Privacy Policy (Website Personal Data Protection Notice)

This privacy notice is the privacy policy and data protection statement for the Craig Y Don Dental Practice website. It does not, however, cover the dental practice (non-website) aspect of data collection, processing, and protection. This is provided in a separate privacy policy statement.

Data Usage and Data Protection Statement

Purpose of Policy

This policy describes how Craig Y Don Dental Practice collects and processes your personal data as part of the task of providing the service of a dental practice from the company’s base in Llandudno, Conwy.

It is important that you read this policy together with any other data related notice that may declared elsewhere in leaflets, waiting room annoucements, etc.

The privacy policy will be updated in the future. Craig Y Don Dental Practice will provide notice of this on the website news blog. This version is dated 26th July 2018.

Data Controller and Data Processor

The data controller and the data processor, collecting and processing the information (online, via the website) provided by Craig Y Don Dental Practice customers or enquirers, in association with the task of providing the service of dental care and hygiene, may be contacted via enquiries.cyd@gmail.com.

The data controller and the data processor, collecting and processing information from the Craig Y Don Dental Practice website, in association with the task of securing and maintaining the integrity of the Craig Y Don Dental Practice website, may be contacted via gdpr@webintrigue.uk. The website data controller/processor is also the web manager and technical expert/advisor.

Why Craig Y Don Dental Practice Processes Personal Data (the “Purpose”)

Personal data, or personal information, is any information about an individual from which that person can be identified. Personal data does not include information where the identity has been removed or is anonymous.

Craig Y Don Dental Practice collects and processes (stores, transfers, archives, updates and uses) different kinds of personal data, which is outlined as follows:

  • Electronic mail and contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, a telephone number (optional) and email address. If Craig Y Don Dental Practice is contacted directly via electronic mail then the name and email address (at the very least) will be collected and processed;
  • Website Functional Data. Various procedures are in place to protect the website from malicious online activities. Personal data will be recorded and processed as a consequence. Statistical data is also recorded, this will include IP address and which pages have been visited and online documents downloaded. Use and content of contact form submissions is recorded for a limited time.

How Craig Y Don Dental Practice Processes Personal Data

With the website contact form an email is generated and sent to the data processor’s computer email application. With direct email communication, the email message is also sent to the data processor’s computer email application. Messages are stored on a password protected and firewall protected computer.

Website functional data is stored in a MariaDB database. Quality assured WordPress plugins are used to record and monitor website activities to ensure no malicious online activities take place. The WordPress plugins used to collect and process website-based data are: statistical add-on “WP Statistics”; security add-on “Wordfence”; electronic mail logger add-on “WP Mail Log” and; website auditing logger add-on “WP Security Audit Log”.

The website files and MariaDB database are stored and maintained on a secure shared hosting server, located within the EU, provided by established UK web hosting company, 20i.

The Lawful Basis for Collecting & Processing Personal Data

The Law states Craig Y Don Dental Practice must tell you the following:

Craig Y Don Dental Practice holds clients’ data because it is in its legitimate interest to do so. Without holding the data Craig Y Don Dental Practice cannot work effectively.

Craig Y Don Dental Practice holds website functional data because it is in its legitimate interest to do so. Without collecting, processing and monitoring web-based data (which includes personal data such as IP address) the website would be vulnerable to cyber-attacks and other malicious online activities.

How Personal Data is Used

With client/customer contact data, your personal data is only used for contact purposes between you and Craig Y Don Dental Practice regarding the task of providing the service of dental care and hygiene. Craig Y Don Dental Practice may ask you if you’d like to opt in to a newsletter subscription containing offers and promotions from Craig Y Don Dental Practice in the future.

With enquirer contact data, your personal data is only used for contact purposes between you and Craig Y Don Dental Practice regarding the possible future task of providing the service of dental care and hygiene.

With the personal data processed in relation with the Craig Y Don Dental Practice website operations, it is the task of Craig Y Don Dental Practice to maintain a website that is safe to use by all, that is uncompromised by malicious online activities, and is data secure for those using the website, be it using the contact form, downloading documents, or reading the news from the embedded news feeds or blog. Website activities and statistics are recorded for a maximum of 12 months and then automatically deleted.

Change of Personal Data Purpose

Craig Y Don Dental Practice will only use your personal data for the purposes for which it was originally collected for (as previously outlined). If another reason arises for which Craig Y Don Dental Practice needs to use your personal data you will be contacted first to gain your consent.

Note that Craig Y Don Dental Practice may further process your personal data without your knowledge or consent where this is required or permitted by law, such as requests from government bodies, e.g. HMRC.

Disclosure of Personal Data

Craig Y Don Dental Practice does not sell, distribute or otherwise make personal data commercially available to any party, except as described in this policy or with your prior consent.

Protection of Your Personal Data

Craig Y Don Dental Practice takes the security of the personal data held seriously, both customer/client personal data and website based personal data. Policies and procedures are in place to safeguard it from loss and misuse.

Craig Y Don Dental Practice also has procedures to deal with any suspected personal data breach and will notify you of breach when legally required to do so.

Good security practices are in places, namely: strong passwords; updated antivirus and firewalls; up to date Windows operating system installations, up to date Microsoft Office applications, and up to date WordPress installation and latest plugins in use at all times.

Length of Time Processed Personal Data Is Stored

Customer/Enquirer contact data: Personal data will be held for the length of the enquiry. Relating emails and the data held within will be deleted in a timely manner (within weeks of the initial enquiry). Personal data from an online enquiry will never be transferred to another data process in the event the enquiry does not become a patient of the dental practice.

Web-based Personal data: Contact form messages are recorded by the WP Mail Log plugin and stored for a maximum of 30 days. The web activities stored by the WP Security Audit Log plugin are kept for 12 months.

Your Legal Rights

Craig Y Don Dental Practice assumes responsibility for keeping an accurate record of personal data once you have submitted the information. Please inform Craig Y Don Dental Practice of any changes to your information.

You are entitled to:

  • Request access to your personal data;
  • Request the correction or deletion of your personal data;
  • Object to the processing of your personal data;
  • Request a restriction of processing your personal data;
  • Withdraw consent at any time, where Craig Y Don Dental Practice is relying on consent to process your personal data.

To exercise any of the above rights, please contact enquiries.cyd@gmail.com for customer/client/enquirer related personal data or gdpr@webintrigue.uk for web related personal data. Alternatively, use the contact form on the Craig Y Don Dental Practice website https://www.cyddental.com

Complaints or Concerned About Craig Y Don Dental Practice Data Processing?

You can direct any enquiries in the first instance to the data controller and processor at Craig Y Don Dental Practice (enquiries.cyd@gmail.com with the subject “GDPR enquiry”) and Craig Y Don Dental Practice will do the upmost to resolve the personal data matter. Failing that, you can contact the Information Commissioner at www.ico.org.uk/concerns or by calling them on 0303 123 1113.