We aim to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR), the Information Commissioner and our own profession.
We will collect your personal information when you:
- Join the practice
- Are referred to us from another practice or health professional
- Sign up for our newsletter or submit information to us via our website
We only keep the personal data we need to provide our services to you or that we are required to keep by law.
We protect your privacy and only share your personal data with third parties who are contracted to us or where we are required to by law. Where your treatment is provided under the NHS or HSC, this includes the NHS in England, Scotland and Wales and the HSC in Northern Ireland. If we need to refer you to another practice or secondary care service, we will always seek your permission before we share your personal data.
Why we process your data
We may process your data to:
- Provide you with care, treatment and advice
- Communicate with you about your appointments and treatment
- Manage your NHS treatment
- Send your personal data to the General Optical Council or other authority as required by law
- Carry out financial transactions with you
- Maintain your clinical records
- Send you marketing information and information about the practice
- Communicate with your next of kin in an emergency
- Communicate with you about the person you parent or care for
- Refer you to other health professionals
- Recover debt
- Improve the care and service you receive from us
The types of data we process
The personal data we store and process includes your:
- Name and address
- Date of birth
- NHS number
- Medical history, including your eye history and family medical history
- Next of kin contact details
- Marital status
- Financial details so we can process payments
- General practitioner
So we can meet our obligations under the Equality Act 2010 and with the NHS or HSC, or to modify the treatment we provide to suit your religion, we may also process more sensitive special category data. This may include your ethnicity, race, religion or sexual orientation.
How long we keep your data
We are required by law to keep special data in patient records for a minimum of 10 years. This may be longer for complex records or to meet our legal requirements.
The retention period for other personal data is 2 years after it was last processed.
Your rights regarding your personal data
You have the right to:
- Be informed about how we collect and use your personal data
- Have a free copy of the data that we hold on you
- Correct your personal data if it is inaccurate or incomplete
- Delete your personal data, unless it is data that we are legally required to retain
- Restrict how we process your personal data
- Ask that we transfer your personal data to someone else
- Object to how we process your personal data
Practical examples of your rights include:
- You can tell us to stop sending you notifications, newsletters, surveys or marketing.
- You can tell us to correct errors in your personal data.
- You can tell us which methods we can and cannot use to communicate with you such as telephone, email or text.
- You can ask us to send you a copy of the personal data we hold on you. We must send it to you within one month.
If you would like more information about the personal data we hold and how we process it, please contact the practice and ask to speak to the information governance lead.
Call us on 0118 981 0267
Email us at email@example.com
Or call in and see us.
You can also ask us to send copies of the following practice policies and procedures:
- Data Protection and Information Security Policy (M 233-DPT)
- Consent Policy (M 233-CNS)
- Privacy Impact Assessment (M 217Q)
- Information Governance Procedures (M 217C)
- Record Retention (M 215)
Comments, suggestions, and complaints
We welcome your feedback. If you have a comment, suggestion or complaint please get in touch with our information governance lead using the details above.
The Information Commissioner’s Office (ICO)
If you are unhappy with our response or need advice please contact the ICO on 0303 123 1113 or via their website. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.