Privacy Policy
INTRODUCTION
This policy describes the data that we hold about clients, how we hold it, how we protect it, how we use and process it (including what clients need to be provided with) and how we transfer it (if necessary).
Strathearn Optical Limited is a registered data controller. We are committed to protecting and respecting your privacy, being transparent about the personal information we hold and giving you control over how it is used. This Privacy Policy sets out the type of personal information we collect about you, why we collect it and how we use it. It also provides you with information about your rights and who to contact if you have any questions or queries. Your trust is important to us.
We have appointed a Data Protection Officer who is in charge of privacy related matters for us. If you have any questions about this privacy policy, please contact the Data Protection Officer using the details set out below.
Full name of legal entity: Strathearn Optical Limited
Name of Data Protection Officer: James Michael
Email address: info@pandaeyecare.com
Postal address: Strathearn Optical Limited, 46 High Street, Crieff, PH7 3BS
Telephone number: 01764 656 285
It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing us at info@pandaeyecare.com
Privacy Notice
We collect personal data from you for healthcare purposes whenever you use our services in-store or on our website www.pandaeyecare.com.
The data we may collect and process includes;
-
Your name, contact details and personal identifiers (such as date of birth and NHS/CHI number).
-
Your general and ocular health history, your family medical and ocular history and any relevant signs or symptoms you tell us about.
-
Occupation, hobbies, and if you are a driving licence holder.
-
Details or medicines, spectacles and contact lenses prescribed for you.
-
Details of examinations and other healthcare checks and treatments we provide.
-
Information relevant to your continued care from other people who care for you, such as other healthcare professionals and relatives.
How we hold your personal information;
We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Client records are only accessible to the healthcare professional working at the practice and those under their supervision. All practice staff have a confidentiality clause within their contracts and all personal information held on practice records is considered confidential.
We will usually keep any personal data we hold about you for ten years after our last contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collected data when you were aged under 18 we will keep it until your 25th birthday, in line with NHS requirements. In some circumstances we may need to retain personal data for a longer period and we will explain our reasons for doing so on request.
How we use your personal information;
We may use the personal information we hold about you in different ways for different purposes. We have listed the legal basis for processing your information and we will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances where;
-
We need to perform the contract we are about to enter into or have entered into with you.
-
It is necessary for our legitimate interests and your interests and fundamental rights do not override those interests.
-
We need to comply with a legal obligation.
-
You have given us your consent. However, we generally do not rely on consent as a legal basis for processing your personal data.
Where we process special special category personal data, in addition to the above legal bases, the additional bases for processing that we rely are:
-
Where it is necessary for the purposes of the provision of health or social care or treatment or the management of health and for ‘Health or Social Care Purposes’ under Schedule 1, Part 1(2) of the Data Protection Act 2018.
-
In limited circumstances, with your explicit written consent.
-
Where it is necessary to protect you or another person from harm.
-
Less commonly, we may process this type of information where it is needed in relation to legal claims, or where it is needed to protect your interests (or someone else's interests) and you are not capable of giving your consent, or where you have already made the information public.
How we share your personal information;
We may share your personal information with third parties. Third parties that we may share your personal information with include:
-
The NHS, for example, to make a referral to your local hospital.
-
Relevant regulators such as such as the General Optical Council (GOC), General Medical Council (GMC), Health Improvement Scotland (HIS), Health Inspectorate Wales (HIW), Regulation and Quality Improvement Authority (RQIA) and our data protection supervisory authorities, the Information Commissioner’s Office (ICO) or the Data Protection Commission (DPC).
-
Our legal advisors and insurance providers.
-
Opposing solicitors to establish, exercise, or defend our legal rights. This will include our right to defend any legal claim or to pursue a legal claim against us.
-
The healthcare professionals working at this practice and those under their supervision.
-
Healthcare professionals and those under their supervision at other optical practices, but only if you have specifically asked us to pass your personal data (such as your prescription) to them.
-
Your private health care provider if they are funding your treatment.
-
The police or other law enforcement agencies if the sharing is required to prevent and detect fraud or criminal activity.
-
Third parties who provide us with services such as mail or email services, marketing or advertising services. If so, we will ensure that adequate arrangements are in place to protect your personal data.
-
Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Your rights
You have legal rights in respect of the personal data we hold about you. The Information Commissioner’s Office (ICO) has published guidance on the full range of rights. The rights that are most relevant to the way in which we use your personal data include:
-
The right to be informed about how we use personal data – this privacy notice gives that information.
-
The right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests
-
The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
-
The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you)
-
The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see above) where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim.
Contacting us and the ICO about your personal data
Please speak to us first if you have any questions or concerns about the way in which we process personal data. You can contact our DPO on 01764 656285.
You have the right to complain to the ICO if you have a concern about our handling of your personal data, which you do not think we can resolve. You can contact the ICO here contact the ICO here.