Privacy Policy

Corona Tests /Night Dental Ltd is registered with the Information Commissioner’s Office (ICO) under registration number As a user of Corona Tests /Night Dental Ltd’s services, we will collect what is known as personal data about you. Personal data is information from which you, as an individual, can be identified. This policy outlines how the relevant company you interact with will use, store and protect any personal data that you provide or that we otherwise hold about you when using Corona Tests /Night Dental Ltd’s COVID-19 testing services.A separate privacy policy applies in respect of other personal data which Corona Tests /Night Dental Ltd may collect or otherwise hold about you in connection with other goods and services we provide or receive, and where you are a Corona Tests /Night Dental Ltd customer for anything other than COVID-19 testing. Please contact on this. Corona Tests /Night Dental Ltd acts as a processor of personal data on behalf of the UK Department of Health and Social Care (the DOH). This means that the DOH is the organisation that decides the purposes for which your personal data is used and the way in which it is processed, and Corona Tests /Night Dental Ltd acts on its behalf, and in accordance with its instructions, as a service provider. The relevant DOH privacy policy is available here: you have obtained your COVID-19 test privately, then the relevant controller of personal data (i.e. the organisation that decides the purposes for which and the way in which your personal data is dealt with) will be Corona Tests /Night Dental Ltd Unless indicated otherwise, this policy sets out how Corona Tests /Night Dental Ltd will use, store and protect any personal data we collect or generate about you for both private tests and public tests.We will collect personal data as part of our online PCR testing kit registration process. Registration is essential for all testing and reporting of results to proceed, and it is essential that you complete these details, and confirm your acceptance of this policy, personally.The information we collect during registration is a legal requirement from Department for Health and Social Care, Public Health England. This includes: •               Full Name•               Sex•               Date of Birth•               NHS number (if known and applicable)•               Ethnicity•               Home address, including postcode, and the address at which you intend to reside in England (if different)•               Email address•               Telephone number•               Vaccination status: How many doses, date of doses•               The purpose of the test  For Fit to Fly•               Passport number•               Coach number/ Flight number or vessel name (as appropriate)•               Date on which you are departing•               The country or territory you are travelling to From international arrivals:•               Passport number •               The date of their arrival in the UK•               Coach number/ Flight number or vessel name (as appropriate)•               Date on which you last departed from or transited through a country or territory outside the common travel area:•               The country or territory you were travelling from when you arrived in the UK, and any country or territory you transited through as part of that journey•               The purpose of the test – this must include whether the test was for an amber list or green list arrival and whether the test was for day 2, day 8 or Test to Release•               Green/Amber/Red•               Date 2/ Day 8 or Test to Release STAFF TO ADD:•               the sample specimen ID number•               the time and date of swabbing•               Self swabbing specimen taken at home  or on site and whether monitored over video/ on site by sampler •               Packaged securely•               Sending of sample method and address•               Results•               Result provided through PDF. Email We will not collect any information which we, or relevant third parties, do not need.Once your swab sample has been returned to us, and it has been tested for COVID-19, our systems will automatically generate a report which shows our findings (the Report). This Report will include some of the personal details that you have provided to us about yourself. We will also hold this information in a centralised database.Please note that there are limitations inherent in the sample collection and testing process, which are explained in our terms and conditions here:, and in the test instructions that were provided to you when you received your test kit. It is important that the personal data we hold about you is accurate and current, and we cannot be held responsible for incorrect data that is provided by you. Please keep us informed if your personal data changes during your relationship with us.If you fail to properly provide all requested data or provide incorrect data we may be unable to provide the testing services or notify you of your results. There is also a risk that third parties could be inadvertently provided with your data if, for example, you have not correctly entered your email address, or your email servers are compromised. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data on one or more of the following grounds:Where we need to perform the contract for testing services that we have entered into with you (in the case of Partner laboratories Health in respect of private tests).Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.Where we need to comply with a legal obligation (including the terms of our contract with the DOH, in the case of Partner laboratories, department of health and government requirements Labs in respect of NHS tests).You may withdraw your consent to processing at any time by contacting us using the details below. Any payments made for testing services are non-refundable, as explained in our terms and conditions  that you.Where we are using your personal data that identifies your health data, we are doing that either on the basis of your explicit consent, your vital interests, for public interest, medical diagnostic reasons or preventative or occupational health reasons.Generally, Night Dental/ Corona Tests and partner laboratories,  will use the data you provide to test your swab samples for COVID-19 and notify the results to you as the registered user of the kit via the Report. A copy of the Report will be sent by email to the email address you provided to us when you signed up through our registration portal.After your sample has been posted to us, please make sure to regularly check your emails (including any junk or spam folder) for any email attaching the Report. Please note that we are not responsible for the security of any domains in respect of email addresses you have given us. If you believe you have received a Report in error, please contact us at immediately.Additional information, including home address, is necessary for notifying the relevant public health or other Government authorities of the results of your test, if we are requested to do so.Personal data required for COVID-19 testing (including test results) is held on controlled computer systems. As a controller or processor of personal data, Night Dental Ltd/ Corona Tests  and its affiliated companies must process your information fairly and lawfully. We will also process your data in accordance with the instructions of the DOH and the terms of our contract.We also collect, use and share Aggregated Data for any purpose. Aggregated Data could be derived from your data but is not considered personal data as this it will not directly or indirectly reveal your identity.We will not use any personal data that we collect for marketing purposes unless you have separately signed up to receive marketing communications from us.Night Dental Ltd/ Corona Tests  will not generally share personal data about you with other organisations or people, unless permitted or required by law, you have provided consent, or a third party is required to provide our testing services to you (in such circumstances, the third party will be bound by similar data protection requirements). Nor do we transfer your personal data outside of the UK.That said, please note that your data (including your test results) may be available to relevant health or other governmental authorities for the purposes of, among other things, contact tracing and infection control.We may also share your data with third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.Where possible, we require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.We must keep all personal data safe and hold it for no longer than is necessary in line with our legal obligations.We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.Night Dental Ltd/ Corona Tests  Health will hold your data for a minimum of six years for liability purposes. We review the personal data we hold on a regular basis.We have set out an explanation of your rights regarding the data we hold below. Please note that these only apply where you have paid Night Dental Ltd/ Corona Tests  Health for your test.Access & Portability: You have the right to ask us for copies of your personal data to be sent to you and for personal data to be sent to a third party. There are some exemptions, which means you may not always receive all the information we process. For information to be shared to someone on your behalf, usually consent must be provided by you.Rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. If at any point your personal data changes, it is up to you to update us.Erasure: You have the right to ask us to erase your personal data in certain circumstances, which means your personal data being removed from our databases.Restriction of Processing: You have the right to ask us to restrict the processing of your personal data in certain circumstances, for example, whilst a complaint about its accuracy is being resolved.Object to Processing: You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests although Randox can override this objection where we have legal grounds to do so.
You should be aware that taking some of the above steps will impact on the ability of Randox to complete the service you have agreed. Failure to register key personal details and (if relevant) provide consent will prohibit Randox from testing your sample and no results will be provided to you. As noted above, no refunds will be made where you have paid Randox Health for private testing in such circumstances.We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this policy. Please contact in the first instance, if you wish to:Withdraw your consent to processing;See your personal data or to exercise any of the rights mentioned above; orMake a complaint about how we have handled your personal data. If you are not satisfied with our response to any query you raise with us, or you believe we are processing your personal data in a way which is inconsistent with the law, you can complain to the ICO office helpline: 0303 123 1113. We would appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.Please do not contact the ICO regarding processing by Randox if your complaint relates to the processing of your data by the DOH (in respect of NHS tests).Corona Tests /Night Dental Ltd You will be asked to provide personal information when joining the practice. The purpose of processing your personal data is to provide you with optimum dental health care and prevention.The categories and examples of data we process are:Personal data for the provision of health carePersonal data for the purposes of providing treatment plans, recall appointments, reminders or estimatesPersonal data such as details of family members for the provision of health care to children or for emergency contact detailsPersonal data for the purposes of employed and self-employed team members employment and engagement respectivelyPersonal data for the purposes of [direct mail/email/text/other] to inform you of important announcements or about new treatments or servicesPersonal data - IP addresses so that we can understand our patients better and inform our marketing approach as well as improve the web site experienceSpecial category data including health records for the purposes of the delivery of health care and meeting our legal obligationsSpecial category data including health recordsSpecial category data to meet the requirements of the Equality Act 2010Special category data details of criminal record checks for employees and contracted team membersWe minimise the data that we keep, and do not keep it for longer than necessary.We never pass your personal details to a third party unless we have a contract for them to process data on our behalf and will otherwise keep it confidential. If we intend to refer a patient to another practitioner or to secondary care such as a hospital we will gain the individual’s permission before the referral is made and the personal data is shared. Your data will be shared with the NHS in England if you are having NHS treatment.Personal data is stored in the UK whether in digital or hard copy formatPersonal data is obtained when a patient joins the practice, when a patient is referred to the practice by NHS 111/ NHS Booking services or other dental organisation and when a patient subscribes to an email list.For full details or where your data is stored, please ask to see Information Governance Procedures
(M 217C).We have established the following lawful bases for processing your data:Our lawful bases for processing personal data:The legitimate interests of the dental practiceProcessing is necessary for the performance of a contract with the data subject or to take steps to enter into a contractConsent of the data subjectTo comply with our legal obligationsOtherOur lawful bases for processing special category data:Processing is necessary for health care purposesProcessing necessary for identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with the view to enabling such equality to be promoted or maintainedWe obtain consent of the data subject to process criminal record checksOtherThe reasons we process the data include:To maintain your contemporaneous clinical recordsTo provide you with dental treatment, prevention and oral health adviceTo carry out financial transactions with youTo manage your NHS  dental care treatmentTo send your personal data to the General Dental Council or other authority as required by lawTo communicate with you as and when required including appointment reminders, treatment plans, estimates and other communications about your treatment or the practiceTo communicate with your next of kin in an emergencyIf a parent or carer to communicate with you about the person you parent or care forTo refer you to other dentists or doctors and health professionals as requiredTo obtain criminal record disclosures for team membersFor debt recoveryTo continually improve the care and service you receive from usThe personal data we process includes:Your name, address, gender, date of birth, NHS number, medical history, dental history, family medical history, family contact details, marital status financial details for processing payment, your doctor’s details and details of treatment at the practice. We may process more sensitive special category data including ethnicity, race, religion, or sexual orientation so that we can meet our obligations under the Equality Act 2010, or for example to modify treatment to suit your religion and to meet NHS obligations.

The retention period for special data in patient records is a minimum of 10 years and may be longer for complex records. The retention period for staff records is 6 years. The retention periods for other personal data is 2 years after it was last processed. Details of retention periods are available in the Record Retention (M 215) procedure available from the practice.We obtain your personal details when you enquire about our care and service, when you join the practice, when you subscribe to our newsletter or register online, when you complete a registration or medical history form and when another practitioner refers you for treatment at our practice. Occasionally patients are referred to us from other official sources such as NHS 111, NHS clinics or hospitals.You have the following personal data rights:The right to be informed about the collection and use of your personal dataThe right of access – to have a free copy of your data that we haveThe right to rectification - to correct the data we have if it is inaccurate or incompleteThe right to deletion of your personal data (clinical records must be retained for a certain time period)The right to restrict processing of your personal dataThe right to data portability – to have your data transferred to someone elseThe right to object to the processing of your personal data.Rights in relation to automated decision making and profilingFurther details of these rights can be seen in our Information Governance Procedures (M 217C) or at the Information Commissioner’s website. Here are some practical examples of your rights:If you are a patient of the practice you have the right to withdraw consent for important notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or text. You have the right to obtain a free copy of your patient records within one month.If you are not a patient of the practice you have the right to withdraw consent for processing personal data, to have a free copy of it within one month, to correct errors in it or to ask us to delete it. You can also withdraw consent from communication methods such as telephone, email or text.We have carried out a Privacy Impact Assessment (M 217Q) and you can request a copy from the details below. The details of how we ensure security of personal data is in our Security Risk Assessment (M 217M) and Information Governance Procedures (M 217C).Comments, suggestions and complaints
Please contact the IG Lead at the practice  for a comment, suggestion or a complaint about your data processing at or by writing to or visiting the practice at 8, Bromley Street Birmingham B9 4AN. We take complaints very seriously.If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.Related practice procedures
You can also use these contact details to request copies of the following practice policies or procedures:Data Protection and Information Security Policy (M 233-DPT), Consent Policy (M 233-CNS)Privacy Impact Assessment (M 217Q), Information Governance Procedures (M 217C), Record Retention (M 215)·       Please see further information for your records:o   SIRO: Sofina Ahmedo   CALDICOTT GUARDIAN: Faisel Muhammado   DATA PROTECTION OFFICER: Sarah Sparkeso   SERVICE MANAGER: Karen AlexanderIf you have an enquiry or a request please contact the Information Governance Lead
Corona Tests,
8 Bromley Street, Birmingham, England, B9 4AN,
Phone: 0121 820 5555Thank you.