Privacy Policy

Ghauri Dental Centre

Last updated: 24/06/2026

Ghauri Dental Centre looks after information about you so that we can provide safe dental care and run the practice properly.

This notice explains what information we collect, why we use it, who we may share it with and how we keep it safe.

Who is responsible for your information?

Ghauri Dental Centre, is responsible for your personal information.

Responsible Staff: Dr Sarfraz Ghauri
Data Protection Officer: Rizwan Ghauri
ICO Registration Number: Z5543365

If you have questions about this notice or how we use your information, please contact the practice.

The information we collect about you

We collect information that we need to provide your dental care and manage the practice. This may include:

  • Your name, date of birth, address, telephone number and email address;
  • Your NHS number, where relevant;
  • Your medical and dental history;
  • Information about your dental health and treatment;
  • Clinical notes made by dentists, hygienists, nurses and other dental professionals involved in your care;
  • X-rays, scans, photographs, study models and other clinical images;
  • Treatment plans, consent forms and letters about your care;
  • Appointment dates, attendance records and reminders;
  • Notes of conversations with you;
  • Correspondence with your GP, hospital, dental specialist or other healthcare professionals;
  • Information about complaints, compliments or concerns;
  • Details of treatment fees, invoices, payments, refunds, payment plans and relevant payment information;
  • Recordings of telephone calls, where calls are recorded;
  • CCTV images where you visit one of our practice premises.

We usually collect information directly from you. We may also receive relevant information from your GP, hospital, dental specialist, dental laboratory, another dental provider, NHS body, insurer, finance provider or another person or organisation involved in your care or treatment arrangements.

The legal reasons we use your information

We use your information to:

  • Provide, plan and review your dental care;
  • Keep accurate dental records;
  • Contact you about appointments, treatment, recalls, referrals and payments;
  • Make referrals or obtain advice from other healthcare professionals;
  • Arrange laboratory work, scans, dental plans, insurance or finance where needed;
  • Process NHS claims and private treatment payments;
  • Deal with complaints, concerns, insurance matters or legal claims;
  • Meet our legal, professional, tax, accounting and regulatory responsibilities;
  • Keep our patients, staff, clinicians, systems and premises safe;
  • Check that our records, treatment plans, payments and practice systems are accurate;
  • Improve the quality, safety and efficiency of our services;
  • Investigate mistakes, unusual entries, incorrect payments, system problems or concerns that practice procedures may not have been followed;
  • Prevent or investigate crime, fraud, threats, abuse or inappropriate use of practice systems or premises.

We use your information because it is necessary to provide dental care, keep accurate records and run the practice safely.

We may also need to use information to meet our legal and professional duties, deal with complaints, insurance matters, investigations, legal claims, tax and accounting requirements, and protect patients, staff and the practice.

Health information is especially sensitive. We only use it where the law allows us to provide healthcare, manage dental services, protect patients and meet our legal or professional responsibilities.

Using AI and digital tools

We may use approved digital tools, including artificial intelligence, also known as AI, to help us work more efficiently and safely.

AI-assisted clinical notes

A dentist or other authorised dental professional may use an approved AI-assisted tool to help prepare a first draft of clinical notes, letters or other documents.

Some approved AI tools process patient information using secure systems operated by specialist technology providers. Depending on the tool, information may be processed or stored on the provider’s systems for the time needed to provide the service and meet agreed security, support, audit and legal requirements.

Before using these tools, we assess whether they are suitable for use with patient information. We use approved providers only and require appropriate security, confidentiality and data-protection safeguards.

Access to these tools is limited to authorised users. We do not allow patient information to be entered into unapproved public AI tools.

The dentist or clinician will always check, correct and approve the final document before it is added to your record.

AI does not make decisions about your diagnosis, treatment or care. Your dentist remains responsible for all decisions about your treatment and for making sure your records are accurate.

AI-assisted tools are used only to support the preparation of records and other permitted practice tasks. They do not replace discussions between you and your dentist or your dentist’s professional judgement.

AI-assisted checks and audits

We may use AI and other secure digital tools to help us carry out internal checks and audits.

These checks may look at clinical records, treatment plans, appointments, payments, refunds and practice systems. They help us make sure that our records are accurate, our services are safe and our systems are being used properly.

Where possible, we use information that has been changed so that patients cannot reasonably be identified.

Where we need to use information that could identify you, access is limited to authorised people and we use appropriate security controls.

We do not allow patient information to be entered into unapproved public AI tools.

Checking the quality and safety of our services

We regularly check our records and systems to make sure that we are providing safe, reliable and well-managed dental services.

These checks may include reviewing:

  • Clinical records;
  • Treatment plans;
  • Appointment systems;
  • Payment records;
  • Refunds or adjustments;
  • Complaints or incidents;
  • Staff training and practice procedures.

This helps us identify mistakes, improve our services, make sure payments and records are correct, and protect patients, staff, clinicians and the practice.

Only authorised people can access information for these checks. We use the minimum information needed and keep it secure.

Telephone call recordings

Telephone calls may be monitored or recorded for:

  • Keeping an accurate record of important conversations;
  • Staff training and quality checks;
  • Patient safety;
  • Appointment, treatment or payment queries;
  • Complaint handling;
  • Security;
  • Preventing or investigating crime, fraud, threats, abuse or misuse of practice systems.

Telephone recordings are normally kept for 30 days.

After 30 days, recordings are permanently deleted and cannot be recovered.

We may keep a call recording for longer only where it has been identified and retained before the end of the 30-day period because it is needed for an ongoing matter, such as:

  • A complaint;
  • A patient-safety concern;
  • An incident;
  • A safeguarding concern;
  • An insurance matter;
  • A legal claim or enquiry;
  • An internal investigation;
  • A request from the police, a solicitor, insurer, regulator, court or another authorised body.

Where a recording is retained for one of these reasons, it will be kept securely only for as long as needed to deal with that matter. It will then be securely deleted.

If you believe a call recording may be relevant to a complaint, concern or request, please contact us as soon as possible and before the end of the 30-day period. Once a recording has been permanently deleted, it cannot be recovered.

CCTV

We use CCTV at our practice premises to help keep patients, visitors, staff, clinicians, property and equipment safe.

CCTV may be used for:

  • Protecting the safety and security of patients, visitors and staff;
  • Preventing and investigating crime, theft, damage, threats, abuse or antisocial behaviour;
  • Helping investigate accidents, incidents, complaints or security concerns;
  • Protecting practice premises, equipment and records;
  • Assisting the police, insurers, solicitors, courts or other authorised bodies where necessary.

CCTV is not used to make decisions about your dental treatment or care.

Clear signs are displayed at relevant entrances and areas covered by CCTV.
CCTV does not record sound.

CCTV is not used for the routine monitoring of staff performance.

CCTV footage is normally kept for 30 days.

After 30 days, CCTV footage is automatically overwritten and cannot be recovered.

We may keep CCTV footage for longer only where it has been identified and retained before the end of the 30-day period because it is needed for an ongoing matter, such as:

  • A complaint;
  • An accident or incident;
  • A patient-safety or safeguarding concern;
  • A security concern;
  • An insurance matter;
  • A legal claim or enquiry;
  • An internal investigation;
  • A request from the police, a solicitor, insurer, regulator, court or another authorised body.

Where footage is retained for one of these reasons, it will be stored securely and kept only for as long as needed to deal with that matter. It will then be securely deleted.

Who may see or receive your information?

Your information is normally used by authorised people working at Ghauri Dental Centre who need it to provide your care or manage the practice.

We may need to share relevant information with:

  • Your GP;
  • Hospitals, dental specialists, community dental services or other healthcare professionals involved in your care;
  • Dental laboratories, scanning providers and referral services;
  • NHS bodies and NHS payment authorities;
  • Private dental plans, insurers or finance providers, where relevant;
  • Approved IT, software, cloud-storage, communications, security and AI-service providers who support our practice systems;
  • Professional advisers, such as solicitors, accountants, insurers and indemnity providers;
  • Regulators, government bodies, HMRC, police, courts or other authorities, where the law requires or allows us to do so.

We only share the information that is needed for the purpose.

Some approved service providers may process information outside the United Kingdom. Where this happens, we will make sure that appropriate legal and security safeguards are in place to protect your information.

Marketing and appointment reminders

We may contact you about appointments, recalls, treatment, payment arrangements or other matters directly connected with your dental care.

We may also contact you about services offered by the practice where the law allows this. You can ask us to stop sending marketing messages at any time.

How we keep your information safe

We take steps to protect your information from being lost, used wrongly, changed or seen by people who should not have access.

These steps include:

  • Secure dental software;
  • Controlled access to patient records;
  • Passwords and additional security checks where needed;
  • Secure backups;
  • Audit trails that show access and changes to our systems;
  • Staff training and confidentiality rules;
  • Secure storage for paper records;
  • Secure arrangements with IT, cloud, software and AI providers;
  • Access restrictions for audits, investigations, AI tools, call recordings and CCTV footage.

Only authorised people can access your information, and they must use it only for proper work-related reasons.

How long we keep your information

We keep your records for as long as we need them for your care and to meet legal, professional and regulatory requirements.

Dental clinical records are generally kept for at least 11 years from the date of the last entry. Children’s records are generally kept until the age of 25 years, or longer where needed.

We may keep records for longer if there is an ongoing complaint, legal claim, investigation, safeguarding matter, insurance matter or another valid reason.

Telephone recordings and CCTV footage are normally retained for 30 days. They are permanently deleted or overwritten after that period unless they were retained before expiry for an ongoing matter, as explained above.

When information is no longer needed, it is securely deleted, destroyed or changed so that it no longer identifies you.

Your rights

You have rights over the information we hold about you. You can ask us to:

  • Give you a copy of your information;
  • Correct information that is wrong or incomplete;
  • Stop using your information in certain situations;
  • Limit how we use your information;
  • Send your information to another dentist where this is possible;
  • Stop sending marketing messages.

In some situations, we may need to keep information because of legal, professional, insurance, patient-safety or investigation requirements.

To make a request, please contact the practice in writing or by email.

If you have concerns

Please speak to your dentist, the practice manager or our Data Protection Officer if you have concerns about how we use your information.

You can also contact:

Data Protection Officer: Rizwan Ghauri
Practice: Ghauri Dental Centre
Address: Shepherds Bush Branch – 3 Wormholt Road, Shepherd Bush, London. W12 0LU

Tel: 020 746 1500

 Notting Hill Branch – 247 Westbourne Grove, Notting Hill,. London, W11 2SE

Tel: 020 7229 7071

 Heston Branch – 113, Vicarage Farm Road, Heston, Hounslow, TW5 0AA

Tel: 020 8570 0435

 Email: surgery@ghauridentalcentre.com

 You can complain to the Information Commissioner’s Office if you are unhappy with how we have handled your information.

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Website: www.ico.org.uk

Changes to this notice

We may update this notice from time to time if our services, systems, technology or legal responsibilities change.

The latest version will be available from the practice and on our website.