Direct Dental Hygienists aim to meet the requirements of the General Data Protection Regulation (GDPR), the guidelines on the Information Commissioners Website as well as our professional guidelines and requirements.

The data controller is ALISON CRAIG, who is also the information governance lead.

THE PRIVACY NOTICE is available on the practice website at or at the reception. All new patients receive this along with their patient satisfaction questionnaire, action taken in regards to your comments given to help us improve the standards and quality of care, also prevention topic of the year and gum disease leaflet. Knowledge and prevention is our aim at promoting good oral health.

Consent to a scale and polish is gained at every visit, also the knowledge of the price £34.99 WEEKDAYS and £39.99 Saturdays. Also a box is ticked if there is any change in your medical history and updated at each visit – Certain medication and illness have an effect on the oral cavity. If there is a medical emergency the staff can act promptly. This is all strictly confidential. Your files are locked away in a fireproof cabinet, never to leave the building. The building is alarmed.

During your treatment with the hygienist it is your right to withdraw your consent at any given moment, just verbally tell the hygienist.

You will be asked to provide personal information when joining the practice. The purpose of us processing data is to provide optimum health care to you.

The categories of data we process are:

  • Personal data for the purpose of staff and self- employed team member management.

  • Personal data for the purpose of direct mail/ email/ text marketing.

  • Special category data including health records for the purposes of the delivery of health care.

  • Special category data including health records and details of criminal record checks for managing employees and contracted team members.

We never pass your personal details to a third party. If we intend to refer a patient to another practitioner we will gain the patients consent before the referral is made and the personal data is shared.

  • Personal data is stored in the (EU) whether in digital or hard copy format.

The lawful basis for processing special category data such as patients and employees health is:

Processing is necessary for the purpose of preventative or occupational dentistry, for assessing the working capacity of the employee, medical diagnosis, and the provision of oral health care, treatment and management.

The lawful basis of processing personal data such as name, address, email or phone number is:

  • Consent of the data subject.

  • Processing is necessary for the performance of a contract with the data subject.


    The retention period for special data in patient records is a minimum of 10 years in order to meet our legal requirements.

    The retention period for staff records is 6 years.


You have the following personal data rights:

  • The right to be informed.

  • The right of access.

  • The right to rectification.

  • The right to erasure (clinical records must be retained for a certain time period).

  • The right to restrict processing.

  • The right to data portability.

  • The right to object.  

Further details of these rights can be seen in our Information Governance Procedures (M217C) overleaf.

If you are a patient at the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text.

Under GDPR, patients will have the right to receive the personal data which they have previously provided, and have the right to transmit that data to another controller.

This information will need to be provided free of charge, thus removing the previous £50.00 subject access fee for dental records. This will apply only to data processed by automatic means, and not to paper files.  


We have carried out a

Privacy Impact Assessment (M217S)

Security Risk Assessment (M217M)

Data Protection and Information Security Policy (M233-DPT)

Consent Policy (M233-CNS)

Please contact the practice for a comment, suggestion or a complaint about your data processing. We take complaints very seriously.