GDPR Privacy notice for Paul Lewis Optician


This document refers to personal data, which is defined as information concerning any living person (a natural person who hereafter will be called the Data Subject) that is not already in the public domain.


The General Data Protection Regulation (GDPR) which is EU wide and far more extensive than its predecessor the Data Protection Act, along with the Privacy and Electronic Communications Regulations (PECR), seek to protect and enhance the rights of EU data subjects. These rights cover the safeguarding of personal data, protection against the unlawful processing of personal data and the unrestricted movement of personal data within the EU and its storage within the EEA.


Burgess & Lewis Optical Services Ltd, trading as Paul Lewis Optician operates and is administered from 7 Alexandra Terrace, Kingsthorpe, Northampton, NN2 7SJ and for data protection purposes are the data controllers and are responsible for determining the purposes and way any personal data is processed.

The practice is registered with the Information Commissioners Office; Registration number Z7925003.

The Practice Lead is                                Paul Lewis

Responsible Person is                             Paul Lewis

Paul Lewis Optician are part of your local community; a local resource for the health of your eyes. We aim to provide you with the highest quality of care. To do this we need to collect and keep certain information about you, your health and the care we provide for you. Part of our commitment to you is the way we store and use your personal information. Whether you deal with us face to face, via the internet or through social media, we will only collect information that is necessary for us to provide an excellent service, ensuring you are reminded about appointments or anything else to do with your ongoing care. This notice provides detailed information on when, how and why we collect your personal information, how it is used and how it may be shared with others.


Information recorded

For the purposes of providing healthcare services, we require detailed medical information. We shall collect only information that is required to allow us to conduct a thorough eye examination. Information may include:

Basic contact information, such as address, date of birth, telephone numbers, medical and ocular history, medicines, NHS eligibility and lifestyle.

Details about your glasses or contact lens prescriptions, related health checks and treatments we may provide including and not limited to retinal photographs and visual field plots.

Details or notes regarding your payment details.

Details and notes received from other health care professionals as part of your ongoing care.

CCTV is used on the premises in the prevention or investigation of crime. For these purposes the information processed may include visual images, personal appearance and behaviours of clients, staff or suspected offenders. Information may be shared with the police to investigate any suspected crime.


How we use this information

The information we collect and hold about you is used to ensure you are provided with the best, relevant and appropriate service for your needs and budget. Additionally, we will remind you when your appointments are due and may suggest or recommend products or services that we believe would be of interest to you. Your contact information will be used to respond to queries, financial details to collect direct debit payments or we may contact you to request feedback on our services or products we have provided or to inform you about any new products that may benefit you. You may opt out of receiving such contact at any time.


Our policy on storage, processing and retention of your information


Your information is stored and processed by ourselves in both paper and electronic form. Paper records are kept securely and electronic records are password protected, stored on our own media (not cloud) and are backed up daily. All operating systems, anti virus, malware and firewall software are kept up to date. Emails sent to us, including file attachments are monitored for viruses or malicious software.


Legal basis for processing any data

We have a legitimate interest and for the purpose of healthcare. By attending an appointment, you give your consent for us to process your personal data. Our legitimate interest is to promote the sale and supply of spectacles, contact lenses or related sundries which may benefit you.

Sharing information

The information we hold about you will be kept safe and secure, only the practice owners, professional staff and support staff under supervision will have access to your records. Our practice administration team will have access to your contact details in order to make appointments or manage your account.

The information we hold about you will not be shared for any reason, unless:

You ask us to do so

We ask, and you give consent

Under exceptional circumstances where the Law requires information to be passed on, or where public interest overrides the need to keep the information confidential.

The types of organisations that we may need to share information with can include any of the following; your doctors, both GP and hospital and other health professionals. Anyone receiving information from us has a legal duty of confidentiality, subject to recognised exceptions.

Our website ( uses cookies, which is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns; these cookies are from Google Analytics and help to identify and track visitors and their website access preferences.  A visitor’s IP address (which is now recognised as personal data by GDPR) is used to determine their physical location but the IP address itself is not stored. All data in Google Analytics is aggregated and anonymised . Website visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our website.


Important notice

Following an eye examination or completion of contact lens fitting, clients will be given a copy of their prescription (Lens specification). Copies of these documents can be issued, but for the safeguard of our clients and to comply with our confidentiality procedures, the following should be noted:

The document will need to be either signed by the prescribing optometrist, ophthalmologist or annotated as a certified copy by the optician. Details of prescriptions will not be given out to either yourself or 3rd party over the telephone for security and prevent transcription errors. Your details will not be given out to 3rd parties unless under written. Prescription details and copies of prescriptions can, for security reasons, only be given in person or mailed to the address we hold on record.



Retention policy

We will process personal data during any interaction you have with us and will continue to store your details for 10 years after our last contact with you in order to meet our legal obligations and NHS contractual terms. In the case of minors, details will be kept until they reach 28 years of age. After such time has expired all paper records will be securely shredded and digital records will be securely erased from our systems.


Your rights as a data subject

All clients have the following rights whilst we hold your personal details:

The right of access – you can request a copy of the information we hold about you

The right of rectification – you have the right to correct any details we have that is either incomplete or inaccurate

The right to be forgotten – in certain circumstances you can request for your data to be erased except where this contravenes our legal obligations

The right to restriction of processing – under circumstances you have the right to restrict processing

The right of portability – you have the right to have your details transferred to another organisation

The right to object – you have the right to to object to certain types of processing, for example direct marketing

The right to object to automated processing – you have the right not to be subject to the legal effects of automated processing or profiling

In the event we refuse your request under rights of access, we will provide you with a reason for which you have to right to legal challenge. At your request we can confirm what information we hold and how it is processed.


You can request the following information

The identity and contact details of the person or organisation that determines how and why we process your data

Contact details of the data lead, where applicable

The reason for processing as well as the legal basis for processing

If the processing is based on our legitimate interests and information regarding those interests

The categories of personal details we collect, store and process

The recipients or categories of data stored, collected or processed

The length of time we hold the data for

Details of your rights to correct, amend, erase, restrict or object to your data being processed

Details on how you can withdraw consent at any time

How to lodge a complaint with the supervising authority

The source of personal details obtained from an alternative source. Ie. Mailing lists

Details of automated decision making, profiling or meaningful information about how we reach any conclusions from such processing

Whether your personal details are a statutory requirement or necessary to enter into a contract and whether you are obliged to provide personal details with the corresponding consequences of failing to provide such details.

To access details that are held, identification will be required. We accept the following forms of identification when you request details of your personal data, including repeat copies of your prescription, contact lens fitting specification:



In the first instance please speak to us if you have any questions or concerns about how we process your data and how we comply with the GDPR. You can contact Paul Lewis on 01604 792930 You also have the right to complain to the relative supervisory authority, who in the UK is the ICO