CCTV Policy


Closed circuit television (CCTV) is installed at the Practice premises for the purposes of patient, staff and premises security. Cameras are located in the reception, lobby and

external area of the premises.

The use of CCTV falls within the scope of the Data Protection Act 1998 (“the 1998 Act”). This

code of practice follows the recommendations issued by the Data Protection Commissioner

in accordance with powers under Section 51 (3)(b) of the 1998 Act. 

In order to comply with the requirements of the 1998 Act, data must be:

  • Fairly and lawfully processed
  • Processed for limited purposes and not in any manner incompatible with those purposes
  • Adequate, relevant and not excessive
  • Accurate
  • Not kept for longer than is necessary
  • Processed in accordance with individuals' rights
  • Secure

In Summary

1) CCTV is in place in the reception of the premises.

2) CCTV has been installed solely for the safety and security of our patients, staff and premises.

3) Images are captured 24 hours a day, seven days a week and are processed via our CCTV capturing devices. These devices are securely protected and only the owner of the practice and the data protection officer have access to the equipment. The owner regularly checks that the CCTV devices are working as intended.

4) The CCTV only captures images and does not record audio. 

5) Signs informing visitors that CCTV is in place can be found at reception area

of the premises.

6) We inform visitors to our website that CCTV will be in operation.

7) The recording devices have the capability of transferring data to an external cloud based storage for cooperation with the relevant authorities. We only ever do this where there is cause to believe the safety and security of patients/staff has been compromised. We do not ever share images with other third parties.

8) Visitors to the practice have the right to request to see images of themselves on CCTV as part of a Data Protection request. Like all Data Protection requests, this request must be made in writing and the same exceptions apply. There is no charge for this (unless there is an exceptional level of work collating the data). We will also require information that will allow us to identify the visitor and the date/time of the visit.

9) We have followed the CCTV guidelines produced by the Information Commissioners’

Office, throughout.

Data protection statement

  1. Ms. Carole Marina Hewison is the Data Controller under Section 4(4) of the Act.
  2. CCTV is installed for the purpose of staff, patient and premises security.
  3. Use of images, including the provision of images to a third party, will be in accordance with the Practice’s Data Protection registration.
  1. Signage is displayed at the premises and on the Practice website stating of the presence of CCTV.

Retention of images

Images from cameras are recorded on disc/computer system (“the recordings”).

The recordings are made and retained for the purposes of security of staff, patient and

premises, these will be held in secure storage, and access controlled. Recordings will not be

retained for longer than thirty days.

Access to images

It is important that access to, and disclosure of, images recorded by CCTV and similar

surveillance equipment is restricted and carefully controlled, not only to ensure that the

rights of individuals are preserved, but also to ensure that the chain of evidence remains

intact should the images be required for evidential purposes.

Access to images by practice staff

Access to recorded images is restricted to the owner of Elite Dental Practice and the data protection officer who will decide whether to allow requests for access by Data Subjects and/or third parties

(see below).

Viewing of images must be documented as follows:

  • The name of the person removing from secure storage, or otherwise accessing, the recordings
  • The date and time of removal of the recordings
  • The name(s) of the person(s) viewing the images (including the names and organisations of any third parties)
  • The reason for the viewing
  • The outcome, if any, of the viewing
  • The date and time of replacement of the recordings

Removal of images for use in legal proceedings

In cases where recordings are removed from secure storage for use in legal proceedings, the following must be documented:

  • The name of the person removing from secure storage, or otherwise accessing, the recordings
  • The date and time of removal of the recordings
  • The reason for removal• Any crime incident number to which the images may be relevant
  • The place to which the recordings will be taken
  • The signature of the collecting police officer, where appropriate
  • The date and time of replacement into secure storage of the recordings


Access to images by third parties

Requests for access to images will be made in writing. There is no charge for this (unless there is an exceptional level of work involved in collating the data)

The Data Controllers of Elite Dental Practice will assess applications and decide whether the requested access will be permitted. Disclosure of recorded images to third parties will only be

made in limited and prescribed circumstances. For example, in cases of the prevention and detection of crime, disclosure to third parties will be limited to the following:

  • Law enforcement agencies where the images recorded would assist in a specific criminal enquiry
  • Prosecution agencies
  • Relevant legal representatives
  • The Press/Media, where it is decided that the public's assistance is needed in order to assist in the identification of victim, witness or perpetrator in relation to a criminal incident. As part of that decision, the wishes of the victim of an incident should be taken into account
  • People whose images have been recorded and retained (unless disclosure to the

individual would prejudice criminal enquiries or criminal proceedings)

All requests for access or for disclosure should be recorded. If access or disclosure is denied,

the reason should be documented as above.


Access by data subjects

This is a right of access, which is provided by section 7 of the 1998 Act. Requests for access

to images will be made in writing. There is no charge for this (unless there is an exceptional level of work involved in collating the data) 

Individuals should also be provided with the CCTV Policy and Code of Practice which

describes the type of images which are recorded and retained, the purposes for which those

images are recorded and retained, and information about the disclosure policy in relation to

those images. 

Procedures for dealing with an access request

All requests for access by Data Subjects will be dealt with by Ms. Carole Marina Hewison.

The Data Controller will locate the images requested. The Data Controller will determine whether disclosure to the Data Subject would entail disclosing images of third parties.

The Data Controller will need to determine whether the images of third parties are held

under a duty of confidence. In all circumstances the Practice’s indemnity insurers will be

asked to advise on the desirability of releasing any information.

If third party images are not to be disclosed, the Data Controllers will arrange for the

Third – party images to be disguised or blurred. If the CCTV system does not have the facilities to carry out that type of editing, an editing company may need to be used to carry it out. If an editing company is used, then the Data Controllers must ensure that there is a contractual relationship between them and the editing company, and;

  • That the editing company has given appropriate guarantees regarding the security measures they take in relation to the images
  • The written contract makes it explicit that the editing company can only use the images in accordance with the instructions of the Data Controllers
  • The written contract makes the security guarantees provided by the editing company explicit 

Ms. Carole Marina Hewison will provide a written response to the Data Subject within one month of receiving the request setting out the Data Controller’s decision on the request.

A copy of the request and response should be retained.


Data Protection Notice

Data protection privacy notice for patients

In providing your dental care and treatment, we will ask for information about you and your health. Occasionally, we may receive information from other providers who have been involved in providing your care. This privacy notice describes the type of personal information we hold, why we hold it and what we do with it.

Information that we collect

We may collect the following information about you:

  • Personal details such as your name, date of birth, national insurance number, NHS number, address, telephone number and email address
  • Information about your dental and general health, including
  • Clinical records made by dentists and other dental professionals involved with your care and treatment
  • X-rays, clinical photographs, digital scans of your mouth and teeth, and study models
  • Medical and dental histories
  • Treatment plans and consent
  • Notes of conversations with you about your care
  • Dates of your appointments
  • Details of any complaints you have made and how these complaints were dealt with
  • Correspondence with other health professionals or institutions
  • Details of the fees we have charged, the amounts you have paid and some payment details

Dr Lida Fartash is responsible for keeping secure the information about you that we hold.

Our data protection officer, Carole Marina Hewison, (This email address is being protected from spambots. You need JavaScript enabled to view it.) ensures that the practice complies with data protection requirements to ensure that we collect, use, store and dispose of your information responsibly.

Those at the practice who have access to your information include dentists and other dental professionals involved with your care and treatment, and the reception staff responsible for the management and administration of the practice.

How we use your information

To provide you with the dental care and treatment that you need, we require up-to-date and accurate information about you.

We will share your information with the NHS in connection with your dental treatment. 

We will seek your preference for how we contact you about your dental care. Our usual methods are telephone, email or letter. 

If we wish to use your information for dental research or dental education, we will discuss this with you and seek your consent. Depending on the purpose and if possible, we will anonymise your information. If this is not possible we will inform you and discuss your options.

Sharing information

Your information is normally used only by those working at the practice but there may be instances where we need to share it – for example, with: 

  • Your doctor
  • The hospital or community dental services or other health professionals caring for you
  • NHS payment authorities
  • The Department for Work and Pensions and its agencies, where you are claiming exemption or remission from NHS charges
  • Private dental schemes of which you are a member.

We will only disclose your information on a need-to-know basis and will limit any information that we share to the minimum necessary. 

In certain circumstances or if required by law, we may need to disclose your information to a third party not connected with your health care, including HMRC or other law enforcement or government agencies.

Keeping your information safe

We store your personal information securely on our practice computer system [and/or] in a manual filing system. Your information cannot be accessed by those who do not work at the practice; only those working at the practice have access to your information. They understand their legal responsibility to maintain confidentiality and follow practice procedures to ensure this.

We take precautions to ensure security of the practice premises, the practice filing systems and computers

We use high-quality specialist dental software to record and use your personal information safely and effectively. Our computer system has a secure audit trail and we back-up information routinely.

We keep your records for 10 years after the date of your last visit to the Practice or until you reach the age of 25 years, whichever is the longer.

Access to your information and other rights

You have a right to access the information that we hold about you and to receive a copy. You should submit your request to the practice in writing or by email. We do not usually charge you for copies of your information; if we pass on a charge, we will explain the reasons.

You can also request us to 

  • Correct any information that you believe is inaccurate or incomplete. If we have disclosed that information to a third party, we will let them know about the change
  • Erase information we hold although you should be aware that, for legal reasons, we may be unable to erase certain information (for example, information about your dental treatment
  • Stop using your information – for example, sending you reminders for appointments or information about our service
  • Supply your information electronically to another dentist.

If you do not agree

If you do not wish us to use your personal information as described, you should discuss the matter with your dentist. If you object to the way that we collect and use your information, we may not be able to continue to provide your dental care.

If you have any concerns about how we use your information and you do not feel able to discuss it with your dentist or anyone at the practice, you should contact The Information Commissioner’s Office (ICO), 3rd Floor, 14 Cromac Place, Belfast BT7 2JB (0303 123 1113 or 02890 8757).

Date: 11/5/2018

Review date: 11/5/2019



Elite@Arches is a new modern practice on the Newtownards Road in Belfast. It is on a main route, a few minutes away from the city centre and convenient for buses.

The practice consists of two new surgeries all fully equipped (including intra-oral cameras), fully computerised, central sterilising room and spacious reception. A great deal of thought and planning has gone into making the design and the décor of the practice look contemporary, clean, neat and appealing to the public as well as a comfortable environment for the staff.

Long term dental health requires a long term commitment. The dental team’s commitment at Arches Dental includes getting to know our patients as individuals and meeting their unique dental needs and developing enduring relationships. We aim to enhance your smile through our extensive knowledge and proficiency in the fields of cosmetic and preventative dentistry and through our outstanding practice facilities we are able to achieve this goal.

Subscribe to this RSS feed