Privacy Notice

DPAS Limited treats the privacy of its customers and website users very seriously and we take appropriate security measures to safeguard your privacy. This Notice explains how we protect and manage any personal data* you share with us and that we hold about you, including how we collect, process, protect and share that data.

*Personal data means any information that may be used to identify an individual, including, but not limited to, a first and last name, a home or other physical address
and an email address or other contact information, whether at work or at home.

By continuing to access any part of the Site, or when providing us with information,
you consent to the use and transfer of your personal information in accordance with the terms as set out in this Notice and any changes we may make to the Notice.

This Notice only applies to data collected through the Site. We are not responsible for the data policies and procedures or content of any linked websites. We recommend that you check the privacy and security policies of each website you visit.

How we obtain personal data

Information provided by you

You provide us with personal data either on your dental plan registration form, via an online application or over the telephone. This includes name, address, date of birth, email address and Direct Debit mandate instructions. We use this information in order to manage and administer your dental plan and/or any claims that you may make under the dental accident and emergency insurance or requests for assistance made to the Worldwide Dental Emergency Assistance Scheme (the Scheme).

We may also keep information contained in any correspondence you may have with us by post, by email or other media. We also record telephone conversations.

We may obtain sensitive medical information directly from you or your dental practice in relation to the assessment of dental accident and emergency insurance claims or requests for assistance made to the Scheme. The provision of this information may be subject to you giving us express consent. Whilst you are not obliged to provide the information we request, if you do not provide the information we ask for and/or we do not receive your consent where required, then we may be unable to administer your plan

and/or consider insurance claims or requests for assistance made to the Scheme.

Information we get from other sources

We only obtain information from third parties if this is permitted by law. We may also use legal public sources to obtain information about you, for example, to verify your identity.

This information (including your name, address, email address, date of birth, etc.), as relevant to us, will only be obtained from reputable third-party companies that operate in accordance with the General Data Protection Regulation (GDPR). You will already have submitted your personal data to these companies and specifically given permission to allow them to pass this information to other companies that provide similar or complementary products and services to those we offer.

How we use your personal data

We use your personal data to manage and administer your dental plan as a processor for your dental practice. We also act as controller and processor in regard to the processing of your Direct Debit instructions and in regard to the assessment of accident and emergency insurance claims or requests for assistance made to the Scheme, if applicable.

The provision of this personal data is essential for us to be able to collect payments for your dental plan and to administer your plan, including verifying your identity when you contact us to discuss your plan. This means that the legal basis of our holding your personal data is for the performance of a contract.

We undertake at all times to protect your personal data, including any health and financial details, in a manner which is consistent with your dental practitioner’s duty of professional confidence and the requirements of the General Data Protection Regulation (GDPR) concerning data protection. We will also take appropriate security measures to protect your personal data in storage.

Do we use your personal data for marketing purposes?

Any information that you choose to give us will not be used for marketing purposes by us. We will hold your personal data only for the purposes of administering and managing your dental plan and processing any accident and emergency insurance claims or requests for assistance made to the Scheme.

Information about cookies

A cookie is a small text file on your browser, for example Internet Explorer.

How we use cookies

A cookie is an element of data that a website can send to your browser, which may then store it on your computer’s hard drive. Cookies allow us to understand who has seen which pages and advertisements, to determine how frequently particular pages are visited and to determine the most popular areas of our Site. We use cookies so that we can give you a better experience when you return to our Site. Our cookies will not read or corrupt other information saved on your computer and cannot be used to deliver viruses or extract your personal information.

Most internet browsers are initially enabled to accept cookies automatically. You may be able to set your browser so that you will not receive cookies and may even be able to delete existing cookies. However, please note that if you disable cookies you may not be able to access parts of the Site.

When the Site automatically stores information

In order that we can monitor and improve the Site, we may gather certain information about you when you use it, including details about your domain name and IP address (this is your computer’s individual identification number assigned to your computer when connecting to the Internet), operating systems, browser, version and the website that you visited prior to our Site. We may do this by way of a cookie as described below.

Analysis of information

The IP addresses and cookies recorded by our server (and those of our partners) may be used: to analyse ‘traffic’ information (so we are able to review the interest in the Site shown by visitors and their response to our marketing\promotional activity); to review the performance of the Site on a statistical basis (thereby allowing this to be developed to meet company and customers’ needs); and to identify unusual activity and transactions (in order to identify possible fraudulent actions).

Submitting information to our Site

When accessing this Site, you acknowledge and accept that any electronic mail that passes over the Internet may not be free from interference by third parties. Whilst we have taken steps to make our Site and systems secure, we cannot guarantee the confidentiality or privacy of information over the Internet.

To obtain further information about cookies (including how to set your browser to reject cookies), you can visit the website www.allaboutcookies.org.

You remain responsible at all times for ensuring that viruses do not enter your PC or computer systems and we assume no responsibility in this respect.

Sharing information

We will keep information about you confidential and we will from time to time share your personal data within the Wesleyan Group of Companies, of which we are a subsidiary, for example for the purpose of audit and compliance monitoring or for the opportunity to discuss with you additional products or services these companies could provide. We will only disclose your information with other third parties with your express consent with the exception of the following categories of third parties:

Categories of third parties

insurance companies, loss assessors, regulatory authorities (including recognised practitioner bodies), legal or crime prevention agencies and other fraud prevention agencies to perform a contract with you and to comply with any legal and regulatory issues and disclosures;
your registered dental practice or, if different, any dental practice where you are receiving treatment for the purposes of administering and managing your dental plan and processing any accident and emergency insurance claims or requests for assistance made to the Scheme;
any IT Service providers, marketing agencies, market researchers, debt collection agencies, document management providers, mailing or printing agents, contractors, auditors and advisors that provide a service to us or act as our agents on the understanding that they keep the information confidential;
anyone to whom we may transfer our rights and duties under any agreement we have with you.

Transfer of your personal data outside of the European Economic Area (EEA)

We do not currently transfer your personal data outside the EEA. If in the future we transfer your personal data, in accordance with the terms of this Notice outside of the EEA, we will make sure that the receiver agrees to provide the same or similar protection as we do and that they only use your personal data in accordance with our instructions.

If you require further information regarding such transfers, please write to the Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or email customerservices@dpas.co.uk

How long do we keep this information about you?

We keep information in line with the retention policy of our parent company, Wesleyan Assurance Society. These retention periods are in line with the length of time we need to keep your personal information in order to manage and administer your dental plan and handle any insurance claims or requests for assistance made to the Worldwide Dental Emergency Assistance Scheme. They also take into account our need to meet any legal, statutory and regulatory obligations. These reasons can vary from one piece of information to the next. In all cases our need to use your personal information will be reassessed on a regular basis and information which is no longer required will be disposed of. We typically keep information relating to existing and former customers for up to 12 years from the end of our relationship with you.

Data subject rights

Subject access requests

You have the right to access particular personal data that we hold about you. This is referred to as a subject access request. We shall respond promptly, and certainly within one month from the point of receiving the request. Our formal response shall include details of the personal data we hold about you, including the following:

sources from which we acquired the information;
the purposes for processing the information; and
persons or entities with whom we are sharing the information.

Right to rectification

You have the right to request, without undue delay, the rectification of inaccurate personal data we hold concerning you. Taking into account the purposes of the processing, you have the right to request incomplete personal data is completed, including by means of providing a supplementary statement.

Right to erasure

You have the right to request from us the erasure of personal data concerning you without undue delay, provided we have no legal basis to continue to process that data.

Right to restriction of processing

Subject to exemptions, you have the right to request that we restrict the processing where one of the following applies:

the accuracy of the personal data is contested by you and so our use shall be restricted until the accuracy of the data has been verified;
the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction in its use;
we no longer need the personal data for the purposes of processing, but it is required for the establishment, exercise or defence of legal claims;
you have objected to processing of your personal data pending the verification of whether there are legitimate grounds for us to override these objections.

Notification obligation regarding rectification or erasure of personal data or restriction of processing

We shall communicate any rectification or erasure of personal data or restriction of processing as described above to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We shall provide you with information about those recipients if you request it.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you; unless this relates to processing that is necessary for the performance of a task carried out in the public interest or an exercise of official authority vested in us. We shall no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims.

Right to not be subject to decisions based solely on automated processing

We do not carry out any automated processing, which may lead to an automated decision based on your personal data.

Right to withdraw consent

Where you have provided your consent for us to process your personal data, you can withdraw that consent at any time. If you withdraw your consent it may limit our ability to deliver all of our products and services to you.

Invoking your rights

If you would like to invoke any of the above data subject rights with us, please write to the Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or email customerservices@dpas.co.uk

Accuracy of information

In order to provide the highest level of customer service possible, we need to keep accurate personal data about you. We take reasonable steps to ensure the accuracy of any personal data or sensitive information we obtain. We ensure that the source of any personal data or sensitive information is clear and we carefully consider any challenges to the accuracy of the information. We also consider when it is necessary to update the information, such as name or address changes and you can help us by informing us of these changes when they occur. Should you fail to inform us of any changes when they occur, we may not be able to deliver our products and services to you.

Important information

Questions and queries

If you have any questions or queries which are not answered by this Privacy Notice, or have any potential concerns about how we may use the personal data we hold, please write to the Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or email customerservices@dpas.co.uk

Changes to this Privacy Notice

This Privacy Notice is regularly reviewed. This is to make sure that we continue to meet the highest standards and to protect your privacy. We reserve the right, at all times, to update, modify or amend this Notice. We suggest that you review this Privacy Notice from time to time to ensure you are aware of any changes we may have made however, we will not significantly change how we use information you have already given to us without notifying you.

If you have a complaint

If you have a complaint regarding the use of your personal data or sensitive information then please contact us by writing to the Data Protection Officer at Cambrian Works, Gobowen Road, Oswestry, Shropshire SY11 1HS or email customerservices@dpas.co.uk and we will do our best to help you.

While we hope you can discuss issues with our Data Protection Officer, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact them on 01625 545745 or 0303 123 1113.