Data Protection Policy
This policy outlines how Dental Nurse Training, a UK-based organisation, collects, processes, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.
2. Scope
This policy applies to all personal data processed by Dental Nurse Training including information from:
- Learners (current and prospective)
- Trainers and assessors
- Staff members
- Website visitors
3. Data Collection & Usage
Types of Data Collected:
- Personal Information: Name, email address, phone number, billing details
- Account Information: Login credentials, course enrolment history, assessment results
- Technical Data: IP address, browser type, device information
- Payment Data: Processed through third-party payment providers; no financial information is stored internally
Purpose of Collection:
- Providing access to training courses and assessments
- Communicating course updates and support services
- Managing enrolments, certifications, and payments
- Sending important updates or marketing communications (only with consent)
4. Lawful Basis for Processing
We process personal data under the following legal bases:
- Consent: For optional marketing communications
- Contractual Obligation: To fulfill course registrations, support services, and contractual agreements
- Legitimate Interest: To improve services, monitor progress, and ensure quality training
5. Data Storage & Retention
- Storage Location: Secure servers within the UK and EEA
- Retention Period:
- Personal Data: Retained for 5 years after course completion
- Financial Records: Retained for 7 years to comply with UK tax regulations
- Data Disposal: Personal data is anonymized or securely deleted when no longer needed
6. Data Security Measures
We implement robust security practices to protect personal data:
- Encryption of data in transit and at rest
- Regular security audits and vulnerability assessments
- Access controls to restrict data to authorized personnel only
- Staff training on GDPR compliance and data protection best practices
7. Data Sharing and Transfers
Third-Party Sharing:
We may share data with:
- Course trainers and assessors (limited to necessary information)
- Third-party service providers (e.g., payment processors, cloud storage services)
- Regulatory bodies (e.g., NEBDN) as legally required
International Transfers:
Any transfer of personal data outside the UK or EEA complies with GDPR standards, utilizing mechanisms such as Standard Contractual Clauses (SCCs) or UK adequacy decisions.
8. Data Subject Rights
Under GDPR, individuals have the right to:
- Access their personal data
- Rectify inaccuracies
- Request erasure (“right to be forgotten”)
- Restrict processing or object to it
- Data portability (receive their data in a structured format)
- Withdraw consent for marketing communications at any time
9. Data Breach Notification
In the event of a data breach, we will:
- Notify the Information Commissioner’s Office (ICO) within 72 hours
- Inform affected individuals if there is a high risk to their rights or freedoms
- Provide details on the breach and steps taken to mitigate risks