Call Recording Policy

All calls (inbound and outbound) at Smile Together are recorded for training and monitoring purposes.


This policy outlines Smile Together’s call recording process. The purpose of call recording is to provide a record of incoming and outgoing calls which can:

  • Identify practice team training needs.
  • Protect practice team members from nuisance or abusive calls.
  • Establish facts relating to incoming/outgoing calls made (eg. complaints/disciplinary issues)
  • Identify any issues in practice processes with a view to improving them.


The purpose of this policy is to ensure that call recording is managed in line with General Data Protection Regulations (GDPR) & Data Retention requirements. This will generally involve the recording of telephone conversations which is subject to the Telecommunications Act 1984.

Smile Together will make every reasonable effort to advise callers that their call may be recorded and for what purpose the recording may be used. This will normally be via a pre-recorded message within the telephone system. The voice file will be stored within the telephone system to which the same rules of confidentiality will apply.

Where a patient requests to listen to a recording then this should be allowed within the general provisional of data subject access (SAR) under General Data Protection Regulations.


This policy applies to all practice team members including any contracted or temporary workers.  All calls via the telephone systems used in the practice will be recorded, including:

  • All external incoming calls
  • All external outgoing calls made by practice team members
  • All internal incoming and outgoing calls made by the practice team
  • Call transfers

Recording will automatically stop when the practice team member terminates the call.

Callers will be advised that all calls are recorded for quality/training purposes – this will be in the form of an automated voice message when patients call the Information Governance Team on 0333 405 0290,  a patient (and team member) can request the call not to be recorded at any time during a live call.


  • In a video call only the audio part of the call is recorded.
  • Outbound calls to a patient will be automatically recorded, but we do not need to notify the patient that the call will be recorded as this message is mentioned on the pre-recorded message when a patient calls the practice, as well in the policy on our website which is viewable to the public.

Playback / Monitoring of Recorded Calls

Monitoring of the call recordings will be undertaken by allocated Supervisors on the phone software.  Any playback of recordings will take place in a private setting.

All recordings will be stored securely for 3-5 years and access to these will be controlled and managed by the Head of Information Governance and by the Supervisors, who have been appointed by the Head of Information Governance.  Access to the recordings will be by request to the Head of Information Governance.

Subject Access Requests (SAR)

Subject Access Requests can be made in writing by a patient to have access to their telephone calls with Smile Together, if available. It should be noted that recordings are only kept for 3-5 years. Recordings can be downloaded as an MP3 format only.


The General Data Protection Regulations allows access to information that is held about an individual and their personal data. This includes recorded telephone calls. Recordings should be stored in such a way that will enable easy access to the information relating to one or more individuals.

Requests for copies of telephone conversations can be made under the GDPR as a “Subject Access Request (SAR)”. This must be done in writing and after assessing whether the information can be released, the requestor can be invited to the practice premises to hear the recording.

If there is a request from an external body relating to the detection or prevention of a crime (eg. police), then requests for information should be directed to the Head of Information Governance responsible for GDPR to carry out the request for the recording.

Where are the recordings stored?

Calls are routed through Mitel network, recorded and stored by Mitel. The recordings are kept on their servers in a secure environment that cannot be accessed externally except by authenticated users.

Mitel satisfy the security requirements for:

  • ISO 27001 Security Standards certification
  • ISO 9001 Quality Management System Standards certification

Mitel are a Crown Commercial Service Supplier and have been assessed against the NHS Information Governance Toolkit.

Sign up for regular updates.

Subscribe to our newsletter