Privacy policy

Lura Care is a company registered in England and Wales with registered company number 15071714 and having its registered office at Unit 2 Hill Business Park 219 High Street, Hampton Hill, London, United Kingdom, TW12 1NP. 

Our Services

Lura Care is a company specialised in dental care services in care homes and day centres, collaborating with more than 1,000 centres already entrusting us with their residents. 

Data Protection Legislation

Lura Care adheres to the applicable data protection legislation e.g. the United Kingdom’s Data Protection Act 2018, also the UK version of the General Data Protection Regulation (UK GDPR).

Lura Care is a registered Data Controller with the UK regulator for Data Protection, the Information Commissioner’s Office (ICO).  Registration number ZB624574

Personal Data Processing 

Lura Care processes personal data of employees, customers, patients, and suppliers.  We may also process personal data of potential customers (e.g. prospects) and potential suppliers during our legitimate business activities.

Examples of the Processing 

CATEGORY OF PROCESSINGEXAMPLES OF PERSONAL DATA PROCESSED
EmployeesName
Email Address
Phone (Mobile and Home 
Address
National Insurance Number
Tax Reference Number
Banking Information
Pension Information
DBS records
Customers Name
Email Address
Mobile Phone Number
Banking Information
PatientsName
Date of Birth
Address
Next of Kin details
Power of Attorney details
Health information relating to the dental care
Banking Information
SuppliersName
Email Address
Mobile Phone Number
Banking Information
ProspectsName
Email Address
Mobile Phone Number
Other Business PartnersName
Email Address
Mobile Phone Number

Legal Basis for the Processing 

CATEGORY OF PROCESSINGLEGAL BASIS FOR PROCESSING
EmployeesContract Necessity
Legal Obligation
Consent
CustomersContract Necessity
Legal Obligation
Consent
Patients Explicit Consent
(Patient or appointed legal representative).
SuppliersContract Necessity
Legal Obligation
Consent
ProspectsConsent
Legitimate Interest
Other Business PartnersConsent
Legitimate Interest

Patient Data Processing

The legal basis for processing patient data is either based upon the explicit consent of the patient or the explicit consent of their appointed legal representative (e.g. via standard power of attorney assignment).

Processing Systems

Lura Care operates many systems that process personal data.  These include:

  • Employee (HR) solutions
  • Customer Relationship Management (CRM solutions (e.g. Zoho)
  • Financial systems including banking applications
  • Email and other IT systems including collaboration platforms 

Information Security

Lura Care adheres to its obligations to ensure the security of personal data.  These obligations include:

  • Limiting access to personal data to those who require such access
  • Using secure IT systems which securely manages authentication and authorisation to personal data
  • Ensuring that employees are trained on data protection and information security awareness
  • Following standard best practice for information security controls and processes including business continuity and incident management

Data Sharing

Lura Care will only share personal data with third parties who are appointed as Data Processors and Data Sub-Processors. This data sharing will only be undertaken when there is an appropriate data sharing agreement in place. 

E.g. Patient data

Data is shared with medical professionals when required, the care home so that they know what has been done in order to keep their records up to date and with the family members authorised to have the patients information.

Data Transfers

Lura Care adheres to its obligations relating to the transfer of personal data outside of the United Kingdom (UK) and also the European Union (EU).

Typically, Lura Care will not transfer personal data outside of these geographical areas, however on occasions this may be required.

Note – Patient data is processed within the EU, via our CRM system with data residing either in Ireland or the Netherlands.

Transfers Outside of the UK and EU

If Lura Care transfers personal data outside of the UK and EU, it will ensure that:

  • The transfer is to an adequate country as defined by data protection legislation or
  • The transfer is undertaken based upon the completion of a data transfer risk assessment and
  • That the appropriate data protection safeguards are in place

Data Retention

Lura Care retains data for a legitimate period of time as per the stated retention periods within our Data Retention Policy.

E.g. for Patient data

10 years  (reference the BMA via  www.bma.org.uk) years post cancellation or in the event of a death.

In addition, the information of the appointments and treatments carried out is stored on the company CRM system in which planning, and operations are able to access in order to arrange the relevant scheduling for the clients.  

The daily appointments are sent to the Dentists mobile phones which are loaded with the communication App.  After the Dentist has inputted the information immediately after the appointment, the information is removed from the app and mobile phone so no adjustments can be made, and it cannot be accessed again.

Rights of Individuals

Under data protection law, you have rights including:

Right to be informed – You have the right to be informed about the processing of your personal data.

Right of access – You have the right to ask us for copies of your personal information.

Right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Right to erasure – You have the right to ask us to erase your personal information in certain circumstances.

Right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.

Right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact our Data Protection Officer (DPO) at [email protected]  if you wish to make a request.  Alternatively, for more information, please contact the Information Commissioner’s Office (via https://ico.org.uk )