Practice Plan Limited treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Policy explains how we protect and manage any personal data* you share with us and that we hold about you, including how we collect, process, protect and share that data.
*Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address and an email address or other contact information, whether at work or at home.
How we obtain your personal data
Information provided by you
You provideus with personal data either on your dental plan registration form, via an online application or over the telephone. This includes name, address, date of birth, email address and Direct Debit mandate instructions. We use this information in order to manage and administer your dental plan and/or any claims that you may make under the dental accident and emergency insurance or requests for assistance made to the Worldwide Dental Emergency Assistance Scheme (the Scheme).
We may also keep information contained in any correspondence you may have with us by post or by email. We also record telephone conversations.
We may obtain sensitive medical information directly from you or your dental practice in relation to the assessment of dental accident and emergency insurance claims or requests for assistance made to the Scheme. The provision of this information is subject to you giving us express consent. If we do not receive this consent from you, then we may be unable to consider insurance claims or requests for assistance made to the Scheme. The provision of this personal data is essential for us to be able to collect payments for your dental plan and to administer your plan, including verifying your identity when you contact us to discuss your plan. This means that the legal basis of our holding your personal data is for the performance of a contract.
Information we get from other sources
We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.
This information (including your name, address, email address, date of birth, etc.), as relevant
to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR). You will already have submitted your personal data to these companies and specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.
How we use your personal data
We use your personal data to manage and administer your dental plan as a processor for your
dental practice. We also act as controller and processor in regard to the processing of your Direct
Debit instructions and in regard to the assessment of accident and emergency insurance claims
or requests for assistance made to the Scheme, if applicable. We undertake at all times to protect
your personal data, including any health and financial details, in a manner which is consistent with
your dental practitioner’s duty of professional confidence and the requirements of the General
Data Protection Regulation (GDPR) concerning data protection. We will also take reasonable
security measures to protect your personal data in storage.
Do we use your personal data for marketing purposes?
Any information that you choose to give us will not be used for marketing purposes by us. We will
hold your personal data only for the purposes of administering and managing your dental plan
and processing any accident and emergency insurance claims or requests for assistance made
to the Scheme.
Information about cookies
A cookie is a small text file stored on your browser, for example Internet Explorer. For details of how
We will keep information about you confidential and we will from time to time share your personal
data within the Wesleyan Group of Companies, of which we are a subsidiary, for example for
the purposes of audit and compliance monitoring. We will only disclose your information with other
third parties with your express consent with the exception of the following categories of
Categories of third parties
• insurance companies, loss assessors, regulatory authorities and other fraud prevention
agencies for the purposes of fraud prevention and to comply with any legal and regulatory
issues and disclosures;
• any mailing or printing agents, contractors and advisors that provide a service to us or act as
our agents on the understanding that they keep the information confidential;
• anyone to whom we may transfer our rights and duties under any agreement we have with you;
• any legal or crime prevention agencies and/or to satisfy any regulatory request (including
recognised practitioner bodies) if we have a duty to do so or if the law allows us to do so.
Transfer of your personal data outside of the European Economic Area (EEA)
We do not currently transfer your personal data outside the EEA. If in the future we transfer your
personal data, in accordance with the terms of this Policy outside of the EEA, we will make sure
that the receiver agrees to provide the same or similar protection as we do and that they only use
your personal data in accordance with our instructions.
If you require further information regarding such transfers, please write to the Data Protection
Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or
How long do we keep this information about you?
We keep information in line with the retention policy of our parent company, the Wesleyan
Group. These retention periods are in line with the length of time we need to keep your personal
information in order to manage and administer your dental plan and handle any insurance claims
or requests for assistance made to the Worldwide Dental Emergency Assistance Scheme. They
also take into account our need to meet any legal, statutory and regulatory obligations. These
reasons can vary from one piece of information to the next. In all cases our need to use your
personal information will be reassessed on a regular basis and information which is no longer
required will be disposed of.
Data subject rights
Subject access requests
The General Data Protection Regulation (GDPR) grants you (hereinafter referred to as the “data
subject”) the right to access particular personal data that we hold about you. This is referred to
as a subject access request. We shall respond promptly, and certainly within one month from the
point of receiving the request and all necessary information from you. Our formal response shall
include details of the personal data we hold about you, including the following:
• sources from which we acquired the information;
• the purposes for processing the information; and
• persons or entities with whom we are sharing the information.
Right to rectification
You, the data subject, shall have the right to obtain from us, without undue delay, the rectification
of inaccurate personal data we hold concerning you. Taking into account the purposes of
the processing, you, the data subject, shall have the right to have incomplete personal data
completed, including by means of providing a supplementary statement.
Right to erasure
You, the data subject, shall have the right to obtain from us the erasure of personal data
concerning you without undue delay.
Right to restriction of processing
Subject to exemptions, you, the data subject, shall have the right to obtain from us restriction
of processing where one of the following applies:
a) the accuracy of the personal data is contested by you, the data subject, and is restricted until
the accuracy of the data has been verified;
b) the processing is unlawful and you, the data subject, oppose the erasure of the personal data
and instead request the restriction in its use;
c) we no longer need the personal data for the purposes of processing, but it is required by you,
the data subject, for the establishment, exercise or defence of legal claims;
d) you, the data subject, have objected to processing of your personal data pending the
verification of whether there are legitimate grounds for us to override these objections.
Notification obligation regarding rectification or erasure of personal data
or restriction of processing
We shall communicate any rectification or erasure of personal data or restriction of processing
as described above to each recipient to whom the personal data has been disclosed, unless this
proves impossible or involves disproportionate effort. We shall provide you, the data subject, with
information about those recipients if you request it.
Right to data portability
You, the data subject, shall have the right to receive your personal data, which you have provided
to us, in a structured, commonly used and machine-readable format and have the right to transmit
this data to another controller, without hindrance from us.
Right to object
You, the data subject, shall have the right to object, on grounds relating to your particular situation,
at any time to the processing of personal data concerning you, including any personal profiling;
unless this relates to processing that is necessary for the performance of a task carried out in
the public interest or an exercise of official authority vested in us. We shall no longer process the
personal data unless we can demonstrate compelling legitimate grounds for the processing,
which override the interests, rights and freedoms of you, the data subject, or for the establishment,
exercise or defence of legal claims.
Right to not be subject to decisions based solely on automated processing
We do not carry out any automated processing, which may lead to an automated decision based
on your personal data.
Invoking your rights
If you would like to invoke any of the above data subject rights with us, please write to the
Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS
or email email@example.com
Accuracy of information
In order to provide the highest level of customer service possible, we need to keep accurate
personal data about you. We take reasonable steps to ensure the accuracy of any personal data
or sensitive information we obtain. We ensure that the source of any personal data or sensitive
information is clear and we carefully consider any challenges to the accuracy of the information.
We also consider when it is necessary to update the information, such as name or address
changes and you can help us by informing us of these changes when they occur.
Questions and queries
potential concerns about how we may use the personal data we hold, please write to the Data
Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS
or email firstname.lastname@example.org
standards and to protect your privacy. We reserve the right, at all times, to update, modify or
are aware of any changes we may have made, however, we will not significantly change how we
use information you have already given to us without your prior agreement. The latest version of
this policy can be found at http://scheme.practiceplan.co.uk/patients.
If you have a complaint
If you have a complaint regarding the use of your personal data or sensitive information then
please contact us by writing to the Data Protection Officer at Cambrian Works, Gobowen Road,
Oswestry, Shropshire SY11 1HS or email email@example.com and we will do our best
to help you.
If your complaint is not resolved to your satisfaction and you wish to make a formal complaint to
the Information Commissioner’s Office (ICO), you can contact them on 01625 545745 or 0303
123 1113. You also have the right to judicial remedy against a legally binding decision of the ICO
where you consider that your rights under this regulation have been infringed as a result of the
processing of your personal data. You have the right to appoint a third party to lodge the complaint
on your behalf and exercise your right to seek compensation.