Privacy Policy – Good Methods UK Limited

EFFECTIVE DATE: 03 OCTOBER 2024

Good Methods UK Limited (“Good Methods UK”, “Good Methods", "CareStack") take data protection and people’s privacy seriously and we are committed to continuing to comply with the Data Protection Act 2018 which may be amended from time to time (“Data Protection Law”).

If you have any questions or wish to make a request in relation to your information, please contact our Data Protection Officer at: dpo@carestack.com

Good Methods as a Data Processor

Good Methods acts as a Data Processor for information we process on behalf of dental practices and private healthcare providers (“Customers”) via our popular product CareStack®. This means that we act on our Customer’s instructions when it comes to collecting, storing, accessing, using, and sharing Patient Information.

“Patient Information” shall mean, any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

Our Customer’s decide the lawful basis and purpose of processing Patient Information and we have the necessary agreements in place to process information for these purposes.

What services do Goods Methods provide?

Good Methods provides support to its Customer’s to supply technology and reporting systems. We help our Customer’s in delivering high quality dental care and treatment.

The data we collect depends on the products, services, and features of the Site that you use, and includes the following:

What information do we collect and use?

Good Methods does not collect Patient Information from patients directly. We work with our Customer’s across the Country who use our system to store Personal Data and Special Data as defined below. The purpose of storing this data is to deliver healthcare treatment to you.

“Personal Data” is defined as any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Special Category Data”  is defined as Personal Data that needs more protection because it is sensitive. This includes personal data about an individual’s: race; ethnic origin; political opinions; religious or philosophical beliefs; trade union membership; genetic data; biometric data (where this is used for identification purposes); health data; sex life; or sexual orientation.

Who does Good Methods share information with?

Good Methods does not share your information with anybody other than for the purposes of providing services for you. We provide a system for the safe storage of your Personal Data and Special Data.

What about Information Rights*?

Data Protection Law provides a number of rights that Good Methods is committed to supporting their customers with:

• Rights of access
• Right to object or withdrawn consent.
• Right to correction
• Right to portability
• Right to complain
• Right to erase
• Right to restrict
• Right to be informed
• Rights related to automated decision making including profiling.

* Subject to the legal basis upon which your data is being processed some of the above may not apply.

Since we act as a Data Processor and do not have access to demographic information it makes it difficult to identify you and therefore any requests should be directed to the dental practice or private provider who sent Good Methods your information.

Does Good Methods carry out automated decision making?

Good Methods does not profile individuals and does not carry out any automated actions with your Personal Data.

How does Good Methods protect information?

Good Methods is committed to ensuring the security and confidentiality of Personal Data and SpecialData. There are a number of ways we do this:

• Staff receive regular training about protecting and using Personal Data,
• Policies are in place for staff to follow and are regularly reviewed,
• We check that only the minimum amount of data is shared or accessed,
• Our systems are structured so that it makes it difficult to identify patients,
• We use encrypted emails and storage which would make it difficult for somebody to intercept your information,
• We report and manage incidents to make sure we learn from them and improve,
• We comply with requirements to support requirements mandated by the Data Protection Act 2018 where it concerns any sub-processing of personal data.

Cookies

Cookies are small text files which transfer to your computer or mobile when you visit a website or app.

We automatically derive and collect certain data based on your interactions with the website or app using cookies and similar technologies (collectively, “Cookies”). Our collection of data through Cookies includes information about your browser and website and/ or app usage patterns, which may include your IP address, browser type, browser language, referring/exit pages and URLs, pages viewed, links clicked, whether you opened an email and information about the device you use to access the website. Our collection of this information allows us to improve your user experience in various ways, such as to personalize our display of the website or app to you, to “remember” whether or not you are signed in, and to provide better technical support to you.

Please note: If you restrict, disable, or block any or all Cookies from your web browser, mobile, or other device, the website may not operate properly, and you may not have access to certain services or parts of the website. We will not be liable for any interruption in, or inability to use, the website and app or our services or degraded functioning thereof, where such are caused by your settings and choices regarding Cookies.

We may use Pixels to automatically record certain technical information about your interactions when you visit the website or otherwise engage with us, to help deliver Cookies on our website, or count users who have visited the website. We may also include web beacons in our promotional e- mail messages or newsletters to determine whether you open or act on them for statistical purposes. “Pixels” are tiny graphics (about the size of a period at the end of a sentence) with unique identifiers used to track certain online actions, movements, and related information of website users. Unlike Cookies, which are stored on a user’s computer hard drive, Pixels are embedded invisibly on web pages or in HTML-based emails. The data we receive through Pixels allows us to effectively promote the website to various populations of users, and to optimize external advertisements about the website that appear on third-party websites.

Data Breaches

Where Personal Data breaches occur; we notify our Customer immediately and we take steps to ensure Personal Data is protected. Where required we work the relevant regulators to support any investigations or inquiries.

How can I raise issues or make complaints?

You have the right to make a complaint to our Data Protection Officer dpo@carestack.com or to the Information Commissioners Office in writing to the following address:-