Privacy policy
Lura Care is a company registered in England and Wales with registered company number 15071714 and having its registered office at Unit 2 Hill Business Park 219 High Street, Hampton Hill, London, United Kingdom, TW12 1NP.
Our Services
Lura Care is a company specialised in dental care services in care homes and day centres, collaborating with more than 1,000 centres already entrusting us with their residents.
Data Protection Legislation
Lura Care adheres to the applicable data protection legislation e.g. the United Kingdom’s Data Protection Act 2018, also the UK version of the General Data Protection Regulation (UK GDPR).
Lura Care is a registered Data Controller with the UK regulator for Data Protection, the Information Commissioner’s Office (ICO). Registration number ZB624574
Personal Data Processing
Lura Care processes personal data of employees, customers, patients, and suppliers. We may also process personal data of potential customers (e.g. prospects) and potential suppliers during our legitimate business activities.
Examples of the Processing
| CATEGORY OF PROCESSING | EXAMPLES OF PERSONAL DATA PROCESSED |
| Employees | Name Email Address Phone (Mobile and Home Address National Insurance Number Tax Reference Number Banking Information Pension Information DBS records |
| Customers | Name Email Address Mobile Phone Number Banking Information |
| Patients | Name Date of Birth Address Next of Kin details Power of Attorney details Health information relating to the dental care Banking Information |
| Suppliers | Name Email Address Mobile Phone Number Banking Information |
| Prospects | Name Email Address Mobile Phone Number |
| Other Business Partners | Name Email Address Mobile Phone Number |
Legal Basis for the Processing
| CATEGORY OF PROCESSING | LEGAL BASIS FOR PROCESSING |
| Employees | Contract Necessity Legal Obligation Consent |
| Customers | Contract Necessity Legal Obligation Consent |
| Patients | Explicit Consent (Patient or appointed legal representative). |
| Suppliers | Contract Necessity Legal Obligation Consent |
| Prospects | Consent Legitimate Interest |
| Other Business Partners | Consent Legitimate Interest |
Patient Data Processing
The legal basis for processing patient data is either based upon the explicit consent of the patient or the explicit consent of their appointed legal representative (e.g. via standard power of attorney assignment).
Processing Systems
Lura Care operates many systems that process personal data. These include:
- Employee (HR) solutions
- Customer Relationship Management (CRM solutions (e.g. Zoho)
- Financial systems including banking applications
- Email and other IT systems including collaboration platforms
Information Security
Lura Care adheres to its obligations to ensure the security of personal data. These obligations include:
- Limiting access to personal data to those who require such access
- Using secure IT systems which securely manages authentication and authorisation to personal data
- Ensuring that employees are trained on data protection and information security awareness
- Following standard best practice for information security controls and processes including business continuity and incident management
Data Sharing
Lura Care will only share personal data with third parties who are appointed as Data Processors and Data Sub-Processors. This data sharing will only be undertaken when there is an appropriate data sharing agreement in place.
E.g. Patient data
Data is shared with medical professionals when required, the care home so that they know what has been done in order to keep their records up to date and with the family members authorised to have the patients information.
Data Transfers
Lura Care adheres to its obligations relating to the transfer of personal data outside of the United Kingdom (UK) and also the European Union (EU).
Typically, Lura Care will not transfer personal data outside of these geographical areas, however on occasions this may be required.
Note – Patient data is processed within the EU, via our CRM system with data residing either in Ireland or the Netherlands.
Transfers Outside of the UK and EU
If Lura Care transfers personal data outside of the UK and EU, it will ensure that:
- The transfer is to an adequate country as defined by data protection legislation or
- The transfer is undertaken based upon the completion of a data transfer risk assessment and
- That the appropriate data protection safeguards are in place
Data Retention
Lura Care retains data for a legitimate period of time as per the stated retention periods within our Data Retention Policy.
E.g. for Patient data
10 years (reference the BMA via www.bma.org.uk) years post cancellation or in the event of a death.
In addition, the information of the appointments and treatments carried out is stored on the company CRM system in which planning, and operations are able to access in order to arrange the relevant scheduling for the clients.
The daily appointments are sent to the Dentists mobile phones which are loaded with the communication App. After the Dentist has inputted the information immediately after the appointment, the information is removed from the app and mobile phone so no adjustments can be made, and it cannot be accessed again.
Rights of Individuals
Under data protection law, you have rights including:
Right to be informed – You have the right to be informed about the processing of your personal data.
Right of access – You have the right to ask us for copies of your personal information.
Right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
Right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact our Data Protection Officer (DPO) at [email protected] if you wish to make a request. Alternatively, for more information, please contact the Information Commissioner’s Office (via https://ico.org.uk )