- Last Updated March 2020
At Oakmead Opticians we are committed to the highest level of privacy standards. However you choose to interact with us we only collect data that is necessary for us to deliver the best care and service possible, to ensure you are reminded about appointments or anything else related to your on-going care. This privacy notice provides information on when, how and why we collect your personal information, your privacy rights, how the law protects you and the very limited conditions when we may disclose it to others.
The personal information we may collect and process.
The personal data of patients that we may collect and process includes:
• Your name, contact telephone number details (including mobile), your email and postal addresses and personal identifiers (such as date of birth and NHS number)
• Your relevant current and previous general, eye and ear health history, your family medical and ocular history, and any relevant signs or symptoms you tell us about
• Details of medicines, spectacles and contact lenses prescribed for you
• Details of examinations and other healthcare checks and treatments we provide
• Your employment, lifestyle and driving information
• Information relevant to your continued care from other people who care for you or know you well, such as other health professionals and relatives
• Your payment details
• Information you provide by filling in forms.
• Any other information voluntarily provided by you.
This information is generally collected from you as you have voluntarily provided to us. Where lawful to do so we may also collect information from other sources such as the NHS, other health care providers, from individuals authorised to provide information (e.g. parents or legal guardians), financial institutions, government, tax or law enforcement agencies.
Why we collect and process your personal data and how is it used?
The information we collect about you is for the purposes of healthcare to ensure we provide you with the very best and appropriate advice, care, products and services you’ve requested and other purposes e.g.:
• to confirm your identity and address
• to respond to queries from you
• to remind you when your next appointments are due and to book them
• occasionally we may contact you to ask your feedback on the products and services we have provided to make continual improvements
• to suggest other relevant products and services we believe would be of interest and benefit you.
• banking, payment and order details to fulfill an order, deal with queries or refunds.
• to notify you about changes to our products and services
• to offer you the opportunity to trial new products and services
• to manage and administer insurance claims
• to maintain records for legal, regulatory, tax and other corporate purposes
• to improve our service through survey and feedback requests to you.
We only process your information where we are allowed to on the legal basis of:
• the purposes of health care (a condition for processing special category data) for examination records and appointment reminders
• meeting a legitimate interest to inform you of eye and hearing health products and services which may be relevant to you.
• carrying out an agreement we have with you
• fulfilling a legal obligation
• you having agreed to it
• public task when we provide services under the NHS Contract for a sight test funded by the NHS
• to improve our products and services to you, we use data collected through the use of customer surveys, cookies, research and analysis
How long is your information kept for?
Your personal information will be retained by Oakmead Opticians for as long as reasonably necessary (and as defined by health, legal and tax laws and regulations) for us to continue to provide you with products and services. We are also required to maintain records for legitimate purposes e.g. to satisfy tax and other legal requirements, to help us respond to queries or for other reasons e.g. responding to requests from regulators and the NHS and to protect and defend against claims.
How we hold and share your personal data.
We process your personal data in strict confidence. We keep your personal data securely in our filing and electronic systems. Patient records are only accessible to the healthcare professionals working at the practice and those under their supervision.
We will usually keep any personal data we hold about you for ten years after our last contact with you before we delete it. This is the period recommended as good practice by the College of Optometrists. If we collected the data when you were aged under 18 we will keep it until your 25th birthday, in line with NHS requirements. In exceptional cases we may need to retain personal data for a longer period, and will explain our reasons for doing so on request.
In the course of processing your personal data we may share it with:
• Healthcare professionals working at our practices and those under their supervision
• Healthcare professionals and those under their supervision at other optical practices, but only if you have specifically asked us to pass your personal data (such as your prescription) to them
• Your GP, ophthalmologists and other healthcare providers and commissioners, and suppliers of optical appliances or similar products, in connection with your ongoing healthcare treatment
• Software providers for our patient record and invoicing systems, and financial institutions, so that we can keep patient records up to date and arrange payment for services provided to you
• The police for the prevention and detection of fraud and criminal activities
• Our insurers in the event a claim is made or could be made against Oakmead Opticians.
Transferring your information overseas
The data we collect from you may be electronically transferred to, stored and processed outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who works for us or for one of our suppliers. By submitting your personal data, you agree to this transfer, storing or processing. For any personal data transfer outside the EEA, we ensure additional steps are taken in line with data protection laws. e.g. they remain on the US-EU Safe Harbor list and are certified under the EU-US Privacy Shield. These frameworks were developed to establish a way for companies to comply with the same data protection requirements when transferring personal data from the European Union and Switzerland to the US and Canada
We will ensure all reasonable steps are taken so that your data is treated securely and in accordance with this privacy notice and the requirements of UK Data Protection law
You have certain legal rights under UK Data Protection Legislation in respect of the personal data we hold about you. The rights that are most relevant to the way in which we use your personal data include:
• The right to be informed about how we use personal data – this privacy notice gives that information
• The right of access – if you ask us for the personal data we hold about you we will provide it within a month, free of charge (unless we have already provided it to you, in which case we may have to charge you the administrative cost of providing it again).
• The right to rectification – if you ask us to correct personal data about you that is inaccurate or incomplete, we will do so within a month (unless we need longer, in which case we will discuss this with you). It’s important to keep us up to date with your latest contact details.
• The right to object – if you object to us processing your data for marketing purposes, or for healthcare purposes or where our legal basis is legitimate interests (see ‘why we collect and process your personal data’, above), we will then stop doing so, unless we are processing the data in respect of a legal claim or can otherwise show that our legitimate interest in processing the data overrides your rights and interests.
• The right to erasure – also known as the ‘right to be forgotten’. If you ask us to delete your personal data, we will do so if there is no compelling reason to continue processing the data. We will not usually delete healthcare data before our usual time limit (see ‘how we hold and share your personal data’ above) where we have a duty to keep accurate records – for example, to comply with a legal obligation, or in connection with a legal claim. If you ask us to delete such data we will discuss this with you.
Updating your contact details and preferences:
To ensure we can continue to provide you with eye healthcare, we are required to send you ‘clinically necessary’ non-marketing material such as appointment reminders, notification when your prescription is due to expire, and when your products are available for collection.
We request that you keep us up to date with your contact details and inform us if you require us to change the way we contact you at any time.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
Modern physical and electronic security systems are not entirely secure and we cannot guarantee the complete security of our database. The transmission of information through the internet is not completely secure. We will do our best to protect your personal data, but we cannot guarantee the security of your data transmitted to the website through the internet; any such transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to prevent unauthorised access.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Contacting us and the ICO about your personal data.
Please speak to us first if you have any questions or concerns about the way in which we process personal data. You can contact us at: The Data Protection Manager, Oakmead Healthcare. Sunnyways. Prince Imperial Road, Chislehurst, Kent BR7 5LX. You can contact the ICO at: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. Web: ico.org.uk
Google Analytics cookie usage on websites: Click Here
Phone: 020 8467 5139
Address: 1 Prince Imperial Road, Chislehurst, BR7 5LX
Data Access Request: Please contact us direct