CODE aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR) and the guidelines on the Information Commissioner’s website.
Karen Penfold is the Information Governance Lead.
You will be asked to provide personal data when joining as a member. The purpose of collecting your personal data is to provide the optimum membership services to you. We also process the personal data of our employees and for individuals who have expressed interest in CODE services.
Our lawful basis for processing data
The lawful basis for processing employees’ data is:
“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.”
The lawful basis for processing members’ data is:
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
The lawful basis of processing non-members data is:
Legitimate interest – see the CODE Legitimate Interests Assessment (P 217S).
The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
The categories of data we process The categories of data we process are:
For definitions of Member or Client please see the CODE Contract as Data Processor.
We never pass personal data to a third party unless it is for processing on behalf of CODE
Where our data is stored
Personal data is stored in our email applications Constant Contact and Aweber, on the head office networked computers, in the CRM programme at head office called Enterprise MRM/Tribe, on the Brighton Hub computers and on company laptops or mobile phones. Online backups are stored in encrypted format with Data Barracks.
Our data processors store personal data in the EU in digital and hard copy formats. Data processors outside of the EU are only in the USA and are companies who are certified for the EU-US Privacy Shield and have appropriate GDPR compliance terms and conditions. Personal data is obtained when a Member subscribes to a membership, when a Client requests a CODE service and when a non-member subscribes to a CODE email list.
Retention of personal data
The retention period for members’ data is 10 years as many members re-join after some years. The retention period for staff records and client data is 6 years. The retention period for non-member data is 2 years after it was last processed.
You have the right to withdraw consent for important compliance notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or texts. You have the right to obtain a copy of your data records within one month of application, for which no fee will be charged.
Privacy Impact Assessment
We have carried out a Privacy Impact Assessment (P 217Q) and the details of how we ensure security of personal data is in our Physical Security Risk Assessment (P 217M). We have Information Governance Procedures (P 217C) and a Legitimate Interests Assessment (M 217S). Copies of these policies and procedures can be obtained from the contact details below.
Please contact Gill Cox at CODE for a comment, suggestion or a complaint about the processing of your data at firstname.lastname@example.org or by calling
CODE is the trading name of the Confederation of Dental Employers ltd company number
Both the Confederation of Dental Employers ltd and Codeplan Ltd are incorporated in and established under the laws of England. Their registered office is at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX 22 6BB.The