This privacy notice applies to anyone who interacts with us about our products and services (‘you’, ‘your’), in any way (for example, by email, through our website, by phone, through our app). We will give you further privacy information if necessary for specific contact methods or in relation to specific products or services.
This privacy notice applies to you if you ask us about, buy or use our products and services. It describes how we handle your information, regardless of the way you contact us (for example, by email, through our website, by phone, through our app and so on). We will provide you with further information or notices if necessary, depending on the way we interact with each other, for example if you use our apps we may give you privacy notices which apply just to a particular type of information which we collected through that app.
We collect personal information from you and from third parties (anyone acting on your behalf, for example, brokers, health-care providers and so on).
Please see below for more information.
Where you provide us with information about other people, you must make sure that they have seen a copy of this privacy notice and are comfortable with you giving us their information.
We collect personal information from you:
through your contact with us, including by phone (we may record or monitor phone calls to make sure we are keeping to legal rules, codes of practice and internal policies, and for quality assurance purposes), by email, through our websites, through our apps, by post, by filling in application or other forms, by entering competitions, through social media or face-to-face (for example, in medical consultations, diagnosis and treatment).
We also collect information from other people and organisations.
For all our customers, we may collect information from:
your parent or guardian, if you are under 18 years old;
a family member, or someone else acting on your behalf;
doctors, other clinicians and health-care professionals, hospitals, clinics and other health-care providers;
any service providers who work with us in relation to your product or service, if we don’t provide it to you direct, such as providing you with apps, medical treatment, dental treatment or health assessments;
organisations, such as CACI or Binleys, who carry out customer-satisfaction surveys or market research on our behalf, or who provide us with statistics and other information (for example, about your interests, purchases and type of household) to help us to improve our products and services;
fraud-detection and credit-reference agencies; and
sources which are available to the public, such as the edited electoral register or social media.
If we provide you with insurance products and services, we may collect information from:
the main member, if you are a dependant under a family insurance policy;
your employer, if you are covered by an insurance policy your employer has taken out;
brokers and other agents (this may be your broker if you have one, or your employer's broker if they have one); and
other third parties we work with, such as agents working on our behalf, other insurers and reinsurers, actuaries, auditors, solicitors, translators and interpreters, tax advisers, debt-collection agencies, credit-reference agencies, fraud-detection agencies (including health-insurance counter-fraud groups), regulators, data-protection supervisory authorities, health-care professionals, other health-care providers and medical-assistance providers.
If we provide you with health-care, dental or care-home services, we may collect information from:
your employer, if you are covered by a contract for services your employer has taken out or if we are providing occupational health services;
brokers and other agents (this may be your broker if you have one, or your employer's broker if they have one); and
those paying for the products or services we provide to you, including other insurers, public-sector commissioners and embassies.
What we use your personal information for
We process your personal information for the purposes set out in this privacy notice. We have also set out some legal reasons why we may process your personal information (these depend on what category of personal information we are processing). We normally process standard personal information if this is necessary to provide the services set out in a contract, it is in our or a third party’s legitimate interests or it is required or allowed by any law that applies.
Please see below for more information about this and the reasons why we may need to process special category information.
By law, we must have a lawful reason for processing your personal information. We process standard personal information about you if this is:
necessary to provide the services set out in a contract − if we have a contract with you, we will process your personal information in order to fulfil that contract (that is, to provide you and your dependants with our products and services);
in our or a third party’s legitimate interests − details of those legitimate interests are set out in more detail below;
required or allowed by law.
We process special category information about you because:
it is necessary for the purposes of preventive or occupational medicine, to assess whether you are able to work, medical diagnosis, to provide health or social care or treatment, or to manage health-care or social-care systems (including to monitor whether we are meeting expectations relating to our clinical and non-clinical performance);
it is necessary for an insurance purpose (for example, advising on, arranging, providing or managing an insurance contract, dealing with a claim made under an insurance contract, or relating to rights and responsibilities arising in connection with an insurance contract or law);
it is necessary to establish, make or defend legal claims (for example, claims against us for insurance);
it is necessary for the purposes of preventing or detecting an unlawful act in circumstances where we must carry out checks without your permission so as not to affect the outcome of those checks (for example, anti-fraud and anti-money-laundering checks or to check other unlawful behaviour, or carry out investigations with other insurers and third parties for the purpose of detecting fraud);
it is necessary for a purpose designed to protect the public against dishonesty, malpractice or other seriously improper behaviour (for example, investigations in response to a safeguarding concern, a member's complaint or a regulator (such as the Care Quality Commission or the General Medical Council) telling us about an issue);
it is in the public interest, in line with any laws that apply;
it is information that you have made public; or
we have your permission. As is best practice, we will only ask you for permission to process your personal information if there is no other legal reason to process it. If we need to ask for your permission, we will make it clear that this is what we are asking for and ask you to confirm your choice to give us that permission. If we cannot provide a product or service without your permission (for example, we can’t manage and run a health trust without health information), we will make this clear when we ask for your permission. If you later withdraw your permission, we will no longer be able to provide you with a product or service that relies on having your permission.
CHILD PROTECTION POLICY
We are committed to protect children from harm. Our dental team accepts and recognises our responsibilities to develop awareness of the issues which cause children harm.
We will endeavour to safeguard children by:
Adopting child protection guidelines through procedures and a code of conduct for the dental team
Making staff and patients aware that we take child protection seriously and respond to concerns about the welfare of children
Sharing information about concerns with agencies who need to know and involving parents and children appropriately
Following carefully the procedures for staff recruitment and selection
Providing effective management for staff by ensuring access to supervision, support and training
We are also committed to reviewing our policy and good practice at regular intervals.
Our Child Protection Policy
A suitable child protection policy for a dental practice should affirm the practice’s commitment to protect children from harm and should explain how this will be achieved. The policy by itself is not enough, however. Our procedures for safeguarding children also involves:
Listening to children
Providing information for children
Providing a safe and child-friendly environment
Having other relevant policies and procedures in place
Listening To Children
Create an environment in which children know their concerns will be listened to and taken seriously. You can communicate this to children by:
Asking for their views when discussing dental treatment options, seeking their consent to dental treatment in addition to parental consent
Involving them when you ask patients for feedback about your practice
Listening carefully and taking them seriously if they make a disclosure abuse
Providing Information To Children
To support children and families, you can provide information about:
Local services providing advice or activities
Sources of help in time of crisis, for example, NSPCC Child Protection Helpline, NPCC Kids Zone Website, Childline, Samaritans
*UPDATED CONTACT DETAILS CAN BE OBTAINED FROM THE INTERNET*
Providing A Safe And Child-Friendly Environment
Taking steps to ensure that areas where children are seen are welcoming and secure with facilities to play
Considering whether young people would wish to be seen alone or accompanied by their parents
Ensuring that staff never put themselves in vulnerable situations by seeing young people without chaperone
Ensuring that your practice has safe recruitment procedures in place
Other Relevant Policies And Procedures
Clinical governance policies that you already have in place will contribute to your practice being effective in safeguarding children. Relevant policies and procedures include:
Safe staff recruitment procedures: making potential job applicants aware of your
child protection policy, checking gaps in employment history, requesting proof of
identity, and taking up references
Complaints procedure so that children or parents attending your practice can raise
any concerns about the actions of your staff that may put children at risk of harm
Public interest disclosure policy (underperformance policy) so that staff can raise
concerns if practice procedures or action of other staff members puts children at risk
Code of conduct for staff clarifying the conduct necessary for ethical practice,
particularly related to maintaining appropriate boundaries in relationships with
children and young people (including a statement that staff members will be chaperoned when attending to unaccompanied children)
Members of the dental team are in a position where they may observe the signs of
child abuse or neglect or hear something that causes them concern about a child.
The dental team has an ethical responsibility to find out about and follow local
procedures for child protection and to follow them if a child is or might be at risk of
abuse or neglect. There is also a responsibility to ensure that children are not at risk
from members of the profession.
The dental team is not responsible for making a diagnosis of child abuse or neglect,
just for sharing concerns appropriately. Abuse and neglect are described in four
The Safeguarding Lead for the practice is Dr Joanna Prystupa any queries or concerns can be discussed with herself.
Physical Abuse - may involve hitting, shaking, throwing, poisoning, burning or
scalding, drowning, suffocating or otherwise causing physical harm to a child. It may also be caused by a parent or carer fabricating the symptoms of, or deliberately causing, illness in a child. Orofacial trauma occurs in at least 50% of children diagnosed with physical abuse – and a child with one injury may have further injuries that are not visible.
Emotional Abuse - is the persistent emotional maltreatment causing severe and
persistent adverse effects on the child’s emotional development.It may involve conveying to children that they are worthless or unloved, inadequate, or valued only insofar as they meet the needs of the other person.
It may feature:
Age or developmentally inappropriate expectations being imposed on children
Interactions that are beyond the child’s developmental capability
Overprotection and limitation of exploration and learning
Preventing the child participating in normal social interaction
Seeing or hearing the ill‐treatment of another
Causing children frequently to feel frightened or in danger
Exploitation or corruption of children.
Sexual Abuse - involves forcing or enticing a child or young person to take part in
sexual activities, whether or not the child is aware of what is happening. The
activities may involve physical contact, including penetrative (for example rape ,buggery) or non‐penetrative acts. They may include non‐contact activities, such as involving children in looking at, or in the production of, pornographic material or watching sexual activities, or encouraging children to behave in sexually inappropriate ways.
Neglect - is the persistent failure to meet the child’s basic physical and/or
psychological needs, likely to result in the serious impairment of the child’s health or
development. It may occur in pregnancy as a result of maternal substance abuse.
Once a child is born, neglect may involve a parent or carer:
Failing to provide adequate food and clothing, shelter
Failing to protect a child from physical and emotional harm or danger
Failure to ensure adequate supervision
Failure to ensure access to appropriate medical care or treatment
Neglect of, or unresponsiveness to, a child’s basic emotional needs.
If You Are Worried About A Child – Practical Steps
It is uncommon for dentists to see patients with signs of child abuse and, generally,
dentists are not in a position to assess all the factors involved. But where you have
concerns about a child who may have been abused and there is no satisfactory
explanation, prompt action is important.
Could the injury have been caused accidentally? If so, how?
Does the explanation for the injury fit the age and clinical findings?
If the explanation of the cause is consistent with the injury, is this itself within
the normally acceptable limits of behaviour?
If there has been any delay in seeking advice, are there good reasons for this?
Does the story of the accident vary?
The relationship between the parent/carer and child
The child’s reaction to other people
The child’s reaction to dental examinations
Any comments made by the child or parent/carer that give concern about the
child’s upbringing or lifestyle
Discuss your concerns with an appropriate colleague or someone you can trust. If
you remain concerned, informal advice could be sought first from your local social
services without disclosing the child’s name. This will help you decide whether you
should make a formal referral – by telephone so that you can directly discuss your
Seek permission to refer
It is good practice to explain your concerns to the child and parents, informing them
of your intention to refer and seek their consent – being open and honest from the
start results in better outcomes for the children. Do not, however, discuss your
concerns with the parents where
The discussion might put the child at greater risk
The discussion would impede a police investigation or social work enquiry
Sexual abuse by a family member, or organised or multiple abuse is suspected
Fabricated or induced illness is suspected
Parents or carers are being violent or abusive and discussion would place you or others at risk
It is not possible to contact parents or carers without causing undue delay in
making the referral.
Where There Is Serious Physical Injury Arising From Suspected Abuse
Refer the child to the nearest hospital Accident and Emergency Department with
the consent of the person having parental responsibility or care of the child
Advise the A&E Department in advance (by telephone) that the patient is coming
If consent is not obtained, the Duty Social Worker at the local Social Services
Department or the police should be told of the suspected abuse by telephone so
that the necessary action can be taken to safeguard the welfare of the child
A telephone referral to Social Services must be confirmed in writing within 48
hours, repeating all relevant facts of the case and an explicit statement of why
you are concerned. The telephone discussion should be clearly documented –
who said what, what decisions were made and the agreed unambiguous action
Where less serious injury is recorded or there is concern for the physical or
emotional well‐being of the child, discuss the appropriate reporting procedures and
your concerns with a senior local colleague, such as a hospital consultant, dental
adviser or consultant in Dental Public Health or contact the health professional for
child protection at the local Primary Care Organisation (PCO).
Recording and reporting
Reports should be restricted to
The nature of the injury
Facts to support the possibility that the injuries are suspicious
Attendance of the referring dentist may be required by the Social Services
Department at a case conference or if there is a court hearing, so comprehensive
written records of the injuries and its history (as reported) must be kept together with clinical photographs.
Marketing and preferences
We may use your personal information to send you marketing by post, by phone, through social media, by email and by text.
We can only use your personal information to send you marketing material if we have your permission or a legitimate interest as described above.
If you don’t want to receive emails and texts from us you can tell us by contacting us on 01467 621 264 at any time.
Otherwise, you can always contact us on firstname.lastname@example.org to update your contact preferences.
You have the right to object to direct marketing and profiling (the automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests) relating to direct marketing. Please see the section about your rights for more details.
You have the right to access your information and to ask us to correct any mistakes and delete and restrict the use of your information. You also have the right to object to us using your information, to ask us to transfer of information you have provided, to withdraw permission you have given us to use your information and to ask us not to use automated decision-making which will affect you. For more information, see below.
You have the following rights (certain exceptions apply).
Right of access: the right to make a written request for details of your personal information and a copy of that personal information
Right to rectification: the right to have inaccurate information about you corrected or removed
Right to erasure ('right to be forgotten'): the right to have certain personal information about you erased
Right to restriction of processing: the right to request that your personal information is only used for restricted purposes
Right to object: the right to object to processing of your personal information in cases where our processing is based on the performance of a task carried out in the public interest or we have let you know the processing is necessary for our or a third party’s legitimate interest. You can object to our use of your information for profiling purposes where it is in relation to direct marketing
Right to data portability: the right to ask for the personal information you have made available to us to be transferred to you or a third party in machine-readable formats
Right to withdraw consent: the right to withdraw any consent you have previously given us to handle your personal information. If you withdraw your consent, this will not affect the lawfulness of Bupa’s use of your personal information prior to the withdrawal of your consent and we will let you know if we will no longer be able to provide you your chosen product or service
Right in relation to automated decisions: you have the right not to be subject to a decision based solely on automated processing which produces legal effects concerning you or similarly significantly affects you, unless it is necessary for entering into a contract with you, it is authorised by law or you have given your explicit consent. We will let you know when such decisions are made, the lawful grounds we rely on and the rights you have.
Please note: Other than your right to object to the use of your data for direct marketing (and profiling to the extent used for the purposes of direct marketing), your rights are not absolute: they do not always apply in all cases and we will let you know in our correspondence with you how we will be able to comply with your request.
If you make a request, we will ask you to confirm your identity if we need to, and to provide information that helps us to understand your request better. If we do not meet your request, we will explain why.
In order to exercise your rights please contact email@example.com
If you have any questions, comments, complaints or suggestions in relation to this notice, or any other concerns about the way in which we process information about you, please contact us at firstname.lastname@example.org
You also have a right to make a complaint to your local privacy supervisory authority.
You can also lodge a complaint with another supervisory authority which is based in the country or territory where:
you are living,
you work, or
the alleged infringement took place.
We process your personal information for a number of legitimate interests, including managing all aspects of our relationship with you, for marketing, to help us improve our services and products, and in order to exercise our rights or handle claims. More detailed information about our legitimate interests is set out below.
Legitimate interest is one of the legal reasons why we may process your personal information. Taking into account your interests, rights and freedoms, legitimate interests which allow us to process your personal information include:
to manage our relationship with you, our business and third parties who provide products or services for us (for example, to check that you have received a service that you’re covered for, to validate invoices and so on);
to provide health-care services on behalf of a third party (for example, your employer);
to make sure that claims are handled efficiently and to investigate complaints (for example, we may ask your treatment provider for information to make sure we receive accurate information and to monitor the quality of your treatment and care);
to keep our records up to date and to provide you with marketing as allowed by law;
to develop and carry out marketing activities and to show you information that is of interest to you, based on our understanding of your preferences (we combine information you give us with information we receive about you from third parties to help us understand you better);
for statistical research and analysis so that we can monitor and improve products, services, websites and apps, or develop new ones;
to contact you about market research we are carrying out;
to monitor how well we are meeting our clinical and non-clinical performance expectations in the case of health-care providers;
to exercise our rights, to defend ourselves from claims and to keep to laws and regulations that apply to us and the third parties we work with; and
to take part in, or be the subject of, any sale, purchase, merger or takeover of all or part of the Bupa business.
Processing for profiling and automated decision-making
Like many businesses, we sometimes use automation to provide you with a quicker, better, more consistent and fair service, and marketing information we think will be of interest to you (including discounts on our products and services). This will involve evaluating information about you and, in some cases, using technology to provide you with automatic responses or decisions (automated decisions)
You have the right to object to direct marketing and profiling relating to direct marketing. You may also have the right to object to other types of profiling and automated decision-making set out below. In these cases, you have the right to ask us to make sure that one of our advisers reviews an automated decision, to let us know how you feel about it and to ask us to reconsider the decision. You can contact us to exercise these rights on email@example.com
By law, we must tell you about:
automated decision-making (making a decision using technology, without any person being involved); and
profiling (automated processing of your information to help us evaluate certain things about you, for example, your personal preferences and your interests).
This is because you have certain rights relating to both automated decision-making and profiling. You have the right to object to profiling relating to direct marketing. If you do this, we will no longer carry out profiling for direct marketing purposes. You also have the right to object to profiling in other circumstances set out below.
When we make decisions using only automated processing which produce legal effects which concern you or which have a significant effect on you, we will let you know. You then have 21 days to ask us to reconsider our decision or to make a new decision that is not based only on automated processing. If we receive a request from you, within 21 days of receiving your request, we will:
consider the request, including any information you have provided that is relevant to it;
meet your request; and
let you know in writing what we have done to meet your request, and the outcome.
You can contact us to ask about these rights.
Profiling and automated decision-making
The processes set out below involve both profiling and automated decision-making.
Depending on the type of health-insurance product that you want to benefit from, to help us decide what level of cover we can offer you, we will ask you to provide information about your medical history. We may use software to review this information to find out whether you have any previous or existing health conditions which we cannot cover you for and which will be excluded from your policy.
We may use software to help us calculate the price of products and services based on what we know about you and other customers. For example, our technology may analyse information about your claims history and compare it with the information we hold about previous claims to evaluate how likely you are to need to make a claim. We may also evaluate your age, where you live and other details relating to your health (such as existing health conditions and whether you smoke) to calculate prices for community-rated products which are based on predefined groups with similar risk profiles.
The processes set out below involve profiling.
In order to improve outcomes and be more efficient and allow us to offer advice about different treatment paths (for example, alternatives to surgery or other invasive treatments), we may use software to evaluate medical history and information about the general population in an area to identify customers who are likely to need that advice most.
When your policy is due for renewal, our software tells us this and may also evaluate your payment and claims history, information about the general information in a particular area, and other information from third parties to automatically provide you with information about what incentives we can offer you and the marketing messages you will receive.
We ask other organisations to carry out some of our consumer and market analysis to improve our marketing processes. This involves sharing personal information relating to our customers with third parties who specialise in profiling and segmenting people (putting people into groups of different types of customer, based on different kinds of information collected about them, to help us to better target our products to them). These companies match the information we give them with information they get from other sources to improve the accuracy of their analysis. We use the results of this analysis to help us target marketing and offers.
We may use information about the products you have bought, and information about what other customers who have bought the same products you have bought, to make sure we send you information about the products you are most likely to be interested in.
We may share your personal information (including your name, date of birth, sex and the country you live in) with third-party companies, such as FINSCAN, who we use to carry out anti-fraud checks. We will review any matches from this process. (We will not use automated decision-making for this.)
Transferring information outside the European Economic Area (EEA)
We deal with many international organisations and use global information systems. As a result, we transfer your personal information to countries outside the EEA (the EU member states plus Norway, Liechtenstein and Iceland) for the purposes set out in this privacy notice. Not all countries outside the EEA have data-protection laws that are similar to those in the EEA and if so, the European Commission may not consider those countries as providing an adequate level of data protection.
We take steps to make sure that, when we transfer your personal information to another country, appropriate protection is in place, in line with data-protection laws. Often, this protection is set out under a contract with the organisation who receives that information. For more information about this protection, please contact us at firstname.lastname@example.org
How long we keep your personal information
We keep your personal information in line with set periods calculated using the following criteria.
How long you have been a customer with us, the types of products or services you have with us, and when you will stop being our customer.
How long it is reasonable to keep records to show we have met the obligations we have to you and by law.
Any time limits for making a claim.
Any periods for keeping information which are set by law or recommended by regulators, professional bodies or associations.
Any relevant proceedings that apply.
If you would like more information about how long we will keep your information for, please contact us at email@example.com