sweet smile privacy policy

What is our Privacy Policy?

From 21 January 2020, a new data protection law is being introduced in the UK, it's called the General Data Protection Regulation (GDPR). This aims to give you greater control over your personal information and to better protect your data in the modern world. We'd like to take the opportunity to let you know more about how we use your data. The practice aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR], the guidelines on the Information Commissioner’s website as well as our professional guidelines and requirements.

What's changing?

We'll be updating our "Privacy Policy" in line with these changes. Our "Privacy Policy" include details about the following:

  • Our legal reasons for using your information
  • Your new rights relating to the information we hold about you.

What's not changing?

One thing that isn't changing is our commitment to keeping your personal information safe. We protect all of the data we hold about you and keep it confidential. We'll always be open and clear with you on how we're going to use it when we collect it.


Maintaining the security of your data is a priority at Sweetsmile and we are committed to respecting your privacy rights.We pledge to handle your data fairly and legally at all times. Sweetsmile is also dedicated to being transparent about what data we collect about you and how we use it.

This policy which applies when you visit our clinic provides you with information about:

  • how we use your data
  • what personal data we collect
  • how we ensure your privacy is maintained
  • your legal rights relating to your personal data


Sweetsmile has an appointed Data Protection Officer to ensure we protect the personal data of our patients (and others) and comply with data protection legislation.

The Data Controller is Miriam Mocton who is also the information Governance Lead and the Data Protection Officer. This Privacy Notice is available from reception in hard copy and on our website.

If you have any questions about how Sweetsmile uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact our Data Protection Officer by

  • phone: 020 82031599
  • e-mail: theteam@sweetsmile.co.uk or
  • write to: Data Protection Officer, Sweetsmile, Crest Cottage The Crest London NW4 2HN.

You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk


Sweetsmile collects the following information about you:

  • your name, age/date of birth and gender;
  • your contact details: postal address , telephone numbers (including mobile numbers) and e-mail address;
  • your medical history and doctors details

You will be asked to provide personal information when joining the practice. The purpose of us processing this data is to provide optimum health care to you. The categories of data we process are:

Personal data for the purposes of staff and self-employed team member management

  • Special category data including health records for the purposes of the delivery of health care
  • Special category data including health records and details of criminal record checks for managing employees and contracted team members. We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared.
  • Personal data is stored in the [EU] whether in digital or hard copy format • Personal data is stored in the US in digital format when the data storage company is certified with the EU-US Privacy Shield •
  • Personal data is obtained when a patient joins the practice and when a patient is referred to the practice The lawful basis for processing special category data such as patients’ and employees’ health data is:
  • Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional

The lawful basis of processing personal data such as name, address, email or phone number is:

  • Consent of the data subject
  • Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records in order to meet our legal requirements. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of other retention periods are available in the Record Retention procedure available from the practice.


Our controls

Sweetsmile is committed to keeping your personal data safe and secure.

  • Our security measures include:
  • encryption of data;
  • regular cyber security assessments of all service providers who may handle your personal data;
  • regular scenario planning and crisis management exercises to ensure we are ready to respond to cyber security attacks and data security incidents;
  • security controls which protect the entire Sweetsmile IT infrastructure from external attack and unauthorised access; and
  • internal policies setting out our data security approach and training for employees

Sharing data with third parties

Our service providers and other medical professionals

In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT eg: software of excellence dental service providers and other medical professionals and hospitals.

Sweetsmile only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to Sweetsmile and to you, and for no other purposes.

Other third parties

Aside from our service providers, will not disclose your personal data to any third party, except as set out below. We will never sell or rent our patient data to other organisations for marketing purposes.

We may share your data with:

  • only if we have your consent to do so;
  • governmental bodies, regulators, law enforcement agencies, courts/tribunals and insurers where we are required to do so:
  • to comply with our legal obligations;
  • to exercise our legal rights (for example in court cases);
  • for the prevention, detection, investigation of crime or prosecution of offenders; and
  • for the protection of our employees and patients


You have the following rights:

  • the right to ask for a copy of personal data that we hold about you (the right of access);
  • the right (in certain circumstances) to request that we delete personal data held on you; where we no longer have any legal reason to retain it (the right of erasure or to be forgotten);
  • the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you (the right of rectification);
  • the right to opt out of any marketing communications that we may send you and to object to us using / holding your personal data if we have no legitimate reasons to do so (the right to object);
  • the right (in certain circumstances) to ask us to ‘restrict processing of data’; which means that we would need to secure and retain the data for your benefit but not otherwise use it (the right to restrict processing); and
  • the right (in certain circumstances) to ask us to supply you with some of the personal data we hold about you in a structured machine-readable format and/or to provide a copy of the data in such a format to another organisation (the right to data portability).

If you wish to exercise any of the above rights, please contact us in writing by sending an email to theteam@sweetsmile.co.uk or by post to the clinic.

  • Further details of these rights can be seen in our Information Governance Procedures or at the Information Commissioner’s website. Here are some practical examples of your rights:
  • If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. We have carried out a Privacy Impact Assessment and you can request a copy from the details below. The details of how we ensure security of personal data is in our Security Risk Assessment and Information Governance Procedures .


This policy was last updated on May 15th, 2021.