Please rotate the screen to Landscape view for best viewing experience.

Close
Speak to an Expert: 01409 254 354

CODE Privacy Notice

The CODE Privacy Notice can be downloaded as a PDF here


CODE aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR) and the guidelines on the Information Commissioner’s website.


Karen Penfold is the Information Governance Lead. CODE is a trading name of the Confederation of Dental Employers Ltd and Codeplan Ltd. Our websites are codeuk.com, icomply.cc, icomply.org and icomply.cloud, our mobile applications (“mobile apps”) are the iComply app, services, tools, and other applications (collectively, the “Websites”).

This privacy notice is available on the company websites at www.codeuk.com/privacy, on icomply.cc, icomply.cloud and icomply.org at https://icomply.cc/privacy-notice by emailing info@codeuk.com or by calling 01409 254 354.

You will be asked to provide personal data when joining as a member.  The purpose of collecting your personal data is to provide the optimum membership services to you. We also collect and process the personal data of our employees and for individuals who have expressed interest in CODE services.

Members of CODE, members of iComply application, members of CODE Total HR service, members of the Quality Practice Scheme and Codeplan practices are (“Members”). Individuals who use CODE services such as consultancy, training and seminars are for the purposes of this agreement are (“Clients”).


Our lawful basis for processing the personal data of Members is:

“Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”


Our lawful basis for processing data of Members’ patients, in order to administer dental plans is:

“Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”


Our lawful basis for the processing special category data of Members’ patients, in order to administer dental plans is:

“Processing is necessary for health care purposes”


Our lawful bases for processing employees’ and self-employed contractors special category data are:

“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee.”

“Processing necessary for identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with the view to enabling such equality to be promoted or maintained”

“Consent is obtained for Criminal record checks”


Our lawful basis for processing Client data is:

“Legitimate interests” – see the CODE Legitimate Interests Assessment (P 217S).


The categories of data we process
The categories and purposes of processing data are:

  • Personal data for the purposes of Client management
  • Personal data for the purposes of Member management
  • Personal data for the engagement of our own staff
  • Personal data for Members to manage the engagement of their employees and self-employed contractors
  • Personal data for direct mail, email and texts to Clients and non-members for: compliance updates to the profession, important dentistry news, information about CODE member services, surveys and marketing
  • Special category data for the processing of the dental plan subscriptions of patients who are under the care of our Members
  • Special category data for employment purposes, for employees and self-employed contractors, including their health data
  • Criminal record checks for employees and self-employed contractor
  • Special category data to meet the requirements of the Equality Act 2001


We never pass personal data to a third party unless it is for processing on behalf of CODE or to meet a legal obligation.

The personal data we process includes:

Your name, address, gender, date of birth, email address, website address, financial details for processing subscriptions. For employees and self-employed CODE team members we may process more sensitive special category data including ethnicity, race, religion, or sexual orientation so that we can meet our obligations under the Equality Act 2010. We also process IP addresses so that we can continually improve our service to you and inform our marketing.


Where our data is stored 

Personal data is stored in our email applications (Constant Contact and AWeber), on the head office encrypted networked computers, in the CRM programme at head office called Enterprise MRM/Tribe, on the Brighton Hub encrypted computers and on company laptops and mobile phones. Online backups are stored in encrypted format with Data Barracks. We use Microsoft 365 and Dropbox. Practice and personal data is stored on iComply using Amazon Web Services. Full details of who processes data on our behalf and the contracts we have with them is in our Information Governance Procedures (P 217C) available upon request.

Our data processors store personal data in the EU in digital and hard copy formats. Data processors outside of the EU are only in the USA and are companies who are certified for the EU-US Privacy Shield and have appropriate GDPR compliance terms and conditions. Personal data is obtained when a Member subscribes to a membership, when a Client requests a CODE service and when a non-member subscribes to a CODE email list.

You have the following personal data rights:

  • The right to be informed about the collection and use of your personal data
  • The right of access – to have a free copy of your data that we have
  • The right to rectification – to correct the data we have if it is inaccurate or incomplete
  • The right to deletion of your personal data (please see below why your records may have to be retained for a certain time period)
  • The right to restrict processing of your personal data
  • The right to data portability – to have your data transferred to someone else
  • The right to object to the processing of your personal data.
  • Rights in relation to automated decision making and profiling


Retention of personal data 

The retention period for members’ data is 10 years as many members re-join after some years. The retention period for staff records and client data is 6 years. The retention period for non-member data is 2 years after it was last processed. 

You have the right to withdraw consent for important compliance notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or texts. You have the right to obtain a copy of your data records within one month of application, for which no fee will be charged.


Privacy Impact Assessment 

We have carried out a Privacy Impact Assessment (P 217Q) and the details of how we ensure security of personal data is in our Physical Security Risk Assessment (P 217M). We have Information Governance Procedures (P 217C) and a Legitimate Interests Assessment (M 217S). Copies of these policies and procedures can be obtained from the contact details below.


Complaints 

Please contact Gill Cox at CODE for a comment, suggestion or a complaint about the processing of your data at info@codeuk.com or by calling 01409 254 354 or by writing to CODE at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB. If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.


CODE procedures 
You can also use the contact details above to request copies of the following CODE policies or procedures: 
  • Data Protection Policy (P 233-DPT), which has a list of all data protection procedures 
  • Consent Policy (P 233-CNS) 
  • Privacy Impact Assessment (P 217S) 
  • Information Governance Procedures (P 217C)

Further information 

CODE Contract as Data Processor 

CODE Cookie Policy 

CODE Privacy Policy


CODE
Karen Penfold, Information Governance Lead,
Elm Tree House,
Bodmin Street,
Holsworthy, Devon,
EX 22 6BB.
Telephone 01409 254 354
Email info@codeuk.com.


CODE is the trading name of the Confederation of Dental Employers ltd company number 01763779. CODE is also a trading name of Codeplan Ltd company number 03927086. iComply is a trading name of Codeplan ltd. 

Both the Confederation of Dental Employers ltd and Codeplan Ltd are incorporated in and established under the laws of England. Their registered office is at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX 22 6BB.The 


Updated 13th June 2018