- Name and contact details of our organisation
- How we collect this information
- What information do we collect from you?
- What we process personal information about?
- The lawful Basis for the processing
- Why do we collect this information?
- Who might we share your information with?
- Safeguarding Measures
- How long do we keep hold of your information?
- CCTV for crime prevention
- You have the following rights
- How to contact us
We are committed to protecting and respecting your privacy.
We are committed to protecting your privacy and take this responsibility very seriously. We therefore take care to safeguard it. This notice outlines what data we collect, how we may use it, how we protect your data and your rights, and how you can exercise those rights.
UK Data Protection Laws require us to manage all personal information in accordance with the Data Protection Principles. In particular, we are required to process your personal information fairly, lawfully and in a transparent manner. This means that you are entitled to know how we intend to use any information you provide. You can then decide whether you want to give it to us in order that we may provide the product or service that you require. All our employees are responsible for maintaining customer confidentiality.
Cotswold Eye Care Centre Ltd (‘we’ or ‘us’ or ‘our’) gather and process your personal information in accordance with this privacy notice and in compliance with the relevant data protection Regulation and laws. This notice provides you with the necessary information regarding your rights and our obligations, and explains how, why and when we process your personal data.
We process personal information to enable us to provide healthcare services to our patients, maintain our own accounts and records, and to support and manage our employees promote and advertise our services.
1 Name and contact details of our organisation
Cotswold Eye Care Centre Ltd.
High Street, Winchcombe, GLOS, GL54 5LJ
Tel 01242 604654 Fax 01242 604001
The practice is registered with the Information Commissioner. Registration No. ZA105272
2 How we collect this information
When you communicate with us in person, on the telephone, through faxes and post. If we obtain personal data from other sources, we must provide individuals with privacy information within a reasonable period of obtaining their data (no longer than a month)
3 What information do we collect from you?
- NHS number
- Billing Address
- Delivery address
- Date of birth
- Phone number (s)
- Email addresses
- Family details
- Goods and services
- Financial details
- Education and employment details
- Lifestyle and social circumstances
Special category data
- Health information
4 What we process personal information about?
- Suppliers and service providers
- Consultants and other personal experts
5 The lawful Basis for the processing
- Patient personal records – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject (Note that this condition is not available to processing carried out by public authorities in the performance of their tasks).
- Processing patient health records – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional
- Staff records – contract
- Direct marketing purposes – consent
6 Why do we collect this information?
- To handle orders
- Communicate with you about your orders or a service you have taken with us
- Deliver products and services
- Process payments
- Fulfil our legal obligations to the NHS or similar bodies
- For statistical analysis
- If you agree, contact about offers of other products and services we provide
7 Who might we share your information with?
We take your privacy very seriously and will never disclose, share or sell your data without your consent; unless required to do so by law.
We seek permission before transferring personal information except in some cases where it is to another healthcare professional responsible for patient care and who needs that information to assist in patient care or where we are legally required not to.
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement. Cotswold Eye Care Centre Ltd uses third-parties to provide the below services and business functions; however, all processors acting on our behalf only process your data in accordance with instructions from us and comply fully with this privacy notice, the data protection laws and any other appropriate confidentiality and security measures.
Care Check – Disclosure and Barring Service
Care Check is the company we use to do the DBS checks on our Opticians. They provide the processing of all levels of DBS checks, all information collected within the DBS application form is shared with them.
GoCardless provides services that help merchants process payments for their goods or services, we use them for our Direct Debit scheme
Direct marketing after consent is given by the patient
Optinet Flex is our patient management software company and the company provides the IT support to make sure all is working correctly
Optomanager is a web-based platform developed by Cegedim RX used by practice staff when delivering extended primary care services to the public (eg to send certain referrals onto the Hospital). It allows practitioners to record real-time patient information for appropriate clinical management across a suite of care modules. Data from OptoManager is also aggregated into the LOCSU and Central Optical Fund funded Data Repository to provide national clinical outcomes for research analysis purposes.
Primary Care Support England
Thomson Screening takes protection of your data very seriously, it is used to link up School Screening for children with Cotswold Eye Care Centre Ltd. The information that we enter into the system is held on their secure servers. These are only accessible to us and the user we create. The servers themselves are based in the UK so no data is transmitted overseas. Thomson Screening’s SchoolScreener software is used by the NHS and meets the NHS’s strict Information Governance requirements. Thomson Screening’s compliance with the NHS’s requirements are audited regularly.
We also might share with:
- Healthcare professionals
- Social and welfare organisations
- Central government
- Family, associates and representatives of the person whose personal data we are processing when given permission from the patient
- Suppliers and service providers
- Financial organisations
- Current, past or prospective employers
- Educators and examination bodies
8 Safeguarding Measures
Cotswold Eye Care Centre Ltd takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures in place, including: –measures such as SSL, TLS, encryptions, pseudonymisation, restricted access, IT authentication, firewalls, anti-virus/malware
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
9 How long do we keep hold of your information?
- All records are retained for 10 years from the date of last seeing the patient.
- Records of children are retained until they are 25 and it is 10 years since they were last seen
- Records of the deceased are kept for 10 years
- Records are destroyed by shredding
- Where you have consented to us using your details for direct marketing, we will keep such data until you notify us otherwise and/or withdraw your consent.
11 CCTV for crime prevention
CCTV is used for maintaining the security of property and premises and for preventing and investigating crime, it may also be used to monitor staff when carrying out work duties. For these reasons the information processed may include visual images, personal appearance and behaviours. This information may be about staff, customers and clients, offenders and suspected offenders, members of the public and those inside, entering or in the immediate vicinity of the area under surveillance. Where necessary or required this information is shared with the data subjects themselves, employees and agents, services providers, police forces, security organisations and persons making an enquiry.
12 You have the following rights:
To be informed about how we use your personal data (the purpose of this Privacy Notice)
To update your personal data. You can update or amend your information by contacting us.
To ask us to delete your personal data. However, there may be circumstances where we are legally entitled to retain it
To get a free copy of your personal data by making a ‘subject access request’(limited to data that you have provided to us). To make a request please put the request in writing any send it to the address above. We might have to confirm your identity but will get back to you within 30 days
To object to the processing of your data and have it restricted. There may be circumstances where you ask us to restrict the processing of your information, but we are legally entitled to refuse that request
The right to make a complaint. In the first instance, you should contact us directly with you concern, we hope that most problems can be sorted out quickly and easily. To get more information about our complaints policy please ask for a copy. If we are not able to resolve it to your satisfaction further help is available from Optical Consumer Complaints Service. If you think that any of your rights have been infringed by us to the Information Commissioner (www.ico.org.uk)
13 How to contact us
By email email@example.com
Or write to us at Cotswold Eye Care Centre Ltd, High Street, Winchcombe, GLOS, GL54 5LJ
Last updated February 2020