Every year we help thousands of people achieve their perfect smile

Data Protection Privacy Notice for Patients

In providing your orthodontic care and treatment, we will ask for information about you and your health. We are committed to protecting your personal data in accordance with data protection legislation including in particular GDPR. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.


About Us

We are Kennedy Orthodontics operating at:

–      Ballymena        (43 Ballylesson Road, Ballymena, BT423HW)

–      Belfast             (2nd Floor, Bedeck Building, 465 Lisburn Road, Belfast, BT9 7EZ)

–      Magherafelt     (1st Floor, 40 Ballyronan Road,Magherafelt, BT45 6EN)

D Kennedy & Co (UK) Ltd T/A as Kennedy Orthodontics is the data controller and is responsible for keeping secure the information about you that we hold. Those at the practice who have access to your information include specialist orthodontists, dentists,orthodontic therapists and other dental care professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.


Our data protection officer, Zoe Gage ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly. You can contact our data protection officer, Zoe Gage, by email at or by phone at our Ballymena clinic on (028) 25654300.


Information that we hold

We can only keep and use information for specific reasons set out in the law. If we want to keep and use information about your health, we can only do so in particular circumstances. Below, we describe the information we hold and why, and the lawful basis for collecting and using it.


Contact details

We hold personal information about you including your name, date of birth, national insurance number, Health &Care number, GP details, address, telephone numbers and email address. This information allows us to fulfil our contract with you to provide appointments.We will also use the information to send you reminders and recall appointments as we have a legitimate interest to ensure your continuing care and to make you aware of our services. 

The practice follows agreed procedures to keep your information secure and private. For more information, please see our Privacy Notice published on our website

Dental records

We hold information about your dental and general health, including:

–      Clinical records made by dentists and other dental professionals involved with your care and treatment

–      X–rays, clinical photographs, digital scans of your mouth and teeth and study models

–      Medical and dental history

–      Treatment plans and consent

–      Notes of conversations with you about your care

–      Dates of your appointments

–      Details of any complaints you have made and how these complaints were dealt with

–      Correspondence with other health professionals or institutions


We collect and use this information to allow us to fulfil our contract with you to discuss your treatment options and provide dental care that meets your needs. We also use this information for the legitimate interest of ensuring the quality of the treatment we provide.


Financial information

We hold information about the fees we have charged, the amounts you have paid, direct debit mandates and some payment details. This information forms part of our contractual obligation to you to provide dental care and allows us to meet legal financial requirements.

Where your dental care is provided under the terms of the NHS, we are required to complete statutory forms to allow payments to be processed. This is an NHS requirement. 


How we use your information

To provide you with the orthodontic care and treatment that you need, we require up to date and accurate information about you.

We will share your information with Business Services Organisation BSO [NHS payments] and your registered dentist in connection with your Orthodontic treatment.

We may contact you to conduct patient surveys or to find out if you are happy with the treatment you received for quality control purposes.

If we wish to use your information for dental research or dental education, we will discuss this with you and seek your consent. Depending on the purpose and if possible, we will anonymise your information. If this is not possible we will inform you and discuss your options.


Sharing information

Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with:

·      Your doctor

·      Your dentist

·      The hospital or community dental services or other health professionals caring for you

·      Business Services Organisation [NHS payment authorities]

·      Business Services Organisation – where you are claiming exemption or remission from NHS charges

·      Private dental schemes of which you are a member.

·      Debt collection agencies

·      outside laboratories/ companies in order to administer your orthodontic care and treatment


We will only disclose your information on a need–to–know basis and will limit any information that we share to the minimum necessary.

In certain circumstances, or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.

Any dental practitioners providing dental services have,since 2011, been required to register with the RQIA. The Independent Health Care Regulations (Northern Ireland) 2005 state that records must be kept up to date and available for inspection by the RQIA at all times.

We do not send your personal data outside the EEA but if this changes you will be notified of this and the protections which are put in place to protect the security of your data will be explained.

Keeping your information safe

We store your personal information securely on our practice computer system and in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

We take precautions to ensure security of the practice premises, the practice filing systems and computers

We use high–quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back–up information routinely.

We use cloud computing facilities for storing some of your information.The practice has a rigorous agreement with our provider to ensure that we meet the obligations described in this policy and that we keep your information securely.

We keep your records for 11 years after the date of your last visit to the Practice or until you reach the age of 27 years,whichever is the longer.


Access to your information and other rights

You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.

You can also request us to:

·       Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change.

·       Erase information we hold. Although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment)

·       Stop using your information – for example, sending you reminders for appointments or information about our service.

·       Stop using information if you believe the information is inaccurate or you believe we are using your information illegally.

·       Supply your information electronically to another dentist.

You have the right to be notified of a data security breach where there is a high risk to your rights and freedoms as a data subject.  You have the right to object if we process your data for direct marketing purposes. In most situations we will not rely on your consent as a lawful ground to process your data.  If we do however request your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent later.

If we are relying on your consent to use your personal information for a particular purpose, you may withdraw your consent at any time and we will stop using your information for that purpose.

All requests should be made by email to our data protection officer: Zoe Gage, or David Kennedy,


If you do not agree

If you do not wish us to use your personal information as described, please discuss the matter with us. If you have any concerns about how we use your information and you do not feel able to discuss it with the practice principal or anyone at the practice, you have the right to complain to the Information Commissioner’s Office directly and you should contact:

The Information Commissioner’s Office– Northern Ireland, 3rd Floor, Cromac Place, Belfast, BT7 2JB (0303 123 1114 or 028 9027 8757).

This site uses analytics cookies, view our privacy policy to find out more. If you continue without changing your settings, we’ll assume that you are happy to receive all cookies on our website. However, you can change your cookie settings at any time.