Dear Sir/Madame,

I recently filled in your contact form on your website requesting more information about your service.

I gave you my name, email address and telephone number.

I have since reviewed your contact page on your website and can see that there is no provision caveat or tick box to give you my consent to hold and use my data. I have taken a screen shot of your contact page that shows there is no consent or privacy caveat there.

This is in clear breach of The General Data Protection Regulation of 2018 (GDPR). As a dental surgery that has a NHS contract you are a public authority and are required to be fully GDPR compliant which you are not.

I am now concerned that the data that I have given to you is being held and used without my consent and that your dental surgery is not GDPR compliant and is not holding my data securely.

I am now making an official Subject Access Request (SAR) as directed by the Information Commissioners Office (ICO). https://ico.org.uk/for-the-public/getting-copies-of-your-information-subject-access-request/ You need to tell me how my data is being stored, where it is being stored and how you are using my data and/or intend to use it.

I also require that you send to me a copy of your Data Protection Impact Assessment document (DPIA) that is mandatory for all dentists and required by GDPR compliance. You should have this on file and it must be dated prior to this email.

Please can you send the DPIA and the details I require in the SAR by email to (Email Address)

You have a maximum of 30 days to send this information to me. If I do not receive them within 30 days I am going to report this to the Information Commissioners Office (ICO).

I am also contacting a solicitor to make a compensation claim for the distress this has caused me due to holding my data without my consent while not being GDPR compliant.

Your Sincerely,
(Name of Sender)