Policy
  • Consent policy
  • Current Practice Procedures Policy
  • Data Protection policy
  • Data security policy
  • Dental Practice Rules
  • Duty of Candor
  • Incident Management
  • Practice prescribing policy and safe management of medicines
  • Promoting high standards for staff training
  • Respecting and involving people who use our practice Policy
  • Statement of responsibilities


This policy sets out how our practice uses and protects any information that you provide when you use our website. Here you can read further information about how we use your data.

By using our website, you are agreeing to the terms set out, and consenting to the use of data described, in this policy.

Our website collects information for example when patients fill in forms to request appointments. This means of communication is not secure and patients use it at their own risk.

When using our practice website all transmission of personal information and other data is done at your own risk. This is important when you input data into forms on the website.

Information submitted to our practice through our website is normally unprotected until it reaches us.

In addition, users are also requested not to send confidential details or credit card numbers, for example, by email

Our website does not give out or hold any confidential information.

Privacy Impact Assessment and Data Protection Impact Assessment

We carried out assessments and have reformulated our policies (see above) including this Privacy Policy and update our ICO registrations. We also have updated our audits of compliance as well.

In addition as part of our procedures we review our impact assessments on a yearly basis and also whenever we feel it necessary e.g. take advice from the GDC or ICO or where rights and freedoms of individuals are at risk.

Personal information

In providing you with our services, our practice will handle your personal information.

Personal information is information about you from which you can be identified, such as your name and contact details. Depending on what services you receive from us, this will include sensitive personal information such as medical information.

By providing your data and/or information, or by using our practice websites or other online or digital platforms, you consent to the use of your data and information as described or referred to in this privacy policy.

If we make a change to any of the ways in which we process personal information, we will update our website and notice boards in the practices, so please check back regularly for updates.

Confidential and Medical information

The confidentiality of your personal information is of paramount concern to our practice and we comply with UK data protection law and all the applicable medical confidentiality guidelines issued by professional bodies such as the General Dental Council, ICO and the CQC.

Your confidential medical information will only be disclosed:

  • To those involved with your treatment or care.
  • In accordance with UK law and guidelines from professional bodies,
  • For the purposes of clinical audit (unless you object).

If you receive services from our practice and that service transfers to a new provider, we may share your personal and confidential medical information with the new provider.

Sending information by email

Most patients have their X-rays sent by email and we ask the patients to input their email address at the time of transmission. All such transmissions are done at the patient’s own risk.

Sending Emails, letters and texts to patients

If you let us know we will remove your contact details so that you do not receive emails and texts. This can be easily done by email, in writing or by letter. We will still hold the information but no longer use it. The only reason we would contact you after that would be if there was an overriding reason I.e regulator GDC/CQC/ICO.

Securing information

We are committed to keeping your personal information secure.

We have put in place physical, electronic and operational procedures intended to safeguard and secure the information we collect. All Our practice staff members have a legal duty to respect the confidentiality of your information, and access to your confidential information is restricted only to those who have a reasonable need to access it.

When using our practice website all transmission of personal information and other data is done at your own risk. This is important when you input data into forms on the website.

Information submitted to our practice through our website is normally unprotected until it reaches us.

In addition, users are also requested not to send confidential details or credit card numbers, for example, by email.

Personal Data Breaches

  • We have in place a process to assess the likely risk to individuals as a result of a breach
  • We will report certain types of personal data breach to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible.
  • If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms we will inform those individuals without undue delay.
  • We will ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not we need to notify the relevant supervisory authority and the affected individuals.
  • We will keep a record of any personal data breaches, regardless of whether we are required to notify.

Information we may hold about you

The information we hold about you may include the following:

  • basic details such as name, address, contact details and next of kin
  • details of contact we have had with you
  • details of services you have received
  • Payments made (we do not store credit/debit card details.
  • patient experience feedback and treatment outcome information you provide
  • information about complaints and incidents
  • notes and reports about your health and any treatment and care you have received or need
  • information from customer surveys, competitions and marketing activities
  • recordings of calls we receive or make
  • Other information we receive from other sources, including from your use of our websites and other digital platforms we operate or the other services we provide or information provided by other companies who have obtained your permission to share information about you.

When we collect your information

Information about you is collected when:

  • you use our services
  • you submit a query to us, for example by email, telephone or social media, including where you reference our practice group of companies in a public social media post
  • you participate in any marketing activity

We may also collect personal information about you from other people when:

  • We liaise with
  • Your family,
  • Employer,
  • Health professional
  • Other treatment or benefit provider.

We may only share information in this way where

  • We are required to by law or in accordance with guidance from professional bodies.
  • You use a third party application to provide information to one of our mobile applications or websites.
  • You have provided your consent or in circumstances where you are incapable of giving consent
  • We are unable or it is not reasonable to seek your permission

Using your information

  • We use your personal information to provide you with our services, and to improve and extend our services. This may include:
  • Responding to your queries
  • Supporting your medical treatment or care and other benefits
  • Internal record keeping and administration within and between our practices.
  • Responding to requests where we have a legal or regulatory obligation to do so
  • Checking the accuracy of information about you, and the quality of your treatment or care, including auditing medical and billing information
  • Supporting your nurse, carer or other healthcare professional
  • Assessing the type and quality of care you have received and any concerns or complaints you raise, so that these can be properly investigated
  • Using your contact information to send you service related information
  • Using your contact information to send promotional material about new products, special offers or other information we think you may find interesting (see ‘Keeping you informed’ below for more information)
  • Using your contact information to give you an opportunity to complete a customer satisfaction survey
  • Using your contact information to conduct and analyze market research

Sharing information

Information about you may be shared by the companies in our practice for all the purposes identified under “Using your information” to enable us to manage our relationship with you as our practice customer and update and improve our records. We may also share information in aggregated form with the companies in our practice.

Our practice works with other individuals and organisations to provide our services to you, and this may involve them handling your personal information. This handling of your personal information may be done outside of the European Economic Area in countries with different data protection laws. In that case we ensure that the confidentiality and security of your personal information is protected by contractual restrictions and service monitoring.

We do not share your personal information with anyone outside of our practice to use for their own purposes, except:

  • When we have your permission
  • When we are permitted or obliged to do so by law. (Child Protection)
  • If we are under a duty to disclose or share personal data in order to enforce or apply our terms of use (of our website or any part of it) or terms and conditions of supply of any relevant products or services and other agreements
  • To protect the rights, property, or safety of The Angel Dental Practice, our customers, or others
  • In order to detect, prevent and help with the prosecution of financial crime. For example we may share information with fraud prevention or law enforcement agencies, and other organizations. If we suspect fraudulent activity we may inform the person or organization who administers or funds your our practices services.
  • If there are other exceptional circumstances, and we are unable or it is not appropriate to seek your permission.
  • In the event that we (or any member(s) of our group) sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets.

Keeping information

We will only keep your personal information for as long as is necessary and in accordance with UK law. We follow the guidelines for how long we retain Data set out by

  • The GDC
  • The ICO
  • The CQC

Keeping information confidential and secure

We achieve this by:

·         Training of all staff members as part of their induction

·         Ongoing, regular and frequent training of all staff members at least 

 once a year.

·         Internal reporting procedures

·         Robust methods of breach detection

·         Keeping a record of all breaches

·         All data processor are required to inform the Data controller of all  

data breaches without undue delay

·         Proper password policy and procedures

·         Enhanced Police Checks on all staff members

·         Proper storage of digital and not digital data

·         Proper destruction of data that we no longer need

·         Secure screensavers

·         Ensuring that all staff are aware of their individual responsibilities for 

data handling and processing

·         Following best practice as advised by the ICO, GDC, BDA

·         Having a proper relationship with people/companies who access or 

share our data

·         CCTV and secure access points to our buildings

·         Regular audits of our risk and of our procedures

·         Feedback from staff, patients, visitor and partners

We will only keep your personal information for as long as is necessary and in accordance with UK law.

Our Data Suppliers

The only people with access to our data and/or computer system are:

·         Our Telephony partner company

·         Our CCTV partner company

·         Our computer maintenance/security partner company

·         Our Dental Database partner company

We will only keep your personal information for as long as is necessary and in accordance with UK law.

Keeping you informed

Our practice would like to keep you informed of our practice’s products and services that we consider may be of interest to you (via mail, email, phone or SMS).

We may use your personal information to:

  • decide which services we think are relevant to you
  • decide which media, including social media platforms, would best be utilized to reach the customers who wish to receive marketing materials
  • contact you with details of our products and services, including displaying interest-based adverts via social media
  • If you do not wish to receive marketing information about our products and services, or at any time you change your mind about receiving these messages, please contact our practice.

Access to your information and records

  • We need to verify that a request made is being made by a legitimate person and we therefore will always carry our security measures to determine the legitimacy of a request, and this is especially true when the request is made using email or other digital platform.
  • This is why we suggest strongly that must make the request in person or in writing and this can be done by handing the letter into the reception or sent by post.
  • Almost all requests for copies of Data are dealt with on the day and usually straight away.
  • We prefer to give patients information and Data directly to the patient rather than to a third party as this limits the opportunity for breaches and also means that the patient is directly in control and responsible if they decide to subsequently share the information.

Complaints about the way we use your data:

These should be addressed to

Dr G Palmer, The Angel Dental Practice, 91 Fore Street, Edmonton, London, N18 2TW

If you are unhappy with our response you may complain to:

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Tel: 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number

Governance Team on the details shown below.

Accessing information

If you have any data protection queries, please contact our practice Information Governance Lead:

Dr G Palmer


Write: The Angel Dental Practice, 91 Fore Street, Edmonton, London, N18 2TW

You should also contact our practice Information Governance Lead to request a copy of the personal information we hold about you and to ask us to correct or remove (where justified) any inaccurate information.

We may also ask you to provide additional documentation to confirm your identity or, if you are seeking to access personal information of another individual, proof of their consent or your legal right to receive their personal information.

Updating this privacy policy

We review and update this notice regularly.  The latest copy of this notice can be found on this web page.