Bax Dental takes great care to protect the personal data we hold for our team members in line with the requirements of the General Data Protection Regulation (GDPR).
‘Team member’ includes all employed staff, self-employed individuals, locum staff, temporary workers and contractors.
The personal data we process (processing includes obtaining the information, using it, storing it, securing it, disclosing it, and destroying it) for team members includes:
- Name, address, date of birth
- Telephone numbers, email address
- Next of kin
- Health information
- Job application interview notes
- DBS disclosure reference
- CV and references
- Proof of identity and right to work in the UK
- Job description, contract details and salary
- NI number, bank details, tax details and pension details
- Details of any grievances or disciplinary action (if any)
- Letter of resignation (only when received)
We keep an inventory of personal data we hold on our team members and this is available for all team members on request.
The main reasons are to allow us to administer the contract we have with you and to comply with our legal obligations.
The situations in which we will process your personal information include the following:
- When making a decision about your recruitment or appointment
- Determining the terms on which you work for and with us
- Checking you are legally entitled to work in the UK
- Paying you and, if you are an employee, deducting tax and National Insurance contributions
- Liaising with your pension provider
- Administering the contract we have entered into with you
- Business management and planning, including accounting and auditing
- Conducting performance reviews, managing performance and determining performance requirements
- Conducting appraisals and supporting you to develop a personal development plan
- Making decisions about salary reviews and compensation
- Assessing qualifications for a particular job or task, including decisions about promotions
- Gathering evidence for possible grievance or disciplinary hearings
- Making decisions about your continued employment or engagement
- Making arrangements for the termination of our working relationship
- Education, training and development requirements
- Dealing with legal disputes involving you, or other employees, workers and contractors, including accidents at work
- Ascertaining your fitness to work
- Managing sickness absence
- Complying with health and safety obligations
- To prevent fraud
- To monitor your use of our information and communication systems to ensure compliance with our IT policies
- To ensure network and information security, including preventing unauthorised access to our computer and electronic communications systems and preventing malicious software distribution
- To conduct data analytics studies to review and better understand employee retention and attrition rates
- Equal opportunities monitoring.
Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
The information we collect, and store will not be disclosed to anyone who does not need to see it.
We will share our team members’ personal information with third parties when required by law or where it is necessary to administer the working relationship with them or where we have another legitimate interest for doing so.
Third parties we may share team members’ personal information with may include:
- Payroll providers
- Our accountants
- Software support providers
- Hardware support providers
- Human resource management providers
- Patient payment plan providers
- Regulatory authorities such as the General Dental Council or the Care Quality Commission
- NHS Local Authorities
- Dental payment plan administrators
- Insurance companies
- Loss assessors
- Fraud prevention agencies
- In the event of a possible sale of the practice at some time in the future.
We may also share personal information where we consider it to be in a team member’s best interests or if we have reason to believe an individual may be at risk of harm or abuse.
Under the GDPR all individuals have the following personal privacy rights in relation to the information held about them.
Team members have a right to:
- Access to and copies of their records.
- Have inaccuracies deleted.
- Have information about them erased.
- Object to direct marketing. n.b.There are are no circumstances in which team members would be subject to direct marketing as a result of their status as practice team members.
- Restrict the processing of their information, including automated decision-making.
- Take their data to another employer or anywhere else.
It is the individual team members responsibility to ensure that any changes to their personal information are notified immediately.
Team members who wish to exercise any of their personal privacy rights should speak to Jon Bax.
Team members who wish to have inaccuracies deleted or to have information erased must speak to the Jon Bax, who is the Data Controller.
The GDPR requires us to state the legal basis upon which we process all personal data for our practice team members and it requires us to inform them of the legal basis on which we process their personal data.
The legal basis on which we process the different types of personal information we hold for our team members is provided in our team members personal data inventory records, a copy of which is freely available to all team members and will be provided at the same time as this Privacy Notice.
We do not foresee any circumstances in which team members’ personal data would be subjected to automated decision making. If this position changes we would provide notice of this in writing and team members would be advised of their right to object.
We do not need consent if we use team members personal information in accordance with our legal obligations or to ensure we can fulfil our contractual requirements in relation to the employment contracts or self-employed agreements we have with individuals because it is not the legal basis on which we process personal information for our team members.
In limited circumstances, we may approach an individual team member for their written consent to allow us to process certain particularly sensitive data. If we do so, we will provide the individual with full details of the information that we would like and the reason we need it, so that the individual can carefully consider whether they wish to consent. Team members are advised that it is not a condition of their contract or agreement that they agree to any request for consent and accordingly they have a right to refuse their consent.
We will retain team members’ personal information only for as long as we need to in order to fulfil the purposes for which it was collected.
After our working relationship has terminated we will retain team members’ personal data for 6 years.
The GDPR requires us to inform all individuals for whom we process personal data whether it will be transferred outside the EU. We do not foresee any circumstances in which team members’ personal data would be transferred outside the EU If this position changes we would provide notice of this in writing.
We take the security of all the personal data we process for team members very seriously and appropriate security measures are in place to protect it against unauthorised access, loss or destruction. Access to personal information about individual team members is strictly limited to those people who need to access it. Any contractor or provider who has a legitimate reason for having access to personal data is bound by a duty of confidentiality.
We have clear procedures in place to deal with any data breach and these are described in our Data Protection Policy. Should the breach involve a breach of confidentiality then we will notify the individual involved in addition to the Data Protection Authorities.
All individuals who have personal data held about them have a right to complain about how their personal data is processed. All complaints concerning personal data should be made in person or in writing to Jon Bax. All complaints will be dealt with promptly and as described in our Data Protection Policy.
This Policy was reviewed and implemented on: 16.05.2018
It will be reviewed annually or prior to this date in accordance with new guidance or legislative changes.
We are required under data protection legislation to notify you of the information contained in this privacy notice. It is very important that you read this notice, together with our Data Protection Policy that includes our GDPR Policy and Procedures and any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.