Privacy
About our Privacy Notice
Last updated: 4 June 2024
This is the privacy notice for the General Dental Council (GDC). It tells you what information we hold about you and how we use it, explaining this is part of our responsibility under data protection law.
We will give you a more detailed explanation when we need to, for example when we collect information from you because you are involved in a hearing, or when you register with us.
By special category personal data, we mean:
- Personal data that reveals any of the following about an individual: racial or ethnic origin; political opinions; religious or philosophical beliefs; or trade union membership.
- Personal data that consists of: genetic data; biometric data used for the purpose of identifying an individual; data concerning health; or data concerning an individual’s sex life or sexual orientation.
By criminal offence data we mean personal data about whether an individual is alleged to have committed or has been convicted of a criminal offence.
What rights do you have?
Under data protection law, primarily the UK General Data Protection Regulation (UK GDPR) and DPA 2018, you have rights over the information we hold about you.
- You can ask us to give you access to your personal data
- You can ask for your personal data to be erased.
- You can ask us to restrict the processing of your personal data, so that the data will only be used for limited purposes.
- You can object to the processing of your personal data.
- You can ask for your personal data to be provided to you in a structured, commonly used and machine-readable format, and you can transmit that data to another data controller.
You can make a request for any of these by contacting us at [email protected].
You can contact the GDC's Data Protection Officer by emailing: [email protected].
You can find out more about your rights on the Information Commissioners Office website.
Privacy notice sections
How we use your personal data when you contact the GDC
How we use personal data in Registration
How we use personal data in fitness to practise – initial assessment, assessment and investigation
How we use personal data in fitness to practise - prosecution and hearings
How we use personal data in education and quality assurance
How we use personal data in the Dental Complaints Service (DCS)
How we use personal data for statistical analyses and research
How we use personal data in consultations
How we use personal data for employment purposes
How we use personal data when you apply to work with us
How we use personal data in connection with Whistleblowing
Specific data sharing requests from third parties
How we use Closed-Circuit Television (CCTV)
How we use your personal data when you contact the GDC
Phone calls
Calls will not be retrieved or monitored unless:
- It is necessary to investigate a complaint.
- There is a threat to the health and safety of staff or visitors
- For the prevention or detection of crime.
- We need to check compliance with regulatory procedures.
- It is part of a ‘spot check’ to ensure that our customer service standards are being met.
- To improve standards in call handling through training and coaching of our staff. In this instance the call will be edited to ensure the callers details are anonymised. The staff member will also need to agree to the call being used in this way.
All calls that are used for quality monitoring are retained.
Emails
All other emails received by the GDC are retained on our email system for a period of twelve months (plus a 28-days period for deletion) before they are automatically deleted.
Web forms
All web forms we receive are stored in our CRM.
Letters
How we use personal data in Registration
Registration
We have a statutory responsibility to maintain a register of dentists and a register of dental care professionals, which includes clinical dental technicians, dental hygienists, dental nurses, dental technicians, dental therapists, and orthodontic therapists.
The registration application form includes equality monitoring questions, which are voluntary. Some of the information that we hold from this form is special category personal data (e.g. data about your racial or ethnic origin).
Overseas Registration Exam (ORE)
Applications
Some applicants such as overseas qualified dentists and dental care professionals, will be required to undergo an assessment of their qualifications. Where this is the case, you will need to complete an application form.
In some cases, providing data to us for registration is a statutory requirement. Not providing data, or providing inaccurate data, may mean that your application for registration is refused or your applicant may be subject to fitness to practise procedures by us. This may lead to various outcomes, including conditions being imposed on your registration, the suspension of your registration, or removal (erasure) from the register.
How we use personal data in registration maintenance and sharing
Register Maintenance
Sharing register data
We may share our register information with the NHS and other healthcare bodies in the UK. A list of monthly removals is shared with the NHS to alert them of the people we have removed from the register.
Working pattern data
We ask dental professionals to complete a small number of questions about their working patterns as part of their annual renewal process. These questions are voluntary, and you can choose not to answer these if you prefer. You will hear about this as part of our Annual Retention Fee communications.
We’re doing this as we believe having a better understanding of how dental professionals are working throughout the UK will provide important insight into the issues affecting dental professionals and patients.
This insight will help the profession develop future services that will bring about the changes the profession and patients want and need.
We collect this information for the purposes of undertaking analysis and producing and sharing reports about working patterns in dentistry and how it changes over time.
We will use the responses we receive to undertake analyses, produce reports and make data available to external organisations and stakeholders.
The responses we receive will help us and others to better understand:
- Where dental professionals are working.
- What dental professionals are doing.
- The number of hours they are working.
- Whether they are working in NHS or private practice.
- How the way dental professionals are working changes over time.
Our working pattern survey will ask registrants for the postcode of their primary place of work. This will be used to assist in our reporting of working pattern data, and to create reports based on more accurate place of work location data.
When you enter your work postcode, the lookup will include a full address for you to select. However, only the postcode itself, not the full address, will be visible to and retained in the GDC database for your response to this question.
Working pattern data will be used alongside other information we hold, including registrant equality, diversity and inclusion data, to better meet this purpose.
We will only share and report datasets in a format where no individual is directly identifiable and only following approval under our report request process.
We will ensure that no individual can be identified when we publish reports based on this data.
Working pattern data, including postcode, will not be used to make decisions about fitness to practise cases, your registration, or your annual renewal nor will they affect your access to GDC services or how we treat you.
The responses you provide are your personal data but will only be viewable by specific GDC staff who technically manage our data and systems and undertake data analysis.
Under data protection law, the basis we use to process this information is our ‘legitimate interests’. This means we have judged it ‘necessary’ for us to use personal data to meet the purposes we have for this work.
When we process special category data, such as some equality, diversity and inclusion information for this purpose, we do so as it is necessary for our public task and necessary for reasons of substantial public interest.
This is because we are uniquely placed to contact dental professionals wherever they work. The objective of this work is to support the wider public benefit from analysis and sharing of information with sector stakeholders such as NHS organisations.
This will facilitate a better understanding of how dental professionals are working throughout the UK and will provide important insight into the issues affecting dental professionals and patients. These interests support our statutory function of protecting the public.
How we use personal data in fitness to practise – initial assessment, assessment and investigation
- Registered dental professionals
- Informants (including people who have raised concerns with us about a dental professional)
- Other relevant individuals (e.g. people who have been treated by the dental professional but who are not themselves informants).
Concerns can be raised by sending us a web form, email or letter.
We can also raise a concern directly through our In-house Legal Presentation Service (ILPS) or Dental Complaint Service (DCS).
Initial assessment, assessment and investigation
Once the caseworker has completed their investigation, they will review the matter and will conclude that either:
- The information received does not mean we can raise an allegation that the dental professionals’ fitness to practise may be impaired, and will close the case; or
- The information received does mean we can raise an allegation that the dental professionals’ fitness to practise may be impaired and will refer the case to our case examiners.
How we use personal data in fitness to practise - prosecution and hearings
Prosecution
It may be necessary for the dental professional to have a health assessment and for information to be shared with our contracted service provider for that purpose. As part of this assessment, hair and blood samples may be taken.
Hearings
You can review the Privacy notice of our hearings service on the Dental Professionals Hearings Service website.
How we use personal data in connection with illegal practice
Failure to provide information to us in connection with illegal practice may prejudice the success of a prosecution brought by us. In the case of a registered dental professional, failure to provide information or the provision of inaccurate information may lead to FtP proceedings.
How we use personal data in education and quality assurance
If a registered dental professional fails to provide information to us in connection with quality assurance, or provide inaccurate information, it may lead to fitness to practise proceedings.
How we use personal data in the Dental Complaints Service (DCS)
The DCS process involves the processing of personal data about both patients and dental professionals. This may include special category personal data, or criminal conviction data. Information held and used by the DCS will include:
- Patient contact details, addresses, contact numbers, emails, dates of birth etc.
- Dental professional’s contact details.
- Dental records.
- Correspondence relating to dental complaints.
- Panellist information.
- Anonymised equality and diversity information.
- Recordings of calls to the DCS helpline for training and quality monitoring purposes.
Anonymised case studies are developed from real life case examples to assist in learning and development of DCS staff.
Patients are not obliged to make use of the DCS. However, where a patient decides to make use of the service, the dental professional is obliged to engage in the process which includes providing information. Failure to do so may lead to fitness to practise proceedings.
How we use personal data for statistical analyses and research
Third Party Research
How we use personal data in consultations
- Clarify any issues raised by the respondent.
- Assess the potential impacts of the proposed changes.
- Analyse the views of respondents.
How we use personal data for employment purposes
Where we process special category personal data or criminal conviction data in connection with employment, we do so on one or more of the following bases:
- The processing is necessary for the exercise of our statutory functions and is also in the substantial public interest.
- The processing is necessary to perform or exercise our legal obligations and rights in connection with employment.
- The processing is necessary for health purposes (including occupational health or the assessment of an employee's working capacity).
Some special category personal data is processed by us in the context of employment, for the purpose of monitoring equality of opportunity or treatment. It is optional to provide this information and is collected and processed only with the consent of the employee.
How we use personal data from GDC associates
Where we process special category personal data or criminal conviction data about associates, then we do so on one or more of the following bases:
- It’s necessary to allow us to exercise our statutory functions and is also in the public interest.
- It’s necessary for allow us to exercise our legal obligations and rights regarding any contract for services with the associate.
- It’s necessary for health purposes (including occupational health or the assessment of an associate's working capacity).
How we use personal data when you apply to work with us
Your data will be held in in confidential files held by our People Services team. Your data will be shared with the hiring manager, other selection panel members and senior managers who are involved in the decision making process. Your information will be held on file for a maximum of 12 months.
How we use personal data in connection with Whistleblowing
We may need to use and share information you give us with other organisations, such as government departments, enforcement agencies and the police, for the purpose of investigating the issues raised. There may also be certain circumstances where we are
required, by law, to share your information.
Specific data sharing requests from third parties
There may be occasions where we process and share data held by the GDC where it is necessary to comply with legal obligations, for example:
- in relation to legal proceedings
- in response to requests from law enforcement agencies
- in response to requests from other regulators.
We may also share information with law enforcement agencies, other regulators, or other appropriate bodies when it is necessary for either their, or our, statutory or public functions or legitimate interests.
The data shared in these situations will be limited to what we are satisfied is necessary and lawful for the stated purpose.
How we use Closed-Circuit Television (CCTV)
We use our premises to perform our regulatory functions. We consider that ensuring the security and safety of our premises is necessary to perform a task carried out in the public interest and/or in our official authority as a regulator.
The GDC’s websites
Our privacy policies apply to our websites only. If you follow a link to an external website, you will be subject to that organisation’s privacy policies, not the GDC’s.
Cookies
Cookies are small text files that are placed on your computer or phone by websites that you visit.
We use cookies to collect and store information about how you use GDC websites, such as the pages you visit. This information is anonymised. It cannot be used to identify you personally.
Read more about the cookies we use.
Personal information we collect about you
You can use our websites without disclosing any information which identifies you as an individual.
If you enter personal details into a form, the GDC will use your information to provide the service you have requested.
Special category of personal data
Some personal data processed by us is special category data or criminal conviction data.
Read our guidance on disclosing Convictions and Cautions Guidance.
More information about how we comply with data protection law (as set out in the UK GDPR and in DPA 2018) in relation to special category data is set out in the our Data Protection Policy.
Period of retention
We keep anonymised data about how our websites are used for 14 months.
Our Retention schedule sets out the length of time we keep personal data.
Your rights
You have the right to see any personal data that we hold about you.
See our Data Subjects Rights Policy for more information about how we protect your rights in the UK GDPR. This policy also explains how we process requests for correction, or erasure, or objections to processing.
In summary you can:
- Ask for access to any personal data we hold about you.
- Ask for personal data we hold about you to be erased.
- Ask us to restrict the processing of your personal data, so that it can only be used for limited purposes (set out under UK GDPR).
- Object to the processing of your personal data.
- Ask for personal data to be provided in a structured, commonly used and machine-readable format, that allows you to send it to another data controller.
- Withdraw your consent where we process your personal data on the basis of consent.
Find out more about your rights on the Information Commissioner's office website.
The GDC’s Data Protection Officer
If you have any questions or concerns about how the GDC is using and sharing your personal data, then you can contact our Data Protection Officer by emailing: [email protected].