Introduction
Welcome to the Vittorio Gherardi privacy policy.

Vittorio Gherardi respects your privacy and is committed to protecting your personal data. We understand the importance of protecting both your privacy and confidentiality in compliance with the guidelines published by the General Dental Council.

This privacy policy will inform you as to how we look after (and process) your personal data that we collect from you or that you provide to us:

    •  when you use our website (https://vittoriogherardi.co.uk/) (Website) (regardless of where you visit it from);
    • through your visits to and interactions with us at our clinic at currently located at 31 Harley Street, London W1G 9QS (though we may update this address as needed from time to time) (Clinic);
    • through any other interactions with us, including any telephone or online discussions; or
    • during the provision of a treatment.It also tells you about your privacy rights and how the law protects you.

Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

1. IMPORTANT INFORMATION AND WHO WE ARE
2. THE DATA WE COLLECT ABOUT YOU
3. HOW IS YOUR PERSONAL DATA COLLECTED?
4. HOW WE USE YOUR PERSONAL DATA
5. DISCLOSURES OF YOUR PERSONAL DATA
6. INTERNATIONAL TRANSFERS
7. DATA SECURITY
8. DATA RETENTION
9. YOUR LEGAL RIGHTS
10. HOW TO CONTACT US
11. CHANGES TO THE PRIVACY POLICY

1. IMPORTANT INFORMATION AND WHO WE ARE

Purpose of this privacy policy
This privacy policy aims to give you information on how we collect and process your personal data when providing health care services to you or through your use of the Website.It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.

Controller
V Gherardi Ltd is the data controller and is responsible for your personal data.

Third-party links

The Website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

    • Identity Data includes first name, last name, marital status, title, date of birth, gender, patient ID number and occupation.
    • Contact Data includes your address, email address and telephone numbers.
    • Financial Data includes bank account and payment card details.
    • Medical Information includes information about your treatment such as:
      • Information about your dental and general health;
      • Clinical records made by dentists and other dental professionals involved withyour care and treatment;
      • X-rays, clinical photographs, digital scans of your mouth and teeth, and studymodels;
      • Medical and dental histories; and
      • Treatment plans and consent.
    • Transaction Data includes details of treatment that you have booked or we have provided to you.
    • Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.

Other than the Medical Information referred to above, we do not collect Special Categories of Personal Data such as your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, and genetic and biometric data, or any information about criminal convictions and offences.

If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide medical treatment to you). In this case, we may have to cancel a treatment that you have booked with us, but we will notify of this at the time.

We would like to reassure you that Medical Information we receive or collect about you will only be processed in connection with the provision of medical treatment and in accordance with this policy unless the data has been truly anonymised.

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We use different methods to collect data from and about you including through:

● Direct interactions. You may give us your Identity, Contact and Financial Data, as well as Medical Information by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:

    • Contact us (by email, phone, via the Website or otherwise) to book an appointment, make a general enquiry or when you contact us for any other reason or have other interactions with us, including any telephone or online discussions;
    • Come for an appointment in person at the Clinic;
    • During the course of any treatment you may receive at the Clinic;
    • If you provide us with information about a patient if the patient is a child or does nothave mental capacity to make their own decision in respect of any medicaltreatment;
    • When you complete a form at the Clinic;
    • When you make a complaint or report an incident at the Clinic;
    • When you are referred to us by, for example, your medical insurance provider oranother dentist; and
    • Give us feedback or otherwise contact us.

Third parties. We will receive personal data about you from various third parties as set out below:

  • Contact, Financial and Transaction Data from providers of technical or payment services.

4. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
    • To provide health care to you or the management of health care services.
    •  To perform the contract we are about to enter into or have entered into with you.
    • Where you have consented to us processing your personal data (in some circumstancesthis will be explicit consent).
    • Where it is necessary for our legitimate interests (or those of a third party) and yourinterests and fundamental rights do not override those interests.
    • To comply with a legal obligation.
    • To establish, exercise or defend legal claims.

How and why we use your personal data
We describe below all the ways we plan to use your personal data, the legal bases we rely on to do so, and how long we will keep such data. Where our legal basis is a legitimate interest, we identify what the legitimate interest is.

Note that we may process your personal data for more than one lawful ground depending on the purpose for which we are using your data. Please contact us if you need details about the specific lawful basis we are relying on to process your personal data where more than one is set out below.

What we use your personal data for Type of data Lawful basis for processing including basis of legitimate interest
To enable us to process an initial enquiry made by you. (a) Identity Data
(b) Contact Data
(c) Medical Information
(d) Financial Data
(e) Transaction Data
(a) For Medical Information, the provision of health care.
(b) Performance of our contract with you to provide such health care to you.
To enable us to process a referral from a third party (for example, your insurer , a hospital, another dentist or medical professional). (a) Identity Data
(b) Contact Data
(c) Medical Information
(d) Financial Data
(e) Transaction Data
(a) For Medical Information, the provision of health care.
(b) Performance of our contract
with you to provide such health care to you.
To book an appointment. (a) Identity Data
(b) Contact Data
(c) Medical Information
(d) Financial Data
(e) Transaction Data
(a) For Medical Information, the provision of health care.
(b) Performance of our contract
.
with you to provide such health care to you.
To email / text you booking confirmations and appointment reminders. (a) Identity Data
(b) Contact Data
(c) Medical Information

Explicit consent.

To provide you with a treatment and health care

  1. (a)  Identity Data
  2. (b)  Contact Data
  3. (c)  Medical Information
  1. (a)  For Medical Information, the provision of health care.
  2. (b)  Performance of our contract

.

with you to provide such health care to you.

To provide you with emergency care (if you cannot consent).

(a) (b)

Identity Data

Medical Information

To the extent this is necessary, to provide such emergency care to you.

The vital interests of the data subject (i.e. to protect your life).

To send your medical records (including clinic letters) to you.

(a) IdentityData

  1. (b)  Contact Data
  2. (c)  Medical Information

(a) For Medical Information, the provision of health care.

(b) Performance of our contract with you to provide such health care to you.

To provide information about your condition, treatment and any other relevant information to your insurance provider.

  1. (a)  Identity Data
  2. (b)  Medical Information

Necessary for an insurance purpose.

To process payments for the provision of treatment and for cancellation fees.

  1. (a)  Identity Data
  2. (b)  Contact Data
  3. (c)  Financial Data
  4. (d)  Transaction Data

Performance of a contract with you.

To deal with any complaints or concerns you have raised or to process any feedback received.

  1. (a)  Identity Data
  2. (b)  Contact Data
  3. (c)  Medical Information
  1. (a)  If you include Medical Information, explicit consent.
  2. (b)  Necessary for our legitimate interests (to enable us to improve our treatment and care and respond to your complaint)

Marketing and opting-out
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.

You will receive marketing communications from us if you have requested information from us or purchased services from us and you have not opted out of receiving that marketing.

You can ask us to stop sending you marketing messages at any time by contacting us at any time.

Where you opt out of receiving these marketing messages, we can still contact you to perform our contract with you.

Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. DISCLOSURES OF YOUR PERSONAL DATA

We may share your personal data with the parties set out below for the purposes set out in the table above.

  • Your private medical insurance provider requesting information about your treatment;
  • Your doctor (if you ask us to share information with them);
  • Self-employed personnel providing treatments to you at the Clinic;
  • Dental laboratories;
  • Government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information);
  • Service providers (for example, payment, IT support and system administration services, hosting services (including cloud storage and data management services), who may access your personal data (including sensitive personal data);
  • Professional advisers including lawyers, bankers, auditors, and insurers;
  • Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets or from whom we may seek or obtain investment (or any such potential third parties. Alternatively, we may seek to acquire (or be acquired by) other businesses ormerge with them and may disclose your information as required in that context; and
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation but only if such legal obligation takes precedence over our duty ofconfidentiality owed to you.We require all third parties to respect the confidentiality and security of your personal data and to treat it in accordance with the law, and we comply with the data minimisation principle in not sharing more personal data than we need to in order to achieve the relevant purposes. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

6. INTERNATIONAL TRANSFERS

We do not transfer your personal data outside the UK.

7. DATA SECURITY

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. DATA RETENTION
How long will you use my personal data for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

In line with the General Dental Council, we will retain your personal data (including special categories of data also known as sensitive personal data) for a minimum of 10 years after the date of the last treatment provided by us to you. You can request details on retention periods for different aspects of your personal data by contacting us.

In some circumstances you can ask us to delete your data: see your legal rights and obligations below for further information.

9. YOUR LEGAL RIGHTS AND OBLIGATIONS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. Please see below to find out more about these rights:

  • Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or that of a third party) and you want to object to the processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may have compelling legitimate grounds to process your data which override your rights and freedoms.
  • Request restriction of processing your personal data. You also have the right to restrict us from processing your personal data if the data is inaccurate, the processing is unlawful (but you do not want us to erase it), we no longer need your personal data for the purposes for which we hold it (but you need it to establish, exercise or defend legal claims) or you have objected to our use of your data but we need to verify whether we have an overriding legitimate ground to use it.
  • Request transfer of your personal data to you or to a third party. We will provide to you,or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to withdraw consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact us.

No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Making a complaint
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO or another regulator so please contact us in the first instance.

Your duty to inform us of changes
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

10. HOW TO CONTACT US

Questions, comments and requests regarding our privacy policy are welcomed and should be addressed to V Gherardi Ltd at 31 Harley Street, London W1G 9QS or by email to info@vittoriogherardi.co.uk or by phone on +44 (0)20 3370 2800.

Please also contact us if you would like to know more about our data processing activities, to update or amend any of your personal data which you have provided to us or if you believe our records relating to your personal data are incorrect.

11. CHANGES TO THE PRIVACY POLICY

We keep our privacy policy under regular review. This version was last updated on 19th October 2022.