We use the minimum information needed to arrange and provide care, keep accurate clinical records, take payment, meet our legal duties and respond to you. We do not sell patient information.
1. Who we are
King Dental & Associates is the data controller for personal information used by the practice. Our address is 46–48 Market Street, Carnforth, Lancashire LA5 9LB.
For privacy questions or to exercise a data protection right, contact our data protection lead:
- Email: reception@kingdentalclinic.co.uk
- Telephone: 01524 733867
- Post: Data Protection Lead, King Dental & Associates, 46–48 Market Street, Carnforth LA5 9LB
2. Information we collect and where it comes from
Depending on your relationship with us, we may use:
- identity and contact details, including your name, date of birth, address, telephone number and email address;
- NHS number and information needed to confirm NHS eligibility, where applicable;
- health and dental information, medical history, medicines, allergies, diagnoses, radiographs, scans, photographs, treatment plans and clinical notes;
- appointment, communication, consent, complaint and feedback records;
- payment, invoice, insurance and finance information; and
- limited website technical information, such as IP address and request details generated when pages or externally hosted fonts are delivered.
We usually receive information directly from you. We may also receive it from a parent or representative, another healthcare professional, the NHS, a referrer, a dental laboratory, an insurer or finance provider where there is a lawful reason to do so.
Health information is “special category” personal data and receives additional legal protection.
3. Why we use your information
| Purpose | UK GDPR basis |
|---|---|
| Arrange appointments, assess your needs, provide private dental care, manage treatment plans and take payment | Article 6(1)(b), taking steps at your request and performing our contract with you |
| Provide NHS care and carry out NHS functions where applicable | Article 6(1)(c) and, where applicable, Article 6(1)(e) |
| Keep clinical, safeguarding, financial and regulatory records and respond to regulators or lawful requests | Article 6(1)(c), legal obligation |
| Practice administration, service improvement, security, fraud prevention and establishing or defending legal claims | Article 6(1)(f), our legitimate interests, balanced against your rights |
| Optional marketing or another use for which we specifically ask permission | Article 6(1)(a), consent, which you may withdraw |
For health information, we normally rely on Article 9(2)(h), because processing is necessary for health care by or under the responsibility of regulated professionals. We may also rely on Article 9(2)(f) for legal claims, or explicit consent for a genuinely optional use.
We do not use patient information for solely automated decisions that produce legal or similarly significant effects.
5. How long we keep information
We keep information only for as long as needed for care, legal, regulatory, tax, insurance and complaint-handling purposes. Dental records are normally retained for at least 11 years after the end of treatment. Records relating to a child are normally retained until at least their 25th birthday, or for 11 years after the end of treatment if that is later. A longer period may apply where required by current NHS rules, safeguarding needs, an investigation or a legal claim.
Routine enquiries that do not become part of a clinical record are kept only for as long as needed to respond and manage any follow-up.
6. Security and confidentiality
We use access controls, staff confidentiality duties, training, secure systems, backups and supplier contracts to protect information. No internet service can be guaranteed completely secure, so please do not send urgent or unusually sensitive clinical information by ordinary email. Call the practice instead.
7. Your data protection rights
Depending on the purpose and lawful basis, you may have the right to:
- ask for a copy of your personal information;
- correct inaccurate or incomplete information;
- ask us to erase or restrict information;
- object to processing based on legitimate interests or to direct marketing;
- receive certain information in a portable format; and
- withdraw consent where consent is the basis used.
These rights are not absolute. In particular, we may need to keep an accurate clinical record despite an erasure request. We normally respond within one month and may ask for proof of identity.
8. Children and representatives
We provide age-appropriate privacy information and involve a person with parental responsibility where required. A child who has sufficient understanding may exercise their own data protection rights. We verify the authority of anyone acting for another person.
9. This website
The website does not currently use analytics or advertising trackers. When you submit the appointment form, the information is transmitted to and temporarily stored by our website and form-hosting provider, Netlify, so the practice can receive and respond to your enquiry. Netlify acts as a service provider processing this information on our behalf. Please do not include detailed medical information in the free-text field. Routine enquiries that do not become part of a patient record are deleted when no longer needed for the response or follow-up.
Pages displaying the practice location include an embedded Google Map, which connects to Google when the map loads and may share technical information such as your IP address and device details. External links and map services operate under their own privacy notices. See our Cookies policy for the current storage and external-content position.
10. Questions and complaints
Please contact our data protection lead first so we can investigate. You also have the right to complain to the Information Commissioner’s Office:
- Make a complaint to the ICO
- Telephone: 0303 123 1113
We may update this notice when our services, suppliers or legal duties change. The review date at the top shows the current version.