This privacy notice explains how Compass Clinic Ltd collects information about you, how that information maybe used and how we keep it safe and confidential.
We collect and hold personal data sole for the purpose of providing dental services to our patients. In carrying out this function, we may collect information about you which help us respond to your needs. We may keep your information in written and/or digital form. The records may include basic details about you, such as your name and address, dated of birth, next of kin, contact information such as telephones number and e-mail address. This may also contain more sensitive information about your health and also information such as outcomes of needs assessment.
We will also maintain records of any contact which the practice has had with you, such as appointments, notes and reports about your health, details about your treatment and care, as well as any results of investigations such as x-rays.
We keep your information confidential and safe, by means of a number of policies and procedures, which all our staff have to comply including any data held electronically which has suitable security arrangements.
We will not disclose any information about you without your permission unless the law requires information to be passed on.
Zero Hours Contract Policy
The purpose of this policy is to set out how Compass Clinic Ltd will use zero hours contracts.
Zero hours contract is a non-legal term to describe a casual agreement between an employer and an individual.
Everybody employed on a zero hours contract is entitled to statutory employment rights.
- A zero hours contract is one where the company has recruited an individual but does not guarantee that a certain amount of work will be available. The individual is not obliged to carry out any work that is offered. The individual will usually be a worker but will not usually be an employee.
- A register will be kept of all individuals who have been selected to work on a zero hours contract. When work is available, the company will contact an appropriate person on this register to offer work. The company is not obliged to offer an equal amount of work to all individuals on the register.
- An individual will be given as much notice as possible of any work that is available. However, due to the nature of work that is carried out by those on zero hours contracts, it must be noted that the period of notice is likely to be short.
- [An individual will not be penalised if s/he refuses any work that is offered.] OR [An individual is expected to be available for work that is offered. If the individual regularly refuses work, the individual will not be offered any future work.]
- An individual is required to complete a time sheet recording work that has been undertaken. This must be signed by the individual’s line manager. The time sheet must be submitted to the payroll department for payment to take place.
- A worker or employee working on a zero hours contract accrues holiday entitlement whilst working. Holiday entitlement will be accrued at the rate of 12.07% for every hour worked.
- Entitlement to company sick pay will depend on the rules of the scheme. If an employee meets the requirements of a ‘qualifying employee’ then Statutory Sick Pay will be paid.
- An individual who works on a zero hours contract must not divulge any confidential information that the individual works with, to any person outside of the organisation.
- An individual who underperforms will not be offered any further work.
Bullying & Harassment Policy
Compass Clinic Ltd undertakes to provide a workplace that is free from victimisation and harassment. The practice will give support to any victim of bullying (including cyber bullying) and harassment and will fully investigate all complaints of alleged harassment.
Our team members are entitled to be treated with dignity and respect in their place of work. This means freedom from behaviour by colleagues that can be interpreted as bullying or harassment and that causes offence. It also means that they should have access to redress if such behaviour does arise. Team members must maintain standards of everyday behaviour that contribute to a working environment in which mutual respect and individual dignity are maintained. They have a right to expect that their colleagues will do likewise.
Harassment means any behaviour of sexual or racial nature, or any conduct that is offensive to the recipient. This is behaviour which may cause the recipient to feel threatened, humiliated or embarrassed or which fails to respect the individual’s right to be treated with dignity.
Examples of behaviour that could be considered to be buying or harassment are :
- Unwelcome behaviour such as bullying, threats or intimidation.
- Physical contact ranging from unnecessary/unwanted touching or
- invasion of personal space to serious assault.
- Verbal and written harassment through jokes, remakes about disability,
- unpleasant name calling, abusive/offensive language, insults or
- Comments of a personal nature.
- Unwelcome non-verbal behaviour such as sexual advances, rude gestures,
- Facial expressions and staring.
- Conduct that ridicules, patronises, intimidates or abuses, undermines or
- Undervalues an individual because of characteristic such as sex or
- Sexuality, age, disability or race, including derogatory or degrading
- Remarks or insults or unjustified offensive comments about
- Appearance or dress.
- The exhibition, transmission or storage of offensive or obscene material.
- Isolation or non-co-operation at work
- Limiting or withdrawing verbal communication
- Isolating a colleague by unfriendly behaviour
- Behaviour designed to belittle or produce anxiety in a colleague
- Unreasonable scrutiny of work
- Unreasonable denial of leave and/or special leave requests
- Any incitement to commit any of the above behaviour.
All employees at every level of the practice are responsible for eliminating any harassment or intimidation of which they are aware.
All employees are held personally accountable for their own actions and behaviour and for ensuring they comply with this policy.
If a member of staff is in a situation which they interpret as personal harassment, they should not be deterred from making a complaint for fear of further victimisation. Refer Whistleblowing Policy.
Victimisation of a complainant is in itself a disciplinary offence.
What to do about bullying or harassment
If you consider that you or a colleague is subject to bullying or harassment, your first step is to decide whether you can deal with the inappropriate behaviour informally. For example, if the act concerned is relatively minor, isolated or clearly unintentional. In these situations it is possible that the matter can be resolved immediately by letting your colleague know that the behaviour in question is unacceptable to you and should be avoided in future.
If you feel uncomfortable about raising the issue directly with your colleague, or if you consider that the behaviour is more serious because if was deliberate, part of a persistent pattern, serious in nature or has been repeated despite having discussed a previous incident informally, then you should report the matter to the Practice Manager. If it is inappropriate to discuss with the Practice Manager you should seek advice from the Director.
Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.
Data Protection Policy
The Data Protection Act 1998 came into force on 1 March 2000 and superseded the Data Protection Act 1984. This will shortly be superseded by the Data Protection 2017- 19 Act, but in the meantime as from 25/5/2018 a new EU General Data Protection Regulation will come into force. The purpose of the Act is to protect the rights and privacy of individuals, and to ensure that data about them are not processed without their knowledge and stringent conditions on their processing than other personal data. The Company is committed to a policy of protecting the rights and freedoms of individuals with respect to the processing of their personal data. The policy covers:
1. Scope of the policy
The Data Protection Act applies to electronic and paper records held in structured filing systems containing personal data, meaning data which relates to living individuals who can be identified from the data. This includes any expression of opinion about an individual and intentions towards an individual. It also applies to personal data held visually in photographs or video clips (including CCTV) or as sound recordings.
Data Protection means that the Practice must:
- Manage and process personal data properly
- Protect the individual’s rights to privacy
- Provide an individual with access to all personal information held on them.
Under GDPR also means :
Accountability – must demonstrate compliance and be transparent.
Restrictions on lawful bases for processing
New Right for individuals.
Organisations to incorporate technical and organisational measures to minimise the risk to thee rights and freedoms of subjects in both the design and operation of data processing activities.
What is personal data
Personal data comprises
- Personal details such as patients name, age, address, telephone numbers, email address and general medical practitioner
- Patients past and current medical and dental condition
- Radiographs, clinical photographs and study models
- Information about treatment provide or purposed (and costs)
- Notes of conversations or incidents that might occur for which a record is needed
- Consent of treatment
- Any correspondence (relating to the patient) with other healthcare professionals, such as referrals to specialists.
Under GDPR the terms and definitions of ‘Personal data’ means any information relating to an identified or identifiable natural person (data Subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. There is also special category of personal data means any information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the process of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Security and retaining of information
Personal data about the patient is held on the practice’s computer system and/or in manual filing system. The information is only accessible to authorised members of staff who need access to it. The computer system has secure audit trails and this is Backed up regularly.
The Data Protection Act states that records should be ‘not kept longer than is necessary’, which under GDPR means two years. However the Department of Health guidance suggests this is no longer than 30 years and that adult records will be retained whilst a patient is registered with us and we will continue to hold them for at least another eleven years, or until a patient is 25 years of age.
Disclosure of information
In order to provide proper and safe dental care we will need to disclose personal information about patients: General medical practitioner, Hospital or community dental services, other health care professional on a “need of know” basis.
Patients may have access to this data/information which we hold, the is now no charge unless it is a large amount of data or a regular request. These fees are not arbitrary but set by the Information Commissioner.
Under the Freedom of information Act 2000, the Act place obligations on public bodies to release information to the public and NHD dental practices are considered public bodies under Freedom of Information Act (FOIA) as they are publicly funded. However, it should be noted that FOIA relates to government activity only and personal information about patients or employees must be kept confidential.
The Practice has a legal responsibility to comply with the Act. The Practice Manager is overall responsibility for this policy and is named as the Data Controller under the Act, also under the GDPR we are required to have a Data Protection Officer who is Catherine Hull.
The Practice is required to notify the Information Commissioner of the processing of personal data, this is included in a public register. They are also responsible for overseeing GDPR regulations. We are registered as a Data Controller with the Information Commissioner for this purpose – registration number Z225960X. The public register of data controllers is available on the Information Commissioner’s website.
The Practice Manager is responsible for drawing up guidance on good data protection practice and promoting compliance with this guidance through advising staff on the creation, maintenance, storage and retention of their records which contain personal information. He is also the Data Controller under GDPR
Every member of staff that holds information about identifiable living individuals has to comply with data protection in managing that information. Individuals can be liable for breaches of the Act.
3. Relationship with existing policies
This policy has been formulated within the context of the following Practice documents:
- Records Management policy
- Confidentiality policy
- Freedom of Information policy
Compliance with this policy will in turn facilitate compliance not only with information-related legislation but also with other legislation or regulations.
Guidance on the procedures necessary to comply with this policy is available from the Data Protection Officer. This guidance covers:
- Introduction to Data Protection including Data Protection principles, types of data involved and key concepts
- Best practice guidelines including:
- Use of personal data by employees
- Transfer of personal data to third parties
- Security of personal data
- Transfer of personal data to non-EEA countries