GDPR Privacy notice for Paul Lewis Optician
This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.
The General Data Protection Regulation (GDPR) which is EU wide and far more extensive than its predecessor the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.
Burgess & Lewis Optical Services Ltd, trading as Paul Lewis Optician operates and is administered from 7 Alexandra Terrace, Kingsthorpe, Northampton, NN2 7SJ and for data protection purposes are the data controllers and are responsible for determining the purposes and way any personal data is processed.
The practice is registered with the Information Commissioners Office; Registration number Z7925003.
The Practice Lead is Paul Lewis
Responsible Person is Paul Lewis
Paul Lewis Optician are part of your local community; a local resource for the health of your eyes. We aim to provide you with the highest quality of care. To do this we need to collect and keep certain information about you, your health and the care we provide for you. Part of our commitment to you is the way we store and use your personal information. Whether you deal with us face to face, via the internet or through social media, we will only collect information that is necessary for us to provide an excellent service, ensuring you are reminded about appointments or anything else to do with your ongoing care. This notice provides detailed information on when, how and why we collect your personal information, how it is used and how it may be shared with others.
For the purposes of providing healthcare services, we require detailed medical information. We shall collect only information that is required to allow us to conduct a thorough eye examination. Information may include:
Basic contact information, such as address, date of birth, telephone numbers, medical and ocular history, medicines, NHS eligibility and lifestyle.
Details about your glasses or contact lens prescriptions, related health checks and treatments we may provide including and not limited to retinal photographs and visual field plots.
Details or notes regarding your payment details.
Details and notes received from other health care professionals as part of your ongoing care.
CCTV is used on the premises in the prevention or investigation of crime. For these purposes the information processed may include visual images, personal appearance and behaviours of clients, staff or suspected offenders. Information may be shared with the police to investigate any suspected crime.
How we use this information
The information we collect and hold about you is used to ensure you are provided with the best, relevant and appropriate service for your needs and budget. Additionally, we will remind you when your appointments are due and may suggest or recommend products or services that we believe would be of interest to you. Your contact information will be used to respond to queries, financial details to collect direct debit payments or we may contact you to request feedback on our services or products we have provided or to inform you about any new products that may benefit you. You may opt out of receiving such contact at any time.
Our policy on storage, processing and retention of your information
Your information is stored and processed by ourselves in both paper and electronic form. Paper records are kept securely and electronic records are password protected, stored on our own media (not cloud) and are backed up daily. All operating systems, anti virus, malware and firewall software are kept up to date. Emails sent to us, including file attachments are monitored for viruses or malicious software.
Legal basis for processing any data
We have a legitimate interest and for the purpose of healthcare. By attending an appointment, you give your consent for us to process your personal data. Our legitimate interest is to promote the sale and supply of spectacles, contact lenses or related sundries which may benefit you.
The information we hold about you will be kept safe and secure, only the practice owners, professional staff and support staff under supervision will have access to your records. Our practice administration team will have access to your contact details in order to make appointments or manage your account.
The information we hold about you will not be shared for any reason, unless:
You ask us to do so
We ask, and you give consent
Under exceptional circumstances where the Law requires information to be passed on, or where public interest overrides the need to keep the information confidential.
The types of organisations that we may need to share information with can include any of the following; your doctors, both GP and hospital and other health professionals. Anyone receiving information from us has a legal duty of confidentiality, subject to recognised exceptions.
Following an eye examination or completion of contact lens fitting, clients will be given a copy of their prescription (Lens specification). Copies of these documents can be issued, but for the safeguard of our clients and to comply with our confidentiality procedures, the following should be noted:
The document will need to be either signed by the prescribing optometrist, ophthalmologist or annotated as a certified copy by the optician. Details of prescriptions will not be given out to either yourself or 3rd party over the telephone for security and prevent transcription errors. Your details will not be given out to 3rd parties unless under written. Prescription details and copies of prescriptions can, for security reasons, only be given in person or mailed to the address we hold on record.
We will process personal data during any interaction you have with us and will continue to store your details for 10 years after our last contact with you in order to meet our legal obligations and NHS contractual terms. In the case of minors, details will be kept until they reach 28 years of age. After such time has expired all paper records will be securely shredded and digital records will be securely erased from our systems.
Your rights as a data subject
All clients have the following rights whilst we hold your personal details:
The right of access – you can request a copy of the information we hold about you
The right of rectification – you have the right to correct any details we have that is either incomplete or inaccurate
The right to be forgotten – in certain circumstances you can request for your data to be erased except where this contravenes our legal obligations
The right to restriction of processing – under circumstances you have the right to restrict processing
The right of portability – you have the right to have your details transferred to another organisation
The right to object – you have the right to to object to certain types of processing, for example direct marketing
The right to object to automated processing – you have the right not to be subject to the legal effects of automated processing or profiling
In the event we refuse your request under rights of access, we will provide you with a reason for which you have to right to legal challenge. At your request we can confirm what information we hold and how it is processed.
You can request the following information
The identity and contact details of the person or organisation that determines how and why we process your data
Contact details of the data lead, where applicable
The reason for processing as well as the legal basis for processing
If the processing is based on our legitimate interests and information regarding those interests
The categories of personal details we collect, store and process
The recipients or categories of data stored, collected or processed
The length of time we hold the data for
Details of your rights to correct, amend, erase, restrict or object to your data being processed
Details on how you can withdraw consent at any time
How to lodge a complaint with the supervising authority
The source of personal details obtained from an alternative source. Ie. Mailing lists
Details of automated decision making, profiling or meaningful information about how we reach any conclusions from such processing
Whether your personal details are a statutory requirement or necessary to enter into a contract and whether you are obliged to provide personal details with the corresponding consequences of failing to provide such details.
To access details that are held, identification will be required. We accept the following forms of identification when you request details of your personal data, including repeat copies of your prescription, contact lens fitting specification:
In the first instance please speak to us if you have any questions or concerns about how we process your data and how we comply with the GDPR. You can contact Paul Lewis on 01604 792930 You also have the right to complain to the relative supervisory authority, who in the UK is the ICO