GDPR Compliance Statement
Last Updated: 12/5/2024
Overview of Data Protection
As a dental professional operating in the UK, I am committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
This GDPR compliance statement outlines how I collect, process, and protect personal data through this portfolio website and associated professional activities.
Key Principles:
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Accuracy
- Storage limitation
- Integrity and confidentiality (security)
- Accountability
Data Controller Information
For the purposes of data protection law, I, Dr. Jas Singh Purba (GDC No. XXXXX), am the data controller for this website.
Contact Details:
- Data Controller: Dr. Jas Singh Purba
- Email: [Your Email]
- Address: [Your Professional Address]
- GDC Registration: XXXXX
Lawful Bases for Processing
Under UK GDPR, I process personal data under the following lawful bases:
1. Consent
- Newsletter subscriptions
- Contact form submissions
- Cookie preferences
2. Legitimate Interests
- Website analytics
- Security monitoring
- Business development
3. Legal Obligation
- Professional regulatory requirements
- Tax and accounting records
- Legal proceedings
Your Data Protection Rights
Under UK GDPR, you have the following rights:
Right to be Informed
Transparent communication about how your data is used
Right of Access
Obtain a copy of your personal data and supplementary information
Right to Rectification
Correct inaccurate or incomplete personal data
Right to Erasure
Request deletion of your personal data in certain circumstances
Right to Restrict Processing
Limit how your data is used in certain circumstances
Right to Data Portability
Receive your data in a structured, commonly used format
Right to Object
Object to processing based on legitimate interests or direct marketing
Rights Related to Automated Decision Making
Safeguards against fully automated decisions affecting you
International Data Transfers
Where personal data is transferred outside the UK, I ensure appropriate safeguards are in place:
- Data transfers only to countries with adequate protection levels as determined by the UK
- Use of Standard Contractual Clauses approved by the UK Government
- Transfers necessary for contract performance or legal claims
- Explicit consent obtained where required
Data Security Measures
I implement appropriate technical and organizational measures including:
- SSL/TLS encryption for data in transit
- Secure data storage with encryption at rest
- Regular security assessments and updates
- Access controls and authentication measures
- Staff training on data protection
- Incident response procedures
Data Retention
Personal data is retained only as long as necessary for the purposes collected:
- Contact form submissions: 2 years
- Newsletter subscriptions: Until unsubscribed
- Analytics data: 26 months
- Professional correspondence: 7 years
Retention periods may be extended where required by law or professional regulations.
Data Protection Officer
While not legally required to appoint a Data Protection Officer, I take personal responsibility for data protection compliance and can be contacted directly with any queries or concerns about personal data processing.
For data protection matters, please contact: [Your Email]
Complaints and Supervisory Authority
If you have concerns about how your data is handled, you can:
- Contact me directly to resolve the issue
- Lodge a complaint with the Information Commissioner's Office (ICO)
ICO Contact Details:
- Website: www.ico.org.uk
- Helpline: 0303 123 1113
- Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
GDC Number: XXXXX
For GDPR and data protection queries, please contact [Your Email]
This GDPR compliance statement was last updated on 12/5/2024 and follows current UK data protection legislation.