Practice privacy policy

Our Privacy Policy as of May 25th, 2018.

Patient Data

We obtain and process personal data for the purpose of providing you with dental treatment safely and to the highest standards. This Statement is your guide to the principles of privacy and confidentiality which govern the collection, use, storage, disclosure and destruction of your personal data in this practice.

Who we are

When we talk about ‘Shining Smile’ or “us” or “we” in this notice, we are talking about Shining Smile ltd. and the services it provides to Shining Smile Ltd. trading as Shining Smile Dental Clinic. Shining Smile Dental Clinic provides general and specialist dental treatment to patients. You can contact us at email- info@shiningsmile.ie, by telephone +353 1 561 5435, or by post Shining Smile Lt., unit 2.31-35 Middle Gardiner Street, Dublin 1, D01 Y2E5.

Data Protection & Confidentiality

Having completed an assessment of our practice and the data we gather we conclude that a data protection officer is not a requirement. All of our team are trained in Data Protection and confidentiality. The person overseeing Data Protection and confidentiality issues is Dr. Ezekiel Pasqualin.

Obtaining Personal Information
We collect and store information about you, your general and your dental health in order to provide dental care efficiently and safely. We also use your data to communicate with you about the advised treatment and upcoming appointments you have made with us. We communicate with all of our patients as part of our professional duty of care to remind them when a dental visit or hygiene visit is due as advised by their clinician. The personal data we obtain from you includes:

We do not store payment card details.
In specific cases agreed with you, we may store Direct Debit banking information securely.
Appointment times and dates with our practice.

How We Keep Your Personal Information Safe

We keep our building, our computers and files secure. Visitors to the practice do not have access to patient data. Your personal information is stored on computers that are password protected. Our Practice Software is Exact from Software of Excellence UK and meets international data protection standards including GDPR and is accessible only by active members of our team with a legitimate reason for accessing your data. Our practice network is secure and protected with all recommended antivirus, malware and other IT security measures. These are audited regularly to ensure they are effective and current. This service is provided by Microminder Ireland Ltd and they are GDPR compliant.
All of our team are trained in confidentiality and data protection and have legal confidentiality agreements regarding your information. We operate secure backup systems that are regularly audited.

Personal data is kept accurate, complete and up-to-date

We will regularly ask you to update your personal data, usually using the Clinipad system. The tablets do not store your personal data but transfer them securely within the protection of the Exact software system. This will include your medical history, personal contact details, and a dental questionnaire. We ask that you inform us of any significant changes, such as a change of address or other contact details, at your earliest convenience. It is important to know that the collection, use or possible disclosure of this data may be crucial to our ability to safely provide you with the care you require; without your agreement to this process, it may not be possible to provide you with treatment.
You have access to a copy of your personal data upon written request and the right to have data rectified if incorrect.
Personal data is kept for specified, explicit and lawful purposes
We collect and store your data for the following reasons

Your personal data is obtained, kept and used primarily for the purpose of providing you with healthcare efficiently and safely. Staff within the practice will have access to the data on a ‘need-to-know’ basis to ensure you receive the highest standard of care.
We communicate with our patients regarding appointments they have booked by text, email, telephone, and post. You may opt-out of these communications at any time directly with us or by using our contact details above. We may ask to confirm your identity. We communicate with our patients when a dental visit or hygiene visit has been recommended and is shortly due, due or overdue. We do this to help safeguard your dental health and as part of our duty of care to you. You may opt-out of these communications at any time directly with us or by using our contact details above. Opting out of these reminders may adversely affect your dental health.
We may ask for your specific consent to contact you separately with regard to practice newsletters, information on services or products we feel may be of interest to you. These separate communications require your permission and you may opt-out at any time using the included link on the relevant communication or by contacting us directly at the above contact details.
All members of the dental team adhere to the practice’s Code on Confidentiality in compliance with the Data Protection Acts, 1988 and 2003, and the Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012. Any disclosure of personal data, without your consent, can only be done for specified, legitimate reasons (8 (a-h), Data Protection Act, 1988; Section 10, Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).
Access to your personal data is on a ‘need-to-know’ basis. This prohibits the release of your information to a spouse, partner or family member without your explicit consent. A guardian or carer may have the right to access information in the case of vulnerable adults or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age.
A copy of your dental records will be transferred to another practice or healthcare professional upon your written request.
Your consent will be sought before the release of any data to other healthcare professionals and then only the relevant part of your records will be released. All healthcare professionals are required to treat your personal data to current Data Protection standards. Your consent will be sought in the case of A report to a dental insurance company, A medico-legal report, Any documentation relating to a “third party” Dental Scheme (e.g. PRSI scheme, dental Insurance or Payors)
There are certain activities where patient information may be used but where the information is anonymized, eliminating patient identification: Teaching, Continuing Professional Development. Quality Assurance/Internal audit is necessary in assessing and assuring the quality of your care, Research.
If your dentist should cease practice or should die while still a practicing dentist, the dental team will be guided by the Dental Council’s Code of Practice relating to Professional Behaviour and Ethical Conduct in informing you, safeguarding your personal data and ensuring continuity of care where possible.


Personal data is adequate, relevant and not excessive

Every effort is made to ensure that the information we collect and retain for you is in keeping with our aim to provide you with an efficient service and to care for you safely. We will explain the purpose of any information sought if you are not sure why.


Personal data is retained for no longer than necessary

We retain adult records for 8 years after the last treatment. In the case of children and young adults that cease treatment, the records are kept until the patient’s 25th birthday; or their 26th birthday if the young person was 17 when they finished treatment. If a patient dies before their 18th birthday, records are kept for 8 years.
All records are disposed of by a secure, certified, method of destruction (Dental Council Code of Practice relating to Professional Behaviour and Ethical Conduct, 2012).


Data Breaches

Dr. Ezekiel Pasqualin is responsible for dealing with any incident where personal data has been put at risk of unauthorized disclosure, loss, destruction or alteration. Management of any breach incident will comply with the advice of the Data Protection Commissioner.


Third Parties

Only secure and trusted third parties have access to your data in the course of required operations, business analysis, and security. This is currently limited to our IT providers and Software providers as listed above. These providers are GDPR compliant and only process your information at our request. Cloud-based transfer where required is secure and is currently held on servers in the UK. Where servers may be located outside of the EEA or UK in the future we will ensure our providers provide the same level of security to your data to protect your rights.


Your rights

You are legally entitled to a copy of your personal data upon written request, or by email from the email account, we have on your record. We may ask for confirmation of your identity to ensure confidentiality. As well as a right of access you also have the right to have any inaccuracies in your data rectified and to have the inaccuracies erased. (NOTE: The maximum fee for an access request is €6.35). You may be provided with a printed paper copy of a digital x-ray in response to an access request or a digital copy of your records. We will provide this within 40 days of your request where possible, and if not possible we will contact you to advise of the reason and the expected date.
If you have a complaint or concern with any aspect of how we process your personal information please contact us directly at the above contact details. You retain the right to make a complaint to the Data Protection Commissioner at all times.


Children & other vulnerable individuals

Children’s data is protected in the same manner as adult data. A guardian or carer may have the right to access information in the case of vulnerable adults or those with diminished mental capacity. A parent or guardian will have access to your personal information if you are less than 16 years of age.
If you have any questions in relation to this Statement or any issue that arises from it please speak with our reception team, practice manager or Dr. Ezekiel Pasqualin.