Back to Homepage

GDPR Compliance Statement

Last Updated: 11/9/2024

Overview of Data Protection

As a dental professional operating in the UK, I am committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This GDPR compliance statement outlines how I collect, process, and protect personal data through this portfolio website and associated professional activities.

Key Principles:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Data Controller Information

For the purposes of data protection law, I, Dr. Jas Singh Purba (GDC No. XXXXX), am the data controller for this website.

Contact Details:

  • Data Controller: Dr. Jas Singh Purba
  • Email: [Your Email]
  • Address: [Your Professional Address]
  • GDC Registration: XXXXX

Lawful Bases for Processing

Under UK GDPR, I process personal data under the following lawful bases:

1. Consent

  • Newsletter subscriptions
  • Contact form submissions
  • Cookie preferences

2. Legitimate Interests

  • Website analytics
  • Security monitoring
  • Business development

3. Legal Obligation

  • Professional regulatory requirements
  • Tax and accounting records
  • Legal proceedings

Your Data Protection Rights

Under UK GDPR, you have the following rights:

Right to be Informed

Transparent communication about how your data is used

Right of Access

Obtain a copy of your personal data and supplementary information

Right to Rectification

Correct inaccurate or incomplete personal data

Right to Erasure

Request deletion of your personal data in certain circumstances

Right to Restrict Processing

Limit how your data is used in certain circumstances

Right to Data Portability

Receive your data in a structured, commonly used format

Right to Object

Object to processing based on legitimate interests or direct marketing

Rights Related to Automated Decision Making

Safeguards against fully automated decisions affecting you

International Data Transfers

Where personal data is transferred outside the UK, I ensure appropriate safeguards are in place:

  • Data transfers only to countries with adequate protection levels as determined by the UK
  • Use of Standard Contractual Clauses approved by the UK Government
  • Transfers necessary for contract performance or legal claims
  • Explicit consent obtained where required

Data Security Measures

I implement appropriate technical and organizational measures including:

  • SSL/TLS encryption for data in transit
  • Secure data storage with encryption at rest
  • Regular security assessments and updates
  • Access controls and authentication measures
  • Staff training on data protection
  • Incident response procedures

Data Retention

Personal data is retained only as long as necessary for the purposes collected:

  • Contact form submissions: 2 years
  • Newsletter subscriptions: Until unsubscribed
  • Analytics data: 26 months
  • Professional correspondence: 7 years

Retention periods may be extended where required by law or professional regulations.

Data Protection Officer

While not legally required to appoint a Data Protection Officer, I take personal responsibility for data protection compliance and can be contacted directly with any queries or concerns about personal data processing.

For data protection matters, please contact: [Your Email]

Complaints and Supervisory Authority

If you have concerns about how your data is handled, you can:

  • Contact me directly to resolve the issue
  • Lodge a complaint with the Information Commissioner's Office (ICO)

ICO Contact Details:

  • Website: www.ico.org.uk
  • Helpline: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

GDC Number: XXXXX

For GDPR and data protection queries, please contact [Your Email]

This GDPR compliance statement was last updated on 11/9/2024 and follows current UK data protection legislation.