At Summers Opticians we are committed to the highest privacy standards. However you choose to interact with us, we will only collect data that is necessary for us to deliver the best possible service and ensure you are reminded about appointments or anything else relevant to your ongoing care. This policy provides detailed information on when and why we collect your personal information, how we use it and the very limited conditions under which we may disclose it to others.
COLLECTION OF YOUR PERSONAL INFORMATION
In addition to your basic contact information (name, date of birth, telephone numbers and your addresses) we will collect other relevant details including current and past health and medication information, your examination results, payment details and lifestyle information. We may also store associated information received from other health care professionals as part of your ongoing care.
HOW WE USE THIS INFORMATION
The information we collect about you is used to ensure we provide you with the best and most appropriate products and services. In addition to your ongoing eye care, we will remind you when appointments are due and suggest relevant products or services that we believe would be of interest. We use your contact information to respond to queries from you, and where appropriate your bank details to collect Direct Debit payments as agreed.
Our legal bases for processing personal data for healthcare purposes include public task or legitimate interests. Our condition for processing special category data is the provision of health or social care.
We process our patients’ personal data for marketing purposes with their consent or to meet a legitimate interest. This means we can tell you about eye care products and services that may be relevant to you. If you do not want us to process your personal data for marketing purposes, please let us know and we will stop.
OUR POLICY ON STORAGE, PROCESSING AND RETENTION OF YOUR INFORMATION.
To provision and manage our services, your data is stored and processed by Optinet Software Ltd within their UK facilities that are certified to ISO27001. If we collect Direct Debits from you these payments will be processed by GoCardless Ltd.
We process your personal data in strict confidence. Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision. All members of staff are aware of the confidential nature of all personal data, and follow the standards of conduct, performance and ethics of the Health and Care Professions Council.
The College of Optometrists recommends any personal data is kept for ten years after our last contact with you before we delete it, and if the data were collected when you were aged under 18 that it be kept until your 25th birthday, in line with NHS requirements. We also retain your information for as long as reasonably necessary to maintain records to satisfy tax and other legal requirements. In exceptional cases we may need to retain personal data for a longer period, and will explain our reasons for doing so on request.
HOW AND WHEN WE MAY SHARE YOUR PERSONAL INFORMATION
Any third-party company is only permitted to process your data for the specified purposes and in accordance with our instructions. Where necessary we may disclose your relevant information to
- health care professionals including the NHS
- external agencies and organisations, including the police, for the prevention and detection of fraud and criminal activity
- should any claim be made, we may pass your personal information to our insurers
- if our business is wholly or partially transferred to a third party, your personal information may be one of the transferred assets.
- software providers for our patient record and invoicing systems, and financial institutions, so that we can keep patient records up to date and arrange payment for services provided to you
YOUR RIGHTS WITH RESPECT TO THE PERSONAL INFORMATION WE HOLD
You are entitled to access the personal information that we hold on you; any such request should be made using our contact details below. If any data we hold is inaccurate, this will be corrected promptly on request. In certain circumstances you can request that we erase your data which we will do where this would not prevent us meeting our legal and regulatory obligations.
UPDATING YOUR COMMUNICATION PREFERENCES
You may ask that we do not send you communications using any of the contact details we hold on our records, this may include your email, SMS, telephone and postal information. You may also request we restrict our communications to clinically necessary messages. Your personal preferences can be changed at any time by contacting us using our contact details below.
A cookie is a small text file containing information that a web site transfers to your computer’s hard disk for record-keeping purposes. A cookie cannot give us access to your computer or to your personal information. Most web browsers automatically accept cookies; consult your browser’s manual or online help if you want information on restricting or disabling the browser’s handling of cookies. If you disable cookies, you can still view the information on our web site, but the functionality of certain areas may be reduced.