Who we are
We take patient confidentiality seriously at Vermilion and all personal information is treated in the strictest confidence. All patient and personal data is controlled by Vermilion and all staff members are aware of our strict conduct within data protection. Vermilion is registered with the Information Commissioner’s Office under registration reference: ZA100160 and adheres to the EU General Data Protection Regulation (“GDPR”) (as amended or superseded).
What personal data we collect and why we collect it
Vermilion operates two 100% referral-only clinics in Edinburgh and one in Kelso.
Our patients are referred to us by their general dental practitioner for complex dental treatment and we require essential details in order for us to be able to contact the patient to arrange a consultation with the relevant clinician at Vermilion.
We request that the referring dentist will have obtained their patient’s consent to send us a referral containing their personal data. The referring dentist completes a secure online referral form and the information that we require includes:
- The patient’s name, address, contact telephone number, email address, date of birth, reason for the referral including the type of treatment required and the medical background. The referring dentist can also upload the patient’s dental X-rays or any supporting documentation with reference to the reason for referral. Our referral form requires the referring dentist to verify that consent has been given by the patient for Vermilion to collect and store this data.
- We also require data regarding the referring dentist including their name, practice name, address, telephone and email address. The referring dentist must also give their consent for us to collect and store their personal data.
- Our referral co-ordinator contacts the patient within two working days using the telephone number provided (or email if we are unable to reach the patient by phone) to arrange a consultation.
When you visit our website, we may collect information including but not limited to:
- Contact details, including address, telephone numbers, e-mail, and social media contact information, including on LinkedIn
- Marketing preferences (whether you opt in or out)
- A nugatory amount of data which is automatically collected by our web server access log records. Access log records collect and store information based on IP addresses and access request date/time.
- We host our website on Namesco servers. Namesco is fully compliant with Data Protection laws, although the basic information they store is not user-specific and cannot be used to identify an individual. We have never had reason to access these logs as we use Google Analytics performance cookies to display more advanced access and usage data in a user-friendly dashboard which we (and our web agency) can more easily interpret.
- We use Google Analytics cookies to gather and display information relating to
device type (e.g. mobile, computer, tablet)
- operating system
- browser type
- browser information (e.g., type, language, version)
- domain names
- access times and dates
- location (country + city/town)
referring website addresses
- All data gathered, processed and displayed by Google Analytics cookies is randomised and can never be traced to an individual.
Our use of your personal data will always have a lawful basis, either because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests. We don’t disclose to anyone any of the information we obtain except subsequently in the course of making available our services.
We use this data in order to:
- Communicate with people via telephone, email, SMS text and other forms of electronic communication
- Send people materials about our business, events, products and services
- Marketing our business
- Entering into contracts without customers, partners and suppliers
- Keeping records and accounts
- Operating our business
- To enhance user experience on our website
- Process orders
- Send you service emails (order confirmation/receipts)
- Improve our products and services
- Data subjects may require that their information be deleted or removed if there is not a legitimate reason for us to hold it.
Who has access to your personal information
Our patients’ personal data is securely stored on-site and only members of staff at Vermilion have access to our patient records. The patient’s information is only ever accessed as part of their treatment. We only share the patient’s treatment plan with their referring dentist. No data will ever be released to any other third party without the patient’s express permission or where required by law. We adhere to the Patient Confidentiality standards set out by the GDC. You can review the Principles of Patient Confidentiality on www.gdc-uk.org.
We will not sell, distribute, or lease your personal information to third parties. Any personal information we request from you will be safeguarded under current legislation.
We will only share your information with companies if necessary to deliver services on our behalf. These service providers are limited to Names.co.uk to host our website and Gravity Forms to collect, process and store form data. We do not host any further third party website content such as imagery hosted on CDNs or embedded social or video content which could use their own cookies to gather data about you.
You may choose to restrict the collection or use of your personal information at any point.
Our website agency has access to our Google Analytics Dashboard, but no other data.
How and where we store data
When you send an email to the email address displayed on our website, we collect your email address and any other information you provide in that email (such as your name, telephone number and the information contained in any signature block in your email).
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not pass your details to any third parties for marketing purposes unless you have expressly permitted us to. Furthermore, you can change your marketing preferences at any time by contacting us by email at email@example.com.
You have a right to request a copy of the personal information that COMPANY NAME holds about you and have any inaccuracies corrected. Any such requests should be made to this email address: firstname.lastname@example.org.
You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected.
We conduct regular audits of our data to ensure accuracy and relevance. We generally keep information as long as it is necessary to fulfil our obligations to our patients and their referring dentist. You have the right to view your records and request to have your information deleted. If you have any questions please email the General Manager on email@example.com.
As a 100% referral-only clinic, Vermilion does not market directly to patients and we only ever contact patients with specific reference to their treatment at Vermilion, such as sending treatment plans or providing information about an upcoming appointment.
We only ever market our services to our referring dentists. If a dentist has opted-in to say that they are interested in receiving regular information about Vermilion’s services and activities, we will send communications either electronically or by post. In addition, we may send direct mail that we feel may be of interest to a referring colleague. We also have an opt-in box at the end of our referral form and dentists may give their consent to receive marketing information such as the upcoming release of our CPD Programme or events.
All of our marketing correspondence allows the option to opt-out of receiving further marketing emails. We never share our referring dentists’ data for use by any third parties for their own marketing purposes.
Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site. If you provide us with your credit/debit card information, the information is encrypted using secure socket layer technology (SSL) and stored with an AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement generally accepted industry standards.
A cookie is a text file that is placed on your hard disk by a web page server which allows the website to recognise you when you visit. Cookies only collect data about browsing actions and patterns, and do not identify you as an individual.
You can set your browser to not accept cookies, but this may limit your ability to use the third party services on our website.
While this anonymous statistical data may be aggregated and used in broader statistical analysis by us and our web monitoring service provider to improve our services, we cannot personally identify you as the source of that data until such point as you provide your personal information to us.
Transparency of processing
A person has the right to receive information on what personal information we have, why and who we share it with.
Changes to this policy